last executing test programs: 2m40.666519286s ago: executing program 0 (id=621): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r0, 0x6, 0x5, &(0x7f0000000040), 0x4) 2m40.561746997s ago: executing program 0 (id=622): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp6\x00') read$FUSE(r0, &(0x7f00000082c0)={0x2020}, 0x2020) 2m40.460329377s ago: executing program 0 (id=623): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'netdevsim0\x00', &(0x7f0000000440)=@ethtool_gstrings={0x1b, 0x5}}) 2m40.347619468s ago: executing program 0 (id=624): syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000100)='./file1\x00', 0x1210080, &(0x7f0000000140)={[{@uid}, {@creator={'creator', 0x3d, "aa80aaf6"}}, {@dir_umask}, {@creator={'creator', 0x3d, "0de07c34"}}, {@codepage={'codepage', 0x3d, 'cp949'}}, {@dir_umask}, {@iocharset={'iocharset', 0x3d, 'iso8859-15'}}, {@dir_umask={'dir_umask', 0x3d, 0x200}}, {}, {@umask={'umask', 0x3d, 0x16}}]}, 0x7, 0x318, &(0x7f00000004c0)="$eJzs3U1rE08cB/Dv7CZp8m/pf20rBY/VgqfS1oPixSLFi2/AgxRrm0LpWkEraEGMnkW8CYJHb55F34JexDegpx7Ek16CB1dmZmcf0tnNQ9tsQr4faJrszsNvdnayMynpgohG1tXVb28vHMgfUQbgArgMOACqQAnAacxWH+zube/59c28glyVQ/4I6JziUJqN3botq8yncoQ8+aqEieQ2OhlBEATf26b61ZdYqDhCj/1DHGAsHJ1qf7XvkZ2Mhm7XaEn0sGiiiYeYLDIcIiIqXnj9d8KrxEQ4f3ccYD6chw/79T81v2kWF8dAiK7/jn4dCHl8/le74vWeWsLJ3nfMKtFWlvWcCOLDXYE+s1IdINqtKlUsTm1r268vNFQBz3AllEg2ox43YRqiZEVb0b/mLGvTHHltzzeu2lCWbVjOiH+66xo//sAre3VrnzuISXwSX8Sa8PAam9H8rxQIeXDU8fFaekrHv5hdomqlp1OlWhmv30+pSs6YHvjwLm5lLeu4VuHKWGxkKaJ1/u6ZOF9WsnNhCumPFXTrlrJbp3JNW3MtR6//WHPNtOaqbZX9+sLGXT/3o5RjY13RiRfihpjDT7zHamL+78jU88gemalRLlTK8MzIbU9JpczoxxQ1gO90NTJJuWbt6HzPcRuXMHn/0f7Ouu/X7xX/xAyVAYlHn4jh6Si3yN+JNKjKJ2UAx1bp3yAIrLtK6EeTy6qpF9/ETd7fWRcN/fJoVaARFWh2rWQnBrACINxi3hF6qf1JlGssLrCj7L9lb6st9hPSRNWHE9JUldrlYqyjkVLrodLrj3fW/Z7eiWjIxJ2O2ZtFB0NFkPMuodd/ifXKonrXkQ9ezmokaFd4osSljBXQlHr8r7MVXFRs5jxx3Dxps+Y6ex4411KjA1Pj09ZivTBODOJfJbv/U4ZYxVfc4uf/RERERERERERERERERERERERERETDpttvI/TydYJ0jQcj+I83iIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiOJnH/X8BVd4ypFH7/X7eD+/+a+1IQUc/+BQAA//8KX2Ch") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) 2m40.09988547s ago: executing program 0 (id=627): r0 = syz_open_dev$admmidi(&(0x7f0000000280), 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, &(0x7f00000001c0)={0x1}) 2m39.522565734s ago: executing program 0 (id=638): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0x8, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc8}, 0x1, 0x0, 0x0, 0x4}, 0x0) 2m39.296280345s ago: executing program 32 (id=638): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0x8, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc8}, 0x1, 0x0, 0x0, 0x4}, 0x0) 2.85797911s ago: executing program 5 (id=4004): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x8000000}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @quota={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_QUOTA_CONSUMED={0xc, 0x4, 0x1, 0x0, 0x7}, @NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x1}]}}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x0) 2.764773321s ago: executing program 5 (id=4006): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000080)={0x0, 0x300}, 0x8) 2.675019382s ago: executing program 5 (id=4009): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/mem_sleep', 0x101a02, 0x0) lseek(r0, 0x8, 0x4) 2.601915272s ago: executing program 5 (id=4013): r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x12, &(0x7f0000000000)=@conn_svc_rsp={0x0, 0x0, 0xa, "7ce46dcf", {0x3, 0x1, 0x0, 0x4, 0x0, 0xe, 0x4}}) 1.577542799s ago: executing program 4 (id=4046): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x4040, &(0x7f0000000a80)=ANY=[@ANYBLOB='force,decompose,nls=cp857,uid=', @ANYRESHEX=0xee01, @ANYBLOB="2c6e6f626172726965722c706172743d3078303030303030303030303030303030342c0029da224046557ecb65ded5c50ad3a6a30bc9ff1a3ebc851290177bba8d57fc514869fde9ff0cd99031aef2250bd32f6fe7dffcc4d843c5398f85b2162d81bd51c7ad5d6c6ec22b4391379123720a07da3c987a8779b03b21db3c6542040ee5b3167521a1f384b80673a5e56ff56bf5523200000000079a42c04c9e8f94e57cdc0e3adfa978c6d4d7f05fa88ead40f3ec2bf6239d4c40d4496fb2ded06d4900"/206], 0x20, 0x6fe, &(0x7f0000002100)="$eJzs3U9sG1kZAPBvJrYTd6Wsd9nuFoTUaCsq2EKbxCwtEhIFIZTDCipx2Wto021UJ1slWZRWiHqBBW5wQj3sYREKhz0hDkiLOCCWGxISEvfeK3HgVnHAaMYzie0kTtzGTSm/nzSeN57355vPb8b2pJUD+L+18GZU25HEwrk3NrPt+1vN1v2t5kpZjojJiEgjKt1VJKsRyccRl6O7xCezJ4vukv3Gef3BR++fvfdhs7tVKZa8fjqs3Y7OkBHaxRIzETFRrEdU2a+/q3v0d3ekrpPtuLOEnSkTB8ets0t7lOaHOG+Bp93diInqHs83Ik5ExFTxOSCKq0P6hMM7ciNd5QAAAODY7fWtPb8HPtTzD+NhbMb0WEICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAZ1TS/c3ApFjSsjwTSfH7/98uquVqteMN9wCfP2D/e9efUCAAAAAAAAAAcPSqO8XTD+NhbMZ0ud1J8r/5v5pvvJQ/PhfvxHosxVqcj81YjI3YiLWYi6hO9/RZ21zc2Fib293yl5G17HQ6d4uW8xHR2NVyfszHDAAAAAAAAADPth/GQkwfdxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAriZjorvLlpbLciLQSEVMRUcvqtSP+WJafBo1HbPenI44DAAAAnkL1Yj2d/Kdb6CT5d/6X8+/9U/FOrMZGLMdGtGIpruX3Arrf+tO/t5ut+1vNlWzZ3fHX/jlSHHmPETER7+4z8mxe4+R2i4X4ZnwnzsVMXIm1WI7vxWJsxFLMRD07iFiMJBr17t2LRhlnf7wTRVeX+0K5Mhjb6YHtU3kk9bgey3ls5+NqrewtzWskcapntN/XIgYy9G6WneSrhUPm6FrP6/WL4r5MofP8IfsYj0Z+5NXtjMxmuS+y8cLeuS+NOE8GR5qLdPse1Es7o2SbgyOVOf/uKDk/UayzXP+kP+dHbcRbaYOZmI+0mH0RL/fn/NZn7r3Y3/hz//jzlRvp6s0b19fPjfGQxqpaFgYz0ezJxCvDZ1+RiVaWifZgJqoHD12aesxjOSK1IhvdC9vhrpbfyEuL8WrPFHw7rsVSXIzZmItLMRtfjvlo9s2wk315rTRX+nOSn2vp7utbfUjwZz7bU+mnB1Qeh/3Hy/LyQk9ee690jXxf8czln8dsT5ZeHD77HuVdoPKpopCN8aPtd5ynQV8mimtzGV35BrVPJn7VyR7XW6s3124s3jrkeGeLdXbavtd/bf71Yx/MY8nmS3bFreRbeU7q5XzJ9n1iO9r+fNWKv7h026W79p3c3teI6ViOb+17ptaKz3C7e+rue2XPfc1836mefX2fcuLtaOWfQgbMPJmsAnBoJ147Uas/qP+t/kH9x/Ub9Temvj55afLTtaj+pfKHid+mv0m/krwWH8QPYvq4IwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGfB+u07NxdbraW1MRZqjzhWpAfW2XrucB1GI2L4WElRqI07G7fvZPkYodXPit8rPLow/jU1NBv1GNOx/274UdQee4hk/PM5eyWOpMPyh9PyZzoTB7b664WI7jOV4fOnEutT1X3yPLnzukfj5mLr352+OvXoOWWAZ9yFjZVbF9Zv3/nC8sriW0tvLa3OX7p46WLzS3NfvHB9ubU023087iiBcVi/fWfiuGMAAAAAAAAAAAAARlP86/+NtTQrJKP/L53KAXVqa+t7j3z6SR8qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8D9q4c2otiOJudnzs9n2/a1mK1vK8k7NSkSkEZF8PyL5OOJydJdo9HSX7DfO6w8+ev/svQ+bO31VyvrpsHaH0y6WmImIiWJ9sMk9utnd39We/tqPFF6yfYRZws6UiYPj9t8AAAD//ycX7eY=") syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f00000002c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x8f74c177cb5e687b, &(0x7f0000000500)=ANY=[@ANYRESDEC, @ANYRES64, @ANYRES8, @ANYRESDEC, @ANYRESHEX, @ANYRESOCT, @ANYRESDEC, @ANYRES16], 0x1, 0x0, &(0x7f0000000c40)) 1.36970796s ago: executing program 4 (id=4052): bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1a, 0x53d, 0x8, 0x7, 0xa8, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0xfffffffd}, 0x48) 1.35009975s ago: executing program 1 (id=4054): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000580)=@newtaction={0xac, 0x30, 0x216822a75a8bdd29, 0x70bd2c, 0x3, {}, [{0x98, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x5, 0xc26d, 0xffffffffffffffff, 0x6, 0x7}, 0x9}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x0, 0x0, 0xfffffffe}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xac}}, 0x0) 1.285976771s ago: executing program 1 (id=4056): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@newtaction={0x14, 0x76, 0x1, 0x0, 0x0, {0x0, 0x0, 0x300}}, 0x14}}, 0x0) 1.285754431s ago: executing program 4 (id=4057): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) userfaultfd(0x80001) 1.166044182s ago: executing program 1 (id=4059): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="180200000100000000000000000000008500000053000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70600000000000085000000170000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x81) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r0, 0x0, 0xe, 0x0, &(0x7f00000000c0)="c1b9545dd30a1d31677b2d0bfa91", 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.132624862s ago: executing program 4 (id=4060): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, 0x0) 985.436193ms ago: executing program 4 (id=4062): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000ac0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x97}, @printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 868.784384ms ago: executing program 2 (id=4064): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r0, 0x28, 0x2, 0x0, 0x0) 815.389795ms ago: executing program 3 (id=4065): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="580000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b03000000000000300012800b00010067656e6576650000200002800800010001000000140007000000000000000005000000000000000108000a00", @ANYRES32], 0x58}}, 0x0) 814.954104ms ago: executing program 4 (id=4066): syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=") quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000040)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x9, 0x6, 0x20000000000081, 0x9, 0xcb2, 0x4, 0x0, 0x100000000, 0x7}) 532.563997ms ago: executing program 2 (id=4067): r0 = syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x1, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r0, 0xc2604110, &(0x7f0000003ac0)={0x0, [[0x0, 0x443, 0x40, 0x0, 0x4], [0x7f7d, 0x40, 0x0, 0xfffffffe, 0x0, 0x0, 0xff], [0x1, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x8001]], '\x00', [{0x0, 0x21, 0x0, 0x1}, {0x0, 0x1ff}, {0x0, 0x1000}, {}, {0x0, 0xfffffff8}, {0x0, 0xfffffffc}, {0x0, 0xfffffffd}, {0x0, 0x2000000}, {}, {}, {0xd4}], '\x00', 0x7}) 495.481857ms ago: executing program 3 (id=4068): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x437, 0x1, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x40c89}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x3}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44801}, 0x0) 438.403587ms ago: executing program 3 (id=4069): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$SIOCRSGCAUSE(r0, 0x8919, 0xffffffffffffffff) 358.589278ms ago: executing program 2 (id=4070): r0 = socket(0x1e, 0x1, 0x0) sendto$packet(r0, 0x0, 0xffffff4f, 0x0, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) 358.415118ms ago: executing program 3 (id=4071): r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000000)={0xf0f01f}) 341.092108ms ago: executing program 2 (id=4072): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) 324.779948ms ago: executing program 3 (id=4073): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) recvmmsg(r0, &(0x7f0000007ac0)=[{{0x0, 0x0, 0x0}, 0x7}, {{0x0, 0x0, 0x0}, 0x5c}], 0x2, 0x0, 0x0) 270.520548ms ago: executing program 1 (id=4074): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x3c, 0x0, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x9}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x16}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7fffffff}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x4080) 270.159168ms ago: executing program 2 (id=4075): r0 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000200)='source', &(0x7f0000000000)='\\\\\xe9\x838\x9d<\f\x91\a\xd4$\xae$\x91&6n @\xf4M\xba\xf2<\xd6A\xdb\xd7\xbeY@g\xcc\xca\n@\x06\xa3\xfe%\x11\xc9\xc5\xc4\x96\xb7b\xa7\x15R.\xa3`fd\xdc\x8b\x18rBl{\x82\\\xbeA\x17\n\f\xcd=\'\x11\x1bZ\x8e\xb1\xc3j$v\xefw\x96/\xff\xa2\xfc\xe3\xb8\xc7\x0f\xaaQ\x98F*T\xd5\xcd4g+\xbd\xd1\xe0R\x9d\x18\x19a:\xa2\xdf\xbe\x8b\x89\x81', 0x0) 269.916928ms ago: executing program 3 (id=4076): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x268, 0x0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x480, 0xffffffff, 0xffffffff, 0x480, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xc8, 0x60030000, {0x0, 0xff000000}}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0xfd}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2c8) syz_usb_connect(0x0, 0x49, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a52bfb0821048f79548601020301090237000100000000090400000002fe170005"], 0x0) 204.108748ms ago: executing program 2 (id=4077): syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x94, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xd99, &(0x7f0000006900)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/azCM7LCy4i7+wN4w6P7/yn0PS3r03D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r9X/V8/ov9Jg1ubVy/3jv0D/aik2nei0/tr/cB3aqv/L/lMsvrXks9Vb+yu9C+fFGpT36cyj/cI/l39f+01sr/y+5/PKyzZ3ttfz1GleNzfWI+43LfQDjfuPir6H95d5+fbd/ix213crlwygbln4m+zUs/X92U5Zb1oN59dw6Tlfuvx37O+i3/uW+3+V34JGw/Krm903/n8Otrv/P8vlb0P8n7DsfOv5nMIzssLKyMtCuT0a135W9YtCv/6C3IQdd/qBf/zqx/8/4fyn2/xnjsf/PGI/9f8Z47F8rxmP/n/H1jP1/xvjJsNzYP+h0TfwrNfFTNfGv1sRP18Tj/7cYn62Jn6mJz9TEH66JP1oTP1sT/0ZN/LGa+OM18bma+H739ZyOavthlMV+I33/YXSU4z/dvv9TNXFgeMV+neP3+5s1cWB4lfM8fL9hBFWd79gR97eX/bhv5vSdnL6f0492rILshm/l9Ns5/U5Ov5vTczmdz+lCTvUNOdx+869TZ25WG+f5HQvxXs8njdcDxPvEnO+xPvH4XL/ns57ssZydKn+Ll4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI3G2uPi4nSV0tu33rr4n6kf/Hh1ykwrx+za43geW0opNVNKVR4fD8u7PrGefvbJtUud0ipdWHss4+nZu615j6zOn2bT7TSZnvv45M2XPnhm+b0TN05cfGPuzs60HgAAAEbDFwEAAP//ManlwQ==") move_mount(0xffffffffffffff9c, &(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) 193.775859ms ago: executing program 1 (id=4078): r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f00000001c0)="580000001400192340834b80040d8c560a067f0202ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000a0c10000000224e00000000", 0x58}], 0x1) 75.714789ms ago: executing program 5 (id=4079): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x450, 0x268, 0x268, 0x300, 0x0, 0x268, 0x380, 0x460, 0x460, 0x380, 0x460, 0x9, 0x0, {[{{@uncond, 0x0, 0x240, 0x268, 0x0, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x0, 0x7, 0x0, 0x0, 0x0, 0x5, 0x9}}}, @common=@unspec=@ipvs={{0x48}, {@ipv6=@mcast2, [0xffffffff, 0x0, 0xffffffff, 0xffffffff], 0x4e23, 0x0, 0x0, 0x4e24, 0x20, 0x8}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ipv6={@private2, @remote, [], [], 'ip_vti0\x00', 'ip6_vti0\x00', {}, {}, 0x1c, 0x0, 0x5}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@icmp6={{0x28}, {0x1d, 'm0'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private2, 'ipvlan1\x00', {0x8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b0) 75.187549ms ago: executing program 1 (id=4080): syz_mount_image$hfs(&(0x7f0000000000), &(0x7f0000000100)='./file1\x00', 0x1200000, &(0x7f00000001c0)={[{@gid}, {@codepage={'codepage', 0x3d, 'koi8-r'}}, {}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}]}, 0x2, 0x33a, &(0x7f0000001f80)="$eJzs3c9OE0EcB/Dv7HbLVgiugCHxZFASTwTwoPEiMcSLL+DBEBFKQlgxUUyUxIiejfFmYuLRm2ejr6AX4wvoiYPxpBfiwTUzO9vOlpltKYWl4ftJrNvu/PlNZ2c7AykDIjq2rs1/f3dxW/4TAQAfwBXAAxACFQCnMR4+XN9oW5DfOBJIc4pdaZbW67asIXQOLZLPKhgyX6ODkSRJ8qNtqt+HEguVR5gj2OABA3p0qvPhoUd2MLbSdh0vRg+LHezgEYbLDIeIiMqnP/89/SkxpOfvngdM6nl4v3/+5+Y3O+XFcSQ0Pv+99Hki5PtzUp2S673Vjbi+nC7hZO972SrRUpRnrSBpvt1VncofNKZcRi12KhavtrIa16e2VAHPcVUzko2px+V8GK5oq2mqCcvatEBB29sYVG0IZBtmHfGPFtVoXQB/+onX9uoWvnQQk/gsvooFEeENlhvzv0oiZDepnopahkoa/7S7RNXKKE2Va2Uz/FOqkjO6Bnx832xlzfW+hvBlLDayFNE6f4+yOF9V3bkwgvyPFdLWzbhbp3KNAhWhVg1mrtlGor/WXGOtddVWgrg+tXQvdl30vWVd0YmX4qaYwC98wLwx//dk6km4R2buzi9USn1lFLanolI6+jFHDc27exqZpFzPj9eO8rzAHVzG8IPHm2uLcVy/X/5BNlS6zH62x/GkF6K+HOUr8n8jDUJ5EADoWaX/kiSxnqrgMLogUE299LbZ5M21RaHvefurQt45W07NuRMDmAOgX8nuCN3U/rSRa6BZYJtckarrj+xt9UruggyygywqdSq7dA+md7Kqcqd8DHQ0UmpdVHrjydpi3NWdiPpMs9MxfqvsYKgMcr4g0vWfsV6ZVncd+RAVrH+C/NPargRGiTOOFdCIejzR2QquUaxznjiYHbRZc527AJxvqdFDVuOz1mIjHSeO4m8l9/6rDDGPb7jNn/8TEREREREREREREREREREREREREfWbvX4boZuvE+Rr3D6Gf3iDiIiIiIiIiIiIiIiIiIiIiIiIiIiIiGh/jP1/AV/tGFO17f9btFOT4qc7xIS92P/X72D/X7HVz3uRER0J/wMAAP//gKxYiw==") mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x51) 0s ago: executing program 5 (id=4081): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0xffffffffffffffff, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x40f55, 0x403a2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x5}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x51}, 0x20040040) kernel console output (not intermixed with test programs): 2.208478][ T4958] loop4: rw=2049, want=40976, limit=40427 [ 172.446992][ T9886] EXT4-fs (loop5): mounted filesystem without journal. Opts: nojournal_checksum,journal_ioprio=0x0000000000000000,barrier,nouser_xattr,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,usrquota,noauto_da_alloc,bh,init_itable,,errors=continue. Quota mode: writeback. [ 172.809975][ T9910] loop3: detected capacity change from 0 to 8192 [ 172.879422][ T9910] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 172.931105][ T9910] REISERFS (device loop3): using ordered data mode [ 172.938512][ T9910] reiserfs: using flush barriers [ 172.944803][ T9910] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 172.965862][ T9910] REISERFS (device loop3): checking transaction log (loop3) [ 172.974972][ T9910] REISERFS (device loop3): Using r5 hash to sort names [ 172.985903][ T9910] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 173.450996][ T9941] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2379'. [ 173.740473][ T9923] loop4: detected capacity change from 0 to 32768 [ 174.112691][ T9988] netlink: 'syz.4.2400': attribute type 1 has an invalid length. [ 174.113616][ T9989] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2401'. [ 174.181537][ T9988] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.2400'. [ 174.501857][T10022] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2419'. [ 174.659198][T10040] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 174.736002][T10047] netlink: 'syz.4.2431': attribute type 21 has an invalid length. [ 174.742008][T10040] CIFS mount error: No usable UNC path provided in device string! [ 174.742008][T10040] [ 174.771474][T10048] loop3: detected capacity change from 0 to 256 [ 174.779702][T10047] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2431'. [ 174.787581][T10040] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 174.803922][T10047] netlink: 'syz.4.2431': attribute type 1 has an invalid length. [ 174.861529][T10048] FAT-fs (loop3): Directory bread(block 64) failed [ 174.899064][T10054] netlink: 136 bytes leftover after parsing attributes in process `syz.1.2434'. [ 174.899413][T10048] FAT-fs (loop3): Directory bread(block 65) failed [ 174.916458][T10048] FAT-fs (loop3): Directory bread(block 66) failed [ 174.923374][T10048] FAT-fs (loop3): Directory bread(block 67) failed [ 174.989297][T10048] FAT-fs (loop3): Directory bread(block 68) failed [ 174.995872][T10048] FAT-fs (loop3): Directory bread(block 69) failed [ 175.042895][T10048] FAT-fs (loop3): Directory bread(block 70) failed [ 175.066539][T10048] FAT-fs (loop3): Directory bread(block 71) failed [ 175.073163][T10048] FAT-fs (loop3): Directory bread(block 72) failed [ 175.094503][T10050] loop2: detected capacity change from 0 to 4096 [ 175.113152][T10048] FAT-fs (loop3): Directory bread(block 73) failed [ 175.137580][T10050] __ntfs_error: 2 callbacks suppressed [ 175.137597][T10050] ntfs: (device loop2): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 175.186535][T10050] ntfs: (device loop2): ntfs_read_locked_inode(): $DATA attribute is missing. [ 175.215715][T10050] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 175.269965][T10050] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 175.362323][T10050] ntfs: volume version 3.1. [ 175.369859][ T26] audit: type=1800 audit(1762450518.984:8): pid=10048 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2428" name="bus" dev="loop3" ino=1048628 res=0 errno=0 [ 175.428974][T10050] ntfs: (device loop2): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 175.491424][T10050] ntfs: (device loop2): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 175.531463][T10052] loop5: detected capacity change from 0 to 32768 [ 175.535099][T10050] ntfs: (device loop2): load_system_files(): Failed to determine if Windows is hibernated. Mounting read-only. Run chkdsk. [ 175.607405][T10050] ntfs: (device loop2): ntfs_read_locked_index_inode(): $INDEX_ROOT attribute is missing. [ 175.656379][T10050] ntfs: (device loop2): ntfs_read_locked_index_inode(): Failed with error code -2 while reading index inode (mft_no 0x0, name_len 2. [ 175.700769][T10052] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 175.710557][ T4239] Bluetooth: hci1: command 0x0406 tx timeout [ 175.723690][ T4239] Bluetooth: hci3: command 0x0406 tx timeout [ 175.758588][ T4239] Bluetooth: hci2: command 0x0406 tx timeout [ 175.807044][T10088] mip6: mip6_destopt_init_state: spi is not 0: 1114112 [ 175.814904][ T4239] Bluetooth: hci4: command 0x0406 tx timeout [ 175.982929][ T5792] (syz-executor,5792,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72 [ 176.016267][ T5792] ocfs2: Unmounting device (7,5) on (node local) [ 176.163339][T10104] netlink: 'syz.3.2458': attribute type 5 has an invalid length. [ 176.226286][ T4796] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 176.261095][T10111] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2461'. [ 176.279836][T10116] loop3: detected capacity change from 0 to 64 [ 176.296914][T10111] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2461'. [ 176.344503][T10111] netlink: 5 bytes leftover after parsing attributes in process `syz.5.2461'. [ 176.486191][ T4796] usb 3-1: Using ep0 maxpacket: 32 [ 176.506524][T10122] loop3: detected capacity change from 0 to 512 [ 176.580199][T10122] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 176.616329][ T4796] usb 3-1: config 0 has an invalid interface number: 35 but max is 0 [ 176.639858][ T4796] usb 3-1: config 0 has no interface number 0 [ 176.654205][T10122] EXT4-fs (loop3): mounted filesystem without journal. Opts: noauto_da_alloc,noload,acl,mblk_io_submit,sysvgroups,,errors=continue. Quota mode: writeback. [ 176.685906][T10122] ext4 filesystem being mounted at /533/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 176.816684][T10112] loop4: detected capacity change from 0 to 32768 [ 176.827679][ T4796] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f [ 176.843417][ T4796] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.851568][ T4796] usb 3-1: Product: syz [ 176.856220][ T4796] usb 3-1: Manufacturer: syz [ 176.860830][ T4796] usb 3-1: SerialNumber: syz [ 176.874417][ T4796] usb 3-1: config 0 descriptor?? [ 176.911765][T10112] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz.4.2462 (10112) [ 176.944017][ T4796] radio-si470x 3-1:0.35: could not find interrupt in endpoint [ 176.956166][ T4796] radio-si470x: probe of 3-1:0.35 failed with error -5 [ 176.978215][T10112] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 177.012799][T10112] BTRFS info (device loop4): enabling ssd optimizations [ 177.039182][T10112] BTRFS info (device loop4): turning on sync discard [ 177.060273][T10112] BTRFS info (device loop4): using free space tree [ 177.076150][T10112] BTRFS info (device loop4): has skinny extents [ 177.146275][ T4796] radio-raremono 3-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 177.341846][T10184] loop1: detected capacity change from 0 to 512 [ 177.356241][ T4796] radio-raremono 3-1:0.35: raremono_cmd_main failed (-71) [ 177.373257][T10191] 9pnet: Could not find request transport: 0xffffffffffffffff [ 177.398306][ T4796] radio-raremono 3-1:0.35: V4L2 device registered as radio48 [ 177.458731][ T4796] usb 3-1: USB disconnect, device number 17 [ 177.465004][ T4796] radio-raremono 3-1:0.35: Thanko's Raremono disconnected [ 177.587307][T10184] EXT4-fs (loop1): Ignoring removed orlov option [ 177.599490][T10112] BTRFS info (device loop4): balance: start -susage=8589934720,drange=7..107,limit=1..3 [ 177.620394][T10184] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 177.663018][T10112] BTRFS info (device loop4): left=0, need=98304, flags=2 [ 177.726944][T10112] BTRFS info (device loop4): space_info 2 has 0 free, is not full [ 177.730746][T10184] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2229: inode #15: comm syz.1.2487: corrupted in-inode xattr [ 177.735515][T10112] BTRFS info (device loop4): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 177.761418][T10112] BTRFS info (device loop4): global_block_rsv: size 851968 reserved 851968 [ 177.770876][T10112] BTRFS info (device loop4): trans_block_rsv: size 0 reserved 0 [ 177.778576][T10112] BTRFS info (device loop4): chunk_block_rsv: size 0 reserved 0 [ 177.781201][T10209] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2498'. [ 177.786320][T10112] BTRFS info (device loop4): delayed_block_rsv: size 0 reserved 0 [ 177.786418][T10112] BTRFS info (device loop4): delayed_refs_rsv: size 0 reserved 0 [ 177.797132][T10112] BTRFS info (device loop4): relocating block group 1048576 flags system [ 177.829683][T10209] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2498'. [ 177.854821][T10209] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2498'. [ 177.884824][T10184] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.2487: couldn't read orphan inode 15 (err -117) [ 177.916699][T10184] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,orlov,sysvgroups,noload,nombcache,noblock_validity,init_itable=0x0000000000000051,nogrpid,,errors=continue. Quota mode: none. [ 178.006840][T10213] netlink: 'syz.3.2500': attribute type 1 has an invalid length. [ 178.012546][T10112] BTRFS info (device loop4): balance: ended with status: 0 [ 178.434683][T10236] loop3: detected capacity change from 0 to 8 [ 178.723241][T10245] netlink: 'syz.2.2516': attribute type 44 has an invalid length. [ 178.989529][T10259] netlink: get zone limit has 8 unknown bytes [ 179.092604][T10265] loop2: detected capacity change from 0 to 164 [ 179.263978][T10275] netlink: 'syz.2.2531': attribute type 21 has an invalid length. [ 179.425460][T10287] loop1: detected capacity change from 0 to 512 [ 179.542962][T10284] loop3: detected capacity change from 0 to 4096 [ 179.565867][T10287] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2802e028, mo2=0002] [ 179.596247][T10287] System zones: 1-12 [ 179.634521][T10284] ntfs: volume version 3.1. [ 179.659968][T10287] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 33261: comm syz.1.2534: invalid block [ 179.728235][T10287] EXT4-fs (loop1): Remounting filesystem read-only [ 179.735182][T10307] IPv6: ADDRCONF(NETDEV_CHANGE): wireguard0: link becomes ready [ 179.753556][T10287] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.2534: invalid indirect mapped block 8 (level 2) [ 179.779919][T10287] EXT4-fs (loop1): Remounting filesystem read-only [ 179.787075][T10312] syz.4.2547 (10312): /proc/10311/oom_adj is deprecated, please use /proc/10311/oom_score_adj instead. [ 179.827594][T10287] EXT4-fs (loop1): 1 truncate cleaned up [ 179.827619][T10287] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_dev=0x0000000000000008,data_err=ignore,noinit_itable,sysvgroups,errors=remount-ro,. Quota mode: none. [ 180.302289][T10346] loop5: detected capacity change from 0 to 16 [ 180.376928][T10346] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 180.405477][T10345] loop3: detected capacity change from 0 to 4096 [ 180.421824][T10346] cramfs: bad root offset 140 [ 180.431113][T10356] netlink: 'syz.2.2568': attribute type 21 has an invalid length. [ 180.447468][T10356] IPv6: NLM_F_CREATE should be specified when creating new route [ 180.455377][T10356] IPv6: Can't replace route, no match found [ 180.500179][T10345] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 180.557618][T10345] ntfs3: loop3: ntfs_sync_fs r=9 failed, -22. [ 180.584661][T10345] ntfs3: loop3: ntfs_evict_inode r=9 failed, -22. [ 180.593937][T10364] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2572'. [ 180.781310][T10372] loop2: detected capacity change from 0 to 47 [ 180.790405][T10374] device gtp0 entered promiscuous mode [ 180.869914][T10382] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2583'. [ 181.062892][T10396] loop2: detected capacity change from 0 to 64 [ 181.211256][T10408] netlink: 'syz.4.2595': attribute type 10 has an invalid length. [ 181.243533][T10408] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2595'. [ 181.276686][T10408] device vxcan0 entered promiscuous mode [ 181.297492][T10408] A link change request failed with some changes committed already. Interface vxcan0 may have been left with an inconsistent configuration, please check. [ 181.354017][T10421] No such timeout policy "syz1" [ 181.574155][T10441] dlm: non-version read from control device 8192 [ 181.576891][T10442] loop3: detected capacity change from 0 to 256 [ 181.636782][T10447] loop5: detected capacity change from 0 to 512 [ 181.719483][T10447] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 181.762319][T10452] loop2: detected capacity change from 0 to 4096 [ 181.775560][T10447] ext4 filesystem being mounted at /293/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 181.820420][T10464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2622'. [ 181.829976][T10464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2622'. [ 181.848577][T10464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2622'. [ 181.895036][T10452] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 181.913744][T10464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2622'. [ 181.915086][T10452] ntfs3: loop2: Failed to load $Extend. [ 181.958288][T10464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2622'. [ 182.011684][T10464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2622'. [ 182.031377][T10464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2622'. [ 182.070090][T10464] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 182.106318][T10464] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 182.248464][ T4795] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 182.417680][T10491] CIFS mount error: No usable UNC path provided in device string! [ 182.417680][T10491] [ 182.495902][T10491] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 182.626360][ T4795] usb 4-1: config 0 has an invalid descriptor of length 91, skipping remainder of the config [ 182.640685][T10502] loop5: detected capacity change from 0 to 64 [ 182.654862][ T4795] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 182.689167][T10506] device ip6erspan0 entered promiscuous mode [ 182.699434][ T4795] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10 [ 182.723237][ T4795] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 182.766434][ T4795] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 182.787850][ T4795] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 182.801230][ T4795] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.812614][ T4795] usb 4-1: config 0 descriptor?? [ 182.955111][T10517] loop1: detected capacity change from 0 to 64 [ 182.976806][ T4795] rc_core: IR keymap rc-hauppauge not found [ 182.983165][ T4795] Registered IR keymap rc-empty [ 182.992041][T10521] loop4: detected capacity change from 0 to 2048 [ 183.028269][ T4795] mceusb 4-1:0.0: Error: mce write urb status = -71 [ 183.084287][T10521] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 183.093340][ T4795] mceusb 4-1:0.0: Error: mce write urb status = -71 [ 183.118781][T10531] ipt_CLUSTERIP: bad local_nodes[1] 0 [ 183.139607][ T4795] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 183.195467][ T4795] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input18 [ 183.266292][ T4795] mceusb 4-1:0.0: Error: mce write urb status = -71 [ 183.284810][T10535] loop1: detected capacity change from 0 to 512 [ 183.345745][T10540] loop2: detected capacity change from 0 to 512 [ 183.354885][ T4795] mceusb 4-1:0.0: Error: mce write urb status = -71 [ 183.406960][ T4795] mceusb 4-1:0.0: Error: mce write urb status = -71 [ 183.423693][T10540] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 183.444416][T10549] loop4: detected capacity change from 0 to 2048 [ 183.456227][ T4795] mceusb 4-1:0.0: Error: mce write urb status = -71 [ 183.469251][T10535] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,auto_da_alloc=0x0000000000000007,noauto_da_alloc,. Quota mode: writeback. [ 183.486448][T10535] ext4 filesystem being mounted at /567/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.487185][T10540] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 183.505193][T10540] EXT4-fs error (device loop2): ext4_orphan_get:1427: comm syz.2.2659: bad orphan inode 13 [ 183.526193][ T4795] mceusb 4-1:0.0: Error: mce write urb status = -71 [ 183.551553][T10535] __quota_error: 19 callbacks suppressed [ 183.551568][T10535] Quota error (device loop1): find_block_dqentry: Quota for id 0 referenced but not present [ 183.569638][T10540] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="data_err=ignore,noload,data_err=ignore,grpjquota="errors=continue,max_dir_size_kb=0x00000000000001ff,nobarrier,,errors=continue. Quota mode: writeback. [ 183.598395][ T4795] mceusb 4-1:0.0: Error: mce write urb status = -71 [ 183.646297][ T4795] mceusb 4-1:0.0: Error: mce write urb status = -71 [ 183.668178][T10535] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 183.679094][T10554] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 183.706279][T10535] EXT4-fs error (device loop1): ext4_acquire_dquot:6209: comm syz.1.2655: Failed to acquire dquot type 0 [ 183.761030][T10535] EXT4-fs (loop1): Remounting filesystem read-only [ 183.877212][ T4795] mceusb 4-1:0.0: Error: mce write urb status = -71 [ 183.905644][T10560] openvswitch: netlink: Actions may not be safe on all matching packets [ 183.926200][ T4795] mceusb 4-1:0.0: Error: mce write urb status = -71 [ 183.979129][ T4795] mceusb 4-1:0.0: Error: mce write urb status = -71 [ 184.015312][T10564] overlayfs: unrecognized mount option "\" or missing value [ 184.020106][ T4795] mceusb 4-1:0.0: Registered with mce emulator interface version 1 [ 184.042897][T10568] netlink: 'syz.4.2667': attribute type 2 has an invalid length. [ 184.050926][ T4795] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 184.094431][T10572] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 184.095004][ T4795] usb 4-1: USB disconnect, device number 12 [ 184.203208][T10572] overlayfs: missing 'lowerdir' [ 184.281427][T10571] loop3: detected capacity change from 0 to 4096 [ 184.346474][T10571] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512) [ 184.633948][T10571] overlayfs: bad mount option "redirect_dir=follow:/" [ 184.759964][T10614] xt_CONNSECMARK: invalid mode: 0 [ 184.998761][T10629] netlink: 'syz.1.2700': attribute type 3 has an invalid length. [ 185.006811][ T4796] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 185.236339][T10649] loop1: detected capacity change from 0 to 512 [ 185.256497][ T4796] usb 6-1: Using ep0 maxpacket: 32 [ 185.271128][ T4230] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 185.321329][T10649] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 185.342344][T10649] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 185.376332][ T4796] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 185.413277][T10649] EXT4-fs error (device loop1): ext4_orphan_get:1427: comm syz.1.2710: bad orphan inode 13 [ 185.449692][T10649] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="data_err=ignore,noload,data_err=ignore,grpjquota="errors=continue,max_dir_size_kb=0x00000000000001ff,nobarrier,,errors=continue. Quota mode: writeback. [ 185.528806][ T4230] usb 4-1: Using ep0 maxpacket: 16 [ 185.561134][T10652] loop4: detected capacity change from 0 to 32768 [ 185.567875][ T4796] usb 6-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 185.572661][T10660] loop2: detected capacity change from 0 to 2048 [ 185.586476][ T4796] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.594663][ T4796] usb 6-1: Product: syz [ 185.599277][ T4796] usb 6-1: Manufacturer: syz [ 185.603908][ T4796] usb 6-1: SerialNumber: syz [ 185.610761][ T4796] usb 6-1: config 0 descriptor?? [ 185.656388][ T4230] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 185.674432][T10660] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 185.684749][T10652] ialloc: diAlloc returned -5! [ 185.685983][ T4796] usb 6-1: bad CDC descriptors [ 185.706280][ T4230] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 185.754492][ T4796] usb 6-1: unsupported MDLM descriptors [ 185.765041][T10664] xt_limit: Overflow, try lower: 33554432/384 [ 185.766678][ T4230] usb 4-1: config 0 has no interface number 0 [ 185.853906][ T4796] usb 6-1: USB disconnect, device number 12 [ 185.897891][T10668] xt_l2tp: unknown flags: 3b [ 185.936494][ T4230] usb 4-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28 [ 185.945563][ T4230] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.976131][ T4230] usb 4-1: Product: syz [ 185.980328][ T4230] usb 4-1: Manufacturer: syz [ 185.985079][ T4230] usb 4-1: SerialNumber: syz [ 186.021825][ T4230] usb 4-1: config 0 descriptor?? [ 186.046468][T10676] CIFS: VFS: Malformed UNC in devname [ 186.068273][ T4230] usb 4-1: Found UVC 0.00 device syz (046c:14e8) [ 186.082139][ T4230] usb 4-1: No valid video chain found. [ 186.319072][ T4239] usb 4-1: USB disconnect, device number 13 [ 186.365706][T10698] loop2: detected capacity change from 0 to 1024 [ 186.387161][T10700] loop1: detected capacity change from 0 to 8 [ 186.560341][ T154] hfsplus: b-tree write err: -5, ino 4 [ 186.899946][T10736] netlink: 'syz.3.2753': attribute type 5 has an invalid length. [ 187.439069][T10728] loop1: detected capacity change from 0 to 32768 [ 187.461672][T10750] Zero length message leads to an empty skb [ 187.517253][T10728] ERROR: (device loop1): diAllocAG: error reading iag [ 187.517253][T10728] [ 187.575607][T10728] ialloc: diAlloc returned -5! [ 187.821953][T10768] __nla_validate_parse: 12 callbacks suppressed [ 187.825677][T10768] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2770'. [ 187.879179][T10768] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 188.178260][T10795] bond0: Error: Cannot enslave bond to itself. [ 188.372555][T10813] loop5: detected capacity change from 0 to 1024 [ 188.416718][T10813] EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled [ 188.442502][T10813] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option [ 188.450304][ T4230] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 188.472104][T10813] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 188.536117][ T4796] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 188.556772][T10813] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,sysvgroups,journal_ioprio=0x0000000000000004,noauto_da_alloc,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,bsddf,,errors=continue. Quota mode: writeback. [ 188.709338][ T4230] usb 2-1: Using ep0 maxpacket: 32 [ 188.753594][T10804] loop4: detected capacity change from 0 to 32768 [ 188.801731][ T4796] usb 4-1: Using ep0 maxpacket: 8 [ 188.821756][T10804] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz.4.2787 (10804) [ 188.826513][ T4230] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 188.936870][T10804] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 188.948455][T10804] BTRFS info (device loop4): force clearing of disk cache [ 188.961478][T10804] BTRFS info (device loop4): using free space tree [ 188.972062][ T4796] usb 4-1: unable to get BOS descriptor or descriptor too short [ 188.988327][T10804] BTRFS info (device loop4): has skinny extents [ 189.016710][ T4230] usb 2-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 189.025782][ T4230] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.051819][ T4230] usb 2-1: Product: syz [ 189.057232][ T4230] usb 2-1: Manufacturer: syz [ 189.061969][ T4230] usb 2-1: SerialNumber: syz [ 189.066965][ T4796] usb 4-1: config 4 has an invalid interface number: 116 but max is 0 [ 189.095832][ T4796] usb 4-1: config 4 has no interface number 0 [ 189.102874][ T4230] usb 2-1: config 0 descriptor?? [ 189.116260][ T4796] usb 4-1: config 4 interface 116 has no altsetting 0 [ 189.157300][ T4230] microtek usb (rev 0.4.3): expecting 3 got 0 endpoints! Bailing out. [ 189.276543][ T4796] usb 4-1: New USB device found, idVendor=0ab4, idProduct=0011, bcdDevice=a9.28 [ 189.313412][ T4796] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.393722][ T4796] usb 4-1: Product: syz [ 189.393753][T10804] BTRFS info (device loop4): enabling ssd optimizations [ 189.398975][T10874] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2809'. [ 189.418833][T10804] BTRFS info (device loop4): clearing free space tree [ 189.425770][T10804] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 189.438986][ T4796] usb 4-1: Manufacturer: syz [ 189.443602][ T4796] usb 4-1: SerialNumber: syz [ 189.473709][T10874] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2809'. [ 189.484272][T10874] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2809'. [ 189.489697][ T4230] usb 2-1: USB disconnect, device number 12 [ 189.493510][T10874] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2809'. [ 189.509594][T10804] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 189.532477][T10804] BTRFS info (device loop4): creating free space tree [ 189.544920][T10804] BTRFS info (device loop4): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 189.559757][T10804] BTRFS info (device loop4): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 189.770097][ T4796] esd_usb2 4-1:4.116: sending version message failed [ 189.779301][ T4796] esd_usb2: probe of 4-1:4.116 failed with error -22 [ 189.818742][ T4796] usb 4-1: USB disconnect, device number 14 [ 189.860921][ T6123] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 190.287585][ T6123] usb 6-1: config 0 has an invalid interface number: 36 but max is 0 [ 190.305980][ T6123] usb 6-1: config 0 has no interface number 0 [ 190.341637][T10909] loop3: detected capacity change from 0 to 512 [ 190.382623][T10911] loop2: detected capacity change from 0 to 1024 [ 190.438410][T10911] hfsplus: session requires an argument [ 190.461559][T10911] hfsplus: unable to parse mount options [ 190.474924][T10909] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 190.527630][ T6123] usb 6-1: New USB device found, idVendor=0733, idProduct=0430, bcdDevice=ce.72 [ 190.549867][ T6123] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.629992][ T6123] usb 6-1: Product: syz [ 190.634189][ T6123] usb 6-1: Manufacturer: syz [ 190.687360][ T6123] usb 6-1: SerialNumber: syz [ 190.721435][ T6123] usb 6-1: config 0 descriptor?? [ 190.778106][ T6123] gspca_main: spca505-2.14.0 probing 0733:0430 [ 190.953179][T10931] loop3: detected capacity change from 0 to 64 [ 191.003804][T10901] loop1: detected capacity change from 0 to 32768 [ 191.020134][T10917] loop2: detected capacity change from 0 to 32768 [ 191.084861][T10931] Trying to free block not in datazone [ 191.108861][T10901] (syz.1.2823,10901,0):ocfs2_init_local_system_inodes:493 ERROR: status=-22, sysfile=10, slot=0 [ 191.181220][T10901] (syz.1.2823,10901,1):ocfs2_init_local_system_inodes:502 ERROR: status = -22 [ 191.221750][T10901] (syz.1.2823,10901,0):ocfs2_mount_volume:1818 ERROR: status = -22 [ 191.230330][ T6123] gspca_spca505: reg write: error -71 [ 191.235842][ T6123] spca505: probe of 6-1:0.36 failed with error -5 [ 191.300890][ T6123] usb 6-1: USB disconnect, device number 13 [ 191.351651][T10901] (syz.1.2823,10901,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 191.865748][T10901] blk_update_request: I/O error, dev loop1, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 191.942544][T10984] xt_recent: hitcount (4294901760) is larger than allowed maximum (255) [ 191.986905][T10978] xt_CT: No such helper "pptp" [ 192.062240][T10988] loop4: detected capacity change from 0 to 1024 [ 192.074935][T10993] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2864'. [ 192.138509][T10993] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2864'. [ 192.154472][T10993] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2864'. [ 192.386361][ T4806] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 192.431711][T10986] loop2: detected capacity change from 0 to 32768 [ 192.570534][T10986] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 192.610911][T10986] (syz.2.2862,10986,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=288, inode=0, rec_len=0, name_len=0 [ 192.632506][T10986] (syz.2.2862,10986,1):ocfs2_prepare_dir_for_insert:4311 ERROR: status = -2 [ 192.646191][ T4806] usb 4-1: Using ep0 maxpacket: 16 [ 192.681779][T10986] (syz.2.2862,10986,1):ocfs2_mknod:298 ERROR: status = -2 [ 192.684643][ T6123] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 192.692709][T10986] (syz.2.2862,10986,1):ocfs2_mknod:502 ERROR: status = -2 [ 192.704090][T10986] (syz.2.2862,10986,1):ocfs2_create:676 ERROR: status = -2 [ 192.751276][ T4184] ocfs2: Unmounting device (7,2) on (node local) [ 192.766533][ T4806] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 192.775625][ T4806] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.810397][ T4806] usb 4-1: config 0 descriptor?? [ 192.864313][ T4806] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 192.986475][ T6123] usb 6-1: Using ep0 maxpacket: 8 [ 193.060045][ T4806] usb 4-1: Detected FT8U232AM [ 193.065994][ T4806] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 193.146797][ T6123] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 193.266478][ T6123] usb 6-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=61.da [ 193.279180][ T4806] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 193.281306][ T6123] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 193.304103][ T4795] usb 4-1: USB disconnect, device number 15 [ 193.304942][ T6123] usb 6-1: Manufacturer: syz [ 193.327216][ T6123] usb 6-1: config 0 descriptor?? [ 193.327238][ T4795] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 193.353076][ T4795] ftdi_sio 4-1:0.0: device disconnected [ 193.370341][ T6123] appledisplay 6-1:0.0: Could not find int-in endpoint [ 193.391451][ T6123] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 193.407315][T11056] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2895'. [ 193.466261][ T7314] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 193.505286][T11058] loop1: detected capacity change from 0 to 64 [ 193.576132][ T6123] usb 6-1: USB disconnect, device number 14 [ 193.736127][ T7314] usb 5-1: Using ep0 maxpacket: 8 [ 193.826359][ T4806] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 193.835081][T11066] loop1: detected capacity change from 0 to 164 [ 193.847543][ T4806] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.869488][ T4806] usb 3-1: Product: syz [ 193.873721][ T4806] usb 3-1: Manufacturer: syz [ 193.914426][T11066] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 193.917375][ T4806] usb 3-1: SerialNumber: syz [ 193.965512][ T4806] usb 3-1: config 0 descriptor?? [ 194.060018][ T7314] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 194.078323][ T7314] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.099623][ T7314] usb 5-1: Product: syz [ 194.103824][ T7314] usb 5-1: Manufacturer: syz [ 194.116474][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.122809][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.157824][ T7314] usb 5-1: SerialNumber: syz [ 194.164661][ T7314] usb 5-1: config 0 descriptor?? [ 194.208055][ T7314] gspca_main: sq930x-2.14.0 probing 2770:930c [ 194.216195][ T4795] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 194.236856][ T4806] usb-storage 3-1:0.0: USB Mass Storage device detected [ 194.340594][T11082] netlink: 76 bytes leftover after parsing attributes in process `syz.5.2907'. [ 194.401280][T11084] Sensor A: ================= START STATUS ================= [ 194.410420][T11084] Sensor A: Test Pattern: 75% Colorbar [ 194.418283][T11084] Sensor A: Show Information: All [ 194.423789][T11084] Sensor A: Vertical Flip: false [ 194.430084][T11084] Sensor A: Horizontal Flip: false [ 194.435227][T11084] Sensor A: Brightness: 128 [ 194.440279][T11084] Sensor A: Contrast: 128 [ 194.441250][ T6123] usb 3-1: USB disconnect, device number 18 [ 194.444635][T11084] Sensor A: Hue: 0 [ 194.444701][T11084] Sensor A: Saturation: 128 [ 194.444721][T11084] Sensor A: ================== END STATUS ================== [ 194.456199][ T4795] usb 4-1: Using ep0 maxpacket: 32 [ 194.619108][ T4795] usb 4-1: config 0 has an invalid interface number: 166 but max is 0 [ 194.636246][ T7314] gspca_sq930x: ucbus_write failed -71 [ 194.637662][ T4795] usb 4-1: config 0 has no interface number 0 [ 194.641797][ T7314] sq930x: probe of 5-1:0.0 failed with error -71 [ 194.656130][ T4795] usb 4-1: config 0 interface 166 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 16 [ 194.657752][T11094] ieee802154 phy0 wpan0: encryption failed: -90 [ 194.697169][ T7314] usb 5-1: USB disconnect, device number 8 [ 194.846445][ T4795] usb 4-1: New USB device found, idVendor=110a, idProduct=1110, bcdDevice=19.a8 [ 194.855609][ T4795] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.877557][ T4795] usb 4-1: Product: syz [ 194.885220][ T4795] usb 4-1: Manufacturer: syz [ 194.896146][ T4795] usb 4-1: SerialNumber: syz [ 194.906951][ T4795] usb 4-1: config 0 descriptor?? [ 194.937462][T11068] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 194.957956][ T4795] ti_usb_3410_5052 4-1:0.166: TI USB 3410 1 port adapter converter detected [ 194.984852][ T4795] ti_usb_3410_5052 4-1:0.166: missing endpoints [ 195.036611][T11103] loop1: detected capacity change from 0 to 8192 [ 195.125696][T11103] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 195.155429][T11103] REISERFS (device loop1): using ordered data mode [ 195.162732][T11103] reiserfs: using flush barriers [ 195.187482][T11103] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 195.206737][T11103] REISERFS (device loop1): checking transaction log (loop1) [ 195.231260][ T21] usb 4-1: USB disconnect, device number 16 [ 195.270569][T11123] netlink: 'syz.4.2926': attribute type 10 has an invalid length. [ 195.346175][T11123] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2926'. [ 195.458854][T11103] REISERFS (device loop1): Using tea hash to sort names [ 195.477878][T11103] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 195.550999][T11135] loop2: detected capacity change from 0 to 24 [ 195.569401][T11132] loop4: detected capacity change from 0 to 2048 [ 195.582782][T11137] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2934'. [ 195.616786][T11135] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 195.632034][T11132] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 195.654878][T11132] NILFS (loop4): unrecognized mount option "ÿÿ" [ 195.671444][T11135] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 195.713113][T11132] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 195.788493][T11143] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 195.890276][T11146] loop5: detected capacity change from 0 to 64 [ 195.923735][T11149] loop3: detected capacity change from 0 to 512 [ 196.033270][T11146] Trying to free block not in datazone [ 196.085544][T11149] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.2942: inode has both inline data and extents flags [ 196.150245][T11160] loop4: detected capacity change from 0 to 512 [ 196.184458][T11149] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.2942: couldn't read orphan inode 15 (err -117) [ 196.276606][T11149] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 196.331399][T11160] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 196.356535][T11152] loop1: detected capacity change from 0 to 32768 [ 196.364012][T11160] ext4 filesystem being mounted at /645/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 196.436709][T11152] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 196.497054][T11152] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 196.546160][ T4946] (kworker/u4:8,4946,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=312, inode=13845347915746889, rec_len=25793, name_len=214 [ 196.763190][T11189] loop4: detected capacity change from 0 to 256 [ 196.773900][ T4185] ocfs2: Unmounting device (7,1) on (node local) [ 196.854990][T11195] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2958'. [ 197.060223][T11208] loop3: detected capacity change from 0 to 512 [ 197.150949][T11208] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 197.165642][T11208] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 197.184087][T11217] loop2: detected capacity change from 0 to 1024 [ 197.192542][T11207] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2963'. [ 197.206583][T11208] System zones: 0-1, 15-15, 18-18, 34-34 [ 197.213241][T11208] EXT4-fs (loop3): orphan cleanup on readonly fs [ 197.220009][T11208] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 197.230254][T11208] EXT4-fs warning (device loop3): ext4_enable_quotas:6461: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 197.245425][T11208] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 197.262170][T11208] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.2966: bg 0: block 40: padding at end of block bitmap is not set [ 197.295108][T11219] loop5: detected capacity change from 0 to 764 [ 197.302672][T11208] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6178: Corrupt filesystem [ 197.313914][T11208] EXT4-fs (loop3): 1 truncate cleaned up [ 197.319755][T11208] EXT4-fs (loop3): mounted filesystem without journal. Opts: resgid=0x0000000000000000,,errors=continue. Quota mode: writeback. [ 197.333578][ T4795] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 197.367638][T11208] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 197.473896][T11225] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2971'. [ 197.556447][ T21] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 197.586203][ T4795] usb 5-1: Using ep0 maxpacket: 8 [ 197.624856][T11232] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2974'. [ 197.652694][T11232] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2974'. [ 197.854313][T11243] loop3: detected capacity change from 0 to 4096 [ 197.868129][ T4795] usb 5-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b [ 197.879223][ T4795] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.891229][ T4795] usb 5-1: Product: syz [ 197.895522][ T4795] usb 5-1: Manufacturer: syz [ 197.900927][ T4795] usb 5-1: SerialNumber: syz [ 197.907472][ T4795] usb 5-1: config 0 descriptor?? [ 197.914468][T11243] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 0) do not match. Run ntfsfix or chkdsk. [ 197.930012][ T21] usb 2-1: config 0 has an invalid interface number: 205 but max is 0 [ 197.946370][ T21] usb 2-1: config 0 has no interface number 0 [ 197.956593][T11243] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 197.980679][T11249] loop5: detected capacity change from 0 to 2048 [ 197.988101][ T4795] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state. [ 198.006345][T11243] ntfs: (device loop3): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 198.018880][ T4795] dvb-usb: bulk message failed: -22 (2/0) [ 198.042808][ T4795] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 198.054480][T11249] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 198.062787][T11243] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 198.096987][ T4795] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201)) [ 198.125009][T11243] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 198.128430][ T4795] usb 5-1: media controller created [ 198.141072][T11243] ntfs: volume version 3.1. [ 198.141738][ T21] usb 2-1: New USB device found, idVendor=04dd, idProduct=9031, bcdDevice=65.c7 [ 198.148319][T11243] ntfs: (device loop3): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 198.165761][ T21] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.172135][T11243] ntfs: (device loop3): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 198.196316][ T21] usb 2-1: Product: syz [ 198.200604][ T21] usb 2-1: Manufacturer: syz [ 198.205210][ T21] usb 2-1: SerialNumber: syz [ 198.219033][ T4795] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 198.237248][ T21] usb 2-1: config 0 descriptor?? [ 198.245041][T11243] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 198.269686][T11243] ntfs: (device loop3): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 198.297139][ T21] usb 2-1: bad CDC descriptors [ 198.306498][ T21] usb 2-1: unsupported MDLM descriptors [ 198.312394][ T4795] dvb-usb: bulk message failed: -22 (1/0) [ 198.374353][T11256] loop5: detected capacity change from 0 to 8 [ 198.385651][ T4795] DVB: Unable to find symbol mt352_attach() [ 198.393709][ T4795] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T USB (LGZ201)' [ 198.427020][T11256] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 198.479543][T11256] cramfs: bad data blocksize 3221485570 [ 198.511223][ T21] usb 2-1: USB disconnect, device number 13 [ 198.516336][ T4296] udevd[4296]: incorrect cramfs checksum on /dev/loop5 [ 198.529592][T11256] cramfs: bad data blocksize 3221485570 [ 198.572302][ T9008] udevd[9008]: incorrect cramfs checksum on /dev/loop5 [ 198.616381][ T4795] rc_core: IR keymap rc-dvico-portable not found [ 198.626341][ T4795] Registered IR keymap rc-empty [ 198.631875][ T4795] rc rc0: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0 [ 198.633280][T11264] netlink: 'syz.3.2989': attribute type 1 has an invalid length. [ 198.649340][ T4795] input: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0/input19 [ 198.664478][ T4795] dvb-usb: schedule remote query interval to 100 msecs. [ 198.672731][ T4795] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully initialized and connected. [ 198.696264][T11264] netlink: 228 bytes leftover after parsing attributes in process `syz.3.2989'. [ 198.707748][ T4795] usb 5-1: USB disconnect, device number 9 [ 198.812947][T11247] loop2: detected capacity change from 0 to 32768 [ 198.845601][ T4795] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully deinitialized and disconnected. [ 198.871101][T11247] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 198.889773][T11247] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 198.902402][T11272] loop5: detected capacity change from 0 to 8 [ 198.933400][T11247] gfs2: fsid=syz:syz.0: journal 0 mapped with 18 extents in 0ms [ 198.968604][ T6123] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 198.980883][ T6123] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 199.124903][ T6123] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 144ms [ 199.159419][ T6123] gfs2: fsid=syz:syz.0: jid=0: Done [ 199.185067][T11247] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 199.294224][T11285] loop5: detected capacity change from 0 to 512 [ 199.305996][T11288] tmpfs: Bad value for 'mpol' [ 199.337385][T11285] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option [ 199.421606][T11294] loop4: detected capacity change from 0 to 16 [ 199.437829][T11285] EXT4-fs error (device loop5): ext4_get_branch:178: inode #11: block 33261: comm syz.5.2999: invalid block [ 199.492155][T11294] erofs: (device loop4): mounted with root inode @ nid 36. [ 199.551516][T11285] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.2999: invalid indirect mapped block 8 (level 2) [ 199.584832][T11300] device bond2 entered promiscuous mode [ 199.594452][T11294] erofs: (device loop4): erofs_read_inode: bogus i_mode (0) @ nid 46 [ 199.608688][T11300] 8021q: adding VLAN 0 to HW filter on device bond2 [ 199.694223][T11285] EXT4-fs (loop5): 1 truncate cleaned up [ 199.748862][T11285] EXT4-fs (loop5): mounted filesystem without journal. Opts: journal_dev=0x0000000000000008,noauto_da_alloc,nomblk_io_submit,auto_da_alloc=0x0000000000000002,nouid32,barrier=0x0000000000000009,noauto_da_alloc,,errors=continue. Quota mode: none. [ 199.864965][T11309] program syz.3.3009 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 199.877672][T11308] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3010'. [ 200.590638][T11344] loop3: detected capacity change from 0 to 4096 [ 200.595721][T11344] ntfs3: Invalid value for gid. [ 200.862010][ T21] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 200.955736][T11355] loop1: detected capacity change from 0 to 256 [ 200.979674][T11337] loop2: detected capacity change from 0 to 32768 [ 201.029864][T11337] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz.2.3023 (11337) [ 201.105969][T11328] loop5: detected capacity change from 0 to 32768 [ 201.106427][T11337] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 201.126353][ T21] usb 5-1: Using ep0 maxpacket: 16 [ 201.142208][T11337] BTRFS info (device loop2): force clearing of disk cache [ 201.149952][T11337] BTRFS info (device loop2): using free space tree [ 201.157418][T11337] BTRFS info (device loop2): has skinny extents [ 201.256404][ T21] usb 5-1: unable to get BOS descriptor set [ 201.258501][T11368] binder: 11358:11368 ioctl c00c620f 0 returned -14 [ 201.304462][T11376] loop1: detected capacity change from 0 to 22 [ 201.314064][T11328] XFS (loop5): Mounting V5 Filesystem [ 201.336404][ T21] usb 5-1: config 26 has an invalid interface number: 87 but max is 0 [ 201.362186][ T21] usb 5-1: config 26 has no interface number 0 [ 201.376818][T11376] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 201.410300][ T21] usb 5-1: config 26 interface 87 has no altsetting 0 [ 201.424661][T11337] BTRFS info (device loop2): enabling ssd optimizations [ 201.444430][T11376] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 201.496560][T11337] BTRFS info (device loop2): clearing free space tree [ 201.510948][T11337] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 201.518774][T11328] XFS (loop5): Ending clean mount [ 201.523611][T11337] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 201.533986][T11328] XFS (loop5): Metadata CRC error detected at xfs_inobt_read_verify+0x3a/0xd0, xfs_finobt block 0x20 [ 201.559585][T11337] BTRFS info (device loop2): creating free space tree [ 201.571005][T11328] XFS (loop5): Unmount and run xfs_repair [ 201.580794][T11337] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 201.590553][T11328] XFS (loop5): First 128 bytes of corrupted metadata buffer: [ 201.616728][T11328] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 201.619377][T11337] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 201.625637][T11328] 00000010: 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 40 ....... .......@ [ 201.650607][T11402] netlink: 'syz.1.3043': attribute type 7 has an invalid length. [ 201.676497][ T21] usb 5-1: New USB device found, idVendor=1199, idProduct=0301, bcdDevice=36.7e [ 201.691982][T11402] netlink: 'syz.1.3043': attribute type 8 has an invalid length. [ 201.703676][ T21] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.704863][T11328] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a ...B..N....xv... [ 201.721000][T11402] netlink: 'syz.1.3043': attribute type 9 has an invalid length. [ 201.732376][ T21] usb 5-1: Product: syz [ 201.737547][T11328] 00000030: 00 00 00 00 8a d2 18 46 00 00 16 80 00 00 40 37 .......F......@7 [ 201.738467][ T21] usb 5-1: Manufacturer: syz [ 201.755004][ T21] usb 5-1: SerialNumber: syz [ 201.772565][T11328] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 201.802278][T11328] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 ................ [ 201.822548][T11328] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 201.853876][T11328] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 201.863438][T11328] XFS (loop5): metadata I/O error in "xfs_btree_read_buf_block+0x1d3/0x2c0" at daddr 0x20 len 8 error 74 [ 201.888666][T11328] XFS (loop5): Failed to initialize disk quotas. [ 202.097265][ T21] sierra 5-1:26.87: Sierra USB modem converter detected [ 202.142384][ T21] usb 5-1: Sierra USB modem converter now attached to ttyUSB0 [ 202.172699][ T21] usb 5-1: USB disconnect, device number 10 [ 202.203630][ T21] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 202.241830][ T21] sierra 5-1:26.87: device disconnected [ 202.407776][ T5792] XFS (loop5): Unmounting Filesystem [ 202.771657][T11437] loop3: detected capacity change from 0 to 1024 [ 202.957863][T11452] loop2: detected capacity change from 0 to 64 [ 203.012209][T11452] MINIX-fs: file system does not have enough zmap blocks allocated. Refusing to mount. [ 203.037268][T11452] MINIX-fs: bad superblock or unable to read bitmaps [ 203.176371][T11465] loop1: detected capacity change from 0 to 64 [ 203.261117][T11480] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3076'. [ 203.519153][T11504] loop2: detected capacity change from 0 to 8 [ 203.538672][T11506] loop5: detected capacity change from 0 to 128 [ 203.568023][T11504] SQUASHFS error: Failed to read block 0x26067d: -5 [ 203.577415][T11504] SQUASHFS error: Unable to read metadata cache entry [26067d] [ 203.610549][T11510] QAT: failed to copy from user. [ 203.615978][T11504] SQUASHFS error: Unable to read directory block [26067d:ffff] [ 203.726246][T11423] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 203.780067][T11522] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 203.799521][T11522] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 204.015399][T11546] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3109'. [ 204.029139][T11423] usb 4-1: Using ep0 maxpacket: 16 [ 204.055633][T11546] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3109'. [ 204.240792][T11559] loop5: detected capacity change from 0 to 256 [ 204.265389][T11559] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 204.357322][T11423] usb 4-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 204.361460][T11559] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 204.389576][T11423] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.434562][T11423] usb 4-1: Product: syz [ 204.454957][T11567] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3119'. [ 204.464564][T11423] usb 4-1: Manufacturer: syz [ 204.475202][T11559] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 204.480350][T11423] usb 4-1: SerialNumber: syz [ 204.530097][T11423] usb 4-1: config 0 descriptor?? [ 204.669720][T11573] loop2: detected capacity change from 0 to 764 [ 204.726733][T11577] loop1: detected capacity change from 0 to 1024 [ 204.759771][T11573] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 204.772682][T11577] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 204.786393][T11423] speedtch 4-1:0.0: speedtch_bind: wrong device class 68 [ 204.805214][T11423] speedtch 4-1:0.0: usbatm_usb_probe: bind failed: -19! [ 204.868346][T11577] EXT4-fs (loop1): mounted filesystem without journal. Opts: abort,bsddf,barrier=0x00000000000001ff,commit=0x0000000000000005,debug_want_extra_isize=0x000000000000007e,grpjquota=,nodelalloc,noblock_validity,nomblk_io_submit,,errors=continue. Quota mode: none. [ 204.991925][T11423] usb 4-1: USB disconnect, device number 17 [ 205.197843][T11598] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3133'. [ 205.253552][T11602] loop5: detected capacity change from 0 to 1024 [ 205.287135][T11602] EXT4-fs (loop5): Test dummy encryption mode enabled [ 205.333225][T11602] EXT4-fs (loop5): mounted filesystem without journal. Opts: data=ordered,barrier=0x00000000000003ff,stripe=0x0000000000000007,nombcache,nogrpid,inode_readahead_blks=0x0000000000800000,max_batch_time=0x0000000000000000,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 205.359890][ C0] vkms_vblank_simulate: vblank timer overrun [ 205.440305][T11609] overlayfs: missing 'workdir' [ 205.480804][T11611] ipt_CLUSTERIP: no config found for 127.0.0.1, need 'new' [ 205.605845][T11617] netlink: 'syz.3.3142': attribute type 40 has an invalid length. [ 205.702931][T11620] loop2: detected capacity change from 0 to 128 [ 205.871067][T11631] loop4: detected capacity change from 0 to 256 [ 205.899830][T11631] exfat: Deprecated parameter 'utf8' [ 205.925131][T11637] netlink: 'syz.1.3152': attribute type 1 has an invalid length. [ 205.940388][T11631] exfat: Deprecated parameter 'namecase' [ 205.964283][T11631] exfat: Deprecated parameter 'utf8' [ 205.966706][T11638] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3151'. [ 206.006996][T11631] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x4b823b56, utbl_chksum : 0xe619d30d) [ 206.016375][T11638] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3151'. [ 206.064792][T11645] loop1: detected capacity change from 0 to 16 [ 206.170816][T11648] loop3: detected capacity change from 0 to 1024 [ 206.181713][T11645] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 206.301271][T11655] Cannot find add_set index 3 as target [ 206.374046][ T1506] hfsplus: b-tree write err: -5, ino 4 [ 206.482105][T11663] netlink: 3620 bytes leftover after parsing attributes in process `syz.1.3166'. [ 206.537798][ T1108] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 206.565725][T11663] netlink: 92 bytes leftover after parsing attributes in process `syz.1.3166'. [ 206.613231][T11663] netlink: 92 bytes leftover after parsing attributes in process `syz.1.3166'. [ 206.752211][T11674] loop4: detected capacity change from 0 to 24 [ 206.770630][T11674] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 206.790908][T11676] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3172'. [ 206.806761][T11676] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 206.826722][T11676] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 206.852381][T11674] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 206.886921][T11674] romfs: read error for inode 0x70040 [ 206.996290][ T1108] usb 6-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 207.005376][ T1108] usb 6-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 207.038552][ T1108] usb 6-1: Manufacturer: syz [ 207.064118][ T1108] usb 6-1: config 0 descriptor?? [ 207.179597][T11694] loop2: detected capacity change from 0 to 256 [ 207.236753][T11694] exfat: Deprecated parameter 'namecase' [ 207.242865][T11694] exfat: Deprecated parameter 'namecase' [ 207.284795][T11694] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x7808ae6a, utbl_chksum : 0xe619d30d) [ 207.306227][T11423] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 207.333460][T11694] exFAT-fs (loop2): hint_cluster is invalid (4278190089) [ 207.361799][T11694] exFAT-fs (loop2): error, failed to bmap (inode : ffff8880611d1b60 iblock : 8, err : -5) [ 207.387126][T11694] exFAT-fs (loop2): error, invalid access to FAT (entry 0xff000008) [ 207.405391][T11694] exFAT-fs (loop2): error, invalid access to FAT (entry 0xff000008) [ 207.449981][ T4952] attempt to access beyond end of device [ 207.449981][ T4952] loop2: rw=1, want=34225520826, limit=256 [ 207.470998][ T4952] Buffer I/O error on dev loop2, logical block 34225520825, lost async page write [ 207.490985][ T4952] attempt to access beyond end of device [ 207.490985][ T4952] loop2: rw=1, want=34225520827, limit=256 [ 207.502750][T11424] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 207.523069][ T4952] Buffer I/O error on dev loop2, logical block 34225520826, lost async page write [ 207.543428][ T4952] attempt to access beyond end of device [ 207.543428][ T4952] loop2: rw=1, want=34225520828, limit=256 [ 207.558979][ T1108] gs_usb 6-1:0.0: Couldn't get device config: (err=-71) [ 207.569670][ T4952] Buffer I/O error on dev loop2, logical block 34225520827, lost async page write [ 207.573382][ T1108] gs_usb: probe of 6-1:0.0 failed with error -71 [ 207.586131][T11423] usb 5-1: Using ep0 maxpacket: 16 [ 207.598412][ T1108] usb 6-1: USB disconnect, device number 15 [ 207.605036][ T4952] attempt to access beyond end of device [ 207.605036][ T4952] loop2: rw=1, want=34225520829, limit=256 [ 207.644498][ T4952] Buffer I/O error on dev loop2, logical block 34225520828, lost async page write [ 207.664187][ T4952] attempt to access beyond end of device [ 207.664187][ T4952] loop2: rw=1, want=34225520830, limit=256 [ 207.691782][ T4952] Buffer I/O error on dev loop2, logical block 34225520829, lost async page write [ 207.712060][ T4952] attempt to access beyond end of device [ 207.712060][ T4952] loop2: rw=1, want=34225520831, limit=256 [ 207.726440][T11423] usb 5-1: config 0 has an invalid interface number: 105 but max is 0 [ 207.734632][T11423] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 207.744038][ T4952] Buffer I/O error on dev loop2, logical block 34225520830, lost async page write [ 207.764431][T11423] usb 5-1: config 0 has no interface number 0 [ 207.764679][ T4952] attempt to access beyond end of device [ 207.764679][ T4952] loop2: rw=1, want=34225520832, limit=256 [ 207.805600][T11703] loop1: detected capacity change from 0 to 32768 [ 207.812296][ T4952] Buffer I/O error on dev loop2, logical block 34225520831, lost async page write [ 207.947016][T11423] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 207.966529][T11423] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.976584][T11423] usb 5-1: Product: syz [ 207.980764][T11423] usb 5-1: Manufacturer: syz [ 207.981091][T11705] trusted_key: encrypted_key: master key parameter '' is invalid [ 207.986360][T11423] usb 5-1: SerialNumber: syz [ 208.006020][T11423] usb 5-1: config 0 descriptor?? [ 208.106498][T11424] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 208.133556][T11424] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.157720][T11424] usb 4-1: Product: syz [ 208.161921][T11424] usb 4-1: Manufacturer: syz [ 208.185750][T11424] usb 4-1: SerialNumber: syz [ 208.212778][T11424] usb 4-1: config 0 descriptor?? [ 208.296439][T11423] usb 5-1: Found UVC 0.00 device syz (046d:08f3) [ 208.311201][T11423] usb 5-1: No valid video chain found. [ 208.324441][T11423] usb 5-1: USB disconnect, device number 11 [ 208.486878][T11424] usb-storage 4-1:0.0: USB Mass Storage device detected [ 208.616952][T11737] loop2: detected capacity change from 0 to 4096 [ 208.656116][ T13] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 208.693651][ T4239] usb 4-1: USB disconnect, device number 18 [ 208.767814][T11737] ntfs3: loop2: ino=5, "/" directory corrupted [ 208.816218][T11737] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 208.936472][ T13] usb 6-1: Using ep0 maxpacket: 32 [ 209.024198][T11757] sctp: [Deprecated]: syz.2.3209 (pid 11757) Use of struct sctp_assoc_value in delayed_ack socket option. [ 209.024198][T11757] Use struct sctp_sack_info instead [ 209.186449][ T13] usb 6-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.00 [ 209.199970][ T13] usb 6-1: New USB device strings: Mfr=0, Product=3, SerialNumber=0 [ 209.256656][ T13] usb 6-1: Product: syz [ 209.293345][ T13] usb 6-1: config 0 descriptor?? [ 209.464352][T11784] loop3: detected capacity change from 0 to 512 [ 209.561977][T11784] EXT4-fs (loop3): inline encryption not supported [ 209.571777][T11783] loop2: detected capacity change from 0 to 4096 [ 209.577192][ T13] input: syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input21 [ 209.589363][T11784] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 209.636964][T11783] __ntfs_error: 9 callbacks suppressed [ 209.636979][T11783] ntfs: (device loop2): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 209.657172][T11784] EXT4-fs (loop3): 1 truncate cleaned up [ 209.663224][T11783] ntfs: (device loop2): ntfs_read_locked_inode(): $DATA attribute is missing. [ 209.678430][T11782] loop1: detected capacity change from 0 to 4096 [ 209.708206][T11784] EXT4-fs (loop3): mounted filesystem without journal. Opts: minixdf,jqfmt=vfsv0,inlinecrypt,noblock_validity,usrjquota=,,errors=continue. Quota mode: none. [ 209.748294][T11783] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 209.805126][ T13] usb 6-1: USB disconnect, device number 16 [ 209.817038][T11783] ntfs: (device loop2): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 209.974290][T11783] ntfs: volume version 3.1. [ 210.028646][T11783] ntfs: (device loop2): load_and_init_quota(): Failed to find inode number for $Quota. [ 210.065724][T11783] ntfs: (device loop2): load_system_files(): Failed to load $Quota. Will not be able to remount read-write. Run chkdsk. [ 210.182678][T11797] loop3: detected capacity change from 0 to 4096 [ 210.216260][ T4239] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 210.334594][T11797] ntfs: volume version 3.1. [ 210.358857][T11797] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Corrupt directory. Aborting lookup. [ 210.421750][T11797] ntfs: (device loop3): load_and_init_quota(): Failed to find inode number for $Quota. [ 210.444765][T11797] ntfs: (device loop3): load_system_files(): Failed to load $Quota. Mounting read-only. Run chkdsk. [ 210.498904][T11811] netlink: 'syz.1.3235': attribute type 40 has an invalid length. [ 210.517844][T11797] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Corrupt directory. Aborting lookup. [ 210.643465][T11815] loop2: detected capacity change from 0 to 64 [ 210.698285][T11821] __nla_validate_parse: 20 callbacks suppressed [ 210.698301][T11821] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3240'. [ 210.778105][T11823] loop5: detected capacity change from 0 to 64 [ 210.836387][ T4239] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 210.889395][ T4239] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.916102][ T4239] usb 5-1: Product: syz [ 210.920301][ T4239] usb 5-1: Manufacturer: syz [ 210.937395][ T4239] usb 5-1: SerialNumber: syz [ 210.993003][ T4239] usb 5-1: config 0 descriptor?? [ 211.089246][T11840] netlink: 'syz.5.3260': attribute type 30 has an invalid length. [ 211.289480][ T4239] usb-storage 5-1:0.0: USB Mass Storage device detected [ 211.434577][T11857] loop1: detected capacity change from 0 to 2048 [ 211.478924][T11862] loop3: detected capacity change from 0 to 512 [ 211.503237][T11424] usb 5-1: USB disconnect, device number 12 [ 211.528243][T11857] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 211.557197][ T4239] Bluetooth: hci0: command 0x0406 tx timeout [ 211.711807][T11862] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrquota,nojournal_checksum,,errors=continue. Quota mode: writeback. [ 211.822254][T11843] loop2: detected capacity change from 0 to 32768 [ 211.822453][T11862] ext4 filesystem being mounted at /662/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 211.888571][T11875] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3264'. [ 211.935791][T11875] netlink: 31 bytes leftover after parsing attributes in process `syz.1.3264'. [ 211.965704][T11862] EXT4-fs error (device loop3): ext4_xattr_block_find:1867: inode #12: comm syz.3.3259: corrupted xattr block 6 [ 211.981686][T11875] netlink: 'syz.1.3264': attribute type 3 has an invalid length. [ 211.991512][T11875] netlink: 'syz.1.3264': attribute type 2 has an invalid length. [ 212.017226][T11875] netlink: 31 bytes leftover after parsing attributes in process `syz.1.3264'. [ 212.027993][T11843] XFS (loop2): Mounting V5 Filesystem [ 212.201549][T11843] XFS (loop2): Ending clean mount [ 212.247373][T11843] XFS (loop2): Metadata CRC error detected at xfs_inobt_read_verify+0x3a/0xd0, xfs_finobt block 0x20 [ 212.279989][T11843] XFS (loop2): Unmount and run xfs_repair [ 212.311237][T11843] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 212.337645][T11843] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 212.372464][T11843] 00000010: 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 40 ....... .......@ [ 212.410666][T11843] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a ...B..N....xv... [ 212.460632][T11843] 00000030: 00 00 00 00 8a d2 18 46 00 00 16 80 00 00 40 37 .......F......@7 [ 212.507513][T11843] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 212.533277][T11843] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 ................ [ 212.548666][T11918] SET target dimension over the limit! [ 212.562400][T11843] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 212.599218][T11843] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 212.632640][T11843] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x1d3/0x2c0" at daddr 0x20 len 8 error 74 [ 212.675632][T11843] XFS (loop2): Failed to initialize disk quotas. [ 212.825650][ T4184] XFS (loop2): Unmounting Filesystem [ 213.004870][T11958] loop1: detected capacity change from 0 to 256 [ 213.266145][ T4809] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 213.318912][T11976] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3311'. [ 213.380736][T11972] loop5: detected capacity change from 0 to 4096 [ 213.485036][T11986] loop1: detected capacity change from 0 to 512 [ 213.492887][T11972] ntfs: volume version 3.1. [ 213.548605][T11986] EXT4-fs (loop1): inline encryption not supported [ 213.593459][T11986] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 213.698705][T11986] EXT4-fs (loop1): 1 truncate cleaned up [ 213.704532][T11986] EXT4-fs (loop1): mounted filesystem without journal. Opts: minixdf,jqfmt=vfsv0,inlinecrypt,noblock_validity,usrjquota=,,errors=continue. Quota mode: none. [ 213.766931][T12000] loop2: detected capacity change from 0 to 8 [ 213.786634][ T4809] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 213.804483][T12000] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 213.834008][ T5452] udevd[5452]: incorrect cramfs checksum on /dev/loop2 [ 213.846527][ T4809] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.860490][ T4809] usb 5-1: Product: syz [ 213.864687][ T4809] usb 5-1: Manufacturer: syz [ 213.887122][T12000] cramfs: bad data blocksize 4294950552 [ 213.912321][ T4809] usb 5-1: SerialNumber: syz [ 213.951320][T12000] cramfs: bad data blocksize 4294950552 [ 213.977610][ T4809] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 214.062853][T12015] loop5: detected capacity change from 0 to 128 [ 214.155283][T12021] loop1: detected capacity change from 0 to 512 [ 214.231520][T12024] loop3: detected capacity change from 0 to 1024 [ 214.270629][T12024] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 214.297188][T12024] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 214.315382][T12021] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 214.362710][T12031] loop5: detected capacity change from 0 to 1024 [ 214.365238][T12021] ext4 filesystem being mounted at /721/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 214.392581][T12024] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 214.418660][T12024] System zones: 0-1, 3-36 [ 214.488823][T12024] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,debug,dioread_nolock,bsddf,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 214.594471][T12043] loop2: detected capacity change from 0 to 64 [ 214.600918][ T4809] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 214.712994][T12043] hfs: filesystem is marked locked, mounting read-only. [ 215.079944][ T4795] usb 5-1: USB disconnect, device number 13 [ 215.153688][T12079] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3360'. [ 215.198557][T12079] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3360'. [ 215.211148][T12079] netlink: 81 bytes leftover after parsing attributes in process `syz.2.3360'. [ 215.276757][T12081] loop1: detected capacity change from 0 to 4096 [ 215.313466][T12090] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3363'. [ 215.363523][T12087] loop5: detected capacity change from 0 to 4096 [ 215.389308][T12081] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 215.393877][T12097] Option ' Ë´ÄÔ-]' to dns_resolver key: bad/missing value [ 215.475306][T12087] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512) [ 215.629145][ T4809] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 215.638934][T12087] ntfs3: loop5: failed to convert "c46c" to maciceland [ 215.656274][ T4809] ath9k_htc: Failed to initialize the device [ 215.663158][ T4795] usb 5-1: ath9k_htc: USB layer deinitialized [ 215.751182][T12112] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 215.998058][T12131] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3383'. [ 216.046697][T12136] netlink: 'syz.2.3386': attribute type 1 has an invalid length. [ 216.186208][T11423] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 216.402915][T12159] 8021q: adding VLAN 0 to HW filter on device bond2 [ 216.475386][T12167] No such timeout policy "syz0" [ 216.576554][T11423] usb 4-1: config index 0 descriptor too short (expected 26, got 18) [ 216.642030][T12176] loop1: detected capacity change from 0 to 4096 [ 216.697146][T12176] ntfs3: Unknown parameter 'windows_names' [ 216.786366][T11423] usb 4-1: New USB device found, idVendor=0b48, idProduct=1006, bcdDevice=b7.de [ 216.808880][T11423] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.826393][T11423] usb 4-1: Product: syz [ 216.840262][T11423] usb 4-1: Manufacturer: syz [ 216.845225][T11423] usb 4-1: SerialNumber: syz [ 216.877250][T11423] usb 4-1: config 0 descriptor?? [ 216.948443][T11423] ttusb_dec_send_command: command bulk message failed: error -22 [ 216.968770][T11423] ttusb-dec: probe of 4-1:0.0 failed with error -22 [ 217.086182][ T4795] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 217.140605][T12218] loop5: detected capacity change from 0 to 8 [ 217.145099][T12220] rtc_cmos 00:00: Alarms can be up to one day in the future [ 217.169435][ T4239] usb 4-1: USB disconnect, device number 19 [ 217.261943][T12218] SQUASHFS error: zlib decompression failed, data probably corrupt [ 217.279787][T12218] SQUASHFS error: Failed to read block 0x9b: -5 [ 217.306754][T12218] SQUASHFS error: Unable to read metadata cache entry [99] [ 217.314009][T12218] SQUASHFS error: Unable to read inode 0x127 [ 217.326225][ T4795] usb 2-1: Using ep0 maxpacket: 8 [ 217.446587][ T4795] usb 2-1: config 0 has an invalid interface number: 110 but max is 0 [ 217.476153][ T4795] usb 2-1: config 0 has no interface number 0 [ 217.482307][ T4795] usb 2-1: too many endpoints for config 0 interface 110 altsetting 44: 105, using maximum allowed: 30 [ 217.504553][ T4795] usb 2-1: config 0 interface 110 altsetting 44 has 0 endpoint descriptors, different from the interface descriptor's value: 105 [ 217.524538][ T4795] usb 2-1: config 0 interface 110 has no altsetting 0 [ 217.535608][T12240] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3437'. [ 217.549491][T12242] 9pnet: p9_fd_create_unix (12242): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 217.578340][ C1] vkms_vblank_simulate: vblank timer overrun [ 217.614902][T12247] netlink: 'syz.2.3441': attribute type 6 has an invalid length. [ 217.657243][T12250] trusted_key: encrypted_key: master key parameter 'trusted:' is invalid [ 217.699072][ T4795] usb 2-1: New USB device found, idVendor=0545, idProduct=800c, bcdDevice= 3.0a [ 217.716267][ T4795] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.741831][ T4795] usb 2-1: Product: syz [ 217.756651][ T4795] usb 2-1: Manufacturer: syz [ 217.761341][ T4795] usb 2-1: SerialNumber: syz [ 217.796019][ T4795] usb 2-1: config 0 descriptor?? [ 217.840077][T12265] netlink: 180 bytes leftover after parsing attributes in process `syz.4.3449'. [ 217.874619][T12265] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3449'. [ 217.914297][T12268] loop5: detected capacity change from 0 to 512 [ 218.044776][T12268] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e01c, mo2=0002] [ 218.057681][T12280] loop4: detected capacity change from 0 to 128 [ 218.076602][T12268] System zones: 1-12 [ 218.092290][ T4795] usb 2-1: USB disconnect, device number 14 [ 218.097690][T12280] sysv_free_block: flc_count > flc_size [ 218.103786][T12280] sysv_free_block: flc_count > flc_size [ 218.110300][T12268] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.3451: invalid indirect mapped block 1819239214 (level 1) [ 218.136350][T12280] sysv_free_block: flc_count > flc_size [ 218.142138][T12280] sysv_free_block: flc_count > flc_size [ 218.148469][T12280] sysv_free_block: flc_count > flc_size [ 218.169797][T12268] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.3451: bg 0: block 361: padding at end of block bitmap is not set [ 218.183932][T12288] loop2: detected capacity change from 0 to 512 [ 218.192695][T12280] sysv_free_block: flc_count > flc_size [ 218.210279][T12280] sysv_free_block: flc_count > flc_size [ 218.216488][T12280] sysv_free_block: flc_count > flc_size [ 218.222223][T12280] sysv_free_block: flc_count > flc_size [ 218.230104][T12280] sysv_free_block: flc_count > flc_size [ 218.246247][T12268] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6178: Corrupt filesystem [ 218.260493][T12268] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #13: comm syz.5.3451: attempt to clear invalid blocks 33619980 len 1 [ 218.274776][T12280] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 218.283270][T12288] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 218.306490][T12288] ext4 filesystem being mounted at /729/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 218.329433][T12268] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.3451: invalid indirect mapped block 1819239214 (level 0) [ 218.348299][T12268] EXT4-fs (loop5): 1 truncate cleaned up [ 218.361724][T12268] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 218.420344][T12268] EXT4-fs error (device loop5): dx_probe:823: inode #2: comm syz.5.3451: Directory hole found for htree index block 0 [ 218.448606][T12268] EXT4-fs error (device loop5): dx_probe:823: inode #2: comm syz.5.3451: Directory hole found for htree index block 0 [ 218.464139][T12293] dlm: no locking on control device [ 218.638858][T12304] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3467'. [ 218.816358][ T4809] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 218.894637][T12310] loop5: detected capacity change from 0 to 4096 [ 218.935012][T12310] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512) [ 219.066224][ T4809] usb 4-1: Using ep0 maxpacket: 16 [ 219.184445][T12338] netlink: 'syz.2.3483': attribute type 21 has an invalid length. [ 219.196156][T11423] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 219.199709][T12338] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3483'. [ 219.356418][ T4809] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 219.356449][ T4809] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.356470][ T4809] usb 4-1: Product: syz [ 219.356513][ T4809] usb 4-1: Manufacturer: syz [ 219.356528][ T4809] usb 4-1: SerialNumber: syz [ 219.357942][ T4809] r8152-cfgselector 4-1: config 0 descriptor?? [ 219.626368][T11423] usb 2-1: config 1 interface 0 altsetting 7 bulk endpoint 0x82 has invalid maxpacket 1024 [ 219.645604][T11423] usb 2-1: config 1 interface 0 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 16 [ 219.680106][T11423] usb 2-1: config 1 interface 0 has no altsetting 0 [ 219.696559][T12371] device sit0 entered promiscuous mode [ 219.737562][T12371] netlink: 'syz.4.3499': attribute type 1 has an invalid length. [ 219.779039][T12371] netlink: 1 bytes leftover after parsing attributes in process `syz.4.3499'. [ 219.830464][T12379] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 219.836387][ T4809] r8152-cfgselector 4-1: Unknown version 0x0000 [ 219.856545][T11423] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 219.864692][ T4809] r8152-cfgselector 4-1: bad CDC descriptors [ 219.869981][T12381] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.3503'. [ 219.881710][T11423] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.902327][T11423] usb 2-1: Product: syz [ 219.906248][ T4809] r8152-cfgselector 4-1: Unknown version 0x0000 [ 219.910026][T11423] usb 2-1: Manufacturer: syz [ 219.923286][ T4809] r8152-cfgselector 4-1: USB disconnect, device number 20 [ 219.938905][T11423] usb 2-1: SerialNumber: syz [ 219.986375][T12320] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 219.993595][T12387] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3508'. [ 220.006742][T12320] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 220.019263][T12387] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3508'. [ 220.048405][ T150] block nbd5: Attempted send on invalid socket [ 220.054641][ T150] blk_update_request: I/O error, dev nbd5, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 220.080108][T12389] VFS: could not find a valid V7 on nbd5. [ 220.356462][T11423] cdc_ether: probe of 2-1:1.0 failed with error -71 [ 220.398015][T11423] usb 2-1: USB disconnect, device number 15 [ 220.464258][T12421] loop5: detected capacity change from 0 to 1024 [ 220.561459][T12425] tmpfs: Bad value for 'mpol' [ 220.575512][ T4952] hfsplus: b-tree write err: -5, ino 4 [ 220.665322][T12429] loop3: detected capacity change from 0 to 1024 [ 220.715988][T12429] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 220.792010][T12429] EXT4-fs (loop3): orphan cleanup on readonly fs [ 220.837239][T12429] EXT4-fs error (device loop3): __ext4_get_inode_loc:4327: comm syz.3.3528: Invalid inode table block 0 in block_group 0 [ 220.853562][T12429] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5850: Corrupt filesystem [ 220.883047][T12429] EXT4-fs error (device loop3): ext4_quota_write:6621: inode #3: comm syz.3.3528: mark_inode_dirty error [ 220.904173][T12429] __quota_error: 4 callbacks suppressed [ 220.904188][T12429] Quota error (device loop3): write_blk: dquota write failed [ 220.918654][T12429] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 220.929343][T12429] EXT4-fs error (device loop3): ext4_acquire_dquot:6209: comm syz.3.3528: Failed to acquire dquot type 0 [ 220.941878][T12429] EXT4-fs error (device loop3): __ext4_get_inode_loc:4327: comm syz.3.3528: Invalid inode table block 0 in block_group 0 [ 220.965179][T12429] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5850: Corrupt filesystem [ 220.991134][T12429] EXT4-fs error (device loop3): ext4_ext_truncate:4456: inode #15: comm syz.3.3528: mark_inode_dirty error [ 221.023110][T12429] EXT4-fs error (device loop3): __ext4_get_inode_loc:4327: comm syz.3.3528: Invalid inode table block 0 in block_group 0 [ 221.055326][T12429] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5850: Corrupt filesystem [ 221.076284][ T4809] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 221.084014][T12429] EXT4-fs error (device loop3) in ext4_orphan_del:301: Corrupt filesystem [ 221.086195][ T4795] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 221.104072][T12429] EXT4-fs error (device loop3): __ext4_get_inode_loc:4327: comm syz.3.3528: Invalid inode table block 0 in block_group 0 [ 221.146146][T12429] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5850: Corrupt filesystem [ 221.174060][T12429] EXT4-fs error (device loop3): ext4_truncate:4279: inode #15: comm syz.3.3528: mark_inode_dirty error [ 221.196142][T12429] EXT4-fs error (device loop3) in ext4_process_orphan:343: Corrupt filesystem [ 221.218703][T12429] EXT4-fs (loop3): 1 truncate cleaned up [ 221.224520][T12429] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 221.347156][ T4809] usb 3-1: Using ep0 maxpacket: 16 [ 221.352476][ T4795] usb 6-1: Using ep0 maxpacket: 8 [ 221.478422][ T4795] usb 6-1: config 2 has an invalid interface number: 241 but max is 0 [ 221.493600][ T4795] usb 6-1: config 2 has no interface number 0 [ 221.501705][T12462] xt_CT: No such helper "snmp_trap" [ 221.521821][ T4795] usb 6-1: config 2 interface 241 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 221.552320][ T4795] usb 6-1: config 2 interface 241 has no altsetting 0 [ 221.646396][ T4809] usb 3-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 221.665694][ T4809] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.681153][ T4809] usb 3-1: Product: syz [ 221.685435][ T4809] usb 3-1: Manufacturer: syz [ 221.690061][T12475] loop4: detected capacity change from 0 to 256 [ 221.700778][T12454] loop1: detected capacity change from 0 to 40427 [ 221.702735][ T4809] usb 3-1: SerialNumber: syz [ 221.721866][ T4809] usb 3-1: config 0 descriptor?? [ 221.736452][ T4795] usb 6-1: New USB device found, idVendor=110a, idProduct=1130, bcdDevice=b3.a3 [ 221.754857][T12454] F2FS-fs (loop1): Fix alignment : internally, start(4096) end(16896) block(12288) [ 221.762620][ T4795] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.765570][T12475] FAT-fs (loop4): Directory bread(block 64) failed [ 221.775372][ T4795] usb 6-1: Product: syz [ 221.788030][ T4795] usb 6-1: Manufacturer: syz [ 221.788538][T12454] F2FS-fs (loop1): invalid crc value [ 221.793389][ T4795] usb 6-1: SerialNumber: syz [ 221.801226][T12475] FAT-fs (loop4): Directory bread(block 65) failed [ 221.811092][T12475] FAT-fs (loop4): Directory bread(block 66) failed [ 221.817904][T12475] FAT-fs (loop4): Directory bread(block 67) failed [ 221.819865][T12454] F2FS-fs (loop1): Found nat_bits in checkpoint [ 221.824721][T12475] FAT-fs (loop4): Directory bread(block 68) failed [ 221.836237][T11423] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 221.841063][T12475] FAT-fs (loop4): Directory bread(block 69) failed [ 221.853251][ T4795] ti_usb_3410_5052 6-1:2.241: TI USB 3410 1 port adapter converter detected [ 221.863173][ T4795] ti_usb_3410_5052 6-1:2.241: missing endpoints [ 221.869845][T12475] FAT-fs (loop4): Directory bread(block 70) failed [ 221.878361][T12475] FAT-fs (loop4): Directory bread(block 71) failed [ 221.887982][T12475] FAT-fs (loop4): Directory bread(block 72) failed [ 221.896674][T12475] FAT-fs (loop4): Directory bread(block 73) failed [ 221.953508][T12454] F2FS-fs (loop1): recover fsync data on readonly fs [ 221.979526][T12475] attempt to access beyond end of device [ 221.979526][T12475] loop4: rw=524288, want=1164, limit=256 [ 221.980432][T12454] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1 [ 221.993226][ T4809] speedtch 3-1:0.0: speedtch_bind: data interface not found! [ 222.005954][T12475] attempt to access beyond end of device [ 222.005954][T12475] loop4: rw=0, want=1164, limit=256 [ 222.017894][ T4809] speedtch 3-1:0.0: usbatm_usb_probe: bind failed: -19! [ 222.025869][ T26] audit: type=1800 audit(1762450565.634:13): pid=12475 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3550" name="file0" dev="loop4" ino=1048638 res=0 errno=0 [ 222.036449][T12454] F2FS-fs (loop1): Cannot turn on quotas: -2 on 2 [ 222.066810][T12454] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 222.155203][ T4809] usb 6-1: USB disconnect, device number 17 [ 222.231833][ T4795] usb 3-1: USB disconnect, device number 19 [ 222.246463][T11423] usb 4-1: config index 0 descriptor too short (expected 29, got 18) [ 222.267054][T11423] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 222.275959][T11423] usb 4-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice= 0.7f [ 222.357652][T11423] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.393906][T11423] usb 4-1: config 0 descriptor?? [ 222.586343][ T1108] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 222.706381][T11423] usb 4-1: string descriptor 0 read error: -71 [ 222.712641][T11423] ldusb 4-1:0.0: Interrupt in endpoint not found [ 222.743696][T11423] usb 4-1: USB disconnect, device number 21 [ 222.946392][ T1108] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 222.964998][ T1108] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 223.086349][ T1108] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 223.108492][ T1108] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 223.146208][ T1108] usb 5-1: Manufacturer: syz [ 223.152603][ T1108] usb 5-1: config 0 descriptor?? [ 223.207874][ T1108] igorplugusb 5-1:0.0: endpoint incorrect [ 223.225434][T12486] loop1: detected capacity change from 0 to 32768 [ 223.248536][T12501] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3562'. [ 223.279262][T12501] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3562'. [ 223.309127][T12501] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3562'. [ 223.399146][T12488] loop5: detected capacity change from 0 to 32768 [ 223.421124][T11423] usb 5-1: USB disconnect, device number 14 [ 223.454647][T12486] XFS (loop1): Mounting V5 Filesystem [ 223.457247][T12512] net veth1_virt_wifi ÿÿÿÿÿÿ: renamed from virt_wifi0 [ 223.703133][T12486] XFS (loop1): Ending clean mount [ 223.797337][T12521] loop2: detected capacity change from 0 to 2048 [ 223.832983][ T4185] XFS (loop1): Unmounting Filesystem [ 223.869019][T12521] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 224.262956][T12534] loop5: detected capacity change from 0 to 4096 [ 224.388833][T12534] ntfs: (device loop5): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 224.405499][T12534] ntfs: (device loop5): ntfs_read_locked_inode(): $DATA attribute is missing. [ 224.444284][T12534] ntfs: (device loop5): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 224.491328][T12534] ntfs: (device loop5): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 224.513452][T12553] loop4: detected capacity change from 0 to 128 [ 224.522077][T12554] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3585'. [ 224.560363][T12534] ntfs: volume version 3.1. [ 224.607667][T12534] ntfs: (device loop5): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 224.647358][T12534] ntfs: (device loop5): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x40 as bad. Run chkdsk. [ 224.654103][T12553] EXT4-fs (loop4): mounted filesystem without journal. Opts: sysvgroups,inode_readahead_blks=0x0000000000004000,usrjquota=,acl,grpjquota=,,errors=continue. Quota mode: none. [ 224.780235][T12566] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3589'. [ 224.790936][T12553] ext4 filesystem being mounted at /764/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 225.024333][T12583] loop4: detected capacity change from 0 to 16 [ 225.041539][T12580] ALSA: mixer_oss: invalid OSS volume '' [ 225.081706][T12583] erofs: (device loop4): mounted with root inode @ nid 36. [ 225.094510][T12580] ALSA: mixer_oss: invalid OSS volume 'é›' [ 225.131777][T12583] erofs: (device loop4): z_erofs_readahead: readahead error at page 1 @ nid 89 [ 225.186703][T12583] erofs: (device loop4): z_erofs_readahead: readahead error at page 0 @ nid 89 [ 225.250721][T12595] overlayfs: missing 'lowerdir' [ 225.256780][ T26] audit: type=1800 audit(1762450568.874:14): pid=12583 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3594" name="file3" dev="loop4" ino=89 res=0 errno=0 [ 225.339230][T12598] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3603'. [ 225.663971][T12615] loop3: detected capacity change from 0 to 512 [ 225.703112][T12615] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 225.893166][T12621] loop4: detected capacity change from 0 to 2048 [ 225.967272][T12623] loop3: detected capacity change from 0 to 4096 [ 225.981841][T12621] UDF-fs: error (device loop4): udf_verify_fi: directory (ino 1376) has entry where CRC length (28) does not match entry length (24) [ 226.047135][T12623] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 226.131659][T12623] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 226.177809][T12623] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 226.291306][T12623] ntfs: volume version 3.1. [ 226.318171][T12592] loop1: detected capacity change from 0 to 32768 [ 226.340996][T12635] loop4: detected capacity change from 0 to 512 [ 226.416712][T12635] EXT4-fs (loop4): orphan cleanup on readonly fs [ 226.435064][T12635] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.3622: bg 0: block 248: padding at end of block bitmap is not set [ 226.511821][T12641] ipt_CLUSTERIP: Please specify destination IP [ 226.621523][T12635] Quota error (device loop4): write_blk: dquota write failed [ 226.649825][T12635] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 226.700134][T12635] EXT4-fs error (device loop4): ext4_acquire_dquot:6209: comm syz.4.3622: Failed to acquire dquot type 1 [ 226.775669][T12635] EXT4-fs (loop4): 1 truncate cleaned up [ 226.830281][T12635] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 226.971784][T12651] loop5: detected capacity change from 0 to 4096 [ 227.035686][T12651] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512) [ 227.073560][T12660] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3634'. [ 227.115795][T12651] ntfs3: loop5: failed to convert "c46c" to cp1250 [ 227.142897][T12627] loop2: detected capacity change from 0 to 32768 [ 227.162369][T12662] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3635'. [ 227.162398][T12662] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3635'. [ 227.162415][T12662] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3635'. [ 227.495919][T12627] XFS (loop2): Mounting V5 Filesystem [ 227.598197][T12686] loop1: detected capacity change from 0 to 512 [ 227.641851][T12686] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 227.662070][T12692] loop5: detected capacity change from 0 to 256 [ 227.705237][T12627] XFS (loop2): Ending clean mount [ 227.723012][T12692] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 227.756375][T12692] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 227.768733][T12627] XFS (loop2): Quotacheck needed: Please wait. [ 227.827276][T12692] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 227.912189][T12627] XFS (loop2): Quotacheck: Done. [ 227.972561][T12627] XFS (loop2): Unmounting Filesystem [ 228.066228][T12703] loop1: detected capacity change from 0 to 128 [ 228.395034][T12722] loop4: detected capacity change from 0 to 2048 [ 228.531881][T12722] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 228.575538][T12735] loop3: detected capacity change from 0 to 256 [ 228.584130][ T9008] udevd[9008]: incorrect nilfs2 checksum on /dev/loop4 [ 228.598695][T12737] __nla_validate_parse: 2 callbacks suppressed [ 228.598713][T12737] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3668'. [ 228.631349][T12738] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 228.661567][T12722] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 3044605952 [ 228.683138][T12737] netlink: 'syz.5.3668': attribute type 1 has an invalid length. [ 228.686393][T12722] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=15) [ 228.721504][T12722] Remounting filesystem read-only [ 228.726834][T12722] NILFS (loop4): error -5 truncating bmap (ino=15) [ 228.753883][T12735] exFAT-fs (loop3): bogus data start sector [ 228.778793][T12735] exFAT-fs (loop3): failed to read boot sector [ 228.830023][T12735] exFAT-fs (loop3): failed to recognize exfat type [ 229.243033][T12762] loop4: detected capacity change from 0 to 1024 [ 229.539707][T12779] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3688'. [ 229.549033][ T4239] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 229.636793][T12744] loop1: detected capacity change from 0 to 32768 [ 229.675848][T12744] jfs_strtoUCS: char2uni returned -22. [ 229.697723][T12744] charset = cp949, char = 0xd4 [ 229.734992][T12788] loop2: detected capacity change from 0 to 512 [ 229.837724][ T4239] usb 6-1: Using ep0 maxpacket: 8 [ 229.864726][T12796] loop3: detected capacity change from 0 to 512 [ 229.873627][T12788] EXT4-fs (loop2): Ignoring removed bh option [ 229.889671][T12798] loop1: detected capacity change from 0 to 64 [ 229.900944][T12788] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 229.920171][T12788] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 229.941737][T12796] EXT4-fs (loop3): Test dummy encryption mode enabled [ 229.953065][T12796] EXT4-fs (loop3): Test dummy encryption mode enabled [ 229.965757][T12788] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 229.983856][T12788] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 229.994585][ T4239] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 230.044240][T12796] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption,init_itable=0x0000000000000000,minixdf,jqfmt=vfsv1,prjquota,inode_readahead_blks=0x0000000000000100,barrier=0x000000000000000b,errors=remount-ro,auto_da_alloc,test_dummy_encryption,min_batch_time=0x0000. Quota mode: writeback. [ 230.073347][ C0] vkms_vblank_simulate: vblank timer overrun [ 230.083802][T12798] attempt to access beyond end of device [ 230.083802][T12798] loop1: rw=0, want=3074, limit=64 [ 230.100630][ T4239] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 230.126286][T12788] EXT4-fs (loop2): mounted filesystem without journal. Opts: discard,bh,noblock_validity,,errors=continue. Quota mode: none. [ 230.142431][ T4239] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 230.175053][ T4239] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 49 [ 230.196768][ T4239] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 230.226175][ T4239] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.273049][ T4239] usb 6-1: config 0 descriptor?? [ 230.316697][T12767] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 230.331441][T12796] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 230.378733][T12796] EXT4-fs error (device loop3): ext4_add_entry:2486: inode #2: comm syz.3.3697: Directory hole found for htree leaf block 0 [ 230.503647][T12796] EXT4-fs (loop3): Remounting filesystem read-only [ 230.749065][T12823] loop4: detected capacity change from 0 to 2048 [ 230.830407][ T13] usb 6-1: USB disconnect, device number 18 [ 230.858813][T12823] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 231.045537][T12837] loop1: detected capacity change from 0 to 1764 [ 231.124172][T12839] loop4: detected capacity change from 0 to 4096 [ 231.177227][T12837] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 231.201400][T12841] loop2: detected capacity change from 0 to 4096 [ 231.310993][T12844] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 231.345190][T12839] NILFS error (device loop4): nilfs_dotdot: directory #12 missing '.' [ 231.362899][T12839] Remounting filesystem read-only [ 231.369100][T12841] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 2) do not match. Run ntfsfix or chkdsk. [ 231.426366][T12841] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 231.542855][ T26] audit: type=1326 audit(1762450575.154:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12853 comm="syz.1.3720" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbb432e26c9 code=0x0 [ 231.574180][T12841] ntfs: (device loop2): ntfs_read_locked_inode(): $DATA attribute is missing. [ 231.675092][T12841] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 231.756456][T12866] netlink: 132 bytes leftover after parsing attributes in process `syz.5.3727'. [ 231.763102][T12841] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 231.880912][T12841] ntfs: volume version 3.1. [ 231.885490][T12841] ntfs: (device loop2): ntfs_read_locked_inode(): Inode is not in use! [ 232.034764][T12841] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x2 as bad. Run chkdsk. [ 232.149449][T12841] ntfs: (device loop2): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 232.190334][T12892] device wlan0 entered promiscuous mode [ 232.216583][T12892] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 232.316221][T12841] ntfs: (device loop2): ntfs_read_locked_inode(): $INDEX_ROOT attribute is missing. [ 232.795883][T12924] ipt_CLUSTERIP: Please specify destination IP [ 232.836269][ T4795] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 233.056204][ T21] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 233.106489][ T4795] usb 4-1: Using ep0 maxpacket: 8 [ 233.162796][T12931] loop1: detected capacity change from 0 to 8192 [ 233.211156][T12931] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 233.230827][ T4795] usb 4-1: config 11 has an invalid interface number: 95 but max is 0 [ 233.258647][ T4795] usb 4-1: config 11 has no interface number 0 [ 233.291020][T12931] REISERFS (device loop1): using ordered data mode [ 233.300069][ T4795] usb 4-1: config 11 interface 95 altsetting 64 endpoint 0x82 has an invalid bInterval 147, changing to 7 [ 233.338409][T12931] reiserfs: using flush barriers [ 233.365066][ T4795] usb 4-1: config 11 interface 95 altsetting 64 endpoint 0x82 has invalid maxpacket 1293, setting to 1024 [ 233.386277][T12931] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 233.422663][T12912] loop4: detected capacity change from 0 to 40427 [ 233.429479][ T4795] usb 4-1: config 11 interface 95 has no altsetting 0 [ 233.440000][ T21] usb 3-1: config index 0 descriptor too short (expected 29, got 18) [ 233.456465][ T21] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 233.465114][T12912] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x1ffff [ 233.465891][T12931] REISERFS (device loop1): checking transaction log (loop1) [ 233.486143][ T21] usb 3-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice= 0.7f [ 233.505623][ T21] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.526343][T12912] F2FS-fs (loop4): invalid crc value [ 233.529085][ T21] usb 3-1: config 0 descriptor?? [ 233.551089][T12912] F2FS-fs (loop4): Found nat_bits in checkpoint [ 233.603914][T12927] loop5: detected capacity change from 0 to 32768 [ 233.636355][ T4795] usb 4-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d [ 233.650869][T12912] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 233.674421][ T4795] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.709871][ T4795] usb 4-1: Product: syz [ 233.729277][ T4795] usb 4-1: Manufacturer: syz [ 233.733930][ T4795] usb 4-1: SerialNumber: syz [ 233.767107][T12931] REISERFS (device loop1): Using tea hash to sort names [ 233.804900][T12931] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 233.825205][T12931] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 233.856302][ T21] usb 3-1: string descriptor 0 read error: -71 [ 233.862520][ T21] ldusb 3-1:0.0: Interrupt in endpoint not found [ 233.939537][ T21] usb 3-1: USB disconnect, device number 20 [ 234.098394][ T4795] usbtouchscreen: probe of 4-1:11.95 failed with error -22 [ 234.125254][ T4795] usb 4-1: USB disconnect, device number 22 [ 234.245032][T12945] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3760'. [ 234.844474][T12987] loop5: detected capacity change from 0 to 256 [ 234.912715][T12997] tmpfs: Bad value for 'mpol' [ 234.941200][T12998] loop3: detected capacity change from 0 to 512 [ 234.950754][T12987] FAT-fs (loop5): Directory bread(block 64) failed [ 235.009523][T12987] FAT-fs (loop5): Directory bread(block 65) failed [ 235.036203][T12987] FAT-fs (loop5): Directory bread(block 66) failed [ 235.106806][T12998] EXT4-fs error (device loop3): ext4_orphan_get:1427: comm syz.3.3789: bad orphan inode 13 [ 235.140260][T12987] FAT-fs (loop5): Directory bread(block 67) failed [ 235.192641][T12998] ext4_test_bit(bit=12, block=4) = 1 [ 235.203427][T12987] FAT-fs (loop5): Directory bread(block 68) failed [ 235.219349][T13013] xt_socket: unknown flags 0x50 [ 235.224845][T12987] FAT-fs (loop5): Directory bread(block 69) failed [ 235.233724][T12987] FAT-fs (loop5): Directory bread(block 70) failed [ 235.254081][T12998] is_bad_inode(inode)=0 [ 235.279745][T12998] NEXT_ORPHAN(inode)=0 [ 235.283895][T12998] max_ino=32 [ 235.302898][T12987] FAT-fs (loop5): Directory bread(block 71) failed [ 235.318058][T12998] i_nlink=1 [ 235.327870][T12998] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 235.333310][T12987] FAT-fs (loop5): Directory bread(block 72) failed [ 235.426434][T12987] FAT-fs (loop5): Directory bread(block 73) failed [ 235.481078][T12998] EXT4-fs warning (device loop3): dx_probe:833: inode #2: comm syz.3.3789: Unrecognised inode hash code 20 [ 235.541645][T13023] x_tables: duplicate entry at hook 2 [ 235.558443][T12998] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.3789: Corrupt directory, running e2fsck is recommended [ 235.626504][T12998] EXT4-fs warning (device loop3): dx_probe:833: inode #2: comm syz.3.3789: Unrecognised inode hash code 20 [ 235.639858][T13027] device sit0 entered promiscuous mode [ 235.654214][T12998] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.3789: Corrupt directory, running e2fsck is recommended [ 235.718178][T13027] netlink: 'syz.2.3802': attribute type 1 has an invalid length. [ 235.725939][T13027] netlink: 1 bytes leftover after parsing attributes in process `syz.2.3802'. [ 235.815317][T13035] loop1: detected capacity change from 0 to 1024 [ 235.935904][T13045] netlink: 'syz.3.3806': attribute type 1 has an invalid length. [ 236.141057][T13061] loop2: detected capacity change from 0 to 512 [ 236.159177][T13060] tipc: Trying to set illegal importance in message [ 236.203140][T13061] EXT4-fs (loop2): Ignoring removed bh option [ 236.239496][T13061] EXT4-fs (loop2): Mount option "nouser_xattr" will be removed by 3.5 [ 236.239496][T13061] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 236.239496][T13061] [ 236.320293][T13061] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 236.352951][T13076] netlink: 56 bytes leftover after parsing attributes in process `syz.5.3827'. [ 236.396463][T13061] EXT4-fs (loop2): 1 truncate cleaned up [ 236.451782][T13061] EXT4-fs (loop2): mounted filesystem without journal. Opts: bh,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006c,nouser_xattr,nodelalloc,quota,,errors=continue. Quota mode: writeback. [ 236.473370][T13084] netlink: 272 bytes leftover after parsing attributes in process `syz.3.3831'. [ 236.796307][ T1108] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 237.012540][T13121] loop2: detected capacity change from 0 to 512 [ 237.046325][ T1108] usb 5-1: Using ep0 maxpacket: 16 [ 237.107845][T13121] EXT4-fs (loop2): Test dummy encryption mode enabled [ 237.153493][T13121] EXT4-fs (loop2): Test dummy encryption mode enabled [ 237.220737][T13121] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption,init_itable=0x0000000000000000,minixdf,jqfmt=vfsv1,prjquota,inode_readahead_blks=0x0000000000000100,barrier=0x000000000000000b,errors=remount-ro,auto_da_alloc,test_dummy_encryption,min_batch_time=0x0000. Quota mode: writeback. [ 237.327104][ T1108] usb 5-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 237.346123][ T1108] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.360802][ T1108] usb 5-1: Product: syz [ 237.365204][ T1108] usb 5-1: Manufacturer: syz [ 237.378592][ T1108] usb 5-1: SerialNumber: syz [ 237.385129][ T1108] usb 5-1: config 0 descriptor?? [ 237.427633][ T1108] visor 5-1:0.0: Sony Clie 3.5 converter detected [ 237.433835][T13121] EXT4-fs error (device loop2): ext4_add_entry:2486: inode #2: comm syz.2.3848: Directory hole found for htree leaf block 0 [ 237.485969][T13121] EXT4-fs (loop2): Remounting filesystem read-only [ 237.636330][ T1108] usb 5-1: clie_3_5_startup: get config number bad return length: 0 [ 237.669261][ T1108] visor: probe of 5-1:0.0 failed with error -5 [ 237.849135][ T1108] usb 5-1: USB disconnect, device number 15 [ 237.885112][ T4239] Bluetooth: hci0: command 0x0405 tx timeout [ 238.048896][T13150] loop2: detected capacity change from 0 to 1764 [ 238.337655][T13168] netlink: 'syz.1.3871': attribute type 11 has an invalid length. [ 238.345924][T13168] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3871'. [ 238.451885][T13171] ALSA: mixer_oss: invalid OSS volume 'u' [ 238.533140][T13178] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3876'. [ 238.569600][T13180] loop4: detected capacity change from 0 to 256 [ 238.579629][T13178] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3876'. [ 238.952323][T13205] xt_hashlimit: overflow, try lower: 18446744073709551615/255 [ 239.532106][T13245] loop4: detected capacity change from 0 to 1764 [ 239.545498][T13248] JFS: discard option not supported on device [ 239.577725][T13248] Mount JFS Failure: -22 [ 239.582008][T13248] jfs_mount failed w/return code = -22 [ 239.807121][T13254] loop3: detected capacity change from 0 to 4096 [ 239.936206][T13254] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 240.065821][T13229] loop2: detected capacity change from 0 to 32768 [ 240.138084][ T1108] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 240.146306][T13229] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop2 scanned by syz.2.3899 (13229) [ 240.231328][T13229] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 240.292223][T13229] BTRFS info (device loop2): using free space tree [ 240.322748][T13229] BTRFS info (device loop2): has skinny extents [ 240.374870][T13283] loop5: detected capacity change from 0 to 4096 [ 240.419233][T13300] loop3: detected capacity change from 0 to 256 [ 240.476565][T13300] FAT-fs (loop3): Directory bread(block 64) failed [ 240.483162][T13300] FAT-fs (loop3): Directory bread(block 65) failed [ 240.496253][ T1108] usb 2-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d [ 240.510672][T13283] __ntfs_error: 1 callbacks suppressed [ 240.510690][T13283] ntfs: (device loop5): parse_options(): NLS character set maccentHuro not found. Using previous one cp857. [ 240.519186][T13300] FAT-fs (loop3): Directory bread(block 66) failed [ 240.534774][T13300] FAT-fs (loop3): Directory bread(block 67) failed [ 240.542137][T13300] FAT-fs (loop3): Directory bread(block 68) failed [ 240.550390][T13300] FAT-fs (loop3): Directory bread(block 69) failed [ 240.557579][T13300] FAT-fs (loop3): Directory bread(block 70) failed [ 240.564423][T13300] FAT-fs (loop3): Directory bread(block 71) failed [ 240.572200][T13300] FAT-fs (loop3): Directory bread(block 72) failed [ 240.579561][T13300] FAT-fs (loop3): Directory bread(block 73) failed [ 240.580453][ T1108] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.587712][T13283] ntfs: (device loop5): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 240.608110][ T1108] usb 2-1: config 0 descriptor?? [ 240.707172][T13229] BTRFS info (device loop2): enabling ssd optimizations [ 240.728582][T13283] ntfs: volume version 3.1. [ 240.801195][T13283] ntfs: (device loop5): ntfs_index_lookup(): Corrupt index. Aborting lookup. [ 240.906965][T13283] ntfs: (device loop5): ntfs_mark_quotas_out_of_date(): Lookup of quota defaults entry failed. [ 240.926152][T13283] ntfs: (device loop5): load_system_files(): Failed to mark quotas out of date. Mounting read-only. Run chkdsk. [ 240.945444][T13320] netlink: 256 bytes leftover after parsing attributes in process `syz.3.3932'. [ 240.968686][T13283] ntfs: (device loop5): ntfs_lookup_inode_by_name(): Corrupt directory. Aborting lookup. [ 240.979836][T13320] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 240.989380][T13283] ntfs: (device loop5): load_and_init_usnjrnl(): Failed to find inode number for $UsnJrnl. [ 241.013285][ T4296] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 9 /dev/loop2 scanned by udevd (4296) [ 241.020181][T13283] ntfs: (device loop5): load_system_files(): Failed to load $UsnJrnl. Will not be able to remount read-write. Run chkdsk. [ 241.089514][ T1108] hackrf 2-1:0.0: usb_control_msg() failed -71 request 0f [ 241.106175][ T1108] hackrf 2-1:0.0: Could not detect board [ 241.113957][ T1108] hackrf: probe of 2-1:0.0 failed with error -71 [ 241.151532][ T1108] usb 2-1: USB disconnect, device number 16 [ 241.163004][T13325] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 241.186995][T13325] overlayfs: missing 'lowerdir' [ 241.197910][ T5729] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 241.455038][ T5729] usb 5-1: Using ep0 maxpacket: 32 [ 241.521292][T13333] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3935'. [ 241.556084][T13327] loop2: detected capacity change from 0 to 4096 [ 241.576687][ T5729] usb 5-1: config 0 has an invalid interface number: 85 but max is 0 [ 241.576797][T13327] EXT4-fs (loop2): Test dummy encryption mode enabled [ 241.595183][ T5729] usb 5-1: config 0 has no interface number 0 [ 241.630242][ T5729] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 241.673465][T13327] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 241.684767][ T5729] usb 5-1: config 0 interface 85 has no altsetting 0 [ 241.697439][T13327] System zones: 0-5 [ 241.739570][T13327] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,delalloc,resuid=0x0000000000000000,test_dummy_encryption,nodiscard,data_err=ignore,acl,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 241.756343][T13348] device geneve3 entered promiscuous mode [ 241.822418][T13345] loop3: detected capacity change from 0 to 4096 [ 241.866886][ T5729] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 241.882054][T13345] ntfs3: loop3: Different NTFS' sector size (2048) and media sector size (512) [ 241.891848][ T5729] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.911968][ T5729] usb 5-1: Product: syz [ 241.919403][ T5729] usb 5-1: Manufacturer: syz [ 241.933238][ T5729] usb 5-1: SerialNumber: syz [ 241.970116][ T5729] usb 5-1: config 0 descriptor?? [ 241.997967][T13345] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 242.162022][ T4958] ntfs3: loop3: ntfs3_write_inode r=5 failed, -22. [ 242.207312][ T4183] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22. [ 242.225078][T13367] loop2: detected capacity change from 0 to 128 [ 242.258769][T13363] loop1: detected capacity change from 0 to 512 [ 242.301218][ T26] audit: type=1400 audit(1762450585.914:16): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=13372 comm="syz.5.3956" [ 242.333801][T13367] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 242.380152][T13363] EXT4-fs (loop1): orphan cleanup on readonly fs [ 242.397255][T13367] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 242.438375][T13363] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.3951: inode has both inline data and extents flags [ 242.456225][ T5729] appletouch 5-1:0.85: Failed to request geyser raw mode [ 242.463375][ T5729] appletouch: probe of 5-1:0.85 failed with error -5 [ 242.499445][T13363] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.3951: couldn't read orphan inode 15 (err -117) [ 242.522042][ T5729] usb 5-1: USB disconnect, device number 16 [ 242.540381][T13363] EXT4-fs (loop1): mounted filesystem without journal. Opts: data_err=abort,delalloc,,errors=continue. Quota mode: none. [ 242.881038][T13400] loop2: detected capacity change from 0 to 512 [ 242.936469][T13400] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 242.943640][T13400] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 242.982331][T13400] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 243.013945][T13400] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 243.041556][T13414] loop5: detected capacity change from 0 to 16 [ 243.073175][T13400] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3871: comm syz.2.3970: Allocating blocks 41-42 which overlap fs metadata [ 243.088285][T13400] Quota error (device loop2): write_blk: dquota write failed [ 243.099434][T13400] EXT4-fs error (device loop2): ext4_acquire_dquot:6209: comm syz.2.3970: Failed to acquire dquot type 1 [ 243.116902][T13414] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 243.164660][T13400] EXT4-fs error (device loop2): mb_free_blocks:1860: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 243.226692][T13400] EXT4-fs error (device loop2): ext4_do_update_inode:5218: inode #12: comm syz.2.3970: corrupted inode contents [ 243.241780][T13400] EXT4-fs error (device loop2): ext4_dirty_inode:6054: inode #12: comm syz.2.3970: mark_inode_dirty error [ 243.253079][T13435] netlink: 'syz.1.3985': attribute type 6 has an invalid length. [ 243.310047][T13400] EXT4-fs error (device loop2): ext4_do_update_inode:5218: inode #12: comm syz.2.3970: corrupted inode contents [ 243.355883][T13400] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #12: comm syz.2.3970: mark_inode_dirty error [ 243.383239][T13400] EXT4-fs error (device loop2): ext4_do_update_inode:5218: inode #12: comm syz.2.3970: corrupted inode contents [ 243.429672][T13400] EXT4-fs error (device loop2) in ext4_orphan_del:301: Corrupt filesystem [ 243.431696][T13447] netlink: 184 bytes leftover after parsing attributes in process `syz.1.3991'. [ 243.442881][T13400] EXT4-fs error (device loop2): ext4_do_update_inode:5218: inode #12: comm syz.2.3970: corrupted inode contents [ 243.475165][T13400] EXT4-fs error (device loop2): ext4_truncate:4279: inode #12: comm syz.2.3970: mark_inode_dirty error [ 243.516379][T13400] EXT4-fs error (device loop2) in ext4_process_orphan:343: Corrupt filesystem [ 243.543913][T13400] EXT4-fs (loop2): 1 truncate cleaned up [ 243.560088][T13400] EXT4-fs (loop2): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000002000000,noblock_validity,mblk_io_submit,jqfmt=vfsold,nodelalloc,nomblk_io_submit,usrjquota=,minixdf,resgid=0x00000000000000002,errors=continue. Quota mode: writeback. [ 243.636312][ T4239] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 243.773733][T13462] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3998'. [ 243.784606][T13462] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3998'. [ 243.809540][T13462] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3998'. [ 243.886170][ T4239] usb 4-1: Using ep0 maxpacket: 32 [ 243.918908][T13470] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 244.066206][ T4239] usb 4-1: unable to get BOS descriptor or descriptor too short [ 244.140957][T13490] netlink: 'syz.4.4012': attribute type 10 has an invalid length. [ 244.166702][ T4239] usb 4-1: config 3 has an invalid interface number: 224 but max is 0 [ 244.174932][ T4239] usb 4-1: config 3 has no interface number 0 [ 244.186105][T13490] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4012'. [ 244.213924][ T4239] usb 4-1: config 3 interface 224 altsetting 9 endpoint 0x7 has invalid maxpacket 1024, setting to 64 [ 244.225270][T13490] device team0 entered promiscuous mode [ 244.238363][T13490] device team_slave_0 entered promiscuous mode [ 244.251700][ T4239] usb 4-1: config 3 interface 224 has no altsetting 0 [ 244.255187][T13490] device team_slave_1 entered promiscuous mode [ 244.271331][T13490] bridge0: port 3(team0) entered blocking state [ 244.279676][T13490] bridge0: port 3(team0) entered disabled state [ 244.290571][T13490] bridge0: port 3(team0) entered blocking state [ 244.296933][T13490] bridge0: port 3(team0) entered forwarding state [ 244.426334][ T5729] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 244.456493][ T4239] usb 4-1: New USB device found, idVendor=1199, idProduct=9055, bcdDevice=35.1f [ 244.466582][ T4239] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.483386][ T4239] usb 4-1: Product: syz [ 244.503166][ T4239] usb 4-1: Manufacturer: syz [ 244.508675][ T4239] usb 4-1: SerialNumber: syz [ 244.629537][T13523] loop4: detected capacity change from 0 to 8 [ 244.672888][ T5452] udevd[5452]: incorrect cramfs checksum on /dev/loop4 [ 244.700137][T13523] cramfs: bad data blocksize 3222268820 [ 244.720777][ T5452] udevd[5452]: incorrect cramfs checksum on /dev/loop4 [ 244.732698][T13523] cramfs: Error -3 while decompressing! [ 244.740340][T13523] cramfs: ffffffff961ed0dc(16)->ffff88805c283000(4096) [ 244.748743][T13523] cramfs: bad data blocksize 3222268820 [ 244.842075][T13536] netlink: 830 bytes leftover after parsing attributes in process `syz.1.4034'. [ 244.878413][ T4239] rndis_host 4-1:3.224: invalid descriptor buffer length [ 244.893319][ T4239] usb 4-1: bad CDC descriptors [ 244.946868][ T4239] usb 4-1: USB disconnect, device number 23 [ 244.956461][ T5729] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 244.979243][ T5729] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.991608][T13545] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4038'. [ 245.009269][ T5729] usb 6-1: Product: syz [ 245.023779][ T5729] usb 6-1: Manufacturer: syz [ 245.040252][ T5729] usb 6-1: SerialNumber: syz [ 245.110132][ T5729] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 245.225550][T13560] loop4: detected capacity change from 0 to 1024 [ 245.339587][ T4952] hfsplus: b-tree write err: -5, ino 4 [ 245.478778][T13579] QAT: failed to copy from user cfg_data. [ 245.510628][T13572] loop2: detected capacity change from 0 to 2048 [ 245.651115][T13572] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 245.686318][ T5729] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 245.908240][T13600] device geneve2 entered promiscuous mode [ 246.109593][ T4795] usb 6-1: USB disconnect, device number 19 [ 246.328038][T13601] loop4: detected capacity change from 0 to 32768 [ 246.452586][T13601] (syz.4.4066,13601,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 246.500185][T13601] (syz.4.4066,13601,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 246.564604][T13601] JBD2: Ignoring recovery information on journal [ 246.599790][T13625] loop2: detected capacity change from 0 to 4096 [ 246.663151][T13630] xt_NFQUEUE: number of total queues is 0 [ 246.672136][T13633] loop1: detected capacity change from 0 to 64 [ 246.691382][T13601] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 246.717277][T13634] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 246.746247][ T5729] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 246.762168][T13636] device bond3 entered promiscuous mode [ 246.768154][ T5729] ath9k_htc: Failed to initialize the device [ 246.771586][T13601] [ 246.774483][ T4795] usb 6-1: ath9k_htc: USB layer deinitialized [ 246.776461][T13601] ====================================================== [ 246.776469][T13601] WARNING: possible circular locking dependency detected [ 246.776483][T13601] syzkaller #0 Not tainted [ 246.776492][T13601] ------------------------------------------------------ [ 246.776497][T13601] syz.4.4066/13601 is trying to acquire lock: [ 246.776506][T13601] ffff8880746f4da0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_lock_global_qf+0x1e5/0x270 [ 246.776554][T13601] [ 246.776554][T13601] but task is already holding lock: [ 246.776559][T13601] ffff8880746f5108 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#8){+.+.}-{3:3}, at: ocfs2_lock_global_qf+0x1c7/0x270 [ 246.776601][T13601] [ 246.776601][T13601] which lock already depends on the new lock. [ 246.776601][T13601] [ 246.776606][T13601] [ 246.776606][T13601] the existing dependency chain (in reverse order) is: [ 246.776613][T13601] [ 246.776613][T13601] -> #6 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#8){+.+.}-{3:3}: [ 246.776642][T13601] down_write+0x38/0x60 [ 246.776661][T13601] ocfs2_lock_global_qf+0x1c7/0x270 [ 246.776676][T13601] ocfs2_acquire_dquot+0x29d/0xaf0 [ 246.776689][T13601] dqget+0x778/0xeb0 [ 246.776706][T13601] dquot_set_dqblk+0x27/0xf90 [ 246.776725][T13601] quota_setquota+0x4ac/0x530 [ 246.776743][T13601] __se_sys_quotactl+0x295/0x6c0 [ 246.776762][T13601] do_syscall_64+0x4c/0xa0 [ 246.776777][T13601] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 246.776795][T13601] [ 246.776795][T13601] -> #5 (&dquot->dq_lock){+.+.}-{3:3}: [ 246.776818][T13601] __mutex_lock_common+0x1eb/0x2390 [ 246.776837][T13601] mutex_lock_nested+0x17/0x20 [ 246.776855][T13601] dquot_commit+0x5a/0x410 [ 246.776871][T13601] ext4_write_dquot+0x1f0/0x360 [ 246.776888][T13601] mark_all_dquot_dirty+0xf9/0x400 [ 246.776905][T13601] __dquot_free_space+0x7ca/0xb90 [ 246.776923][T13601] ext4_free_blocks+0x1af5/0x2480 [ 246.776941][T13601] ext4_ext_remove_space+0x1eaa/0x43a0 [ 246.776958][T13601] ext4_ext_truncate+0x192/0x240 [ 246.776975][T13601] ext4_truncate+0x9f1/0x10d0 [ 246.776991][T13601] ext4_evict_inode+0xb43/0x1080 [ 246.777006][T13601] evict+0x485/0x870 [ 246.777023][T13601] ext4_orphan_cleanup+0xaa9/0x12e0 [ 246.777039][T13601] ext4_fill_super+0x92f0/0x9a60 [ 246.777054][T13601] mount_bdev+0x287/0x3c0 [ 247.010698][T13601] legacy_get_tree+0xe6/0x180 [ 247.015905][T13601] vfs_get_tree+0x88/0x270 [ 247.020845][T13601] do_new_mount+0x24a/0xa40 [ 247.025877][T13601] __se_sys_mount+0x2d6/0x3c0 [ 247.031086][T13601] do_syscall_64+0x4c/0xa0 [ 247.036033][T13601] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 247.042448][T13601] [ 247.042448][T13601] -> #4 (&ei->i_data_sem){++++}-{3:3}: [ 247.050100][T13601] down_write+0x38/0x60 [ 247.054794][T13601] ext4_truncate+0x96d/0x10d0 [ 247.060000][T13601] ext4_setattr+0xffe/0x19e0 [ 247.065113][T13601] notify_change+0xbcd/0xee0 [ 247.070239][T13601] do_truncate+0x197/0x220 [ 247.075179][T13601] do_sys_ftruncate+0x31b/0x3d0 [ 247.080554][T13601] do_syscall_64+0x4c/0xa0 [ 247.085496][T13601] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 247.088983][T13639] loop5: detected capacity change from 0 to 136 [ 247.092005][T13601] [ 247.092005][T13601] -> #3 (jbd2_handle){++++}-{0:0}: [ 247.092035][T13601] start_this_handle+0x1338/0x15a0 [ 247.111139][T13601] jbd2__journal_start+0x2b7/0x5a0 [ 247.117046][T13601] jbd2_journal_start+0x26/0x30 [ 247.122418][T13601] ocfs2_start_trans+0x374/0x6c0 [ 247.127882][T13601] ocfs2_shutdown_local_alloc+0x1fd/0xa10 [ 247.134214][T13601] ocfs2_dismount_volume+0x1de/0x880 [ 247.140139][T13601] generic_shutdown_super+0x130/0x300 [ 247.146026][T13601] kill_block_super+0x7c/0xe0 [ 247.151212][T13601] deactivate_locked_super+0x93/0xf0 [ 247.157004][T13601] cleanup_mnt+0x418/0x4d0 [ 247.161923][T13601] task_work_run+0x125/0x1a0 [ 247.167068][T13601] exit_to_user_mode_loop+0x10f/0x130 [ 247.172955][T13601] exit_to_user_mode_prepare+0xee/0x180 [ 247.179022][T13601] syscall_exit_to_user_mode+0x16/0x40 [ 247.185001][T13601] do_syscall_64+0x58/0xa0 [ 247.189928][T13601] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 247.196333][T13601] [ 247.196333][T13601] -> #2 (&journal->j_trans_barrier){.+.+}-{3:3}: [ 247.204828][T13601] down_read+0x44/0x2e0 [ 247.209488][T13601] ocfs2_start_trans+0x368/0x6c0 [ 247.214933][T13601] ocfs2_shutdown_local_alloc+0x1fd/0xa10 [ 247.221157][T13601] ocfs2_dismount_volume+0x1de/0x880 [ 247.226948][T13601] generic_shutdown_super+0x130/0x300 [ 247.232826][T13601] kill_block_super+0x7c/0xe0 [ 247.238010][T13601] deactivate_locked_super+0x93/0xf0 [ 247.243800][T13601] cleanup_mnt+0x418/0x4d0 [ 247.248726][T13601] task_work_run+0x125/0x1a0 [ 247.253821][T13601] exit_to_user_mode_loop+0x10f/0x130 [ 247.259783][T13601] exit_to_user_mode_prepare+0xee/0x180 [ 247.266011][T13601] syscall_exit_to_user_mode+0x16/0x40 [ 247.271984][T13601] do_syscall_64+0x58/0xa0 [ 247.276922][T13601] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 247.283320][T13601] [ 247.283320][T13601] -> #1 (sb_internal#3){.+.+}-{0:0}: [ 247.290775][T13601] ocfs2_start_trans+0x269/0x6c0 [ 247.296223][T13601] ocfs2_write_info+0x117/0x350 [ 247.301574][T13601] dquot_set_dqinfo+0x459/0x6c0 [ 247.306959][T13601] quota_setinfo+0x2a4/0x2b0 [ 247.312232][T13601] __se_sys_quotactl+0x295/0x6c0 [ 247.317681][T13601] do_syscall_64+0x4c/0xa0 [ 247.322597][T13601] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 247.328995][T13601] [ 247.328995][T13601] -> #0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}: [ 247.337835][T13601] __lock_acquire+0x2c33/0x7c60 [ 247.343192][T13601] lock_acquire+0x197/0x3f0 [ 247.348198][T13601] down_write+0x38/0x60 [ 247.352858][T13601] ocfs2_lock_global_qf+0x1e5/0x270 [ 247.358557][T13601] ocfs2_acquire_dquot+0x29d/0xaf0 [ 247.364170][T13601] dqget+0x778/0xeb0 [ 247.368573][T13601] dquot_set_dqblk+0x27/0xf90 [ 247.373755][T13601] quota_setquota+0x4ac/0x530 [ 247.378937][T13601] __se_sys_quotactl+0x295/0x6c0 [ 247.384379][T13601] do_syscall_64+0x4c/0xa0 [ 247.389360][T13601] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 247.396218][T13601] [ 247.396218][T13601] other info that might help us debug this: [ 247.396218][T13601] [ 247.406424][T13601] Chain exists of: [ 247.406424][T13601] &ocfs2_quota_ip_alloc_sem_key --> &dquot->dq_lock --> &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#8 [ 247.406424][T13601] [ 247.423631][T13601] Possible unsafe locking scenario: [ 247.423631][T13601] [ 247.431073][T13601] CPU0 CPU1 [ 247.436458][T13601] ---- ---- [ 247.441911][T13601] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#8); [ 247.449191][T13601] lock(&dquot->dq_lock); [ 247.456115][T13601] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#8); [ 247.465992][T13601] lock(&ocfs2_quota_ip_alloc_sem_key); [ 247.471610][T13601] [ 247.471610][T13601] *** DEADLOCK *** [ 247.471610][T13601] [ 247.479729][T13601] 3 locks held by syz.4.4066/13601: [ 247.485040][T13601] #0: ffff88802a8be0e0 (&type->s_umount_key#73){++++}-{3:3}, at: user_get_super+0x118/0x240 [ 247.495220][T13601] #1: ffff88805f0e40a8 (&dquot->dq_lock){+.+.}-{3:3}, at: ocfs2_acquire_dquot+0x290/0xaf0 [ 247.505240][T13601] #2: ffff8880746f5108 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#8){+.+.}-{3:3}, at: ocfs2_lock_global_qf+0x1c7/0x270 [ 247.518207][T13601] [ 247.518207][T13601] stack backtrace: [ 247.524075][T13601] CPU: 0 PID: 13601 Comm: syz.4.4066 Not tainted syzkaller #0 [ 247.531513][T13601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 247.541550][T13601] Call Trace: [ 247.544814][T13601] [ 247.547731][T13601] dump_stack_lvl+0x168/0x230 [ 247.552413][T13601] ? load_image+0x3b0/0x3b0 [ 247.556900][T13601] ? show_regs_print_info+0x20/0x20 [ 247.562088][T13601] ? print_circular_bug+0x12b/0x1a0 [ 247.567271][T13601] check_noncircular+0x274/0x310 [ 247.572190][T13601] ? add_chain_block+0x940/0x940 [ 247.577109][T13601] ? lockdep_lock+0xdc/0x1e0 [ 247.581698][T13601] ? lockdep_unlock+0x134/0x2d0 [ 247.586539][T13601] ? lockdep_lock+0x1e0/0x1e0 [ 247.591199][T13601] ? mark_lock+0x94/0x320 [ 247.595521][T13601] __lock_acquire+0x2c33/0x7c60 [ 247.600362][T13601] ? ocfs2_read_inode_block_full+0x1a0/0x1a0 [ 247.606335][T13601] ? verify_lock_unused+0x140/0x140 [ 247.611528][T13601] ? ocfs2_inode_lock_full_nested+0xcb3/0x1b20 [ 247.617669][T13601] ? __lock_acquire+0x13ad/0x7c60 [ 247.622682][T13601] lock_acquire+0x197/0x3f0 [ 247.627171][T13601] ? ocfs2_lock_global_qf+0x1e5/0x270 [ 247.632527][T13601] ? __might_sleep+0xf0/0xf0 [ 247.637101][T13601] ? preempt_count_add+0x8d/0x190 [ 247.642107][T13601] ? read_lock_is_recursive+0x10/0x10 [ 247.647464][T13601] ? rwsem_write_trylock+0x12f/0x1b0 [ 247.652733][T13601] ? clear_nonspinnable+0x60/0x60 [ 247.657753][T13601] ? __rwlock_init+0x140/0x140 [ 247.662503][T13601] down_write+0x38/0x60 [ 247.666643][T13601] ? ocfs2_lock_global_qf+0x1e5/0x270 [ 247.672011][T13601] ocfs2_lock_global_qf+0x1e5/0x270 [ 247.677303][T13601] ? dqget+0x6f8/0xeb0 [ 247.681402][T13601] ? lock_buffer+0x80/0x80 [ 247.685808][T13601] ocfs2_acquire_dquot+0x29d/0xaf0 [ 247.690912][T13601] ? dqget+0x3b0/0xeb0 [ 247.694975][T13601] ? ocfs2_destroy_dquot+0x40/0x40 [ 247.700073][T13601] dqget+0x778/0xeb0 [ 247.703959][T13601] dquot_set_dqblk+0x27/0xf90 [ 247.708711][T13601] quota_setquota+0x4ac/0x530 [ 247.713378][T13601] ? quota_getnextquota+0x450/0x450 [ 247.718564][T13601] ? bpf_lsm_capable+0x5/0x10 [ 247.723244][T13601] ? do_quotactl+0x4f3/0x710 [ 247.727828][T13601] __se_sys_quotactl+0x295/0x6c0 [ 247.732754][T13601] ? __x64_sys_quotactl+0xa0/0xa0 [ 247.737795][T13601] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 247.743767][T13601] ? lock_chain_count+0x20/0x20 [ 247.748604][T13601] ? vtime_user_exit+0x2dc/0x400 [ 247.753533][T13601] ? lockdep_hardirqs_on+0x94/0x140 [ 247.758714][T13601] do_syscall_64+0x4c/0xa0 [ 247.763113][T13601] ? clear_bhb_loop+0x30/0x80 [ 247.767777][T13601] ? clear_bhb_loop+0x30/0x80 [ 247.772436][T13601] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 247.778327][T13601] RIP: 0033:0x7faf1809a6c9 [ 247.782726][T13601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.802331][T13601] RSP: 002b:00007faf16301038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3 [ 247.810747][T13601] RAX: ffffffffffffffda RBX: 00007faf182f0fa0 RCX: 00007faf1809a6c9 [ 247.818714][T13601] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffff80000801 [ 247.827025][T13601] RBP: 00007faf1811cf91 R08: 0000000000000000 R09: 0000000000000000 [ 247.834979][T13601] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 247.842936][T13601] R13: 00007faf182f1038 R14: 00007faf182f0fa0 R15: 00007ffeb3c764d8 [ 247.850899][T13601] [ 247.855241][T11424] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 247.884232][ T4195] ocfs2: Unmounting device (7,4) on (node local) [ 247.980751][T13642] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4084'. [ 248.021697][T13642] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4084'. [ 248.116156][T11424] usb 4-1: Using ep0 maxpacket: 8 [ 248.256963][T11424] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 248.436821][T11424] usb 4-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54 [ 248.445874][T11424] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.453896][T11424] usb 4-1: Product: syz [ 248.458137][T11424] usb 4-1: Manufacturer: syz [ 248.462729][T11424] usb 4-1: SerialNumber: syz [ 248.468785][T11424] usb 4-1: config 0 descriptor?? [ 248.507208][T11424] cdc_phonet 4-1:0.0: skipping garbage [ 248.512783][T11424] cdc_phonet 4-1:0.0: invalid descriptor buffer length [ 248.520062][T11424] cdc_phonet: probe of 4-1:0.0 failed with error -22 [ 248.709493][ T4795] usb 4-1: USB disconnect, device number 24 [ 255.548092][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.554382][ T1421] ieee802154 phy1 wpan1: encryption failed: -22