last executing test programs: 4m27.787785567s ago: executing program 2 (id=2017): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000003c0)={0x0, 0xfff, 0x3}) 4m27.459985572s ago: executing program 2 (id=2021): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x18, 0x5e, 0x1, 0x70bd29, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @pid}]}, 0x18}], 0x1, 0x0, 0x0, 0xc0}, 0x4000) 4m27.266388124s ago: executing program 2 (id=2024): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x2, 0x0, 0x2, 0xf, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x30, 0x0, @in6={0xa, 0x4e23, 0x0, @private1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0xfb, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x8, 0x0, @mcast1}}, @sadb_key={0x1, 0x8}]}, 0x78}, 0x1, 0x7}, 0x0) 4m26.505650255s ago: executing program 2 (id=2034): syz_mount_image$udf(&(0x7f00000001c0), &(0x7f0000000000)='./file0\x00', 0x847, &(0x7f0000000140)=ANY=[], 0xe0, 0xc33, &(0x7f0000000340)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwRFLqwBRJkFQjG2nBdNNFFwGKoousCLRGgRQNjKYIumRaF0g2XhRZdUW0sBEUXbBFgKwCFvfOGXFIkTYjihIlPY9N/WbunHPvOfeM75UFnXsCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIj4vdcunjqdHnYrAIAH6fLoV0+dcf8HgCfKVf//DwAAAAAAAAAAAAAAB12KIp6OFHOX19J49b6jfqndf+v22PDI9tUOp6pmX1W+/KmfPnP23JdeGjrfzUvtmY+of799Nt4YvXqx8erszbn5qYWFqcnG2Ex7YnZyatd72Gv9rU5UJ6Bx881bk9evLzTOvHh208e3Bz8ceOrY4IWh508+1y07NjwyMrpRpN5bvnbPDenYaYbHoSjiZKR44Xs/Ta2IKGLv56L+YMd+q8NVJ05UnRgbHqk6Mt1uzSyWH17pnogiotFTqdk9R9uPRdT6H2gfdtaMWCqbXzb4RNm90bnWfOva9FTjSmt+sb3Ynp25kjqtLfvTiCLOp4jliFgduHt3/VFELVJ85+hauhYRfd3z8MVqYvDO7Sj2sY+7ULaz0R+xXDwCY3aADUQRr0eKn713PCbydaa61nwh4vUyfxDxTpmvRKTyi3Eu4oNtvkc8mmpRxJ+X439hLU1W14PudeXS1xpfmbk+21O2e135Je8Pd10pHtL94fCWfDAO+LWpHkW0qiv+Wrr33+wAAAAAAAAAAAAAAAAAcL8djiI+Eyle+7c/quYVRzUv/eiFod8f/P99PeWe/Zj9pIh4MSKWit3NyT2UJwZeSVdSeshziZ9k9Sjij/P8v2897MYAAAAAAAAAAAAAAAAAAAA80Yr4SaR4+f3jaTl61xRvz9xoXG1dm+6sCttd+7e7Zvr6+vp6I3WymXM851LO5ZwrOVdzRpHr52zmHM+5lHM550rO1ZzRl+vnbOYcz7mUcznnSs7VnFHL9XM2c47nXMq5nHMl52rOOCBr9wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPE6KKOIXkeLb31hLkSKiGTEenVwZeNitAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKA6mI70eKxh8072yrRUSq/u04Xv5yLpqHyvxkNIfKfCWaF3O2qqw1v/UQ2s/e9KcifhwpBurv3hnwPP79nXd3vgbxzjc33n221sm+7oeDHw48dezohaGRX3t2p9dpuwacuNSeuXW7MTY8MjLas7mWj/7Jnm2D+bjF/ek6EbHw1ttvtqanp+bv/UX5FdhD9UfoRao9hj2tH4xmHMgXUTsQzXg4fecJUN7/P4gUv/3+v3dv+J37fz3+X+fdnTt8/PxPNu7/L2/d0S7v/7Wt9fL9v7ynb3f/f7pn28v5dyP9tYj64s25/mMR9YW33j7Zvtm6MXVjaubcqVNfHhr68tlT/Yci6tfb01M9r+7L6QIAAAAAAAAAAAAAAAB4cFIRvxspWj9eS42IuF3N1xq8MPT8yef6oq+ab7Vp3vYbo1cvNl6dvTk3P7WwMDXZGJtpT8xOTu32cPVqutfY8Mi+dOZjHd7n9h+uvzo799Z8+8YfLm77+ZH6xWsLi/Otie0/jsNRRDR7t5yoGjw2PFI1errdmqmqXtl2Mv0vrz8V8R+RYuJcI30+b8vz/7fO8N80/39p6472af7/J3q2lcdMqYifR4rf+otn4/NVO4/EXecsl/ubSHHi/OdyuThUluu2ofNcgc7MwLLs/0SKf/jF5rLd+ZBPb5Q9vesT+4gox/9opPj+n303fj1v2/z8h+3H/8jWHe3T+D/Ts+3IpucV7Lnr5PE/GSleefrd+I287aOe/9F99sbxXPjO8zn2afw/1bNtMB/3N+9P1wEAAAAAAAAAAB5p/amIv40UPxyppZfytt38/b/JrTvap7//9emebZP3Z72ij32x55MKAAAAAAdEfyriJ5HixuK7d+ZQb57/3TP/83c25n8Opy2fVn/O9yvVcwPu55//9RrMxx3fe7cBAAAAAAAAAAAAAAAAAADgQEmpiJfyeurj1Xz+yR3XU1+JFK/91wu5XDpWluuuAz9Y/Vq/PDtz8uL09OxEa7F1bXqqMTrXmpgq6z4TKdb++nO5blGtr95db76zxvvGWuzzkWLk77plO2uxd9cmf2aj7Omy7CcixX/+/eay3XWsP7VR9kxZ9q8ixdf/afuyxzbKni3LfjdS/OjrjW7ZI2XZ7vNRP71R9sWJ2WIfRgUAAAAAAAAAAAAAAAAAAIAnTX8q4k8jxX/fXL4zlz+v/9/f87byzjd71vvf4na1zv9gtf7/Tq/vZf3/6rkCSzsdFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHk8ping7UsxdXksrA+X7jvql9syt22PDI9tXO5yqmn1V+fKnfvrM2XNfemnofDc/uv799pl4Y/Tqxcarszfn5qcWFqYmG2Mz7YnZyald72Gv9bc6UZ2Axs03b01ev77QOPPi2U0f3x78cOCpY4MXhp4/+Vy37NjwyMhoT5la/z0f/S5ph+2Hooi/jBQvfO+n6YcDEUXs/Vx8zHdnvx2uOnGi6sTY8EjVkel2a2ax/PBK90QUEY2eSs3uOXoAY7EnzYilsvllg0+U3Ruda823rk1PNa605hfbi+3ZmSup09qyP40o4nyKWI6I1YG7d9cfRbwZKb5zdC3980BEX/c8fPHy6FdPndm5HcU+9nEXynY2+iOWi0dgzA6wgSjiHyPFz947Hv8yEFGLzk98IeL1Mn8Q8U50xjuVX4xzER9s8z3i0VSLIv63HP8La+m9gfJ60L2uXPpa4ysz12d7ynavK4/8/eFBOuDXpnoU8aPqir+W/tV/1wAAAAAAAAAAAAAAAAAHSBG/Gilefv94quYH35lT3J650bjaujbdmdbXnfvXnTO9vr6+3kidbOYcz7mUcznnSs7VnFHk+jmbZdbX18fz+6WcyzlXcq7mjL5cP2cz53jOpZzLOVdyruaMWq6fs5lzPOdSzuWcKzlXc8YBmbsHAAAAAAAAAAAAAAAAAAA8XorqnxTf/sZaWh/orC89Hp1csR7oY+//AgAA///j0/g8") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 4m26.079484751s ago: executing program 2 (id=2040): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="0901020028000b05d25a806f8c6394f90224fc600d00030009000100ff3582c137153e370248018002000000d1bd", 0x33fe0}], 0x1}, 0x0) 4m25.518661739s ago: executing program 2 (id=2047): r0 = getpid() ptrace$setopts(0x4206, r0, 0x5, 0x2) 4m25.107268485s ago: executing program 32 (id=2047): r0 = getpid() ptrace$setopts(0x4206, r0, 0x5, 0x2) 3m50.838290184s ago: executing program 3 (id=2453): r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000600)={'stack ', ':(%#{//(@\\)//&@},[\'%%&\\#*\x00'}, 0x20) 3m50.685137377s ago: executing program 3 (id=2456): syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000240)='ntfs3\x00', 0x0, 0x0) 3m50.470535409s ago: executing program 3 (id=2459): r0 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0x0, 0xfff1}, {0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) 3m50.332671532s ago: executing program 3 (id=2462): syz_mount_image$hfsplus(&(0x7f00000001c0), &(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4040, &(0x7f0000000080)={[{@uid={'uid', 0x3d, 0xee01}}, {@barrier}, {@nls={'nls', 0x3d, 'iso8859-15'}}, {@uid}, {@part={'part', 0x3d, 0x7}}, {@part={'part', 0x3d, 0x2}}]}, 0x20, 0x6fe, &(0x7f0000000c00)="$eJzs3U9oXHkdAPDvm5lMMl3IztZ2t4rQsMWiW22TDIsVBKuI5LBowcteY5tuQydpSbKSFrGz6qo3PUkPe1iReNiTeBBWPIj1JgiC994LHrwVD468N+9NZvJ3Js0ksfv5wJv3e+/9/nx/33nz5k9aXgCfWHNvx1grkpi79NZ6uv1ko9F8stFYKsoRMR4RpYhKZxXJckTyOOJadJb4dLoz7y7ZbZw3n378wcVHHzU6W5V8yeqX9mq3qb3HCK18iamIKOfrIVV26+/GDv09HKrrpBt3mrALReLguLW3aQ3TfIDXLXDSPYwoj+2wvx5xKiIm8s8BkV8dSkcc3qEb6ioHAAAAJ1N5vwovP4tnsR6TRxMOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvBiSzj0Dk3wpFeWpSPL7/38nr5apVo833H18cZ/j7986okAAAAAAAAAA4PCNbRbPP4tnsR6TxXY7yf7m/3q2cSZ7fCnejdVYiJW4HOsxH2uxFisxEzE22dNndX1+bW1lZnvLX0Xast1uP8xbzkZEfVvL2RHPGQAAAAAAAABebD+KuZg87iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBXElHurLLlTFGuR6kSERMRUU3rtSL+VJRPgvoB2/35kOMAAACAE6iWryeT/3YK7ST7zv9q9r1/It6N5ViLxViLZizEzey3gM63/tI/Wo3mk43GUrps7/jr/8p6aw8YR9ZjRJTjvV1Gns5qnO22mItvxXfjUkzF9ViJxfh+zMdaLMRU1NJJxHwkUa91fr2oF3H2x1vOu7rWF8r1rbGd37J9LoukFrdiMYvtctyoFr2VshpJnOsZ7Q/ViC0Zei/NTvK13IA5utnzfP0y/10m1355wD5Go57NfKybkek093k2Xtk594XOeXLgkWai1P0N6szmKOnm1pGKnH9vmJyfytdprn/an/PDNuRPaVszMRul/OyLeLU/5/c+9+h0f+Mv/PMv12+Xlu/cvrV6aYRTOiSVHfeOFYWtmWj0ZOK1vc++PBPNNBOtwTMxtnXHxMBzGalqno3OhW2wq+U3s9J8vN5zCt5dTh+/HNMxE1djOr4Ss9HoO8PO9uW10ljqz0n2Wittv77V9gj+wud7Kv1sn8qjsPt4aV5e6clr75Wunh3L91z7RUz3ZOn03mffQd4FKp/JC+kYP+6+45wEfZnIr81FdMUb1C6Z+HX2OWG1uXxn5fb8vQHHu5iv05ft+/3X5t8892SeS3q+nO5euLKc1IrzJT32qW60/fmq5n9x6bQrbTt2tnusHpOxGN+Ou3EzFnZ4pVbzz3Dbe+oce23HY43s2LmeY32fcuJuNLNPIVtMHU1WARjYqTdOVWtPa3+vfVj7Se127a2Jb4xfHf9sNcb+Wvlj+Xel35a+mrwRH8YPY/K4IwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBfB6v0Hd+abzYWVERaqBxwrSvvW2XhpsA6jHrH3WEleqI46G0MXfp7fr/Dwev73xJ7ZqMWIpvP7vWdRfe4hkkhaI35S0mfiUDosbpyW7WmX9231tysRnT2VaLfbD7uHtj6VlVid2O0ZHN+sHPU7883/tPvq1KLnJQO84K6sLd27snr/wZcWl+bfWXhnYXn2anF73FuLzYXpK9njMQcJjMTq/Qfl444BAAAAAAAAAAAAGE7+r//XVkppIRn+f+lU9qlTXVndeeTzRz1VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/U3Nsx1ookZqYvT6fbTzYazXQpyps1KxFRiojkBxHJ44hr0Vmi3tNdsts4bz79+IOLjz5qbPZVKeqX9mo3mFa+xFRElPP1/sZ36GZ7fzd6+msdKLykO8M0YReKxMFx+18AAAD//yBC8a4=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) 3m49.829349859s ago: executing program 3 (id=2468): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000000c0)='source', &(0x7f0000000100)='::,\n-&\xf5\xcc\xd7\x06f\xcdY\xb9\xc7\x9d\xb2a\r\xd7\xef\xc5\x112i\x88\n\x13.\xd6\xfa\xd5?\xc7\xfd&\x8d*\xbb\xa7&,\xe9\xa3/\x91>C\x1b\x15\x87\xeb\xfe\x1c\x9d\\C\xfeI\'\xaeqKHq\x89\x83\xbb\x9dC\xd6Hy\x04\xa4\xb6\x88\xdb\xa1b\xae\xa7\x87\xcc\xc7\xa4\xdc\n:///\x00\x00\x00\x85^\x00\x0f\bu\x01\xab\x8c\x95?\x90\x8d_\xc0\xe1\x9d>0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x2, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffff}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x28}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x0) 1.37060694s ago: executing program 5 (id=4824): mlock(&(0x7f0000005000/0x4000)=nil, 0x4000) mremap(&(0x7f0000006000/0x2000)=nil, 0x2000, 0x3000, 0x3, &(0x7f0000ffd000/0x3000)=nil) msync(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x6) 1.296151201s ago: executing program 7 (id=4825): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000080)={0x0, 0x300}) 1.246478202s ago: executing program 4 (id=4827): r0 = socket(0x848000000015, 0x805, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, 0x1c) 1.182536083s ago: executing program 5 (id=4828): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x10008d0, &(0x7f0000000280)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c7072656665727265645f736c6f743d30303030303030303030303030303030303030312c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c00b83578110c8182871d1a888ab910bda6ed5eb8d85850b69e5f00a4b2822944f8a40011442cbdd903ae8f5dbd229f91fe1093b9e1d8042b3023b0ec8f09897497044a104701d3013512e0487b6bd6650f232292d8b0155a94728bba1a8248fed123795bcc184683b33d0d5f4455ea61c1cb567c01edd33f14c229437ce876bf88798ec1e2f28b87b591031c3d50710d9cc51b760aff0105a5c3772f54bdf7395bb2bb7b4a0323ca"], 0x1, 0x4440, &(0x7f00000088c0)="$eJzs3b9vHFkdAPA3Y4fYIQE7pAgSEisRCQTIslMFHAnHceLYiQkKJEI0m7W9SQxrb2SvEUUK00WiQqJAFBFIdK4iF7ThT6ChzNWR7opr7nRSdD7tzqy9M96V96xd+5L7fIqdnfdrnvc78+ZNMX5xqvZkZaOwslEorRWqS482Lhf+WK1srpZDfEzaHv/U8R2f7vTjPDnpc+/r7O71m79+cDmE/y7//83u7u5uqBsMbU20fP/k42dLrdumOFen3m425Vb7xo/sdyGECwf6VTcQQvjtf0KIQgjX0rTpdDscQjgXkrwHz/7ysNCj3rx8Xb5afLvwfGfy0vz2i503HQtGIfyj8t2fPl798AcDkx/8uEeHBwAAAAAAAAAAAAAAAADgHTd77+79X41PhFdRGNyODr6vO5tuO70fu9sz3+//HwsAAAAAAAAAAAAAAAAAAABfUfvv/xei823e/59Jt1Md6u/+ov99pH/mfnl35sb4RLr+e3Qg/0qa9NG1gTDaZt33/Prv13L1D67/HtJV13vjShRlVqsfCVE81tKPkRDHY2Mh/Ctd+P1idCauVDdqP3lU3Vxb7lk33lnZ+Cer92eiky7o3238p3Ptt49/L33nwNlU33/Yu1PsvZaN/0DHcv/+c9RV/K/n6h1H/Dm6bPyToXS4tcBUMgDU4//XwcPjP5Nrvz/xP7X3bTgUMiNAfQ5TiDrPV8jKxj/5XTNDZ/pDdrr+P8vF/0au/ZMa/7fyNyLaysb/G420oUyJ/et/ND78+r+Za/8k4l/v/5b7f1ey8T+dJGZm1MnP2+34P5trvyX+n/ay3/fjtJ/fijJnwHaUpHf6f3VkZeM/dCB///kv7mr+dytXv//Pf9njNp//msP/j6Lk+Y/2svEf7liu2+t/Llev3+P/VGP+x1Fl43+mkdacOyd3/pHGZ7fxn8+136/4N/o21Iz//njy+ekk/Z/mf13Jxv+bSWLcWmKr8dmY/0WHz/9v59o/iflfvf9bcX+P+r7Ixv9sx3L1+P+vi/v/nVy9/sc/hHFz/SPLxv9cx3KN63/o8Pgv5Or1O/4/7GfjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO+A6XQ7EqJ4LLMfx2NjIVxP9y+GM9Fiabm4WKku/WEjhJk0vRDOR48r1cVSpbiyVl0uF0uVSnUphBtp/oUwFG1UqrXiaunpzb22hqMn5dJ6bbFcqoUQZtP074VzzbYWV2qrpachhFt7ed+Oq+tPn5TWissr6z8fHx8fD3N7fRiNyn+qlddqydGT3BDm9+qORC2da2Tf3uvL2ej31c31tVKlkX6npU6lulSqtNRZSPP+Fkaj2vrm2lKpVi5Wqo+bxztJU+l2Zu7eb+7dmTiQ/zBKttPH2y0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvqRXkz/7ewhhMNmLQwhTzS9Ru/IvX5evFt8uPN+ZvDS//WLnzanj7S4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBfswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYZf+URoIojgAvxkL/1Qew2rZ7WxXFNHCFcET6DE8jB7FS3gHCwtbCwkkMyRsspAmKcL3NY/dHzPvwTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgINz+zQ8P7ZdRIqT/+OIz9ev79X8vtT3q83nj/YwI7tz9zBc37Rdefe0ll+WXz99nqd/v28vsaxn9bv6GO3JeJ8Wap/Tybmm9m1qvtr3PFJuIqIv+UXKuWm2uwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBk7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZR9G0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/AgAA///+NR/5") r0 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111}}, 0x20) 1.118444554s ago: executing program 7 (id=4830): rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) writev(r0, &(0x7f0000001040)=[{&(0x7f0000000040)='\n', 0x1}], 0x1) 996.472155ms ago: executing program 4 (id=4831): syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100004b41460860163209ea8001020301090212000100000008090400"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) read(r0, 0x0, 0x700) 878.581157ms ago: executing program 6 (id=4832): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0xfffffff8}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@delchain={0x24, 0x5f, 0xf31}, 0x24}}, 0x0) 647.75603ms ago: executing program 7 (id=4833): socketpair$unix(0x1, 0x3, 0x0, 0x0) r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3fd, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f0000000040)={0x0, 0x8}) 647.586281ms ago: executing program 6 (id=4834): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x2}, 0x1c) setsockopt$packet_int(r0, 0x107, 0xc, &(0x7f0000000180)=0x9, 0x4) 382.558804ms ago: executing program 6 (id=4835): r0 = socket$kcm(0xa, 0x3, 0x3a) socket$packet(0x11, 0x3, 0x300) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) 380.090104ms ago: executing program 7 (id=4845): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000140)='./file2\x00', 0x2001004c, &(0x7f0000000a00)=ANY=[@ANYRES16=0x0, @ANYRES8, @ANYRES8=0x0, @ANYBLOB="b71fe84fda50cf6fbefac5a5891d03a05027c0e6658ea94f09636160112a47b688552b72051bf0111daffbe0adef82589ee2fac726c31d20f98aa1f9761873cd604dab0d22b4b321f4c20044c5a8e018b51e52342814e4c33a7f4807781862b524b303c604203d95ef2f4feb698f5a4f3983ca0adeae0088c2e16969e9000a6a9d85bf9d4ee333cfeb763ad6506f66797f154f0923a63f106d908d1cf2a884e57ab63950b9883c40449a94847df80ca39e9394f8de077bfd7f0c81e773fe8ad33c339a0f92997d172adcde0c53c97cce8a0f42c862a0c88c9a25ccf6799b85dadc245f608d", @ANYRES8], 0xfe, 0x1518, &(0x7f0000000d80)="$eJzs3AuYjtX6MPB1r7UehqS3SQ7Dutf98KbBMkmSQ0IOSZIkSU4JSZMkCYkhp6QhCTlOmhyGkBymMWmcz4eckyZbmiQJySlZ38Vub7uv/W/v/7f39/e/9ty/61rXrPt93nu99zP3XPOu55lr3u96jqrXon7tZkQk/iXw5y9JQogYIcQwIcR1QohACFEptlLspeP5FCT9ay/C/r0eTrvaFbCrifufu3H/czfuf+7G/c/duP+5G/c/d+P+527cf8Zys22zi13PI/cOvv+fm/H7/3+QnPKTv9pQ/sZe/40U7n/uxv3P3bj/uRv3P3fj/udu3P//fLX+4Bj3P3fj/jOWm/31XvAF7/3/gvvRPP5nx9X++WOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxljuc9VdoIcRf5le7LsYYY4wxxhhjjP37+LxXuwLGGGOMMcYYY4z9/wdCCiW0CEQekVfEiHwiv7hGFBDXioLiOhER14tYcYMoJG4UhUURUVQUE3GiuCghjEBhBYlQlBSlRFTcJEqLm0W8KCPKinLCifIiQdwiKohbRUVxm6gkbheVxR2iiqgqqonq4k5RQ9wlaopaora4W9QRdUU9UV/cIxqIe0VDcZ9oJO4XjcUDool4UDQVD4lm4mHRXDwiWohHRUvxmGglWos2oq1o9/+U/5LoK14W/UR/kSQGiIHiFTFIDBZDxFAxTLwqhovXxAjxukgWI8Uo8YYYLd4UY8RbYqwYJ8aLt8UEMVFMEpPFFDFVpIh3xDTxrkgV74npYoaYKWaJNDFbzBHvi7linpgvPhALxIdioVgkFoslIl18JDLEUpEpPhbLxCciSywXK8RKsUqsFmvEWrFOrBcbxEaxSWwWW8RWsU18KraLHWKn2CV2iz1ir/hM7BOfi/3iC5Etvvxv5p/5v/J7gQABEiRo0JAH8kAMxEB+yA8FoAAUhIIQgQjEQiwUgkJQGApDUSgKcRAHJaAEICAQEJSEkhCFKJSG0hAP8VAWyoIDBwmQABXgVqgIFaESVILKUBmqQFWoCtWhOtSAGlATakJtqA11oA7Ug3pwD9wD90JDaAiNoBE0hsbQBJpAU2gKzaAZNIfm0AJaQEtoCa2gFbSBNtAO2kF7aA8doAN0gk7QGTpDF+gCiZAIXaErdINu0B26Qw/oAT2hJ/SC3tAbXoKX4GV4GfpDHTkABsJAGASDYAgMhaHwKgyH1+A1eB2SYSSMgjfgDXgTxsBpGAvjYDyMhxpyIkyCyUByKqRACkyDaZAKqTAdZsAMmAVpMBvmwByYC/NgHnwAC+BD+BAWwSJYAumQDhmwFDIhE5bBGciC5bACVsIqWA2rYC2sg7WwATbCBtgMm2ErbIVP4VPYATtgF+yCPbAHPoPP4HP4HJIhG7LhAByAg3AQDsEhyIEcOAyH4QgcgaNwFI7BMTgOJ+AknIBTcApOwxk4C2fhPJyHC/BC3DfN95RZnyzkJVpqmUfmkTEyRuaX+WUBWUAWlAVlREZkrIyVhWQhWVgWlkVlURkn42QJWUKiREkylCVlSRmVUVlalpbxMl6WlWWlk04myARZQVaQFWVFWUneLivLO2QVWVV2dNVldVlDdnI1ZS1ZW9aWdWRdWU/Wl/VlA9lANpQNZSPZSDaWjWUT+aBsKgfAEHhYXupMCzkSWspR0Eq2lm1kW/kmPC7byzHQQXaUneSTchyMhS6yvUuUz8iuchJ0k8/JyfC87CGnQk/5ouwle8s+8iXZV3Zw/WR/OR0GyIFyFgySg+UQOVTOhbryUsfqyddlshwpR8k35BJ4U46Rb8mxcpwcL9+WE+REOUlOllPkVJki35HT5LsyVb4np8sZcqacJdPkbDlHvi/nynlyvvxALpAfyoVykVwsl8h0+ZHMkEtlpvxYLpOfyCy5XK6QK+UquVqukWvlOrlebpAb5Sa5WW6RW+U2+ancLnfInXKX3C33yL3yM7lPfi73yy9ktvxSHpB/kgflV/KQ/FrmyG/kYfmtPCK/k0fl9/KY/EEelyfkSfmjPCV/kqflGXlWnpPn5c/ygvxFXpReCgVKKqW0ClQelVfFqHwqv7pGFVDXqoLqOhVR16tYdYMqpG5UhVURVVQVU3GquCqhjEJlFalQlVSlVFTdpEqrm1W8KqPKqnLKqfIqQd2iKqhbVUV1m6qkbleV1R2qiqqqqqnq6k5VQ92laqpaqra6W9VRdVU9VV/doxqoe1VDdZ9qpO5XjdUDqol6UDVVD6lm6mHVXD2iWqhHVUv1mGqlWqs2qq1qpx5X7dUTqoPqqDqpJ1Vn9ZTqop5WieoZ1VU9q7qp51R39bzqoV5QPdWLqpfqrfqoX9RF5VU/1V8lqQFqoHpFDVKD1RA1VA1Tr6rh6jU1Qr2uktVINUq9oUarN9UY9ZYaq8ap8eptNUFNVJPUZDVFTVUp6h01Tb2rUtV7arqaoWaqWSpNzVZDfl1p/j+R/+7fyR9x+dW3qm3qU7Vd7VA71S61W+1Re9VetU/tU/vVfpWtstUBdUAdVAfVIXVI5agcdVgdVkfUEXVUHVXH1DF1XJ1Q59SP6pT6SZ1WZ9QZdU6dV+fVhV+/B0KDllpprQOdR+fVMTqfzq+v0QX0tbqgvk5H9PU6Vt+gC+kbdWFdRBfVxXScLq5LaKNRW0061CV1KR3VN+nS+mYdr8vosrqcdrq8TtC3/Mv5/6i+drqdbq/b6w66g+6kO+nOurPuorvoRJ2ou+quupvuprvr7rqH7qF76p66l+6l++g+uq/uq/vpfjpJJ+mB+hU9SA/WQ/RQPUy/qofr4XqEHqGTdbIepUfp0Xq0HqPH6LF6rB6vx+sJeoKepCfpKXqKTtEpepqeplN1qp6up+uZeqZO02l6jp6j5+q5er6erxfoBXqhXqgX68U6XafrDJ2hM3WmXqaX6Sy9XC/XK/VKvVqv1mv1Wr1er9cb9Ua9WW/WWXqb3qa36+16p96pd+vdeq/eq/fpfXq/3q+zdbY+oA/og/qgPqQP6Rydow/rw/qIPqKP6qP6mD6mj+vj+qQ+qU/pU/q0Pq3P6rP6vD6vL+gL+qK+eGnbF8hABjrQQZ4gTxATxAT5g/xBgaBAUDAoGESCSBAbxAaFghuDwkGRoGhQLIgLigclAhNgYAMKwqBkUCqIBjcFpYObg/igTFA2KBe4oHyQENwSVAhuDSoGtwWVgtuDysEdQZWgalAtqB7cGdQI7gpqBrWC2sHdQZ2g7l/+DhXcGzQM7gsaBfcHjYMHgibBg0HT4KGgWfBw0Dx4JGgRPBq0DB4LWgWtgzZB26DdP7t+UC+oH9wTNPjD9b0/XeQJ18/0N0lmgBloXjGDzGAzxAw1w8yrZrh5zYwwr5tkM9KMMm+Y0eZNM8a8ZcaacWa8edtMMBPNJDPZTDFTTYp5x0wz75pU856ZbmaYmWaWSTOzzRzzvplr5pn55gOzwHxoFppFZrFZYtLNRybDLDWZ5mOzzHxissxys8KsNKvMarPGrDXrzHqzwWw0m8xms8VsNdvMp2a72WF2ml1mt9lj9prPzD7zudlvvjDZ5ktzwPzJHDRfmUPma5NjvjGHzbfmiPnOHDXfm2PmB3PcnDAnzY/mlPnJnDZnzFlzzpw3P5sL5hdz0fhLm/tLb++oUWMezIMxGIP5MT8WwAJYEAtiBCMYi7FYCAthYSyMRbEoxmEclsASeAkhYUksiVGMYmksjfEYj2WxLDp0mIAJWAErYEWsiJWwElbGylgFq2A1rIZ34p14F96FtbAW3o13Y12si/WxPjbABtgQG2IjbISNsTE2wSbYFJtiM2yGzbE5tsAW2BJbYitshW2wDbbDdtge22MH7ICdsBN2xs7YBbtgIiZiV+yK3bAbdsfu2AN7YE/sib2wF/bBPtgX+2K/c/0wCZNwIA7EQTgIh+AQHIbDcDgOxxE4ApMxGUfhKByNo3EMjsGxOA7H49s4ASfiJJyMU3AqpmAKTsNpmIqpOB2n40yciWmYhnNwDs7FuTgf5+MCXIALcSEuxsWYjumYgRmYiZm4DJdhFmbhClyBq3AVrsE1uA7X4QbcgJtwE27BLbgNt+F23I47cSfuxt24F/fiPtyH+3E/ZmM2HsADeBAP4iE8hDmYg4fxMB7BI3gUj+IxPIbH8TiexJN4Ck/haTyNZ/Esnsef8QL+ghfRY4yVIr+9xhaw19qC9jobY/PZv42L2mI2zha3JayxhW2R38RorY23ZWxZW846W94m2Ft+F1exVW01W93eaWvYu2zN38UN7L22ob3PNrL32/r2nt/Eje0Dtol91Da1j9lmtrVtbtvaFvZR29I+ZlvZ1raNbWs726dsF/u0TbTP2K722d/FGXapXWfX2w12o91nP7dn7Tl7xH5nz9ufbT/b3w6zr9rh9jU7wr5ukxuN/G1sR9rx9m07wU60k+xkO8VO/V08086yaXa2nWPft3PtvN/F6fYju8Bm2oV2kV1sl1yOL9WUaT+2y+wnNssutyvsSrvKrrZr7Nq/1rrSbrZb7Fa7135mt9sddqfdZXfbPZfjS+ex335hs+2X9rD91h60X9lD9qjNsd9cji+d31H7vT1mf7DH7Ql70v5oT9mf7Gl75vL5Xzr3H+0v9qL1VhCQJEWaAspDeSmG8lF+uoYK0LVUkK6jCF1PsXQDFaIbqTAVoaJUjOKoOJUgQ0iWiEIqSaUoSjdRabqZ4qkMlaVy5Kg8JdAtVIFupYp0G1Wi26ky3UFVqCpVo+p0J9Wgu6gm1aLadDfVobpUj+rTPdSA7qWGdB81ovupMT1ATehBakoPUTN6mJrTI9SCHqWW9Bi1otbUhtpSO3qc2tMT1IE6Uid6kjrTU9SFnqZEeoa60rPUjZ6j7vQ89aAXqCe9SL2oN/Whl6gvvUz9qD8l0QAaSK/QIBpMQ2goDaNXaTi9RiPodUqmkTSK3qDR9CaNobdoLI2j8fQ2TaCJNIkm0xSaSin0Dk2jdymV3qPpNINm0ixKo9k0h96nuTSP5tMHtIA+pIW0iBbTEkqnjyiDllImfUzL6BPKouW0glbSKlpNa2gtraP1tIE20ibaTFtoK22jT2k77aCdtIt20x7aS5/RPvqc9tMXlE1f0gH6Ex2kr+gQfU059A0dpm/pCH1HR+l7OkY/0HE6QSfpRzpFP9FpOkNn6Rydp5/pAv1CF8mTCCGUoQp1GIR5wrxhTJgvzB9eExYIrw0LhteFkfD6MDa8ISwU3hgWDouERcNiYVxYPCwRmhBDG1IYhiXDUmE0vCksHd4cxodlwrJhudCF5cOE8JawQnhrWDG8LawU3h5WDu8Iq4RVw0fvrx7eGdYI7wprhrXC2uHdYZ2wblgvrB/eEzYI7w0bhveFjcL7w4rhA2GT8MGwafhQ2Cx8OGwePhK2CB8NW4aPha3C1mGbsG3YLnw8bB8+EXYIO4adwifDzuFTYZfw6TAxfCbsGj77D48nhQPCgeEr4Suh9/epxdEl0fToR9GM6NJoZvTj6LLoJ9Gs6PLoiujK6Kro6uia6Nrouuj66Iboxuim6ObolujWqPf18woHTjrltAtcHpfXxbh8Lr+7xhVw17qC7joXcde7WHeDK+RudIVdEVfUFXNxrrgr4YxDZx250JV0pVzU3eRKu5tdvCvjyrpyzrnyLsG1de1cO9fePeE6uI6uk3vSPemeck+5p93T7hnX1T3rurnnXHf3vOvhXnAvuBddL9fb9XEvub7uZdfP9XdJLskNdAPdIDfIDXFD8vy6B3Mj3AiX7JLdKDfKjXaj3Rg3xo11Y914N95NcBPcJDfJTXFTXIpLcdPcNJfqUt10N93NdDNdmktzc9wcN9fNdfPdfLcgfoFb6Ba6xW6xS3fpLsNluEyX6Za5ZS7LZbkVboVb5Va5NW6NW+fWuQ1ug9vkNrktbovb5ra57W672+l2ut1ut9vr9rp9bp/b7/a7bJftDrgD7qA76A65r12O+8Yddt+6I+47d9R97465H9xxd8KddD+6U+4nd9qdcWfdOXfe/ewuuF/cReddSuSdyLTIu5HUyHuR6ZEZkZmRWZG0yOzInMj7kbmReZH5kQ8iCyIfRhZGFkUWR5ZE0iMfRTIiSyOZkY8jyyKfRLIiyyMrIisjqyKrI94X3x76kr6Uj/qbfGl/s4/3ZXxZX847X94n+Ft8BX+rr+hv85X87b6yv8NX8VV9Nf+Yb+Vb+za+rW/nH/ft/RO+g+/oO/knfWf/lO/in/aJ/hnf1T/ru/nnfHf/vO/hX/A9/Yu+l+/t+/iXfF//su/n+/skP8AP9K/4QX6wH+KH+mH+VT/cv+ZH+Nd9sh/pR/k3/Gj/ph/j3/Jj/Tg/3r/tJ/iJfpKf7Kf4qT7Fv+On+Xd9qn/PT/cz/Ew/y6f52X6Of9/P9fP8fP+BX+A/9Av9Ir/YL/Hp/iOf4Zf6TP+xX+Y/8Vl+uV/hV/pVfrVf49f6dX693+A3+k1+s9/it/pt/lO/3e/wO/0uv9vv8Xv9Z36f/9zv91/4bP+lP+D/5A/6r/wh/7XP8d/4w/5bf8R/54/67/0x/4M/7k/4k/5Hf8r/5E/7M/6sP+fP+5/9Bf+Lv8j/s8YYY4wx9k9JPfTHxwf8ncfkr+OSgUKIa3cUy/nb41oIsanwn+eDZVzniBDimf49H/7LqFMnKSnp1+dmKRGUWiSEiFzJv3wZ8mu8XHQST4lE0VFU+Lv1DZa9z9MfrA/HvY/eLkT+v8mJEVfiK+vf+l+s//iT4zMqh2djf7v+hV/3m5fqjy4SIr7UlZx84kp8Zf2K/8X6Rdr/Uf1ZSuT7KkWIDn+TU0Bcia+snyCeEM+KxN88kzHGGGOMMcYY+7PBslr3f3D9efn6PE5fDi8/nFf8Nf6H1+eMMcYYY4wxxhi7+p7v3efpxxMTO3bnCU94wpO/Tq72bybGGGOMMcbYv9uVTf/VroQxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGMu9/ic+TuxqnyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2tf2fAAAA///9QkNA") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0xff) copy_file_range(r0, 0x0, r0, &(0x7f0000000080)=0x87fffff, 0x1, 0x0) 146.57µs ago: executing program 7 (id=4836): r0 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0x0, 0x7ffe}, 0x80, 0x0}, 0x0) sendmsg$kcm(r0, &(0x7f0000000440)={&(0x7f0000000040)=@qipcrtr={0x2a, 0xffffffffffffffff, 0xfffebfff}, 0x80, 0x0}, 0x0) 0s ago: executing program 6 (id=4837): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000004880)={0x48, r1, 0x9, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x30, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x20048814}, 0x0) kernel console output (not intermixed with test programs): 1 mapped to illegal pblock 1 (length 1) [ 401.107066][ T4279] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 401.118777][ T4279] EXT4-fs error (device loop0): ext4_release_dquot:6838: comm kworker/u4:6: Failed to release dquot type 0 [ 401.150659][ T4249] EXT4-fs error (device loop0): __ext4_get_inode_loc:4507: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 401.187251][ T4249] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5914: Corrupt filesystem [ 401.219449][ T4249] EXT4-fs error (device loop0): ext4_quota_off:7108: inode #3: comm syz-executor: mark_inode_dirty error [ 402.021363][T17332] loop7: detected capacity change from 0 to 32768 [ 402.110908][T17332] read_mapping_page failed! [ 402.115953][T17332] ERROR: (device loop7): dbDiscardAG: -EIO [ 402.115953][T17332] [ 402.161148][T17332] ERROR: (device loop7): remounting filesystem as read-only [ 402.214026][T17368] loop4: detected capacity change from 0 to 256 [ 402.307798][T17370] loop5: detected capacity change from 0 to 2048 [ 402.376784][T17370] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 402.383566][T17333] loop6: detected capacity change from 0 to 32768 [ 402.524809][T17333] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 402.540296][T17348] loop0: detected capacity change from 0 to 32768 [ 402.570283][T17348] (syz.0.3904,17348,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 402.601714][T17333] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 402.669009][T17348] (syz.0.3904,17348,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 402.746139][T17348] (syz.0.3904,17348,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC. [ 402.784585][T17389] loop4: detected capacity change from 0 to 256 [ 402.794191][T17333] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 402.817925][T17348] JBD2: Ignoring recovery information on journal [ 402.872111][ T7] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 402.888481][T17376] loop7: detected capacity change from 0 to 4096 [ 402.897133][ T7] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 402.939845][T17376] ntfs3: loop7: Different NTFS' sector size (2048) and media sector size (512) [ 402.946765][T17393] device lo entered promiscuous mode [ 402.972475][T17348] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 402.997040][T17390] device lo left promiscuous mode [ 403.144168][T17376] ntfs3: loop7: Mark volume as dirty due to NTFS errors [ 403.182323][ T7] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 285ms [ 403.210480][T17348] (syz.0.3904,17348,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x2c7b5077, computed 0x28030c75. Applying ECC. [ 403.300523][ T7] gfs2: fsid=syz:syz.0: jid=0: Done [ 403.328660][T17333] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 403.347673][T17348] (syz.0.3904,17348,0):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x2c7b5077, computed 0x28d1d8ae [ 403.427074][T17348] (syz.0.3904,17348,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 403.448485][T17348] (syz.0.3904,17348,0):ocfs2_quota_read:201 ERROR: status = -5 [ 403.448980][T12410] ntfs3: loop7: ntfs_evict_inode r=5 failed, -22. [ 403.456192][T17348] Quota error (device loop0): find_tree_dqentry: Can't read quota tree block 5 [ 403.511883][T17348] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 403.526466][T17410] loop4: detected capacity change from 0 to 16 [ 403.555385][T17348] (syz.0.3904,17348,0):ocfs2_acquire_dquot:878 ERROR: status = -5 [ 403.555876][T17398] (syz.0.3904,17398,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x2c7b5077, computed 0x28030c75. Applying ECC. [ 403.607324][T17410] erofs: (device loop4): mounted with root inode @ nid 36. [ 403.616188][T17348] (syz.0.3904,17348,0):ocfs2_mknod:314 ERROR: status = -5 [ 403.658523][T17410] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 403.673291][T17348] (syz.0.3904,17348,0):ocfs2_mknod:502 ERROR: status = -5 [ 403.712380][T17398] (syz.0.3904,17398,0):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x2c7b5077, computed 0x28d1d8ae [ 403.736072][T17410] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -29 in[58, 4038] out[1851] [ 403.753082][T17348] (syz.0.3904,17348,0):ocfs2_mkdir:659 ERROR: status = -5 [ 403.780472][T17398] (syz.0.3904,17398,0):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 403.790910][T17410] erofs: (device loop4): z_erofs_read_folio: failed to read, err [-117] [ 403.812195][T17398] (syz.0.3904,17398,0):ocfs2_quota_read:201 ERROR: status = -5 [ 403.823128][T17398] Quota error (device loop0): find_next_id: Can't read quota tree block 5 [ 403.834586][T17417] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 403.834735][T17398] (syz.0.3904,17398,0):ocfs2_get_next_id:909 ERROR: status = -5 [ 403.940495][T17417] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -29 in[58, 4038] out[1851] [ 403.965726][T17417] erofs: (device loop4): z_erofs_read_folio: failed to read, err [-117] [ 403.991258][ T4249] ocfs2: Unmounting device (7,0) on (node local) [ 404.057402][T17333] gfs2: fsid=syz:syz.0: found 1 quota changes [ 404.211477][T10221] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error [ 404.211477][T10221] inode = 11 2339 [ 404.211477][T10221] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 464 [ 404.253165][T10221] gfs2: fsid=syz:syz.0: G: s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 404.275321][T10221] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:10221 [syz-executor] gfs2_quota_sync+0x32c/0x6f0 [ 404.295593][T10221] gfs2: fsid=syz:syz.0: I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0 [ 404.305783][T10221] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 404.323698][T17441] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3926'. [ 404.384422][T10221] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 404.417002][T10221] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 404.425881][T10221] gfs2: fsid=syz:syz.0: File system withdrawn [ 404.492606][T10221] CPU: 0 PID: 10221 Comm: syz-executor Not tainted 6.1.140-syzkaller #0 [ 404.501005][T10221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 404.511111][T10221] Call Trace: [ 404.514429][T10221] [ 404.517396][T10221] dump_stack_lvl+0x168/0x22e [ 404.522119][T10221] ? kobject_uevent_env+0x355/0x8a0 [ 404.527364][T10221] ? show_regs_print_info+0x12/0x12 [ 404.532605][T10221] ? load_image+0x3b0/0x3b0 [ 404.537144][T10221] ? kobject_uevent_env+0x35f/0x8a0 [ 404.542390][T10221] gfs2_withdraw+0x143f/0x1780 [ 404.547213][T10221] ? gfs2_lm+0x220/0x220 [ 404.551504][T10221] ? gfs2_consist_inode_i+0xf1/0x110 [ 404.556838][T10221] gfs2_inode_refresh+0xb5e/0xfc0 [ 404.561918][T10221] ? gfs2_inode_metasync+0xf0/0xf0 [ 404.567088][T10221] ? gfs2_glock_nq+0xcf0/0x14e0 [ 404.571982][T10221] gfs2_instantiate+0x15e/0x210 [ 404.576868][T10221] gfs2_glock_wait+0x1d0/0x2a0 [ 404.581677][T10221] do_sync+0x49a/0xc00 [ 404.585789][T10221] ? gfs2_quota_sync+0x32c/0x6f0 [ 404.590783][T10221] ? slot_put+0x1e0/0x1e0 [ 404.595174][T10221] ? gfs2_quota_sync+0x32c/0x6f0 [ 404.600166][T10221] ? do_raw_spin_unlock+0x11d/0x230 [ 404.605419][T10221] gfs2_quota_sync+0x32c/0x6f0 [ 404.610255][T10221] gfs2_sync_fs+0x48/0xb0 [ 404.614626][T10221] sync_filesystem+0xe6/0x220 [ 404.619340][T10221] generic_shutdown_super+0x6b/0x340 [ 404.624670][T10221] kill_block_super+0x7c/0xe0 [ 404.629390][T10221] deactivate_locked_super+0x93/0xf0 [ 404.634709][T10221] cleanup_mnt+0x463/0x4f0 [ 404.639174][T10221] ? lockdep_hardirqs_on+0x94/0x140 [ 404.644428][T10221] task_work_run+0x1ca/0x250 [ 404.649061][T10221] ? task_work_cancel+0x230/0x230 [ 404.654136][T10221] ? exit_to_user_mode_loop+0x3b/0x110 [ 404.659660][T10221] exit_to_user_mode_loop+0xe6/0x110 [ 404.664995][T10221] exit_to_user_mode_prepare+0xb1/0x140 [ 404.670585][T10221] syscall_exit_to_user_mode+0x16/0x40 [ 404.676085][T10221] do_syscall_64+0x58/0xa0 [ 404.680552][T10221] ? clear_bhb_loop+0x60/0xb0 [ 404.685262][T10221] ? clear_bhb_loop+0x60/0xb0 [ 404.689982][T10221] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 404.695922][T10221] RIP: 0033:0x7f4c5a78fc97 [ 404.700386][T10221] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 404.720045][T10221] RSP: 002b:00007fff71839748 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 404.728502][T10221] RAX: 0000000000000000 RBX: 00007f4c5a81089d RCX: 00007f4c5a78fc97 [ 404.736510][T10221] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff71839800 [ 404.744519][T10221] RBP: 00007fff71839800 R08: 0000000000000000 R09: 0000000000000000 [ 404.754901][T10221] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff7183a890 [ 404.754970][T10221] R13: 00007f4c5a81089d R14: 0000000000061e49 R15: 00007fff7183a8d0 [ 404.755006][T10221] [ 404.784347][T10221] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 [ 404.784489][T10221] CPU: 0 PID: 10221 Comm: syz-executor Not tainted 6.1.140-syzkaller #0 [ 404.784513][T10221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 404.784527][T10221] Call Trace: [ 404.784534][T10221] [ 404.784543][T10221] dump_stack_lvl+0x168/0x22e [ 404.784579][T10221] ? gfs2_assert_warn_i+0xc3/0x2c0 [ 404.784605][T10221] ? show_regs_print_info+0x12/0x12 [ 404.784635][T10221] ? load_image+0x3b0/0x3b0 [ 404.784664][T10221] ? do_raw_spin_unlock+0x11d/0x230 [ 404.784702][T10221] gfs2_assert_warn_i+0x18f/0x2c0 [ 404.784731][T10221] gfs2_quota_cleanup+0x4b4/0x6a0 [ 404.784767][T10221] gfs2_put_super+0x22f/0x8c0 [ 404.784805][T10221] ? gfs2_evict_inode+0x1170/0x1170 [ 404.784836][T10221] generic_shutdown_super+0x130/0x340 [ 404.784865][T10221] kill_block_super+0x7c/0xe0 [ 404.784893][T10221] deactivate_locked_super+0x93/0xf0 [ 404.784919][T10221] cleanup_mnt+0x463/0x4f0 [ 404.784947][T10221] ? lockdep_hardirqs_on+0x94/0x140 [ 404.784984][T10221] task_work_run+0x1ca/0x250 [ 404.785013][T10221] ? task_work_cancel+0x230/0x230 [ 404.785046][T10221] ? exit_to_user_mode_loop+0x3b/0x110 [ 404.785081][T10221] exit_to_user_mode_loop+0xe6/0x110 [ 404.785111][T10221] exit_to_user_mode_prepare+0xb1/0x140 [ 404.785151][T10221] syscall_exit_to_user_mode+0x16/0x40 [ 404.785172][T10221] do_syscall_64+0x58/0xa0 [ 404.785197][T10221] ? clear_bhb_loop+0x60/0xb0 [ 404.785218][T10221] ? clear_bhb_loop+0x60/0xb0 [ 404.785241][T10221] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 404.785273][T10221] RIP: 0033:0x7f4c5a78fc97 [ 404.785292][T10221] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 404.785310][T10221] RSP: 002b:00007fff71839748 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 404.785335][T10221] RAX: 0000000000000000 RBX: 00007f4c5a81089d RCX: 00007f4c5a78fc97 [ 404.785350][T10221] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff71839800 [ 404.785364][T10221] RBP: 00007fff71839800 R08: 0000000000000000 R09: 0000000000000000 [ 404.785377][T10221] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff7183a890 [ 404.785392][T10221] R13: 00007f4c5a81089d R14: 0000000000061e49 R15: 00007fff7183a8d0 [ 404.785423][T10221] [ 404.815092][T17462] loop4: detected capacity change from 0 to 64 [ 404.919090][T17462] hfs: keylen 94 too large [ 404.920267][T17458] team0: Port device macvlan1 added [ 404.920761][T17458] A link change request failed with some changes committed already. Interface macvlan1 may have been left with an inconsistent configuration, please check. [ 405.331304][T17482] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 405.744825][T17459] tty tty1: ldisc open failed (-12), clearing slot 0 [ 406.101607][T17478] loop4: detected capacity change from 0 to 32768 [ 406.157017][T17478] (syz.4.3936,17478,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 406.219279][T17505] loop0: detected capacity change from 0 to 8192 [ 406.227457][T17478] (syz.4.3936,17478,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 406.287370][T17478] (syz.4.3936,17478,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC. [ 406.342667][T17487] loop7: detected capacity change from 0 to 32768 [ 406.360334][T17487] XFS: ikeep mount option is deprecated. [ 406.366073][T17487] XFS: noikeep mount option is deprecated. [ 406.475259][T17487] XFS (loop7): Mounting V5 Filesystem [ 406.526617][T17478] JBD2: Ignoring recovery information on journal [ 406.626507][T17487] XFS (loop7): Ending clean mount [ 406.639451][T17478] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 406.667245][T17487] XFS (loop7): Quotacheck needed: Please wait. [ 406.792005][T17487] XFS (loop7): Quotacheck: Done. [ 406.881110][T17478] (syz.4.3936,17478,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x2c7b5077, computed 0x28030c75. Applying ECC. [ 406.945287][T17478] (syz.4.3936,17478,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x2c7b5077, computed 0x28d1d8ae [ 407.010851][T12410] XFS (loop7): Unmounting Filesystem [ 407.040264][T17478] (syz.4.3936,17478,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 407.046322][T17499] loop6: detected capacity change from 0 to 32768 [ 407.113759][T17478] (syz.4.3936,17478,1):ocfs2_quota_read:201 ERROR: status = -5 [ 407.127740][T17478] Quota error (device loop4): find_tree_dqentry: Can't read quota tree block 5 [ 407.181822][T17478] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 407.193057][T17499] XFS (loop6): Mounting V5 Filesystem [ 407.257282][T17478] (syz.4.3936,17478,0):ocfs2_acquire_dquot:878 ERROR: status = -5 [ 407.273438][T17534] (syz.4.3936,17534,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x2c7b5077, computed 0x28030c75. Applying ECC. [ 407.286963][ T7] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 407.369623][T17478] (syz.4.3936,17478,1):ocfs2_mknod:314 ERROR: status = -5 [ 407.389139][ T4263] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 407.398563][ T4263] Bluetooth: hci4: Injecting HCI hardware error event [ 407.409570][ T4257] Bluetooth: hci4: hardware error 0x00 [ 407.417901][T17478] (syz.4.3936,17478,0):ocfs2_mknod:502 ERROR: status = -5 [ 407.438371][T17534] (syz.4.3936,17534,0):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x2c7b5077, computed 0x28d1d8ae [ 407.481121][ T7] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 407.518873][ T7] usb 1-1: config 0 has no interface number 0 [ 407.565017][ T7] usb 1-1: config 0 interface 2 altsetting 27 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 407.577074][T17478] (syz.4.3936,17478,1):ocfs2_mkdir:659 ERROR: status = -5 [ 407.597123][T17534] (syz.4.3936,17534,0):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 407.605709][T17534] (syz.4.3936,17534,0):ocfs2_quota_read:201 ERROR: status = -5 [ 407.637791][ T7] usb 1-1: config 0 interface 2 altsetting 27 endpoint 0x81 has invalid wMaxPacketSize 0 [ 407.648371][T17546] loop5: detected capacity change from 0 to 40427 [ 407.664620][T17534] Quota error (device loop4): find_next_id: Can't read quota tree block 5 [ 407.677198][T17546] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x3ffff [ 407.683998][ T7] usb 1-1: config 0 interface 2 has no altsetting 0 [ 407.705322][ T7] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 407.725032][T17534] (syz.4.3936,17534,0):ocfs2_get_next_id:909 ERROR: status = -5 [ 407.731970][T17546] F2FS-fs (loop5): invalid crc value [ 407.733158][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.780757][T17546] F2FS-fs (loop5): Found nat_bits in checkpoint [ 407.792088][T17499] XFS (loop6): Ending clean mount [ 407.798705][ T7] usb 1-1: config 0 descriptor?? [ 407.805307][T17499] XFS (loop6): Quotacheck needed: Please wait. [ 407.906801][ T4258] ocfs2: Unmounting device (7,4) on (node local) [ 407.967946][T17499] XFS (loop6): Quotacheck: Done. [ 407.995348][T17569] loop7: detected capacity change from 0 to 164 [ 408.007058][T17546] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 408.263781][ T7] corsair 0003:1B1C:1B09.0004: hidraw0: USB HID v0.80 Device [HID 1b1c:1b09] on usb-dummy_hcd.0-1/input2 [ 408.276060][ T8999] syz-executor: attempt to access beyond end of device [ 408.276060][ T8999] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 408.350236][T10221] XFS (loop6): Unmounting Filesystem [ 408.466732][ T4623] usb 1-1: USB disconnect, device number 18 [ 408.616306][T17580] fido_id[17580]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 409.264805][T17577] loop7: detected capacity change from 0 to 32768 [ 409.283072][T17611] loop6: detected capacity change from 0 to 1024 [ 409.316008][T17577] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop7 scanned by syz.7.3952 (17577) [ 409.375369][T17611] hfsplus: bad catalog entry type [ 409.433265][T17577] BTRFS info (device loop7): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 409.456275][T17577] BTRFS info (device loop7): using sha256 (sha256-avx2) checksum algorithm [ 409.482716][T17577] BTRFS info (device loop7): turning off barriers [ 409.512957][ T5273] hfsplus: b-tree write err: -5, ino 4 [ 409.522873][T17577] BTRFS info (device loop7): using free space tree [ 409.547092][ T4257] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 409.709501][T17604] loop5: detected capacity change from 0 to 32768 [ 409.779246][T17604] JBD2: Ignoring recovery information on journal [ 409.868002][T17604] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 409.899542][T17646] netlink: 'syz.0.3960': attribute type 6 has an invalid length. [ 409.933145][T17577] BTRFS info (device loop7): enabling ssd optimizations [ 410.161277][ T8999] ocfs2: Unmounting device (7,5) on (node local) [ 410.175068][T12410] BTRFS info (device loop7): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 410.209644][T17665] loop6: detected capacity change from 0 to 8 [ 410.244558][T17665] MTD: Attempt to mount non-MTD device "/dev/loop6" [ 410.962108][T17697] loop4: detected capacity change from 0 to 512 [ 411.015181][T17697] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 411.032969][T17697] UDF-fs: Scanning with blocksize 512 failed [ 411.077086][T17697] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 411.084524][T17697] UDF-fs: Scanning with blocksize 1024 failed [ 411.160362][T17697] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 411.195288][T17697] UDF-fs: Scanning with blocksize 2048 failed [ 411.226210][T17697] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 411.289109][T17697] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 411.590734][T17682] loop5: detected capacity change from 0 to 32768 [ 411.605975][T17722] loop4: detected capacity change from 0 to 64 [ 411.646226][T17682] (syz.5.3962,17682,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 411.670548][T17722] Trying to free block not in datazone [ 411.692404][T17682] (syz.5.3962,17682,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 411.784622][T17682] (syz.5.3962,17682,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC. [ 411.808753][T17682] JBD2: Ignoring recovery information on journal [ 411.989554][T17682] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 412.079450][T17682] (syz.5.3962,17682,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x2c7b5077, computed 0x28030c75. Applying ECC. [ 412.113484][T17682] (syz.5.3962,17682,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x2c7b5077, computed 0x28d1d8ae [ 412.142793][T17682] (syz.5.3962,17682,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 412.173252][T17682] (syz.5.3962,17682,1):ocfs2_quota_read:201 ERROR: status = -5 [ 412.203958][T17682] Quota error (device loop5): find_tree_dqentry: Can't read quota tree block 5 [ 412.223577][T17682] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 412.253590][T17745] (syz.5.3962,17745,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x2c7b5077, computed 0x28030c75. Applying ECC. [ 412.287259][T17682] (syz.5.3962,17682,1):ocfs2_acquire_dquot:878 ERROR: status = -5 [ 412.292249][T17748] loop0: detected capacity change from 0 to 512 [ 412.305485][T17682] (syz.5.3962,17682,1):ocfs2_mknod:314 ERROR: status = -5 [ 412.315615][T17745] (syz.5.3962,17745,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x2c7b5077, computed 0x28d1d8ae [ 412.371400][T17682] (syz.5.3962,17682,1):ocfs2_mknod:502 ERROR: status = -5 [ 412.387070][T17745] (syz.5.3962,17745,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 412.401563][T17682] (syz.5.3962,17682,1):ocfs2_mkdir:659 ERROR: status = -5 [ 412.413190][T17748] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 412.416977][T17745] (syz.5.3962,17745,1):ocfs2_quota_read:201 ERROR: status = -5 [ 412.431239][T17745] Quota error (device loop5): find_next_id: Can't read quota tree block 5 [ 412.439947][T17745] (syz.5.3962,17745,1):ocfs2_get_next_id:909 ERROR: status = -5 [ 412.463083][T17748] ext4 filesystem being mounted at /841/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 412.493969][ T8999] ocfs2: Unmounting device (7,5) on (node local) [ 412.527383][T17739] loop4: detected capacity change from 0 to 32768 [ 412.601184][T17739] XFS (loop4): Mounting V5 Filesystem [ 412.753482][T17739] XFS (loop4): Ending clean mount [ 412.792027][T17739] XFS (loop4): Quotacheck needed: Please wait. [ 412.836665][ T4249] EXT4-fs (loop0): unmounting filesystem. [ 412.932291][T17739] XFS (loop4): Quotacheck: Done. [ 413.177677][T17765] loop6: detected capacity change from 0 to 32768 [ 413.215428][T17765] [ 413.215428][T17765] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 413.215428][T17765] [ 413.330346][T17765] [ 413.330346][T17765] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 413.330346][T17765] [ 413.341492][T17765] [ 413.341492][T17765] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 413.341492][T17765] [ 413.386374][T17765] [ 413.386374][T17765] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 413.386374][T17765] [ 413.405965][ T4258] XFS (loop4): Unmounting Filesystem [ 413.424336][ T107] [ 413.424336][ T107] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 413.424336][ T107] [ 413.473318][T10221] [ 413.473318][T10221] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 413.473318][T10221] [ 413.495931][T10221] [ 413.495931][T10221] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 413.495931][T10221] [ 413.636952][ T4623] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 413.773827][T17802] [U] v3f"S/4:XTzWtlW= [ 413.781044][T17801] [U] J"e:" [ 413.821253][ T4623] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 413.848848][ T4623] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 413.867759][ T4623] usb 1-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00 [ 413.882998][ T4623] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.922290][ T4623] usb 1-1: config 0 descriptor?? [ 414.177051][ T4295] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 414.352903][ T4623] logitech 0003:046D:C295.0005: item fetching failed at offset 5/7 [ 414.368832][ T4295] usb 7-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 414.379222][ T4623] logitech 0003:046D:C295.0005: parse failed [ 414.385303][ T4623] logitech: probe of 0003:046D:C295.0005 failed with error -22 [ 414.393589][ T4295] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.404972][ T4295] usb 7-1: config 0 descriptor?? [ 414.533157][T17817] loop5: detected capacity change from 0 to 32768 [ 414.542431][T17817] (syz.5.3995,17817,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 414.584608][ T4623] usb 1-1: USB disconnect, device number 19 [ 414.609987][T17817] (syz.5.3995,17817,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 414.620809][ T4295] [drm] vendor descriptor length:6 data:06 5f 01 00 00 00 00 00 00 00 00 [ 414.639541][ T4295] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 414.658760][T17840] IPv6: syztnl0: Disabled Multicast RS [ 414.695995][T17817] (syz.5.3995,17817,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC. [ 414.839952][ T4295] [drm:udl_init] *ERROR* Selecting channel failed [ 414.871755][T17817] JBD2: Ignoring recovery information on journal [ 414.950881][ T4295] [drm] Initialized udl 0.0.1 20120220 for 7-1:0.0 on minor 2 [ 414.973497][ T4295] [drm] Initialized udl on minor 2 [ 414.993667][ T4295] udl 7-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 415.015345][ T4295] udl 7-1:0.0: [drm] Cannot find any crtc or sizes [ 415.036505][T17817] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 415.083070][ T4295] usb 7-1: USB disconnect, device number 5 [ 415.107082][T17872] netlink: 'syz.4.4002': attribute type 1 has an invalid length. [ 415.137165][T17872] netlink: 68 bytes leftover after parsing attributes in process `syz.4.4002'. [ 415.210801][T17817] (syz.5.3995,17817,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x2c7b5077, computed 0x28030c75. Applying ECC. [ 415.252681][T17817] (syz.5.3995,17817,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x2c7b5077, computed 0x28d1d8ae [ 415.275154][T17817] (syz.5.3995,17817,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 415.284299][T17817] (syz.5.3995,17817,1):ocfs2_quota_read:201 ERROR: status = -5 [ 415.314915][T17817] Quota error (device loop5): find_tree_dqentry: Can't read quota tree block 5 [ 415.357085][T17817] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 415.366581][T17817] (syz.5.3995,17817,1):ocfs2_acquire_dquot:878 ERROR: status = -5 [ 415.372572][T17884] (syz.5.3995,17884,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x2c7b5077, computed 0x28030c75. Applying ECC. [ 415.400064][T17817] (syz.5.3995,17817,1):ocfs2_mknod:314 ERROR: status = -5 [ 415.427039][T17817] (syz.5.3995,17817,1):ocfs2_mknod:502 ERROR: status = -5 [ 415.455404][T17894] loop4: detected capacity change from 0 to 1024 [ 415.465570][T17817] (syz.5.3995,17817,1):ocfs2_mkdir:659 ERROR: status = -5 [ 415.496217][T17884] (syz.5.3995,17884,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x2c7b5077, computed 0x28d1d8ae [ 415.517039][T16171] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 415.535554][T17884] (syz.5.3995,17884,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 415.545746][T17894] hfsplus: bad catalog entry type [ 415.553615][T17884] (syz.5.3995,17884,1):ocfs2_quota_read:201 ERROR: status = -5 [ 415.561934][T17884] Quota error (device loop5): find_next_id: Can't read quota tree block 5 [ 415.578657][T17884] (syz.5.3995,17884,1):ocfs2_get_next_id:909 ERROR: status = -5 [ 415.654276][ T75] hfsplus: b-tree write err: -5, ino 4 [ 415.682694][ T8999] ocfs2: Unmounting device (7,5) on (node local) [ 415.707243][T16171] usb 1-1: Using ep0 maxpacket: 16 [ 415.730135][T16171] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 415.773323][T16171] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 415.807521][T16171] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 415.816625][T16171] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 415.878067][T16171] usb 1-1: Product: syz [ 415.882303][T16171] usb 1-1: Manufacturer: syz [ 415.902152][T16171] usb 1-1: SerialNumber: syz [ 416.083990][T17924] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4014'. [ 416.343736][T16171] usb 1-1: cannot find UAC_HEADER [ 416.381705][T17945] loop4: detected capacity change from 0 to 64 [ 416.425946][T16171] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 416.465095][T16171] usb 1-1: USB disconnect, device number 20 [ 416.718758][ T4429] udevd[4429]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 417.323690][T17985] loop0: detected capacity change from 0 to 8192 [ 417.339788][T17991] loop7: detected capacity change from 0 to 4096 [ 417.363374][T17985] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 417.376560][T17985] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 417.381608][T17991] ntfs: (device loop7): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 417.385924][T17985] REISERFS (device loop0): using ordered data mode [ 417.404702][T17985] reiserfs: using flush barriers [ 417.411881][T17985] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 417.428593][T17985] REISERFS (device loop0): checking transaction log (loop0) [ 417.487187][T17991] ntfs: (device loop7): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 417.497613][T18002] sg_read: process 1568 (syz.4.4031) changed security contexts after opening file descriptor, this is not allowed. [ 417.528179][T17985] REISERFS (device loop0): Using tea hash to sort names [ 417.535507][T17985] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 417.542693][T17991] ntfs: (device loop7): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 417.716999][T17991] ntfs: (device loop7): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 417.814998][T17991] ntfs: (device loop7): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 417.884022][T17991] ntfs: volume version 3.1. [ 417.910897][T17991] ntfs: (device loop7): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 417.997162][T17991] ntfs: (device loop7): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 418.071427][T17991] ntfs: (device loop7): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 418.135153][T17991] ntfs: (device loop7): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 418.209212][T17991] ntfs: (device loop7): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 418.450412][T18034] loop5: detected capacity change from 0 to 128 [ 418.518358][T18034] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 418.543965][T18030] loop4: detected capacity change from 0 to 4096 [ 418.581532][T18034] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 418.615225][T18030] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 418.703532][T18030] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 418.739762][T18030] ntfs3: loop4: ino=21, "cpuset.effective_cpus" The size of extended attributes must not exceed 64KiB [ 418.773165][ T4295] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 418.875546][T18053] loop5: detected capacity change from 0 to 128 [ 418.922679][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 418.976925][ T4295] usb 7-1: Using ep0 maxpacket: 16 [ 419.006824][ T4295] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 419.028743][T18053] FAT-fs (loop5): Filesystem has been set read-only [ 419.035619][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.052573][ T4295] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 419.089498][ T4295] usb 7-1: New USB device found, idVendor=1532, idProduct=010d, bcdDevice= 0.00 [ 419.095665][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.135654][ T4295] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.148805][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.188351][T18016] loop0: detected capacity change from 0 to 32768 [ 419.189120][ T4295] usb 7-1: config 0 descriptor?? [ 419.211513][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.275491][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.302040][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.336320][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.338644][T18016] XFS (loop0): Mounting V5 Filesystem [ 419.367767][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.413324][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.431211][T18016] XFS (loop0): Ending clean mount [ 419.440210][T18016] XFS (loop0): Quotacheck needed: Please wait. [ 419.461313][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.507140][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.526560][T18016] XFS (loop0): Quotacheck: Done. [ 419.607704][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.626822][ T4295] razer 0003:1532:010D.0006: unknown main item tag 0x0 [ 419.634982][ T4295] razer 0003:1532:010D.0006: unknown main item tag 0x0 [ 419.667041][ T4295] razer 0003:1532:010D.0006: unknown main item tag 0x0 [ 419.685695][ T4295] razer 0003:1532:010D.0006: unknown main item tag 0x0 [ 419.693870][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.706521][ T4295] razer 0003:1532:010D.0006: unknown main item tag 0x0 [ 419.716092][ T4249] XFS (loop0): Unmounting Filesystem [ 419.721393][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.721428][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.721449][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.721477][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.721657][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.721680][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.721702][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.721723][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.721745][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.721774][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.721796][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.721818][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.721842][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.721987][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.722009][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.722030][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.722051][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.722073][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.722095][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.722117][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.722138][T18053] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 580) [ 419.724115][ T4295] razer 0003:1532:010D.0006: unknown main item tag 0x0 [ 420.024165][T18095] loop5: detected capacity change from 0 to 512 [ 420.085578][T18095] EXT4-fs error (device loop5): ext4_do_update_inode:5253: inode #3: comm syz.5.4050: corrupted inode contents [ 420.106501][ T4295] razer 0003:1532:010D.0006: hidraw0: USB HID v0.00 Device [HID 1532:010d] on usb-dummy_hcd.6-1/input0 [ 420.119658][T18057] loop7: detected capacity change from 0 to 32768 [ 420.131798][T18095] EXT4-fs error (device loop5): ext4_dirty_inode:6118: inode #3: comm syz.5.4050: mark_inode_dirty error [ 420.148639][T18095] EXT4-fs error (device loop5): ext4_do_update_inode:5253: inode #3: comm syz.5.4050: corrupted inode contents [ 420.203340][ T4295] usb 7-1: USB disconnect, device number 6 [ 420.222915][T18088] loop4: detected capacity change from 0 to 32768 [ 420.240955][T18088] BTRFS: device fsid 92aec1fe-fee8-4e05-92dc-790b47b871d9 devid 1 transid 8 /dev/loop4 scanned by syz.4.4049 (18088) [ 420.253958][T18095] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #3: comm syz.5.4050: mark_inode_dirty error [ 420.354139][T18057] XFS (loop7): Mounting V5 Filesystem [ 420.417666][T18095] EXT4-fs error (device loop5): ext4_acquire_dquot:6802: comm syz.5.4050: Failed to acquire dquot type 0 [ 420.452385][T18088] BTRFS info (device loop4): first mount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9 [ 420.467050][T18088] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 420.492774][T18095] EXT4-fs (loop5): 1 orphan inode deleted [ 420.496054][T18057] XFS (loop7): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 420.512501][ T5273] EXT4-fs error (device loop5): ext4_release_dquot:6838: comm kworker/u4:8: Failed to release dquot type 1 [ 420.531798][T18095] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 420.563220][T18088] BTRFS info (device loop4): using free space tree [ 420.592137][T18095] ext4 filesystem being mounted at /411/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 420.638057][T18057] XFS (loop7): Starting recovery (logdev: internal) [ 420.759954][T18122] fido_id[18122]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 420.777578][T18057] XFS (loop7): Ending recovery (logdev: internal) [ 420.875578][ T8999] EXT4-fs (loop5): unmounting filesystem. [ 421.069212][T18088] BTRFS info (device loop4): enabling ssd optimizations [ 421.141195][T12410] XFS (loop7): Unmounting Filesystem [ 421.274808][ T4258] BTRFS info (device loop4): last unmount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9 [ 421.433319][T18129] loop6: detected capacity change from 0 to 32768 [ 421.452032][T18129] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 scanned by syz.6.4051 (18129) [ 421.833528][T18129] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 421.877376][T18129] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm [ 421.902017][T18129] BTRFS info (device loop6): metadata ratio 2 [ 421.925918][T18129] BTRFS info (device loop6): allowing degraded mounts [ 421.962794][T18129] BTRFS info (device loop6): force zlib compression, level 3 [ 421.996407][T18129] BTRFS info (device loop6): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 422.034069][T18129] BTRFS info (device loop6): use zstd compression, level 3 [ 422.046614][T18129] BTRFS info (device loop6): force clearing of disk cache [ 422.073744][T18129] BTRFS info (device loop6): max_inline at 0 [ 422.093792][T18129] BTRFS info (device loop6): using free space tree [ 422.184579][T18129] BTRFS info (device loop6): enabling ssd optimizations [ 422.209048][T18129] BTRFS info (device loop6): rebuilding free space tree [ 422.544815][T18199] loop0: detected capacity change from 0 to 4096 [ 422.560338][ T3623] udevd[3623]: worker [4429] terminated by signal 33 (Unknown signal 33) [ 422.586402][ T3623] udevd[3623]: worker [4429] failed while handling '/devices/virtual/block/loop6' [ 422.605508][T18199] ntfs3: loop0: try to read out of volume at offset 0x3fffffc0c00 [ 422.624570][T18199] ntfs3: loop0: try to read out of volume at offset 0x3fffffc0c00 [ 422.674661][T18199] ntfs3: loop0: try to read out of volume at offset 0x3fffffc0c00 [ 422.697092][T18199] ntfs3: loop0: try to read out of volume at offset 0x3fffffc0c00 [ 422.705833][T18199] ntfs3: loop0: try to read out of volume at offset 0x3fffffc1c00 [ 422.734180][T18199] ntfs3: loop0: try to read out of volume at offset 0x3fffffc2c00 [ 422.780751][T18199] ntfs3: loop0: try to read out of volume at offset 0x3fffffc4c00 [ 422.793281][T10221] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 422.827350][T18199] ntfs3: loop0: try to read out of volume at offset 0x3fffffc8c00 [ 422.835300][T18199] ntfs3: loop0: try to read out of volume at offset 0x3fffffd0c00 [ 422.879035][T18199] ntfs3: loop0: try to read out of volume at offset 0x3fffffe0c00 [ 423.361639][T18228] loop7: detected capacity change from 0 to 1024 [ 423.394832][T18228] EXT4-fs: Ignoring removed orlov option [ 423.407006][ T4474] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 423.450050][T18202] loop4: detected capacity change from 0 to 32768 [ 423.497453][T18228] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 423.608569][ T4474] usb 6-1: config 0 interface 0 altsetting 190 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 423.626167][ T4474] usb 6-1: config 0 interface 0 altsetting 190 endpoint 0x81 has invalid wMaxPacketSize 0 [ 423.676086][ T4474] usb 6-1: config 0 interface 0 has no altsetting 0 [ 423.692634][ T4474] usb 6-1: New USB device found, idVendor=056a, idProduct=00e3, bcdDevice= 0.00 [ 423.712247][ T4474] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 423.763260][ T4474] usb 6-1: config 0 descriptor?? [ 423.851939][T12410] EXT4-fs (loop7): unmounting filesystem. [ 424.212869][ T4474] wacom 0003:056A:00E3.0007: hidraw0: USB HID v0.00 Device [HID 056a:00e3] on usb-dummy_hcd.5-1/input0 [ 424.424405][ T14] usb 6-1: USB disconnect, device number 11 [ 424.440161][T18276] tipc: Started in network mode [ 424.458808][T18276] tipc: Node identity aaaaaaaaaa3, cluster identity 5 [ 424.465834][T18276] tipc: Enabled bearer , priority 12 [ 424.573472][T18274] fido_id[18274]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 424.657247][ T4619] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 424.713390][T18304] loop7: detected capacity change from 0 to 256 [ 424.728068][T18304] exfat: Deprecated parameter 'namecase' [ 424.758777][T18304] exfat: Deprecated parameter 'namecase' [ 424.782633][T18304] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 424.853321][ T4619] usb 7-1: New USB device found, idVendor=0fc5, idProduct=1227, bcdDevice=da.8e [ 424.879293][ T4619] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.917037][ T4619] usb 7-1: Product: syz [ 424.917059][ T4619] usb 7-1: Manufacturer: syz [ 424.917076][ T4619] usb 7-1: SerialNumber: syz [ 424.920742][ T4619] usb 7-1: config 0 descriptor?? [ 424.924294][ T4619] usbsevseg 7-1:0.0: USB 7 Segment device now attached [ 425.129032][ T4619] usb 7-1: USB disconnect, device number 7 [ 425.129802][ T4619] usbsevseg 7-1:0.0: USB 7 Segment now disconnected [ 425.294346][T18339] loop0: detected capacity change from 0 to 512 [ 425.329257][T18339] EXT4-fs (loop0): 1 orphan inode deleted [ 425.335060][T18339] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 425.580769][ T4365] tipc: Node number set to 10136234 [ 425.655123][ T4249] EXT4-fs (loop0): unmounting filesystem. [ 426.103479][T18344] loop4: detected capacity change from 0 to 32768 [ 426.597759][T18351] loop5: detected capacity change from 0 to 32768 [ 426.858892][T18351] XFS (loop5): Mounting V5 Filesystem [ 426.880842][T18398] loop6: detected capacity change from 0 to 64 [ 426.987178][T18351] XFS (loop5): Ending clean mount [ 427.000736][T18351] XFS (loop5): Quotacheck needed: Please wait. [ 427.112903][T18351] XFS (loop5): Quotacheck: Done. [ 427.245604][T18360] loop0: detected capacity change from 0 to 40427 [ 427.318418][T18360] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x3ffff [ 427.353870][T18374] loop7: detected capacity change from 0 to 32768 [ 427.393469][T18360] F2FS-fs (loop0): invalid crc value [ 427.408158][ T8999] XFS (loop5): Unmounting Filesystem [ 427.445418][T18360] F2FS-fs (loop0): Found nat_bits in checkpoint [ 427.538184][T18414] loop4: detected capacity change from 0 to 4096 [ 427.708860][T18426] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 427.753434][T18360] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 428.117165][T18438] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4106'. [ 428.500742][T18452] loop6: detected capacity change from 0 to 512 [ 428.577905][T18452] EXT4-fs: Ignoring removed mblk_io_submit option [ 428.645589][T18452] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b816c118, mo2=0002] [ 428.727765][T18452] System zones: 1-12 [ 428.769219][T18452] EXT4-fs error (device loop6): ext4_xattr_ibody_find:2195: inode #15: comm syz.6.4111: corrupted in-inode xattr [ 428.773909][T18470] loop4: detected capacity change from 0 to 256 [ 428.839169][T18452] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.4111: couldn't read orphan inode 15 (err -117) [ 428.863257][T18470] exfat: Deprecated parameter 'namecase' [ 428.888619][T18452] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 428.896166][T18470] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 429.118666][T10221] EXT4-fs (loop6): unmounting filesystem. [ 429.620911][T18442] loop7: detected capacity change from 0 to 32768 [ 429.739851][T18442] XFS (loop7): Mounting V5 Filesystem [ 429.905207][T18467] loop0: detected capacity change from 0 to 40427 [ 429.914735][T18467] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 429.923566][T18467] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 429.924616][T18442] XFS (loop7): Ending clean mount [ 429.977433][T18467] F2FS-fs (loop0): Found nat_bits in checkpoint [ 430.133817][T18467] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 430.151372][T18467] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 430.201950][T12410] XFS (loop7): Unmounting Filesystem [ 430.219093][T18474] loop5: detected capacity change from 0 to 40427 [ 430.296724][T18474] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x3ffff [ 430.359906][T18474] F2FS-fs (loop5): invalid crc value [ 430.396127][T18474] F2FS-fs (loop5): Found nat_bits in checkpoint [ 430.664694][T18523] loop4: detected capacity change from 0 to 64 [ 430.712491][T18474] F2FS-fs (loop5): Start checkpoint disabled! [ 430.735526][T18474] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 430.833461][T18474] syz.5.4115: attempt to access beyond end of device [ 430.833461][T18474] loop5: rw=524288, sector=45072, nr_sectors = 24 limit=40427 [ 430.888826][T18474] syz.5.4115: attempt to access beyond end of device [ 430.888826][T18474] loop5: rw=0, sector=45072, nr_sectors = 8 limit=40427 [ 430.994027][ T27] kauditd_printk_skb: 11 callbacks suppressed [ 430.994043][ T27] audit: type=1800 audit(1748864455.967:1694): pid=18474 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.4115" name="/" dev="loop5" ino=8 res=0 errno=0 [ 431.057798][T18498] loop6: detected capacity change from 0 to 32768 [ 431.140621][T18498] JBD2: Ignoring recovery information on journal [ 431.279215][T18542] loop4: detected capacity change from 0 to 64 [ 431.363808][T18498] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 431.694097][T10221] ocfs2: Unmounting device (7,6) on (node local) [ 431.867276][ T4263] Bluetooth: hci1: command 0x0406 tx timeout [ 431.876277][T18568] netlink: 'syz.0.4135': attribute type 4 has an invalid length. [ 431.917127][T18568] netlink: 'syz.0.4135': attribute type 8 has an invalid length. [ 431.925269][T18568] netlink: 197344 bytes leftover after parsing attributes in process `syz.0.4135'. [ 432.209474][T18583] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4129'. [ 432.511410][ T7] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 432.576554][T18608] loop0: detected capacity change from 0 to 512 [ 432.591580][T18608] EXT4-fs: Ignoring removed bh option [ 432.623718][T18608] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #16: comm syz.0.4144: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 19200(19200) [ 432.655114][T18608] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.4144: couldn't read orphan inode 16 (err -117) [ 432.671977][T18608] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 432.687572][T18608] ext4 filesystem being mounted at /869/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 432.706982][ T7] usb 7-1: Using ep0 maxpacket: 16 [ 432.715049][ T7] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 432.775048][ T7] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 432.821255][ T7] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 432.854780][ T7] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 432.929933][ T7] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.959753][ T7] usb 7-1: Product: syz [ 432.969543][ T7] usb 7-1: Manufacturer: syz [ 432.984531][ T7] usb 7-1: SerialNumber: syz [ 433.010774][ T4249] EXT4-fs (loop0): unmounting filesystem. [ 433.010983][T18630] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4150'. [ 433.171461][T18640] loop0: detected capacity change from 0 to 256 [ 433.190601][T18640] exfat: Deprecated parameter 'namecase' [ 433.236144][T18640] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d) [ 433.410236][ T7] usb 7-1: 0:2 : does not exist [ 433.620447][ T7] usb 7-1: USB disconnect, device number 8 [ 433.833441][T18683] loop7: detected capacity change from 0 to 64 [ 434.029200][T18693] kernel read not supported for file / -9mZr7âW)s!Qfsl{Tr)rO2:"T+͟v|ղ (pid: 18693 comm: syz.0.4162) [ 434.053829][ T27] audit: type=1800 audit(1748864459.027:1695): pid=18693 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4162" name=202DD60E39F76D5A06720386019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B206 dev="mqueue" ino=65717 res=0 errno=0 [ 434.207025][ T27] audit: type=1804 audit(1748864459.037:1696): pid=18693 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.4162" name=202DD60E39F76D5A06720386019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B206 dev="mqueue" ino=65717 res=1 errno=0 [ 434.245420][T18701] loop7: detected capacity change from 0 to 1024 [ 434.420049][T18713] loop6: detected capacity change from 0 to 128 [ 434.480610][ T5273] hfsplus: b-tree write err: -5, ino 4 [ 434.633768][ T27] audit: type=1326 audit(1748864459.607:1697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18721 comm="syz.4.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbafd8e969 code=0x7ffc0000 [ 434.722767][ T27] audit: type=1326 audit(1748864459.607:1698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18721 comm="syz.4.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbafd8e969 code=0x7ffc0000 [ 434.784320][ T27] audit: type=1326 audit(1748864459.667:1699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18721 comm="syz.4.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7fcbafd8e969 code=0x7ffc0000 [ 434.839215][ T27] audit: type=1326 audit(1748864459.667:1700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18721 comm="syz.4.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbafd8e969 code=0x7ffc0000 [ 434.904554][ T27] audit: type=1326 audit(1748864459.667:1701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18721 comm="syz.4.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbafd8e969 code=0x7ffc0000 [ 434.908662][T18732] loop7: detected capacity change from 0 to 256 [ 435.019698][T18732] exFAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 435.023649][T18737] can0: slcan on ptm0. [ 435.078464][T18732] exFAT-fs (loop7): Medium has reported failures. Some data may be lost. [ 435.128031][T18732] exFAT-fs (loop7): failed to load upcase table (idx : 0x0001203e, chksum : 0xee1a3015, utbl_chksum : 0xe619d30d) [ 435.228347][T18736] can0 (unregistered): slcan off ptm0. [ 435.635190][T18708] loop5: detected capacity change from 0 to 32768 [ 435.776653][T18708] XFS (loop5): Mounting V5 Filesystem [ 435.867671][T18708] XFS (loop5): Ending clean mount [ 435.924110][T18708] XFS (loop5): Quotacheck needed: Please wait. [ 436.077320][T18708] XFS (loop5): Quotacheck: Done. [ 436.213597][T18810] loop0: detected capacity change from 0 to 64 [ 436.295366][ T8999] XFS (loop5): Unmounting Filesystem [ 436.725723][T18831] loop6: detected capacity change from 0 to 1024 [ 436.763326][T18831] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 436.789359][T18831] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 436.844544][T18831] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 436.854080][T18831] EXT4-fs (loop6): orphan cleanup on readonly fs [ 436.878765][T18831] EXT4-fs error (device loop6): ext4_read_inode_bitmap:168: comm syz.6.4192: Inode bitmap for bg 0 marked uninitialized [ 436.925069][T18831] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 436.940074][T18831] EXT4-fs (loop6): ext4_remount: Checksum for group 0 failed (32298!=35945) [ 437.044911][T10221] EXT4-fs (loop6): unmounting filesystem. [ 438.431623][T18885] loop6: detected capacity change from 0 to 32768 [ 438.503155][T18913] syz.5.4209[18913] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 438.503269][T18913] syz.5.4209[18913] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 438.584024][T18917] loop4: detected capacity change from 0 to 1024 [ 438.658971][T18917] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 438.742866][T18890] loop7: detected capacity change from 0 to 32768 [ 438.783366][T18917] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 438.826015][T18924] loop5: detected capacity change from 0 to 4096 [ 438.834197][T18917] ext4 filesystem being mounted at /818/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 438.847504][T18924] ntfs3: loop5: try to read out of volume at offset 0x3fffffc0c00 [ 438.908641][T18924] ntfs3: loop5: try to read out of volume at offset 0x3fffffc0c00 [ 438.944867][T18924] ntfs3: loop5: try to read out of volume at offset 0x3fffffc0c00 [ 438.952960][T18924] ntfs3: loop5: try to read out of volume at offset 0x3fffffc0c00 [ 438.965356][T18924] ntfs3: loop5: try to read out of volume at offset 0x3fffffc1c00 [ 438.974022][ T4258] EXT4-fs (loop4): unmounting filesystem. [ 438.974936][T18924] ntfs3: loop5: try to read out of volume at offset 0x3fffffc2c00 [ 438.989384][T18924] ntfs3: loop5: try to read out of volume at offset 0x3fffffc4c00 [ 438.998958][T18924] ntfs3: loop5: try to read out of volume at offset 0x3fffffc8c00 [ 439.009491][T18924] ntfs3: loop5: try to read out of volume at offset 0x3fffffd0c00 [ 439.019466][T18924] ntfs3: loop5: try to read out of volume at offset 0x3fffffe0c00 [ 439.038729][T18890] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 439.325038][T12410] ocfs2: Unmounting device (7,7) on (node local) [ 439.730477][T18968] loop4: detected capacity change from 0 to 4096 [ 439.737102][ T4619] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 439.763278][T18968] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 439.776976][ T4365] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 439.819646][T18968] EXT4-fs error (device loop4): ext4_get_first_dir_block:3603: inode #12: block 80: comm syz.4.4219: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 439.849223][T18968] EXT4-fs error (device loop4): ext4_get_first_dir_block:3605: inode #12: comm syz.4.4219: directory missing '..' [ 439.856516][T18966] loop6: detected capacity change from 0 to 4096 [ 439.921815][T18966] ntfs: (device loop6): check_mft_mirror(): Incomplete multi sector transfer detected in mft record 2. [ 439.964589][ T4258] EXT4-fs (loop4): unmounting filesystem. [ 439.974127][ T4619] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 439.992502][ T4365] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 439.997363][T18966] ntfs: (device loop6): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 440.012678][ T4365] usb 8-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 440.019387][ T4619] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 440.040493][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.046885][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.056278][ T4365] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.087301][ T4619] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 440.114511][ T4365] usb 8-1: config 0 descriptor?? [ 440.117445][T18966] ntfs: volume version 3.1. [ 440.134419][T18966] ntfs: (device loop6): map_mft_record_page(): Mft record 0x2 is corrupt. Run chkdsk. [ 440.146593][ T4619] usb 6-1: config 0 interface 0 has no altsetting 0 [ 440.165658][ T4619] usb 6-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 440.185982][T18966] ntfs: (device loop6): map_mft_record(): Failed with error code 5. [ 440.205336][ T4619] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.213568][T18966] ntfs: (device loop6): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x2 as bad. Run chkdsk. [ 440.258493][ T4619] usb 6-1: config 0 descriptor?? [ 440.283902][T18966] ntfs: (device loop6): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 440.551651][ T4365] lg-g15 0003:046D:C222.0008: unbalanced delimiter at end of report description [ 440.597711][ T4365] lg-g15: probe of 0003:046D:C222.0008 failed with error -22 [ 440.763210][ T4619] kye 0003:0458:5015.0009: hidraw0: USB HID v0.04 Device [HID 0458:5015] on usb-dummy_hcd.5-1/input0 [ 440.777127][ T4365] usb 8-1: USB disconnect, device number 5 [ 440.805056][ T4619] kye 0003:0458:5015.0009: tablet-enabling feature report not found [ 440.837022][ T4619] kye 0003:0458:5015.0009: tablet enabling failed [ 440.946656][ T4619] usb 6-1: USB disconnect, device number 12 [ 441.001405][T19034] netlink: 'syz.6.4228': attribute type 27 has an invalid length. [ 441.205748][T19036] fido_id[19036]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 441.307215][ T4297] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 441.508442][ T4297] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 441.537770][ T4297] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 441.567533][ T4297] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 441.576631][ T4297] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 441.596981][ T4297] usb 5-1: SerialNumber: syz [ 441.721948][T19076] loop7: detected capacity change from 0 to 128 [ 441.806258][T19053] loop0: detected capacity change from 0 to 32768 [ 441.816515][ T27] audit: type=1800 audit(1748864466.787:1702): pid=19076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.4238" name="file2" dev="loop7" ino=1048718 res=0 errno=0 [ 441.826186][ T4297] usb 5-1: 0:2 : does not exist [ 441.838273][ T4296] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 441.845717][T19076] FAT-fs (loop7): error, invalid access to FAT (entry 0x00000100) [ 441.874589][T19076] FAT-fs (loop7): Filesystem has been set read-only [ 441.881756][ T4297] usb 5-1: USB disconnect, device number 21 [ 441.889288][T19076] FAT-fs (loop7): error, invalid access to FAT (entry 0x00000100) [ 441.912337][T19076] syz.7.4238: attempt to access beyond end of device [ 441.912337][T19076] loop7: rw=2049, sector=2065, nr_sectors = 8 limit=128 [ 441.935855][T19053] XFS (loop0): Mounting V5 Filesystem [ 442.003788][T19053] XFS (loop0): Ending clean mount [ 442.016000][T19053] XFS (loop0): Quotacheck needed: Please wait. [ 442.087045][T19053] XFS (loop0): Quotacheck: Done. [ 442.098927][ T4296] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 442.136444][ T4430] udevd[4430]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 442.158278][ T4296] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 442.179734][ T4296] usb 6-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00 [ 442.210084][ T4249] XFS (loop0): Unmounting Filesystem [ 442.210215][ T4296] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.234370][ T4296] usb 6-1: config 0 descriptor?? [ 442.660224][ T4296] asus 0003:0B05:1822.000A: item fetching failed at offset 5/7 [ 442.687596][ T4296] asus 0003:0B05:1822.000A: Asus hid parse failed: -22 [ 442.713075][T19130] loop6: detected capacity change from 0 to 256 [ 442.726691][ T4296] asus: probe of 0003:0B05:1822.000A failed with error -22 [ 442.869943][ T4296] usb 6-1: USB disconnect, device number 13 [ 442.879700][T19130] FAT-fs (loop6): Directory bread(block 64) failed [ 442.896999][T19130] FAT-fs (loop6): Directory bread(block 65) failed [ 442.903712][T19130] FAT-fs (loop6): Directory bread(block 66) failed [ 442.962836][T19130] FAT-fs (loop6): Directory bread(block 67) failed [ 442.970677][T19130] FAT-fs (loop6): Directory bread(block 68) failed [ 442.978299][T19130] FAT-fs (loop6): Directory bread(block 69) failed [ 442.985113][T19130] FAT-fs (loop6): Directory bread(block 70) failed [ 442.996416][T19130] FAT-fs (loop6): Directory bread(block 71) failed [ 443.003406][T19130] FAT-fs (loop6): Directory bread(block 72) failed [ 443.010431][T19130] FAT-fs (loop6): Directory bread(block 73) failed [ 443.846931][ T4296] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 444.000178][ T4297] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 444.052296][ T4296] usb 7-1: Using ep0 maxpacket: 16 [ 444.060075][ T4296] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 444.090329][ T4296] usb 7-1: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice= 0.00 [ 444.128436][T19177] loop4: detected capacity change from 0 to 32768 [ 444.136171][ T4296] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.157921][ T4296] usb 7-1: config 0 descriptor?? [ 444.172411][T19177] ERROR: (device loop4): diWrite: ixpxd invalid [ 444.172411][T19177] [ 444.192608][ T4297] usb 6-1: Using ep0 maxpacket: 32 [ 444.201972][ T4297] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 444.208583][T19177] ERROR: (device loop4): remounting filesystem as read-only [ 444.226054][ T4297] usb 6-1: config 0 has no interface number 0 [ 444.238373][T19177] ERROR: (device loop4): txCommit: [ 444.238373][T19177] [ 444.246797][ T4297] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 444.248459][ T4297] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 444.248494][ T4297] usb 6-1: Product: syz [ 444.248511][ T4297] usb 6-1: Manufacturer: syz [ 444.360629][ T4297] usb 6-1: SerialNumber: syz [ 444.384005][ T4297] usb 6-1: config 0 descriptor?? [ 444.440311][ T4297] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 444.644540][ T4297] usb 6-1: qt2_attach - failed to power on unit: -71 [ 444.644649][ T4297] quatech2: probe of 6-1:0.51 failed with error -71 [ 444.664567][ T4297] usb 6-1: USB disconnect, device number 14 [ 444.778888][ T4296] usb 7-1: USB disconnect, device number 9 [ 444.982077][ T27] audit: type=1326 audit(1748864469.957:1703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19257 comm="syz.7.4269" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2c9738e969 code=0x0 [ 445.106353][T19227] loop0: detected capacity change from 0 to 32768 [ 445.148972][T19262] loop4: detected capacity change from 0 to 4096 [ 445.153127][T19227] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 445.316974][ T4249] ocfs2: Unmounting device (7,0) on (node local) [ 445.676255][T19284] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4276'. [ 445.696191][T19274] loop5: detected capacity change from 0 to 8192 [ 445.791116][T19274] loop5: p1 < > p3 < p5 > p4 [ 445.801378][T19274] loop5: partition table partially beyond EOD, truncated [ 445.834277][T19274] loop5: p1 start 4294967040 is beyond EOD, truncated [ 446.303431][T19312] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4283'. [ 446.368067][ T7269] udevd[7269]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory [ 446.388248][ T4430] udevd[4430]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 446.400980][ T4333] udevd[4333]: inotify_add_watch(7, /dev/loop5p5, 10) failed: No such file or directory [ 446.501271][T19307] loop5: detected capacity change from 0 to 4096 [ 446.529579][T19307] ntfs3: loop5: Different NTFS' sector size (2048) and media sector size (512) [ 446.796159][T19333] program syz.7.4289 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 446.844356][T19337] netlink: 'syz.5.4290': attribute type 4 has an invalid length. [ 447.334503][T19360] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4297'. [ 447.405498][T19323] loop6: detected capacity change from 0 to 32768 [ 447.422854][T19323] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 scanned by syz.6.4285 (19323) [ 447.473560][T19323] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 447.505747][T19323] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm [ 447.523818][T19323] BTRFS info (device loop6): using free space tree [ 447.563506][T19373] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4299'. [ 447.593986][T19376] loop5: detected capacity change from 0 to 256 [ 447.644740][T19376] FAT-fs (loop5): Directory bread(block 64) failed [ 447.652136][T19376] FAT-fs (loop5): Directory bread(block 65) failed [ 447.664168][T19376] FAT-fs (loop5): Directory bread(block 66) failed [ 447.672496][T19376] FAT-fs (loop5): Directory bread(block 67) failed [ 447.680886][T19376] FAT-fs (loop5): Directory bread(block 68) failed [ 447.688415][T19376] FAT-fs (loop5): Directory bread(block 69) failed [ 447.695310][T19376] FAT-fs (loop5): Directory bread(block 70) failed [ 447.704461][T19376] FAT-fs (loop5): Directory bread(block 71) failed [ 447.711632][T19376] FAT-fs (loop5): Directory bread(block 72) failed [ 447.718627][T19376] FAT-fs (loop5): Directory bread(block 73) failed [ 447.811426][T19376] syz.5.4300: attempt to access beyond end of device [ 447.811426][T19376] loop5: rw=2051, sector=1224, nr_sectors = 64 limit=256 [ 447.868326][T19323] BTRFS info (device loop6): enabling ssd optimizations [ 447.989367][ T27] audit: type=1800 audit(1748864472.967:1704): pid=19323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4285" name="file1" dev="loop6" ino=260 res=0 errno=0 [ 448.156437][T10221] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 448.213328][T19408] input: syz1 as /devices/virtual/input/input31 [ 448.524535][T19426] sp0: Synchronizing with TNC [ 448.604689][T19435] loop4: detected capacity change from 0 to 512 [ 448.686913][T19423] [U] [ 448.765862][T19435] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 448.858555][T19435] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.4311: casefold flag without casefold feature [ 448.884718][T19437] loop7: detected capacity change from 0 to 4096 [ 449.007437][T19435] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.4311: couldn't read orphan inode 15 (err -117) [ 449.038227][T19435] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 449.057198][T19437] ntfs: volume version 3.1. [ 449.260649][ T4258] EXT4-fs (loop4): unmounting filesystem. [ 449.353928][T19465] loop6: detected capacity change from 0 to 16 [ 449.378805][T19465] erofs: (device loop6): mounted with root inode @ nid 36. [ 449.447407][T19465] xt_hashlimit: max too large, truncated to 1048576 [ 449.454759][T19465] erofs: (device loop6): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 449.552240][T19465] erofs: (device loop6): z_erofs_lz4_decompress_mem: failed to decompress -59 in[63, 4033] out[1851] [ 449.616092][T19463] loop5: detected capacity change from 0 to 4096 [ 449.623345][T19465] erofs: (device loop6): z_erofs_read_folio: failed to read, err [-117] [ 449.667974][T19463] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512) [ 449.789670][T19463] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 449.816208][T19463] ntfs3: loop5: Failed to load $Extend. [ 450.118990][T19495] loop7: detected capacity change from 0 to 512 [ 450.167337][T19495] EXT4-fs: Ignoring removed oldalloc option [ 450.179460][T19495] EXT4-fs: Ignoring removed nobh option [ 450.252503][T19495] EXT4-fs error (device loop7): ext4_orphan_get:1400: inode #15: comm syz.7.4324: iget: bad extended attribute block 1 [ 450.431932][T19495] EXT4-fs error (device loop7): ext4_orphan_get:1405: comm syz.7.4324: couldn't read orphan inode 15 (err -117) [ 450.507531][T19495] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 450.562742][T19522] netlink: 'syz.0.4331': attribute type 1 has an invalid length. [ 450.689543][T12410] EXT4-fs (loop7): unmounting filesystem. [ 450.729355][T19518] loop4: detected capacity change from 0 to 8192 [ 450.788096][T19518] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 450.816364][T19518] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 450.859906][T19518] REISERFS (device loop4): using ordered data mode [ 450.867813][T19518] reiserfs: using flush barriers [ 450.933955][T19538] loop0: detected capacity change from 0 to 8 [ 450.958205][T19518] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 7, max trans age 7 [ 451.001204][T19538] SQUASHFS error: Unable to read inode 0x87 [ 451.057431][T19518] REISERFS (device loop4): checking transaction log (loop4) [ 451.083381][T19518] REISERFS (device loop4): Using r5 hash to sort names [ 451.106409][T19518] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 451.159499][T19518] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 451.282896][ T27] audit: type=1804 audit(1748864476.257:1705): pid=19518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4330" name="/newroot/847/bus/file0" dev="loop4" ino=4 res=1 errno=0 [ 451.445998][T19555] loop7: detected capacity change from 0 to 1024 [ 451.461979][T19561] loop6: detected capacity change from 0 to 512 [ 451.507224][T19561] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 451.511097][T19557] loop0: detected capacity change from 0 to 4096 [ 451.587101][T19555] hfsplus: found bad thread record in catalog [ 451.613587][T19557] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 451.614525][T19561] EXT4-fs (loop6): 1 truncate cleaned up [ 451.637089][T19555] hfsplus: catalog searching failed [ 451.640264][T19561] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 451.741414][ T4279] hfsplus: b-tree write err: -5, ino 4 [ 451.745267][T10221] EXT4-fs (loop6): unmounting filesystem. [ 451.947130][T19557] ntfs: volume version 3.1. [ 452.032925][T19581] loop7: detected capacity change from 0 to 2048 [ 452.115212][T19581] NILFS (loop7): broken superblock, retrying with spare superblock (blocksize = 1024) [ 452.190651][T19586] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 452.236730][ T27] audit: type=1800 audit(1748864477.207:1706): pid=19581 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.4344" name="file2" dev="loop7" ino=16 res=0 errno=0 [ 452.303088][T19588] loop6: detected capacity change from 0 to 1024 [ 452.572557][ T5273] hfsplus: b-tree write err: -5, ino 4 [ 453.014019][T19619] loop6: detected capacity change from 0 to 128 [ 453.143884][T19574] loop5: detected capacity change from 0 to 32768 [ 453.217337][T19619] syz.6.4353: attempt to access beyond end of device [ 453.217337][T19619] loop6: rw=2049, sector=145, nr_sectors = 161 limit=128 [ 453.776466][T19659] loop6: detected capacity change from 0 to 512 [ 453.821902][T19659] EXT4-fs: Ignoring removed i_version option [ 453.845553][T19659] EXT4-fs: Ignoring removed nobh option [ 453.897091][T19659] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 453.964719][T19659] EXT4-fs (loop6): 1 truncate cleaned up [ 453.988872][T19659] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 454.099266][T19673] loop4: detected capacity change from 0 to 2048 [ 454.166782][T19668] loop0: detected capacity change from 0 to 8192 [ 454.211842][T10221] EXT4-fs (loop6): unmounting filesystem. [ 454.222289][T19679] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 454.243624][T19668] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 454.377062][T19668] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 454.401793][T19668] REISERFS (device loop0): using ordered data mode [ 454.420667][T19668] reiserfs: using flush barriers [ 454.455266][T19668] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 454.545072][T19668] REISERFS (device loop0): checking transaction log (loop0) [ 454.587854][T19679] NILFS (loop4): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 454.621239][T19679] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=4) [ 454.648446][T19668] REISERFS (device loop0): Using rupasov hash to sort names [ 454.679169][T19668] REISERFS (device loop0): using 3.5.x disk format [ 454.717243][T19668] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 454.736914][T19679] Remounting filesystem read-only [ 454.757581][ T4258] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer [ 454.793491][T19668] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 454.877095][T19668] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 454.908704][T19668] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 UNKNOWN] (nlink == 1) not found (pos 2) [ 455.003612][T19668] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 455.053162][T19668] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 455.094409][T19668] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 455.122136][T19668] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 455.173894][T19658] loop5: detected capacity change from 0 to 32768 [ 455.195514][T19712] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 455.306691][T19658] XFS (loop5): Mounting V5 Filesystem [ 455.316939][ T4296] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 455.509340][T19658] XFS (loop5): Ending clean mount [ 455.530384][ T4296] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 455.574679][ T4296] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 455.606275][ T4296] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 455.646787][ T4296] usb 8-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00 [ 455.676888][ T4296] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.714406][ T4296] usb 8-1: config 0 descriptor?? [ 455.815741][ T8999] XFS (loop5): Unmounting Filesystem [ 456.205188][ T4296] ortek 0003:1223:3F07.000C: unknown main item tag 0x6 [ 456.224001][ T4296] ortek 0003:1223:3F07.000C: unknown global tag 0xc [ 456.263096][ T4296] ortek 0003:1223:3F07.000C: item 0 1 1 12 parsing failed [ 456.264868][T19770] loop0: detected capacity change from 0 to 256 [ 456.287446][ T4296] ortek: probe of 0003:1223:3F07.000C failed with error -22 [ 456.386323][T16171] usb 8-1: USB disconnect, device number 6 [ 456.691379][T19795] loop0: detected capacity change from 0 to 2048 [ 456.990859][ T27] audit: type=1400 audit(1748864481.967:1707): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name=2626200D3ADD pid=19808 comm="syz.4.4391" [ 457.257167][T19820] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4395'. [ 457.313357][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.343750][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.345106][T19827] loop7: detected capacity change from 0 to 128 [ 457.361523][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.371635][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.390453][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.405405][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.437118][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.447086][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.451621][T19776] loop6: detected capacity change from 0 to 32768 [ 457.465519][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.473846][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.482230][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.489892][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.497458][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.506999][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.514535][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.522183][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.530222][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.537769][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.545289][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.553241][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.561691][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.569292][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.576875][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.584405][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.591251][ T7269] I/O error, dev loop6, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 457.608189][T19827] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 457.614847][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.625719][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.644503][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.652120][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.667840][T19827] ext4 filesystem being mounted at /253/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 457.672408][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.716195][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.756714][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.782198][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.810869][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.829680][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.856925][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.874686][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.882248][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.890494][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.899228][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.906808][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.915406][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.927305][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.934882][T16171] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 457.997185][T16171] hid-generic 0000:0000:0000.000D: hidraw0: HID v0.00 Device [syz0] on syz1 [ 458.008915][T19851] loop5: detected capacity change from 0 to 2048 [ 458.066163][T12410] EXT4-fs (loop7): unmounting filesystem. [ 458.081849][T19859] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 458.288654][T19867] loop7: detected capacity change from 0 to 512 [ 458.319601][T19853] fido_id[19853]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 458.337061][ T4365] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 458.375218][T19867] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem [ 458.430176][T19867] EXT4-fs (loop7): invalid journal inode [ 458.435938][T19867] EXT4-fs (loop7): can't get journal size [ 458.487720][T19877] loop5: detected capacity change from 0 to 1024 [ 458.513880][T19867] EXT4-fs (loop7): 1 truncate cleaned up [ 458.547710][ T4365] usb 5-1: Using ep0 maxpacket: 16 [ 458.567716][ T4365] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 458.593749][T19867] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 458.648508][ T4365] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 458.678056][T19877] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 458.707157][T19877] ext4 filesystem being mounted at /461/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 458.716918][ T4365] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 458.719530][T19867] EXT4-fs warning (device loop7): ext4_group_extend:1870: can't shrink FS - resize aborted [ 458.738463][ T4365] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.759870][ T4365] usb 5-1: config 0 descriptor?? [ 459.039432][ T8999] EXT4-fs (loop5): unmounting filesystem. [ 459.058095][T12410] EXT4-fs (loop7): unmounting filesystem. [ 459.175654][ T4365] corsair 0003:1B1C:1B02.000E: global environment stack underflow [ 459.209910][ T4365] corsair 0003:1B1C:1B02.000E: item 0 4 1 11 parsing failed [ 459.242292][ T4365] corsair 0003:1B1C:1B02.000E: parse failed [ 459.261078][ T4365] corsair: probe of 0003:1B1C:1B02.000E failed with error -22 [ 459.377402][ T4365] usb 5-1: USB disconnect, device number 22 [ 459.684227][ T4296] kernel write not supported for file /adsp1 (pid: 4296 comm: kworker/0:5) [ 460.209214][T19989] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4431'. [ 460.326401][ T4365] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 460.350309][ T4296] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 460.412648][T19961] loop6: detected capacity change from 0 to 32768 [ 460.423124][T19997] loop0: detected capacity change from 0 to 256 [ 460.495579][T19961] XFS (loop6): Mounting V5 Filesystem [ 460.528732][ T4365] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 460.546441][ T4296] usb 5-1: Using ep0 maxpacket: 32 [ 460.557429][ T4365] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 460.558575][ T4296] usb 5-1: New USB device found, idVendor=056a, idProduct=5002, bcdDevice= 0.00 [ 460.586213][ T4296] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.611049][ T4296] usb 5-1: config 0 descriptor?? [ 460.652673][ T4365] usb 8-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00 [ 460.671309][T20015] vivid-001: disconnect [ 460.681204][T20013] vivid-001: reconnect [ 460.741614][ T4365] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.785496][T19961] XFS (loop6): Ending clean mount [ 460.789452][ T4365] usb 8-1: config 0 descriptor?? [ 460.803538][T19961] XFS (loop6): Quotacheck needed: Please wait. [ 460.852871][T20025] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4437'. [ 460.921506][T19961] XFS (loop6): Quotacheck: Done. [ 461.051706][ T4296] wacom 0003:056A:5002.000F: hidraw0: USB HID vff.ff Device [HID 056a:5002] on usb-dummy_hcd.4-1/input0 [ 461.226417][ T4365] hid-led 0003:1294:1320.0010: hidraw1: USB HID vff.fe Device [HID 1294:1320] on usb-dummy_hcd.7-1/input0 [ 461.243503][ T4296] usb 5-1: USB disconnect, device number 23 [ 461.321658][T10221] XFS (loop6): Unmounting Filesystem [ 461.379926][T20039] fido_id[20039]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 461.381256][ T4365] hid-led 0003:1294:1320.0010: Riso Kagaku Webmail Notifier initialized [ 461.445137][ T4365] usb 8-1: USB disconnect, device number 7 [ 461.548040][T16171] leds riso_kagaku1:blue: Setting an LED's brightness failed (-38) [ 461.600046][T16171] leds riso_kagaku1:green: Setting an LED's brightness failed (-38) [ 461.622611][T16171] leds riso_kagaku1:red: Setting an LED's brightness failed (-38) [ 461.701567][T20064] fido_id[20064]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/report_descriptor': No such file or directory [ 462.012402][T20030] loop0: detected capacity change from 0 to 32768 [ 462.049365][T20080] loop4: detected capacity change from 0 to 256 [ 462.123327][T20030] ERROR: (device loop0): xtSearch: XT_GETPAGE: xtree page corrupt [ 462.123327][T20030] [ 462.144070][T20086] loop6: detected capacity change from 0 to 256 [ 462.155492][T20030] xtLookup: xtSearch returned -5 [ 462.160499][T20030] add_index: get/read_metapage failed! [ 462.176005][T20080] FAT-fs (loop4): Directory bread(block 64) failed [ 462.185636][T20030] ERROR: (device loop0): xtSearch: XT_GETPAGE: xtree page corrupt [ 462.185636][T20030] [ 462.207591][T20080] FAT-fs (loop4): Directory bread(block 65) failed [ 462.271017][T20030] xtLookup: xtSearch returned -5 [ 462.281207][T20080] FAT-fs (loop4): Directory bread(block 66) failed [ 462.306771][T20086] FAT-fs (loop6): Directory bread(block 64) failed [ 462.313458][T20086] FAT-fs (loop6): Directory bread(block 65) failed [ 462.320263][T20030] free_index: error reading directory table [ 462.341603][T20080] FAT-fs (loop4): Directory bread(block 67) failed [ 462.357134][T20086] FAT-fs (loop6): Directory bread(block 66) failed [ 462.363733][T20086] FAT-fs (loop6): Directory bread(block 67) failed [ 462.370528][T20030] ERROR: (device loop0): xtSearch: XT_GETPAGE: xtree page corrupt [ 462.370528][T20030] [ 462.395473][T20080] FAT-fs (loop4): Directory bread(block 68) failed [ 462.402389][T20080] FAT-fs (loop4): Directory bread(block 69) failed [ 462.415516][T20080] FAT-fs (loop4): Directory bread(block 70) failed [ 462.422147][T20080] FAT-fs (loop4): Directory bread(block 71) failed [ 462.433925][T20086] FAT-fs (loop6): Directory bread(block 68) failed [ 462.440894][T20030] xtLookup: xtSearch returned -5 [ 462.463268][T20030] free_index: error reading directory table [ 462.469411][T20086] FAT-fs (loop6): Directory bread(block 69) failed [ 462.479583][T20086] FAT-fs (loop6): Directory bread(block 70) failed [ 462.486336][T20030] ERROR: (device loop0): xtSearch: XT_GETPAGE: xtree page corrupt [ 462.486336][T20030] [ 462.505443][T20080] FAT-fs (loop4): Directory bread(block 72) failed [ 462.512126][T20080] FAT-fs (loop4): Directory bread(block 73) failed [ 462.525474][T20086] FAT-fs (loop6): Directory bread(block 71) failed [ 462.532157][T20086] FAT-fs (loop6): Directory bread(block 72) failed [ 462.575120][T20030] xtLookup: xtSearch returned -5 [ 462.584898][T20030] free_index: error reading directory table [ 462.591091][T20086] FAT-fs (loop6): Directory bread(block 73) failed [ 462.603498][T20060] loop5: detected capacity change from 0 to 32768 [ 462.615217][T20030] ERROR: (device loop0): xtSearch: XT_GETPAGE: xtree page corrupt [ 462.615217][T20030] [ 462.644825][T20030] xtLookup: xtSearch returned -5 [ 462.659706][T20030] free_index: error reading directory table [ 462.707482][T20030] ERROR: (device loop0): xtSearch: XT_GETPAGE: xtree page corrupt [ 462.707482][T20030] [ 462.756137][T20030] xtLookup: xtSearch returned -5 [ 462.761148][T20030] free_index: error reading directory table [ 462.823875][T20091] jfs: Unrecognized mount option "1844674407370955161501777777777777777777777V?Cp~'~8pٻ젌|^(coM)0177777777777777777777718446744073709551615" or missing value [ 463.284259][T20127] program syz.7.4453 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 463.315632][T20130] xt_hashlimit: max too large, truncated to 1048576 [ 464.296622][T20161] loop6: detected capacity change from 0 to 8192 [ 464.434678][T20141] loop4: detected capacity change from 0 to 32768 [ 464.533074][T20134] loop5: detected capacity change from 0 to 32768 [ 464.581275][T20141] XFS (loop4): Mounting V5 Filesystem [ 464.685242][T20134] XFS (loop5): Mounting V5 Filesystem [ 464.763191][T20141] XFS (loop4): Ending clean mount [ 464.791535][T20141] XFS (loop4): Quotacheck needed: Please wait. [ 464.878387][T20134] XFS (loop5): Ending clean mount [ 464.990145][T20141] XFS (loop4): Quotacheck: Done. [ 465.005647][T20206] loop6: detected capacity change from 0 to 256 [ 465.018864][T20206] exfat: Deprecated parameter 'namecase' [ 465.021212][ T27] audit: type=1800 audit(1748864489.990:1708): pid=20141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4456" name="file1" dev="loop4" ino=9286 res=0 errno=0 [ 465.101106][T20206] exFAT-fs (loop6): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 465.145022][ T8999] XFS (loop5): Unmounting Filesystem [ 465.245855][ T4258] XFS (loop4): Unmounting Filesystem [ 465.360599][T20175] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 465.454481][T20212] loop6: detected capacity change from 0 to 1024 [ 465.565821][T20212] hfsplus: bad catalog entry type [ 465.678275][ T5273] hfsplus: b-tree write err: -5, ino 4 [ 465.861627][T20193] loop0: detected capacity change from 0 to 32768 [ 465.951188][T20227] netlink: 44 bytes leftover after parsing attributes in process `syz.5.4471'. [ 466.761805][T20240] infiniband syz!: set down [ 466.772827][T20240] infiniband syz!: added team_slave_0 [ 466.795052][T20216] loop7: detected capacity change from 0 to 32768 [ 466.869659][T20216] XFS (loop7): Mounting V5 Filesystem [ 466.912710][ T7] XFS (loop7): Metadata CRC error detected at xfs_agf_read_verify+0x18d/0x250, xfs_agf block 0x1 [ 466.933010][ T7] XFS (loop7): Unmount and run xfs_repair [ 466.938457][T20240] RDS/IB: syz!: added [ 466.943247][ T7] XFS (loop7): First 128 bytes of corrupted metadata buffer: [ 466.963089][ T7] 00000000: 58 41 47 46 00 00 00 00 00 00 00 00 00 00 10 00 XAGF............ [ 466.972012][ T7] 00000010: 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 01 ................ [ 466.984095][T20240] smc: adding ib device syz! with port count 1 [ 466.990636][T20240] smc: ib device syz! port 1 has pnetid [ 467.048293][ T7] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 467.072663][ T7] 00000030: 00 00 00 04 00 00 0b a2 00 00 0b a0 00 00 00 00 ................ [ 467.102849][ T7] 00000040: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 467.111771][ T7] 00000050: 00 00 00 00 00 00 00 01 00 00 00 05 00 00 00 01 ................ [ 467.183477][ T7] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 467.202832][ T7] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 467.212661][T20216] XFS (loop7): metadata I/O error in "xfs_read_agf+0x2a0/0x620" at daddr 0x1 len 1 error 74 [ 467.246217][T20216] XFS (loop7): Error -117 reserving per-AG metadata reserve pool. [ 467.273858][T20216] XFS (loop7): Corruption of in-memory data (0x8) detected at xfs_fs_reserve_ag_blocks+0x1c6/0x1f0 (fs/xfs/xfs_fsops.c:587). Shutting down filesystem. [ 467.322433][T20216] XFS (loop7): Please unmount the filesystem and rectify the problem(s) [ 467.343459][T20216] XFS (loop7): Ending clean mount [ 467.349404][T20216] XFS (loop7): Failed to initialize disk quotas. [ 467.600514][T12410] XFS (loop7): Unmounting Filesystem [ 467.747817][T20294] netlink: 'syz.6.4490': attribute type 29 has an invalid length. [ 467.758270][T20294] netlink: 'syz.6.4490': attribute type 29 has an invalid length. [ 467.775017][T20296] netlink: 'syz.6.4490': attribute type 29 has an invalid length. [ 468.326567][T20309] binder: 20308:20309 unknown command 1953002597 [ 468.348160][T20309] binder: 20308:20309 ioctl c0306201 200000000080 returned -22 [ 468.577799][T20298] loop5: detected capacity change from 0 to 32768 [ 468.613910][T20298] XFS: ikeep mount option is deprecated. [ 468.700792][T20298] XFS (loop5): Mounting V5 Filesystem [ 468.842347][T20298] XFS (loop5): Ending clean mount [ 469.012324][ T8999] XFS (loop5): Unmounting Filesystem [ 469.417664][T20306] loop6: detected capacity change from 0 to 65536 [ 469.498782][T20306] XFS (loop6): Mounting V5 Filesystem [ 469.611971][T20361] program syz.5.4498 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 469.654076][T20306] XFS (loop6): Ending clean mount [ 469.835772][T10221] XFS (loop6): Unmounting Filesystem [ 470.320705][T20344] loop0: detected capacity change from 0 to 32768 [ 470.365492][T20344] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.4501 (20344) [ 470.458054][T20344] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 470.501264][T20344] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 470.530467][T20344] BTRFS info (device loop0): turning on async discard [ 470.540801][T20344] BTRFS info (device loop0): using free space tree [ 470.931534][T20344] BTRFS info (device loop0): enabling ssd optimizations [ 470.944188][T20418] loop7: detected capacity change from 0 to 1024 [ 470.991167][T20418] EXT4-fs: inline encryption not supported [ 471.058034][T20418] EXT4-fs error (device loop7): ext4_map_blocks:745: inode #3: block 1: comm syz.7.4515: lblock 1 mapped to illegal pblock 1 (length 1) [ 471.120175][T20418] Quota error (device loop7): write_blk: dquota write failed [ 471.122578][ T4249] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 471.145274][T20418] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota [ 471.176385][T20418] EXT4-fs error (device loop7): ext4_acquire_dquot:6802: comm syz.7.4515: Failed to acquire dquot type 0 [ 471.218877][T20418] EXT4-fs error (device loop7): ext4_free_blocks:6210: comm syz.7.4515: Freeing blocks not in datazone - block = 0, count = 4096 [ 471.282179][T20418] EXT4-fs error (device loop7): ext4_read_inode_bitmap:140: comm syz.7.4515: Invalid inode bitmap blk 0 in block_group 0 [ 471.330011][T20418] EXT4-fs error (device loop7) in ext4_free_inode:362: Corrupt filesystem [ 471.357386][T20386] loop5: detected capacity change from 0 to 32768 [ 471.375450][T20418] EXT4-fs (loop7): 1 orphan inode deleted [ 471.400764][T20418] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 471.619044][T20393] loop4: detected capacity change from 0 to 40427 [ 471.656583][T20393] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x3ffff [ 471.686315][T20393] F2FS-fs (loop4): invalid crc value [ 471.739265][T20393] F2FS-fs (loop4): Found nat_bits in checkpoint [ 471.890599][ T4275] EXT4-fs error (device loop7): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:5: lblock 1 mapped to illegal pblock 1 (length 1) [ 471.892330][T20386] XFS (loop5): Mounting V5 Filesystem [ 471.912783][ T4275] Quota error (device loop7): remove_tree: Can't read quota data block 1 [ 471.922605][ T4275] EXT4-fs error (device loop7): ext4_release_dquot:6838: comm kworker/u4:5: Failed to release dquot type 0 [ 471.955339][T12410] EXT4-fs (loop7): unmounting filesystem. [ 471.993077][T20447] loop6: detected capacity change from 0 to 2048 [ 472.056106][T20393] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 472.073909][T20456] loop0: detected capacity change from 0 to 4096 [ 472.114849][T20456] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 472.149613][T20447] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 472.167355][T20386] XFS (loop5): Ending clean mount [ 472.206930][ T27] audit: type=1800 audit(1748864497.183:1709): pid=20447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4518" name="file2" dev="loop6" ino=16 res=0 errno=0 [ 472.264048][T20465] netlink: 44 bytes leftover after parsing attributes in process `syz.7.4517'. [ 472.306394][T10221] EXT4-fs (loop6): unmounting filesystem. [ 472.319908][ T4258] syz-executor: attempt to access beyond end of device [ 472.319908][ T4258] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 472.528463][ T8999] XFS (loop5): Unmounting Filesystem [ 473.662865][T20514] loop5: detected capacity change from 0 to 256 [ 473.674918][T20474] loop6: detected capacity change from 0 to 32768 [ 473.685823][T20514] exfat: Deprecated parameter 'utf8' [ 473.694925][T20474] XFS: ikeep mount option is deprecated. [ 473.726065][T20514] exfat: Deprecated parameter 'utf8' [ 473.734951][T20514] exfat: Deprecated parameter 'utf8' [ 473.809758][T20474] XFS (loop6): Mounting V5 Filesystem [ 473.829928][T20514] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d) [ 474.004890][T20496] loop4: detected capacity change from 0 to 32768 [ 474.154514][T20474] XFS (loop6): Ending clean mount [ 474.186009][T20496] XFS (loop4): Mounting V5 Filesystem [ 474.194509][T20474] XFS (loop6): Quotacheck needed: Please wait. [ 474.397002][T20474] XFS (loop6): Quotacheck: Done. [ 474.528663][T20496] XFS (loop4): Ending clean mount [ 474.662646][T20575] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4542'. [ 474.680869][T10221] XFS (loop6): Unmounting Filesystem [ 474.769964][ T4258] XFS (loop4): Unmounting Filesystem [ 475.524874][T20608] loop0: detected capacity change from 0 to 256 [ 475.572980][T20608] exfat: Deprecated parameter 'utf8' [ 475.608704][T20608] exfat: Deprecated parameter 'namecase' [ 475.614529][T20608] exfat: Deprecated parameter 'namecase' [ 475.654508][T20608] exfat: Deprecated parameter 'utf8' [ 475.688140][T20608] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012153, chksum : 0x5270ca8d, utbl_chksum : 0xe619d30d) [ 476.682719][T20669] loop5: detected capacity change from 0 to 1024 [ 476.704997][T20670] loop6: detected capacity change from 0 to 64 [ 476.801100][T20670] hfs: bad catalog entry type 0 [ 476.827525][T20635] loop0: detected capacity change from 0 to 32768 [ 477.054244][T20635] XFS (loop0): Mounting V5 Filesystem [ 477.097185][T20696] loop6: detected capacity change from 0 to 256 [ 477.227196][T20686] loop5: detected capacity change from 0 to 4096 [ 477.244643][T20635] XFS (loop0): Ending clean mount [ 477.248523][T20696] FAT-fs (loop6): Directory bread(block 64) failed [ 477.255379][T20635] XFS (loop0): Quotacheck needed: Please wait. [ 477.276753][T20696] FAT-fs (loop6): Directory bread(block 65) failed [ 477.304644][T20696] FAT-fs (loop6): Directory bread(block 66) failed [ 477.336708][T20696] FAT-fs (loop6): Directory bread(block 67) failed [ 477.357063][T20696] FAT-fs (loop6): Directory bread(block 68) failed [ 477.394090][T20696] FAT-fs (loop6): Directory bread(block 69) failed [ 477.430041][T20696] FAT-fs (loop6): Directory bread(block 70) failed [ 477.446982][T20696] FAT-fs (loop6): Directory bread(block 71) failed [ 477.447495][T20635] XFS (loop0): Quotacheck: Done. [ 477.498867][T20696] FAT-fs (loop6): Directory bread(block 72) failed [ 477.517446][T20696] FAT-fs (loop6): Directory bread(block 73) failed [ 477.613640][T20686] ntfs: (device loop5): parse_options(): NLS character set cp86 not found. Using previous one cp1255. [ 477.638892][T20716] loop4: detected capacity change from 0 to 256 [ 477.683139][T20686] ntfs: (device loop5): check_mft_mirror(): $MFT and $MFTMirr (record 2) do not match. Run ntfsfix or chkdsk. [ 477.715662][T20686] ntfs: (device loop5): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 477.834097][T20686] ntfs: volume version 3.1. [ 477.860269][T20686] ntfs: (device loop5): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 477.908271][T20686] ntfs: (device loop5): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 477.942540][ T4249] XFS (loop0): Unmounting Filesystem [ 477.956516][T20686] ntfs: (device loop5): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 478.175130][T20725] loop6: detected capacity change from 0 to 2048 [ 478.192783][T20725] EXT4-fs: Ignoring removed mblk_io_submit option [ 478.294016][T20725] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 478.340789][T20731] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 478.498610][T10221] EXT4-fs (loop6): unmounting filesystem. [ 478.767334][T20710] loop7: detected capacity change from 0 to 32768 [ 479.276828][ T7] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 479.436073][T20796] loop6: detected capacity change from 0 to 512 [ 479.471079][ T7] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 479.480661][T20796] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 479.514295][ T7] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 479.531543][ T7] usb 6-1: Product: syz [ 479.541086][ T7] usb 6-1: Manufacturer: syz [ 479.558575][T20796] EXT4-fs (loop6): 1 truncate cleaned up [ 479.566818][T20796] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 479.589724][ T7] usb 6-1: SerialNumber: syz [ 479.663413][T20796] EXT4-fs (loop6): Online resizing not supported with sparse_super2 [ 479.678109][ T7] usb 6-1: config 0 descriptor?? [ 479.923517][T10221] EXT4-fs (loop6): unmounting filesystem. [ 479.978999][T20829] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 479.996907][ T4296] usb 6-1: USB disconnect, device number 15 [ 480.150867][T20850] loop6: detected capacity change from 0 to 16 [ 480.192672][T20850] erofs: (device loop6): mounted with root inode @ nid 36. [ 480.223079][T20850] erofs: (device loop6): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 480.242320][T20850] erofs: (device loop6): z_erofs_lz4_decompress_mem: failed to decompress -14 in[55, 4041] out[1851] [ 480.260584][T20850] erofs: (device loop6): z_erofs_read_folio: failed to read, err [-117] [ 480.495140][T20871] program syz.6.4609 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 480.854068][T20894] loop0: detected capacity change from 0 to 64 [ 480.906916][T20891] loop6: detected capacity change from 0 to 4096 [ 480.936032][ T4296] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 480.962263][T20894] syz.0.4616: attempt to access beyond end of device [ 480.962263][T20894] loop0: rw=0, sector=130062, nr_sectors = 2 limit=64 [ 480.999485][T20891] ntfs: volume version 3.1. [ 481.013408][T20894] Buffer I/O error on dev loop0, logical block 65031, async page read [ 481.041670][T20891] ntfs: (device loop6): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set cp857. You might want to try to use the mount option nls=utf8. [ 481.139648][T20891] ntfs: (device loop6): ntfs_filldir(): Skipping unrepresentable inode 0x4. [ 481.165877][ T4296] usb 8-1: Using ep0 maxpacket: 32 [ 481.175279][ T4296] usb 8-1: config 0 interface 0 has no altsetting 0 [ 481.194783][ T4296] usb 8-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 481.244529][ T4296] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 481.279510][ T4296] usb 8-1: Product: syz [ 481.292420][ T4296] usb 8-1: Manufacturer: syz [ 481.325295][ T4296] usb 8-1: SerialNumber: syz [ 481.347383][ T4296] usb 8-1: config 0 descriptor?? [ 481.761250][ T4296] gs_usb 8-1:0.0: Configuring for 62 interfaces [ 481.781683][ T4296] gs_usb 8-1:0.0: Driver cannot handle more that 3 CAN interfaces [ 481.820908][ T4296] gs_usb: probe of 8-1:0.0 failed with error -22 [ 481.964157][ T128] usb 8-1: USB disconnect, device number 8 [ 482.005455][ T4296] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 482.191199][ T27] audit: type=1326 audit(1748864507.168:1710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20969 comm="syz.0.4635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f894bf8e969 code=0x7ffc0000 [ 482.195728][ T4296] usb 7-1: Using ep0 maxpacket: 32 [ 482.213671][ C1] vkms_vblank_simulate: vblank timer overrun [ 482.237977][ T27] audit: type=1326 audit(1748864507.198:1711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20969 comm="syz.0.4635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f894bf8e969 code=0x7ffc0000 [ 482.262115][ T4296] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 482.274376][ T4296] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 482.284651][ T4296] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 482.294981][ T4296] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.303350][T20973] netlink: 48 bytes leftover after parsing attributes in process `syz.5.4636'. [ 482.353694][ T4296] usb 7-1: config 0 descriptor?? [ 482.764630][T21000] usb usb8: usbfs: process 21000 (syz.0.4644) did not claim interface 0 before use [ 482.774602][ T4296] kone 0003:1E7D:2CED.0011: item fetching failed at offset 2/5 [ 482.775906][T20999] tipc: Started in network mode [ 482.800880][ T4296] kone 0003:1E7D:2CED.0011: parse failed [ 482.813531][T20999] tipc: Node identity ac1414aa, cluster identity 4711 [ 482.833511][T20999] tipc: Enabled bearer , priority 10 [ 482.852798][ T4296] kone: probe of 0003:1E7D:2CED.0011 failed with error -22 [ 482.936122][T21007] loop4: detected capacity change from 0 to 1024 [ 482.978274][ T4296] usb 7-1: USB disconnect, device number 10 [ 483.087523][T21026] program syz.5.4647 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 483.115961][ T5273] hfsplus: b-tree write err: -5, ino 4 [ 483.268218][T21036] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4650'. [ 483.694666][ T4296] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 483.877947][ T4296] usb 6-1: Using ep0 maxpacket: 32 [ 483.885896][ T4296] usb 6-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31 [ 483.914011][ T4296] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.942179][ T4296] usb 6-1: config 0 descriptor?? [ 483.954804][ T4365] tipc: Node number set to 2886997162 [ 483.970699][ T4296] usb 6-1: selecting invalid altsetting 3 [ 483.989772][ T4296] comedi comedi0: could not set alternate setting 3 in high speed [ 483.992600][T21092] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4663'. [ 484.010602][ T4296] usbduxsigma 6-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 484.038793][ T4296] usbduxsigma: probe of 6-1:0.0 failed with error -22 [ 484.101519][T21098] loop6: detected capacity change from 0 to 256 [ 484.109573][T21098] exfat: Deprecated parameter 'utf8' [ 484.121751][T21098] exfat: Deprecated parameter 'namecase' [ 484.128867][T21098] exfat: Deprecated parameter 'utf8' [ 484.156361][T21098] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 484.173274][ T4365] usb 6-1: USB disconnect, device number 16 [ 484.303972][T21110] loop4: detected capacity change from 0 to 2048 [ 484.326482][T21115] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4667'. [ 484.332627][T21110] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 484.601570][T21123] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4669'. [ 484.613472][T21123] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4669'. [ 484.888153][T21144] loop6: detected capacity change from 0 to 128 [ 484.896401][T21144] EXT4-fs: Ignoring removed oldalloc option [ 484.903194][T21144] EXT4-fs: Ignoring removed nobh option [ 484.939161][T21144] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 484.955412][T21144] ext4 filesystem being mounted at /435/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 485.001359][T10221] EXT4-fs (loop6): unmounting filesystem. [ 485.161898][T21157] loop6: detected capacity change from 0 to 1024 [ 485.270724][T21159] loop4: detected capacity change from 0 to 4096 [ 485.352887][T21166] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 485.428869][T21165] loop7: detected capacity change from 0 to 2048 [ 485.518114][T21168] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 485.627536][T21174] NILFS error (device loop7): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 485.719240][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 485.719256][ T27] audit: type=1326 audit(1748864510.700:1714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21175 comm="syz.4.4682" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcbafd8e969 code=0x0 [ 485.763554][T21174] Remounting filesystem read-only [ 485.789350][T21174] NILFS error (device loop7): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 485.925875][T12410] NILFS (loop7): disposed unprocessed dirty file(s) when detaching log writer [ 486.092059][T21187] loop7: detected capacity change from 0 to 64 [ 486.100290][T21149] loop5: detected capacity change from 0 to 40427 [ 486.118497][T21149] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 486.171223][T21149] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 486.208321][T21149] F2FS-fs (loop5): invalid crc value [ 486.252811][T21149] F2FS-fs (loop5): Found nat_bits in checkpoint [ 486.381713][T21149] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 486.389138][T21149] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 486.479679][T21180] loop6: detected capacity change from 0 to 32768 [ 486.569475][T21180] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 486.794715][T21213] loop7: detected capacity change from 0 to 256 [ 486.838158][T21213] exfat: Deprecated parameter 'namecase' [ 486.875540][T10221] ocfs2: Unmounting device (7,6) on (node local) [ 486.936994][T21213] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 487.942541][ T4474] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 488.143466][ T4474] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 488.169620][ T4474] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 488.214149][ T4474] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 488.272732][ T4474] usb 5-1: New USB device found, idVendor=056a, idProduct=0027, bcdDevice= 0.00 [ 488.297090][ T4474] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.314588][ T4474] usb 5-1: config 0 descriptor?? [ 488.331034][T21292] tipc: Started in network mode [ 488.364088][T21292] tipc: Node identity , cluster identity 4711 [ 488.370243][T21292] tipc: Failed to obtain node identity [ 488.382381][T21292] tipc: Enabling of bearer rejected, failed to enable media [ 488.433522][T21291] loop7: detected capacity change from 0 to 2048 [ 488.478430][T21291] UDF-fs: error (device loop7): udf_process_sequence: Primary Volume Descriptor not found! [ 488.525018][T21291] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 488.736150][ T4474] wacom 0003:056A:0027.0012: item 0 1 0 9 parsing failed [ 488.750425][ T4474] wacom 0003:056A:0027.0012: parse failed [ 488.772486][ T4474] wacom: probe of 0003:056A:0027.0012 failed with error -22 [ 488.935469][ T4474] usb 5-1: USB disconnect, device number 24 [ 489.248579][T21352] hugetlbfs: Bad value 'g' for mount option 'nr_inodes' [ 489.248579][T21352] [ 489.261066][T21346] sp0: Synchronizing with TNC [ 489.375959][T21344] loop5: detected capacity change from 0 to 8192 [ 490.504361][T21413] loop0: detected capacity change from 0 to 1024 [ 490.629615][T21379] loop5: detected capacity change from 0 to 32768 [ 490.699089][T21379] [ 490.699089][T21379] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 490.699089][T21379] [ 490.842898][ T75] hfsplus: b-tree write err: -5, ino 4 [ 490.903203][T21433] loop4: detected capacity change from 0 to 256 [ 490.909270][T21420] loop6: detected capacity change from 0 to 4096 [ 490.934966][ T5273] ERROR: (device loop5): diWrite: ixpxd invalid [ 490.934966][ T5273] [ 490.972032][ T5273] ERROR: (device loop5): txCommit: [ 490.972032][ T5273] [ 490.979508][ T5273] jfs_write_inode: jfs_commit_inode failed! [ 490.989641][T21420] ntfs: (device loop6): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 491.033009][ T8999] [ 491.033009][ T8999] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 491.033009][ T8999] [ 491.061971][T21440] loop0: detected capacity change from 0 to 16 [ 491.064302][ T8999] [ 491.064302][ T8999] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 491.064302][ T8999] [ 491.142636][T21440] erofs: (device loop0): mounted with root inode @ nid 36. [ 491.214594][T21436] loop7: detected capacity change from 0 to 4096 [ 491.233090][T21420] ntfs: volume version 3.1. [ 491.236335][T21440] overlayfs: failed to get redirect (-117) [ 491.319982][T21420] ntfs: (device loop6): parse_options(): Unrecognized mount option 18446744073709551615@LqE: 艞t}0$. [ 491.394414][T21436] ntfs3: loop7: failed to convert "0000" to cp949 [ 491.411670][T21420] ntfs: (device loop6): parse_options(): Unrecognized mount option 18446744073709551615@LqE: 艞t}0$. [ 491.997783][T21477] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4755'. [ 492.050665][T21477] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4755'. [ 492.342024][T21498] loop0: detected capacity change from 0 to 512 [ 492.436637][T21498] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.4759: invalid indirect mapped block 256 (level 2) [ 492.515074][T21498] EXT4-fs (loop0): 2 truncates cleaned up [ 492.540231][ T4296] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 492.568134][T21498] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 492.661740][ T27] audit: type=1400 audit(1748864517.653:1715): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=21510 comm="syz.5.4762" [ 492.712186][T21498] EXT4-fs: Can't set or change test_dummy_encryption on remount [ 492.730232][ T4296] usb 7-1: Using ep0 maxpacket: 8 [ 492.746260][ T4296] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 197, changing to 11 [ 492.789537][ T4296] usb 7-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 492.809542][T21517] loop7: detected capacity change from 0 to 512 [ 492.822171][ T4296] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.837536][T21517] EXT4-fs: Ignoring removed nobh option [ 492.865010][ T4249] EXT4-fs (loop0): unmounting filesystem. [ 492.878084][ T4296] usb 7-1: config 0 descriptor?? [ 492.916219][T21517] EXT4-fs error (device loop7): ext4_free_branches:1030: inode #11: comm syz.7.4763: invalid indirect mapped block 256 (level 2) [ 493.052333][T21531] loop4: detected capacity change from 0 to 1024 [ 493.072616][T21517] EXT4-fs (loop7): 2 truncates cleaned up [ 493.098196][T21531] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 493.126440][T21517] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 493.190362][T21517] EXT4-fs error (device loop7): ext4_validate_block_bitmap:429: comm syz.7.4763: bg 0: block 5: invalid block bitmap [ 493.237191][T21517] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 493.295619][ T4296] bigben 0003:146B:0902.0013: unexpected rdesc, please submit for review [ 493.348606][ T4296] bigben 0003:146B:0902.0013: hidraw0: USB HID vc9.b6 Device [HID 146b:0902] on usb-dummy_hcd.6-1/input0 [ 493.375722][ T4258] EXT4-fs (loop4): unmounting filesystem. [ 493.429164][ T4296] bigben 0003:146B:0902.0013: not enough fields in HID_OUTPUT_REPORT 0 [ 493.461522][ T4296] bigben 0003:146B:0902.0013: no output report found [ 493.490018][T12410] EXT4-fs (loop7): unmounting filesystem. [ 493.510314][ T4296] usb 7-1: USB disconnect, device number 11 [ 493.871182][T21569] fido_id[21569]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 494.335093][T21602] loop0: detected capacity change from 0 to 2048 [ 494.381323][T21602] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 495.153878][T21645] sp0: Synchronizing with TNC [ 495.461410][T21669] sd 0:0:1:0: device reset [ 495.698742][ T4365] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 495.806605][T21637] loop6: detected capacity change from 0 to 32768 [ 495.827425][T21637] BTRFS error: device /dev/loop6 already registered with a higher generation, found 8 expect 11 [ 495.898674][ T4365] usb 5-1: Using ep0 maxpacket: 16 [ 495.907203][ T4365] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 495.941903][ T4365] usb 5-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00 [ 496.000067][ T4365] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.029215][ T4365] usb 5-1: config 0 descriptor?? [ 496.206826][ T4430] BTRFS error: device /dev/loop6 already registered with a higher generation, found 8 expect 11 [ 496.418344][ T14] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 496.449285][ T4365] waltop 0003:172F:0500.0014: unknown main item tag 0x0 [ 496.478384][ T4365] waltop 0003:172F:0500.0014: unknown main item tag 0x0 [ 496.485428][ T4365] waltop 0003:172F:0500.0014: unknown main item tag 0x0 [ 496.518214][ T4365] waltop 0003:172F:0500.0014: unknown main item tag 0x0 [ 496.525810][ T4365] waltop 0003:172F:0500.0014: unknown main item tag 0x0 [ 496.553959][ T4365] waltop 0003:172F:0500.0014: hidraw0: USB HID v1.01 Device [HID 172f:0500] on usb-dummy_hcd.4-1/input0 [ 496.608331][ T14] usb 7-1: Using ep0 maxpacket: 8 [ 496.616021][ T14] usb 7-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 496.624437][T21680] loop0: detected capacity change from 0 to 32768 [ 496.653021][ T4365] usb 5-1: USB disconnect, device number 25 [ 496.662689][ T14] usb 7-1: config 0 interface 0 altsetting 64 endpoint 0x81 has invalid wMaxPacketSize 0 [ 496.698822][ T14] usb 7-1: config 0 interface 0 has no altsetting 0 [ 496.732723][ T14] usb 7-1: New USB device found, idVendor=5543, idProduct=0045, bcdDevice= 0.00 [ 496.741558][T21741] sd 0:0:1:0: device reset [ 496.754267][ T14] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.761304][T21680] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 496.782382][ T14] usb 7-1: config 0 descriptor?? [ 497.063890][T21740] fido_id[21740]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 497.093549][ T4249] ocfs2: Unmounting device (7,0) on (node local) [ 497.277958][T21758] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4817'. [ 497.412209][ T14] usb 7-1: string descriptor 0 read error: -71 [ 497.443849][ T14] uclogic 0003:5543:0045.0015: failed retrieving string descriptor #200: -71 [ 497.471854][ T14] uclogic 0003:5543:0045.0015: failed retrieving pen parameters: -71 [ 497.503731][ T14] uclogic 0003:5543:0045.0015: failed probing pen v2 parameters: -71 [ 497.529210][ T14] uclogic 0003:5543:0045.0015: failed probing parameters: -71 [ 497.547118][ T14] uclogic: probe of 0003:5543:0045.0015 failed with error -71 [ 497.597953][ T14] usb 7-1: USB disconnect, device number 12 [ 497.829111][T21796] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 498.331613][T21771] loop0: detected capacity change from 0 to 32768 [ 498.357713][T21771] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 11 [ 498.367341][ T14] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 498.440665][ T4430] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 498.567490][ T14] usb 5-1: Using ep0 maxpacket: 8 [ 498.585119][ T14] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 498.615214][ T14] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.640183][ T14] usb 5-1: Product: syz [ 498.644421][ T14] usb 5-1: Manufacturer: syz [ 498.667249][ T14] usb 5-1: SerialNumber: syz [ 498.689078][ T14] usb 5-1: config 0 descriptor?? [ 498.705226][T21828] loop7: detected capacity change from 0 to 256 [ 498.714159][ T14] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 498.742711][ T14] usb 5-1: setting power ON [ 498.757613][ T14] dvb-usb: bulk message failed: -22 (2/0) [ 498.786505][T21828] exFAT-fs (loop7): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 498.819293][ T14] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 498.844094][T21799] loop5: detected capacity change from 0 to 32768 [ 498.877834][ T14] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 498.915683][T21807] dvb-usb: bulk message failed: -22 (3/0) [ 498.929511][T21799] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 498.945262][ T14] usb 5-1: media controller created [ 498.957008][T21807] usb 5-1: gpio_write failed. [ 498.986498][T21799] [ 498.988888][T21799] ====================================================== [ 498.995935][T21799] WARNING: possible circular locking dependency detected [ 498.998568][T21807] cxusb: i2c rd: len=1792 is too big! [ 498.998568][T21807] [ 499.002963][T21799] 6.1.140-syzkaller #0 Not tainted [ 499.015645][T21799] ------------------------------------------------------ [ 499.022685][T21799] syz.5.4828/21799 is trying to acquire lock: [ 499.028783][T21799] ffff888079394650 (sb_internal#4){.+.+}-{0:0}, at: ocfs2_write_begin_nolock+0x1ca5/0x4270 [ 499.038849][T21799] [ 499.038849][T21799] but task is already holding lock: [ 499.046239][T21799] ffff888045dd8660 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_write_begin+0x195/0x300 [ 499.050059][ T14] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 499.056887][T21799] [ 499.056887][T21799] which lock already depends on the new lock. [ 499.056887][T21799] [ 499.056897][T21799] [ 499.056897][T21799] the existing dependency chain (in reverse order) is: [ 499.056903][T21799] [ 499.056903][T21799] -> #6 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}: [ 499.056935][T21799] down_write+0x36/0x60 [ 499.056964][T21799] ocfs2_lock_global_qf+0x1e5/0x270 [ 499.056986][T21799] ocfs2_acquire_dquot+0x2a0/0xb10 [ 499.057007][T21799] dqget+0x778/0xeb0 [ 499.057027][T21799] __dquot_initialize+0x3b6/0xcb0 [ 499.119551][T21799] ocfs2_get_init_inode+0x138/0x1b0 [ 499.125326][T21799] ocfs2_mknod+0x8be/0x2350 [ 499.130362][T21799] ocfs2_mkdir+0x1b6/0x4a0 [ 499.135342][T21799] vfs_mkdir+0x387/0x570 [ 499.140112][T21799] do_mkdirat+0x1d0/0x430 [ 499.144974][T21799] __x64_sys_mkdirat+0x85/0x90 [ 499.150265][T21799] do_syscall_64+0x4c/0xa0 [ 499.155213][T21799] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 499.161642][T21799] [ 499.161642][T21799] -> #5 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{3:3}: [ 499.172167][T21799] down_write+0x36/0x60 [ 499.176856][T21799] ocfs2_lock_global_qf+0x1c7/0x270 [ 499.182584][T21799] ocfs2_acquire_dquot+0x2a0/0xb10 [ 499.188238][T21799] dqget+0x778/0xeb0 [ 499.192675][T21799] __dquot_initialize+0x3b6/0xcb0 [ 499.198234][T21799] ocfs2_get_init_inode+0x138/0x1b0 [ 499.203975][T21799] ocfs2_mknod+0x8be/0x2350 [ 499.209029][T21799] ocfs2_mkdir+0x1b6/0x4a0 [ 499.213990][T21799] vfs_mkdir+0x387/0x570 [ 499.218767][T21799] do_mkdirat+0x1d0/0x430 [ 499.223627][T21799] __x64_sys_mkdirat+0x85/0x90 [ 499.228936][T21799] do_syscall_64+0x4c/0xa0 [ 499.233886][T21799] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 499.240316][T21799] [ 499.240316][T21799] -> #4 (&dquot->dq_lock){+.+.}-{3:3}: [ 499.247973][T21799] __mutex_lock+0x120/0xaf0 [ 499.253031][T21799] dquot_commit+0x5a/0x410 [ 499.257999][T21799] ext4_write_dquot+0x1f0/0x360 [ 499.263391][T21799] mark_all_dquot_dirty+0xf9/0x400 [ 499.269040][T21799] __dquot_free_space+0x7ec/0xbc0 [ 499.274613][T21799] ext4_free_blocks+0x1bab/0x2640 [ 499.280194][T21799] ext4_ext_remove_space+0x1dd3/0x4490 [ 499.286201][T21799] ext4_ext_truncate+0x211/0x370 [ 499.291674][T21799] ext4_truncate+0xa0b/0x1230 [ 499.296878][T21799] ext4_setattr+0x10cb/0x19f0 [ 499.302083][T21799] notify_change+0xc74/0xf40 [ 499.307303][T21799] do_truncate+0x197/0x220 [ 499.312305][T21799] path_openat+0x27f2/0x2e70 [ 499.317535][T21799] do_filp_open+0x1c1/0x3c0 [ 499.322578][T21799] do_sys_openat2+0x142/0x490 [ 499.327790][T21799] __x64_sys_creat+0x8c/0xb0 [ 499.332914][T21799] do_syscall_64+0x4c/0xa0 [ 499.337875][T21799] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 499.344315][T21799] [ 499.344315][T21799] -> #3 (&ei->i_data_sem){++++}-{3:3}: [ 499.352057][T21799] down_write+0x36/0x60 [ 499.356747][T21799] ext4_truncate+0x987/0x1230 [ 499.361946][T21799] ext4_setattr+0x10cb/0x19f0 [ 499.367147][T21799] notify_change+0xc74/0xf40 [ 499.372319][T21799] do_truncate+0x197/0x220 [ 499.377272][T21799] do_sys_ftruncate+0x312/0x3c0 [ 499.382668][T21799] do_syscall_64+0x4c/0xa0 [ 499.387616][T21799] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 499.394045][T21799] [ 499.394045][T21799] -> #2 (jbd2_handle){++++}-{0:0}: [ 499.401347][T21799] start_this_handle+0x1f49/0x2150 [ 499.406987][T21799] jbd2__journal_start+0x2b7/0x5a0 [ 499.412638][T21799] jbd2_journal_start+0x26/0x30 [ 499.418015][T21799] ocfs2_start_trans+0x372/0x6c0 [ 499.423484][T21799] ocfs2_mknod+0xe6a/0x2350 [ 499.428515][T21799] ocfs2_mkdir+0x1b6/0x4a0 [ 499.433459][T21799] vfs_mkdir+0x387/0x570 [ 499.438234][T21799] do_mkdirat+0x1d0/0x430 [ 499.443088][T21799] __x64_sys_mkdirat+0x85/0x90 [ 499.448378][T21799] do_syscall_64+0x4c/0xa0 [ 499.453322][T21799] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 499.459751][T21799] [ 499.459751][T21799] -> #1 (&journal->j_trans_barrier){.+.+}-{3:3}: [ 499.468277][T21799] down_read+0x42/0x2d0 [ 499.472959][T21799] ocfs2_start_trans+0x366/0x6c0 [ 499.478422][T21799] ocfs2_mknod+0xe6a/0x2350 [ 499.483459][T21799] ocfs2_mkdir+0x1b6/0x4a0 [ 499.488400][T21799] vfs_mkdir+0x387/0x570 [ 499.493175][T21799] do_mkdirat+0x1d0/0x430 [ 499.498032][T21799] __x64_sys_mkdirat+0x85/0x90 [ 499.503321][T21799] do_syscall_64+0x4c/0xa0 [ 499.508274][T21799] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 499.514702][T21799] [ 499.514702][T21799] -> #0 (sb_internal#4){.+.+}-{0:0}: [ 499.522180][T21799] __lock_acquire+0x2cf8/0x7c50 [ 499.527562][T21799] lock_acquire+0x1b4/0x490 [ 499.532594][T21799] ocfs2_start_trans+0x267/0x6c0 [ 499.538055][T21799] ocfs2_write_begin_nolock+0x1ca5/0x4270 [ 499.544299][T21799] ocfs2_write_begin+0x1b8/0x300 [ 499.549759][T21799] generic_perform_write+0x2db/0x560 [ 499.555579][T21799] __generic_file_write_iter+0x172/0x430 [ 499.561751][T21799] ocfs2_file_write_iter+0x1593/0x1df0 [ 499.567753][T21799] vfs_write+0x44c/0x960 [ 499.572519][T21799] ksys_write+0x143/0x240 [ 499.577462][T21799] do_syscall_64+0x4c/0xa0 [ 499.582412][T21799] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 499.588850][T21799] [ 499.588850][T21799] other info that might help us debug this: [ 499.588850][T21799] [ 499.599081][T21799] Chain exists of: [ 499.599081][T21799] sb_internal#4 --> &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7 --> &ocfs2_quota_ip_alloc_sem_key [ 499.599081][T21799] [ 499.616138][T21799] Possible unsafe locking scenario: [ 499.616138][T21799] [ 499.623592][T21799] CPU0 CPU1 [ 499.628955][T21799] ---- ---- [ 499.634318][T21799] lock(&ocfs2_quota_ip_alloc_sem_key); [ 499.640043][T21799] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7); [ 499.649856][T21799] lock(&ocfs2_quota_ip_alloc_sem_key); [ 499.658028][T21799] lock(sb_internal#4); [ 499.662291][T21799] [ 499.662291][T21799] *** DEADLOCK *** [ 499.662291][T21799] [ 499.670446][T21799] 4 locks held by syz.5.4828/21799: [ 499.675643][T21799] #0: ffff88807b48e0e8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x2ae/0x360 [ 499.684892][T21799] #1: ffff888079394460 (sb_writers#28){.+.+}-{0:0}, at: vfs_write+0x256/0x960 [ 499.693868][T21799] #2: ffff888045dd89c8 (&sb->s_type->i_mutex_key#40){+.+.}-{3:3}, at: ocfs2_file_write_iter+0x438/0x1df0 [ 499.705209][T21799] #3: ffff888045dd8660 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_write_begin+0x195/0x300 [ 499.716357][T21799] [ 499.716357][T21799] stack backtrace: [ 499.722243][T21799] CPU: 1 PID: 21799 Comm: syz.5.4828 Not tainted 6.1.140-syzkaller #0 [ 499.730395][T21799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 499.740549][T21799] Call Trace: [ 499.743838][T21799] [ 499.746773][T21799] dump_stack_lvl+0x168/0x22e [ 499.751481][T21799] ? load_image+0x3b0/0x3b0 [ 499.756011][T21799] ? show_regs_print_info+0x12/0x12 [ 499.761224][T21799] ? print_circular_bug+0x12b/0x1a0 [ 499.766434][T21799] check_noncircular+0x274/0x310 [ 499.771389][T21799] ? add_chain_block+0x940/0x940 [ 499.776344][T21799] ? lockdep_lock+0xdc/0x1e0 [ 499.780973][T21799] ? _find_first_zero_bit+0xcf/0x100 [ 499.786266][T21799] ? _find_first_zero_bit+0xcf/0x100 [ 499.791561][T21799] __lock_acquire+0x2cf8/0x7c50 [ 499.796435][T21799] ? verify_lock_unused+0x140/0x140 [ 499.801647][T21799] ? verify_lock_unused+0x140/0x140 [ 499.806852][T21799] ? stack_trace_save+0x98/0xe0 [ 499.811717][T21799] lock_acquire+0x1b4/0x490 [ 499.816229][T21799] ? ocfs2_write_begin_nolock+0x1ca5/0x4270 [ 499.822125][T21799] ? __might_sleep+0xd0/0xd0 [ 499.826725][T21799] ? do_raw_spin_lock+0x11d/0x280 [ 499.831764][T21799] ? read_lock_is_recursive+0x10/0x10 [ 499.837147][T21799] ? __rwlock_init+0x140/0x140 [ 499.841928][T21799] ? do_raw_spin_unlock+0x11d/0x230 [ 499.847141][T21799] ocfs2_start_trans+0x267/0x6c0 [ 499.852087][T21799] ? ocfs2_write_begin_nolock+0x1ca5/0x4270 [ 499.858006][T21799] ? ocfs2_recovery_exit+0x50/0x50 [ 499.863207][T21799] ocfs2_write_begin_nolock+0x1ca5/0x4270 [ 499.868956][T21799] ? ocfs2_size_fits_inline_data+0x90/0x90 [ 499.874773][T21799] ? __lock_acquire+0x28b5/0x7c50 [ 499.879828][T21799] ? ocfs2_inode_unlock_tracker+0x26c/0x2e0 [ 499.885735][T21799] ? mark_lock+0x94/0x320 [ 499.890072][T21799] ? __might_sleep+0xd0/0xd0 [ 499.894675][T21799] ? preempt_count_add+0x8d/0x190 [ 499.899701][T21799] ? rwsem_write_trylock+0x12f/0x1b0 [ 499.904991][T21799] ? clear_nonspinnable+0x60/0x60 [ 499.910020][T21799] ? lock_chain_count+0x20/0x20 [ 499.914882][T21799] ocfs2_write_begin+0x1b8/0x300 [ 499.919823][T21799] ? ktime_get_real_ts64+0x420/0x420 [ 499.925115][T21799] ? ocfs2_readahead+0x190/0x190 [ 499.930095][T21799] ? __vfs_getxattr+0x395/0x3d0 [ 499.935047][T21799] ? fault_in_readable+0x18a/0x1f0 [ 499.940173][T21799] ? fault_in_iov_iter_readable+0xbb/0x2e0 [ 499.945992][T21799] generic_perform_write+0x2db/0x560 [ 499.951296][T21799] ? atime_needs_update+0x780/0x780 [ 499.956519][T21799] ? generic_file_direct_write+0x660/0x660 [ 499.962342][T21799] ? __file_remove_privs+0x5b0/0x5b0 [ 499.967645][T21799] ? __rwlock_init+0x140/0x140 [ 499.972422][T21799] ? __up_read+0x27c/0x660 [ 499.976846][T21799] __generic_file_write_iter+0x172/0x430 [ 499.982501][T21799] ? ocfs2_inode_unlock+0x11a/0x140 [ 499.987725][T21799] ocfs2_file_write_iter+0x1593/0x1df0 [ 499.993198][T21799] ? verify_lock_unused+0x140/0x140 [ 499.998415][T21799] ? ocfs2_file_read_iter+0xb50/0xb50 [ 500.003800][T21799] ? aa_file_perm+0x3ef/0xec0 [ 500.008492][T21799] ? rcu_read_lock_any_held+0xb0/0x120 [ 500.013955][T21799] ? rcu_read_lock_bh_held+0xe0/0xe0 [ 500.019247][T21799] ? end_current_label_crit_section+0x14b/0x170 [ 500.025496][T21799] ? common_file_perm+0x171/0x1c0 [ 500.030530][T21799] vfs_write+0x44c/0x960 [ 500.034780][T21799] ? file_end_write+0x250/0x250 [ 500.039644][T21799] ? __fget_files+0x44a/0x4d0 [ 500.044339][T21799] ? __fdget_pos+0x2ae/0x360 [ 500.048947][T21799] ? ksys_write+0x71/0x240 [ 500.053370][T21799] ksys_write+0x143/0x240 [ 500.057716][T21799] ? __ia32_sys_read+0x80/0x80 [ 500.062485][T21799] ? lockdep_hardirqs_on+0x94/0x140 [ 500.067705][T21799] do_syscall_64+0x4c/0xa0 [ 500.072134][T21799] ? clear_bhb_loop+0x60/0xb0 [ 500.076814][T21799] ? clear_bhb_loop+0x60/0xb0 [ 500.081495][T21799] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 500.087410][T21799] RIP: 0033:0x7f4e2238e969 [ 500.091827][T21799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 500.111440][T21799] RSP: 002b:00007f4e231f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 500.119861][T21799] RAX: ffffffffffffffda RBX: 00007f4e225b5fa0 RCX: 00007f4e2238e969 [ 500.127837][T21799] RDX: 0000000000000020 RSI: 00002000000001c0 RDI: 0000000000000004 [ 500.135809][T21799] RBP: 00007f4e22410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 500.143781][T21799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 500.151753][T21799] R13: 0000000000000000 R14: 00007f4e225b5fa0 R15: 00007ffc6993dad8 [ 500.159738][T21799] [ 500.262292][ T14] usb 5-1: selecting invalid altsetting 6 [ 500.297499][ T14] usb 5-1: digital interface selection failed (-22) [ 500.316106][ T14] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 500.346097][ T14] usb 5-1: setting power OFF [ 500.356243][ T14] dvb-usb: bulk message failed: -22 (2/0) [ 500.367605][ T14] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 500.377524][ T14] (NULL device *): no alternate interface [ 500.387756][ T8999] ocfs2: Unmounting device (7,5) on (node local) [ 500.400354][ T14] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 500.437542][ T14] usb 5-1: USB disconnect, device number 26 [ 501.448806][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.455147][ T1274] ieee802154 phy1 wpan1: encryption failed: -22