last executing test programs: 7m10.753588074s ago: executing program 2 (id=5033): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt_cache\x00') preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000002380)=""/169, 0xa9}], 0x1, 0x80, 0x1) 7m10.577105214s ago: executing program 2 (id=5035): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="5c0000001000ffff27bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="1503000021200000280012800900010076657468000000001800028014000100000000006e71c217319f"], 0x5c}, 0x1, 0x0, 0x0, 0x28001}, 0x8000002) 7m10.142698539s ago: executing program 2 (id=5044): r0 = openat$dsp(0xffffff9c, &(0x7f0000000080), 0x480, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r0, 0x80044d00, &(0x7f0000000100)) 7m9.935765981s ago: executing program 2 (id=5047): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000300)='./file0\x00', 0x2000004, &(0x7f0000000500)=ANY=[@ANYBLOB="00e3078fbb81fca067351e718b1742354077ee6bdefb8addaf7c0c235850b66dac0ba564a370a77264f1a57d44c84efc49fa6c64b9351ea8fd59a458a7791fedcc466b0eab6ca6dd32fcc642517fa3219450b91e3118bf2b9d3cfa562ea44c058252d29181c81c637c6ba7d179122eee61e5c9f68165b6abd469da8d90c0632f7265bb040411d5748c475bb33a7ce77afb2ea533f1653d8cb67dad989bb0a1c16881f0d91d6cbd3751c289aecf4a00"/185, @ANYBLOB="b12398658f5ec6488081d04c33b5a507b1cac8c4376c1895046a1e6e068e53d002eb4279796b4c014f4febee026f87bd0eea7d27598f7ff2687552fdd651", @ANYRESOCT=0x0, @ANYRES64], 0x1, 0x497, &(0x7f0000002480)="$eJzs281vG8Ufx/HPbGJnk/b3w31yC6qEJSSKiiix05I+gRRa0iL1gbYJAqEWhcYJVhMnitOqraCtxKFHoEggJA7l0AtCVZHgAgcOcOM/4MKtBy6YEycQms2sd+26JK0fEjfvl5R4vPv17uzM7OysdywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACC9/MpQf9Ysdy4AAEA7HTt1sj/H9R8AgFVlhPt/AACA1cTI0ycy+uHTsjkavF/gHykUz18cPThc/2O9JvhkVxBv//xsbmDnrhcGd4ev//35Zntcx0+NDGUOzEzPzuVLpfx4ZrRYODsznl/yFhr9fK3tQQFkps+dH5+YKGVyOwaqVl9M3e1Zk07tG0zvfzqMHT04PHwqFtOdeOi93+N+I/ykPF2XUfnj2+aYJE+Nl8UibafVeoOD2B4cxOjB4eBApgpjxXm70oQF4VWXSTIsozbURUM2SjZfJtmce7aEPJVktCldNscldYXl8GzwxfDiG/Cako0HZvN5WlJGHVBnK1iPPO2S0Y09Kb1myyys/27p/eXOHFquW55uy2jbS2VzIugP7Plku80jr2deLU7MxGKNcWdUp18f2mmF902+PB0LzviyObncmUHb2cHSaRntHLkQjCsUjEsf2zd46PBIfISxeZHt2NgdLr2Ua3IiNnQwyzSGAAAAAAAAAB51vvGC7+I+/8YP3mfcMyCsEsbT8zL683A5eDQen5fQFZvfUdHpz35am/9e/8DM7KW5wuS783XX9/lD75Tm58bO1l+tXnvyVX0dvtg8hgYljKfdMrr6z51ovylj064biHZ0a3+UN9/UrA3azf8X5rOEzxD2Dm+Op+tm+QGej6XcfumfgOYwxtOQjCa+3+LmfvTpnj7IxX0roz9ubnVxXtIGhadpKvjvTxSm8v029icZffl3GBtMM9MaF7shis3aWE9GHx2tjl3rYjdGsTkbe0hGP5+pH7spih2wsR/IaPb3TBjbZ2OfdLHpKHbH2Zmp8ZYV8Apn+/8rMlr/YsaEdenKy3WzXZXYW+9F/f212g3dp89vtP9PxZZdc+3wrm2vZ7YEbS9or1799npdRl9/t9XFLbSVpFu/Lvgftdc3ZDT5S3Vsn4tdH8Vml1ywHcLW/9syyhXvVMrG1b+rgdj1P1b/T9S2jhbV/7rYspTbb09zDh2SSpcunxubmsrPkSBBYgmJHq2IbCySCPvlh9/OMndMaAt7/f9MRm+e+LUy3nHXfzesjsZ/f12Jrv97azfUouv/+tiyvW40kuiW/Pnp2URa8kuXLj9XmB6bzE/miwO57J7+PTsHs4lkOLaLUg0X1SMp4e7VLnz4VeX+rHr8V3/831e7oRbV/waXzXCfUSfVlMNf9Wz9/yajt368U7mPtvV/sxJRPf4P77OeeWrhtXJ+tqj+N8aWpdx+/9eE4wYAAAAAAAAAAAAAAACATpcwnm7IyD/dbcLfRi1l/t89P5hq0fyvdGzZeJt+r9BwoQJAB/Dk6QsZbVPZXLUL1kpH4694pP0bAAD//3VdHM0=") mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x80, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 7m9.437266279s ago: executing program 2 (id=5054): r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000100)="1b0000001e005f0014f9f407faac47000a00000004000000000008", 0x1b) 7m8.761232688s ago: executing program 2 (id=5065): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x50}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3d}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x64, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6ff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 7m8.370993201s ago: executing program 32 (id=5065): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x50}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3d}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x64, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6ff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.548803317s ago: executing program 1 (id=10854): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@bridge_delneigh={0x30, 0x1e, 0x1, 0x70bd2d, 0x25dfdbfc, {0xa}, [@NDA_DST_IPV6={0x14, 0x1, @private0}]}, 0x30}}, 0x20000000) 3.364209447s ago: executing program 1 (id=10856): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x1, {{0xa, 0x4e23, 0x5, @rand_addr=' \x01\x00', 0x1}}, {{0xa, 0x4e22, 0x8001, @dev={0xfe, 0x80, '\x00', 0x2c}, 0x3}}}, 0x108) 3.205333487s ago: executing program 1 (id=10858): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000200)={[{@noblock_validity}, {@errors_remount}, {@sysvgroups}, {@norecovery}, {@oldalloc}, {@orlov}, {@oldalloc}, {@auto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x580, &(0x7f0000001b40)="$eJzs3U1rVFcfAPD/nUx8fx4jiLRdlICLWqwTk/TFQkG7LK1UaPd2SK5BMnEkMxGTCuqibropUiilQukH6L5L6RfopxBaQYqEdtFNyp3c0TGTmcQ4dkbn94Or59xzJ+eee+45+Z+5EyaAoTWe/VOIeDUivkkiDraUFSMvHF8/bvXhtZlsS2Jt7bM/k0jyfc3jk/z//XnmlYj49auI44X2emvLK/PlSiVdzPMT9YXLE7XllRMXF8pz6Vx6aWp6+tQ701Pvv/duz9r65rm/v//07kenvj66+t3P9w/dTuJMHMjLWtvxDG60ZsZjPL8mo3Fmw4GTPahskCT9PgF2ZCQf56ORzQEHYyQf9cDL73pErAFDKjH+YUg144Dm2r5H6+AXxoMP1xdA7e0vrr83Ensaa6N9q8kTK6NsvTvWg/qzOn75487tbIst3oe43oP6AJpu3IyIk8Vi+/yX5PPfzp1svHnc3cY6hu33D/TT3Sz+eWuz+KfwKP6JTeKf/ZuM3Z3YevwX7vegmo6y+O+DTePfR1PX2Eie+18j5htNLlyspCcj4v8RcSxGd2f5bs9zTq3eW+tU1hr/ZVtWfzMWzM/jfnH3k6+ZLdfLz9LmVg9uRrz2OP5Nom3+39OIdTf2f3Y9zm2zjiPpndc7lW3d/mhZqvQ+Al77KeKNTfv/8ROtpPvzyYnG/TDRvCva/XXryG+d6t9G+5+rrP/3dW//WNL6vLb29HX8uOeftFPZTu//XcnnjfSufN/Vcr2+OBmxK/mkff/U49c2883js/YfO9p9/tvs/t8bEV9ss/23Dt/qeOgg9P/sU/X/0yfuffzlD53q317/v91IHcv3bGf+2+4JPsu1AwAAAAAAgEFTiIgDEWOlR+lCoVRa/3zH4dhXqFRr9eMXqkuXZhvHxViMFppPug+2fB5iMv88bDM/tSE/HRGHIuLbkb2NfGmmWpntd+MBAAAAAAAAAAAAAAAAAABgQOxv/M1/Utj49/+Z30f6fXbAc+crv2F4bTn+e/FNT8BA8vsfhpfxD8PL+IfhZfzD8DL+YXh1Gf+mBnjJGeQwvIx/AAAAAAAAAAAAAAAAAAAAAAAAAAAA6KlzZ89m29rqw2szWX72yvLSfPXKidm0Nl9aWJopzVQXL5fmqtW5SlqaqS5s9fMq1erlyalYujpRT2v1idryyvmF6tKl+vmLC+W59Hw6+p+0CgAAAAAAAAAAAAAAAAAAAF4steWV+XKlki5KdEycjoE4jR0nkq16+XR+M7QVFfKCbi8v9r+BL22i2PXKP99EHyclAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjg3wAAAP//IAU3iQ==") setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) 2.575254993s ago: executing program 1 (id=10865): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x80, 0x5, 0x7fff0003}]}) getpgrp(0x0) 2.299621998s ago: executing program 1 (id=10867): syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x792, &(0x7f0000020c00)="$eJzs3ctrXGUbAPDnTJKmTft9iSBouzEgaKA0sTW2CgoVFyJYKOjadkimoWaSCZlJaUJAiwhuBBUXgm66cuGl7tx6ATfqf+FCLFXTYsWFjJzJTDNpZtLJbSaa3w9O8r7nMs/7zLm9M+dwJoA9azD9k4k4HBHvJBH91fFJRPRUSt0Rp5fnu720OJYOSZTLL/2WVOa5tbQ4FnXLpA5WKw9GxDdvRhzNrI1bnF+YzObzudlqfaQ0NTNSnF84dnEqO5GbyE2fPD46euLUE6dObl+uf/y4cOj6u88/+vnpv9544Nrb3yZxOg5Vp9XnsWnPrK4OxmD1PelJ38JVnttysN0l6XQD2JR01+xa3svjcPRHV6UEAPyXvRYRZQBgj0mc/wFgj6l9D3BraXGsNnT2G4n2uvFsROxfzr92fXN5Snf1mt3+ynXQvlvJqisjSUQMbEP8wYj46MtXPk2H2K7rkAAteP1KRJwfGFx7/E/W3LOwUY+tM21f9f/gXePT+K5AQ3t8lfZ/nmzU/8vc6f9Eg/5Pb4N9dzMa7f+rRhzYhiDruPFxxNN197bdrsu/ohwDXdXa/yp9vp7kwsV8Lj22/T8ihqKnN60fXyfG0M2/bzabVt//+/29Vz9J46f/V+bI/NLdu3qZ8Wwpu7WsV9y4EnGku1H+yZ31nzTp/55tMcYLT731YbNpaf5pvrVhbf5RvTtpZ5SvRjzScP2v3NGWrHt/4khlcxipbRQNfPHTB33N4tev/3RI49c+C7RDuv771s9/IKm/X7O48Rg/XO3/utm0e+ffePvfl7xcKdf6EZezpdLs8Yh9yYtrx59YWfZy9qFqaXn+NP+hhxvv/+tt/+lnwvMt5t99/dfPNp//zkrzH9/Q+t944drtya5m8Vtb/6OV0lB1TCvHv1YbuJX3DgAAAAAAAAAAAAAAAAAAAAAAAABalYmIQ5Fkhu+UM5nh4eXf8L4/+jL5QrF09EJhbno8Kr+VPRA9mdqjLvvTem9EVJ9/OlD3fNQTdfX0dR+PiPsi4v3eA0ntOYrjHc4dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGoONvn9/9TPvZ1uHQCwY/Z3ugEAQNs5/wPA3uP8DwB7T2vn/64dbwcA0D4+/wPA3uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwA47e+ZMOpT/XFocS+vjl+bnJguXjo3nipPDU3Njw2OF2ZnhiUJhIp8bHitM3ev18oXCzGhMz10eKeWKpZHi/MK5qcLcdOncxansRO5crqctWQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxhTnFyaz+XxuVmEThfLuaEbnC13VzWm3tKethWRri898/92RXZDF3YUOH5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/iX+CQAA///iziCi") lstat(&(0x7f00000008c0)='./file0\x00', 0x0) 1.827969375s ago: executing program 1 (id=10872): syz_mount_image$ocfs2(&(0x7f00000002c0), &(0x7f0000000140)='./file1\x00', 0x8c0, &(0x7f0000000500)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c6572726f72733d72656d6f756e742d726f2c61636c2c00a9b504852143b698d2e379891a0dde7f9adfca8cc85bf8e749e04e", @ANYRES16, @ANYRESOCT, @ANYRES16], 0x11, 0x445c, &(0x7f0000004a80)="$eJzs3c9vE9kdAPA3k1ASyo+EcqBSpVoqUqu2ihJOtEFqEgIhgZSKFlT1YpzEQFonRolT9YBEekPtqVIPVQ9oV9pbTij/APsn7GWP7BlpOexlpZXQemV7HDwTezFgh2X1+Rw89vvtfGee3xwmL05U7q5u5lY3c4X1XHn59ubZ3N/Lpa21YogPSNv+Dx1c/3TnNc+TsN37Numhaxcu/fHm2RA+Xvn0WbVarYaawdDWRMv7L7+4v9x6bIozdWrttm+tV/4SQji1b1w1AyGEPycDmk7SZpLjcAjhWAghCiHcvP/vW7kejebx0+L5/IvFh7uTZxZ2Hu12/u5RCP8v/fjXd9Y+/9nA5Ge/7FH3AAAAAAAAAAAAAAAAAAC85+auX7vxh/GJ8CQKgzvR/ud155Jjp+djqz3z005D/FdPvzAAAAAAAAAAAAAAAAAAAAB8B718/j8XnWzz/P9scpzqUL/6uw4Zh3s7Tvpj/vfXZi+OTyT7v0f78s8lSc+nB8Jom33fs/u/T2fqt9//PWl04O3H3xxfs9+REMVj1Qd7+SMhjsfGQvgw2fj9dHQkLpU3K7+6Xd5aX3n7/t936fg3NstPnQXJ/vndxn8m037/9///UcietbXPt/afyrSRjn/nC/Kjf0Zdxf9Cpt5BxJ83l47/YD1tuLXAVGMCqMX/P4Ovjv9spv1+xf94CCEX1caaS80AtTVMLb3TeoW0dPwP1dNSU2fyh+x0/X+Vif/FTPud4n+i/vqDHnyD9vP/dvaHiLbS8W/EYyhV4uX1Pxp3vv6bc8alTPvv4ve/Nv5tv/9dScc/uWkbTBWp/yW7nf/nMu33K/434mScx6PUGbATNdI7/b860tLxH9qXfy5q3KU9n467Wv9dztT/1vu/Hmje/zX7rd//tdyH/CJq3P/RXjr+wx3LdXv9z2fq9Xv+n6qv/3hT6fgfqael184j9ddu47+Qab9f8a+vSoaa8X85n3x9uJH+gfVfV9Lx/2EjMW4tsV1/ra//onTcq9Xqg+z6/0qm/Xex/quNfzvub6/fF+n4H+1Yrhb/T7r4/b+aqdf/+Icwbq3/xtLxP5bJnapWq4139et/6NXxX8y00O/4/7yfjQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8B2aS40iI4rHU5zgeGwvhQvL5dDgSLRVW8kul8vLfNkOYTdJz4WR0p1ReKpTyq+vllWK+UCqVl0O4mOSfCkPRZqlcya8V7l3aa2s4ulssbFSWioVKCGEuSf9JONZsa2m1sla4F0K4vJd3Ii5v3LtbWM+vrG78dnx8fDzM741hNCr+o1JcrzR6b+SGsLBXdyRqGVw9+8reWI5Gfy1vbawXSvX0qy11SuXlQqmlzmKS998wGlU2ttaXC5VivlS+0+zvXZpKjrPz1/90/erEvvxbUeM4c7DDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA1PZn8zf9CCIONT3EIYar5JmpX/vHT4vn8i8WHu5NnFnYe7T7rVA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bt24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsEvHKBEDURiA34yF2nkMq5B0tgmKaGFE8AR6DA8Tj+IlvIOFha2FCGYGNO5Cmt3q+5oH+Xl5PyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKxzeTfe37ZdRIqjr8OIl8fXt9/5dZnTMM+82D/YU0924+pmPL9ou/Ld07/8rDx67/NP+vnx9BAbZvU8/N1f/k+zeud4a69pWNe/9qt3TyLlJiL6kp+mnJtm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GYHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AsAAAAACDM3zqKvg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgVwAAAP//xmUngw==") creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x40) 1.74720011s ago: executing program 4 (id=10874): r0 = socket(0x848000000015, 0x805, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c) 1.511428063s ago: executing program 3 (id=10875): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000e40)=ANY=[@ANYBLOB="50010000100001000000000000000000fc0000000000000000a6d2b4d7a284dbe80000020000000000000000f000"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe80000000000000000000000000008a000004d36c000000fe8000000000000000000000000000bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffffffffffff000000000080000000000000050000000000000000000000000000000a0000004000000000000000480003006465666c6174650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008001d000000000008001f000400000008001e"], 0x150}}, 0x40000) 1.22372556s ago: executing program 3 (id=10876): r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r0, 0x10d, 0x91, &(0x7f0000000000), &(0x7f0000000080)=0x4) 1.169524323s ago: executing program 4 (id=10878): setitimer(0x2, &(0x7f0000000580)={{0x77359400}, {0x0, 0xea60}}, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x7ff, 0xffffffdfffffffff}, 0x0) 978.593984ms ago: executing program 3 (id=10879): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000200)={0xa0, 0x280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {0xffffffff}}) 866.627ms ago: executing program 0 (id=10880): r0 = socket(0x10, 0x80002, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b24, &(0x7f0000000000)={'wlan0\x00'}) 796.025125ms ago: executing program 4 (id=10881): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d, 0xb0c6}, [@IFLA_IFNAME={0x14, 0x3, 'ipvlan1\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_FLAGS={0x6, 0x2, 0x2}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x840}, 0x0) 723.087299ms ago: executing program 3 (id=10882): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x24, 0x3b, 0x107, 0x0, 0x0, {0x2, 0x7c}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x805'}]}]}, 0x24}}, 0x0) 713.884979ms ago: executing program 0 (id=10883): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) ioctl$VIDIOC_ENUMAUDIO(r0, 0xc0345641, &(0x7f0000000040)={0x0, "eaf716300d6494e1cff7c67783b0d0c45678ef69fd4795732cb34e8fc696d5a6", 0x1, 0x1}) 584.027037ms ago: executing program 4 (id=10884): r0 = openat$binfmt_register(0xffffff9c, &(0x7f0000000280), 0x1, 0x0) write$binfmt_register(r0, &(0x7f00000004c0)={0x3a, 'syz0', 0x3a, 'M', 0x3a, 0x80000000, 0x3a, '\x1a\x98\x12\x89\x853\x0f\x80\xcb\xb64\x1a\xac\xadpD\x9f', 0x3a, '\x00\x00\x00\xcd\x9a\x86 \xa5\x91\xd7\xc3\xc3\xc8\xb0\xf1\x16Wt\xc2\x83s\xee\xe1Wgt\xa8\xf0\xcdP\x9fu\x85/\x9dq\xc6\x13gj\xe2\x80\x10\xeb.>\x92\xccj/\xa5D\xc1[\xa8\x177U\xebi#=\xc7\x89\x8d\xd5\xbf\x13\xf1=\x8d:\xb1//L', 0x3a, './file0'}, 0x84) 519.86704ms ago: executing program 0 (id=10885): r0 = syz_open_dev$MSR(&(0x7f0000000080), 0xb0d7, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) 468.510153ms ago: executing program 3 (id=10886): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @broadcast}, 0x10) 376.875868ms ago: executing program 4 (id=10887): r0 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000180), 0x4) 370.489189ms ago: executing program 0 (id=10888): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'ip6gre0\x00', &(0x7f00000004c0)=@ethtool_rxnfc={0x2e, 0xe, 0x15, {0xe, @usr_ip6_spec={@empty, @dev={0xfe, 0x80, '\x00', 0x15}, 0xfffffff8, 0x3d, 0xe}, {0x0, @local, 0xe, 0x4, [0x7, 0x8]}, @ah_ip4_spec={@rand_addr=0x64010102, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x2000, 0x7}, {0x0, @local, 0x9, 0x5, [0xf, 0x9]}, 0xff, 0x3}}}) 230.692597ms ago: executing program 0 (id=10889): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) read$dsp(r0, 0x0, 0x0) 128.169003ms ago: executing program 3 (id=10890): r0 = gettid() wait4(r0, 0x0, 0x20000000, 0x0) 4.68565ms ago: executing program 0 (id=10891): r0 = add_key(&(0x7f0000000140)='user\x00', &(0x7f0000000180), &(0x7f00000003c0)="9e3b7b", 0x3, 0xfffffffffffffffe) keyctl$read(0xb, r0, &(0x7f0000000240)=""/112, 0x349b7f55) 0s ago: executing program 4 (id=10892): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000080)={0x0, 'bond0\x00'}) kernel console output (not intermixed with test programs): [ 950.928958][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.948726][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.968078][ T5850] vp7045: USB control message 'in' went wrong. [ 950.972579][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.978247][ T5850] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 950.982053][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.982083][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.982108][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.982134][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.982159][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.982185][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.982229][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.982255][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.982281][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.982307][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.982334][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.982360][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.982386][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.982418][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.982445][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.982471][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 950.982497][ T5812] hid-generic 0001:2043D8E7:05F6.0001: unknown main item tag 0x0 [ 951.146432][ T5812] hid-generic 0001:2043D8E7:05F6.0001: hidraw0: HID ved.d9 Device [syz0] on syz0 [ 951.314334][ T5850] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 951.366802][ T5850] usb 2-1: USB disconnect, device number 97 [ 951.443945][T26694] fido_id[26694]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 952.065577][T26725] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9237'. [ 952.094819][T26725] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 952.863132][T26749] loop3: detected capacity change from 0 to 4096 [ 952.874958][T26729] loop0: detected capacity change from 0 to 32768 [ 952.900748][T26749] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 952.989798][T26729] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 953.080602][T26749] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 953.195878][T26729] XFS (loop0): Ending clean mount [ 953.236318][T26729] XFS (loop0): Quotacheck needed: Please wait. [ 953.373049][T26746] loop1: detected capacity change from 0 to 32768 [ 953.396716][T26729] XFS (loop0): Quotacheck: Done. [ 953.403096][T26746] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.9248 (26746) [ 953.571980][T26746] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 953.582244][T26746] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 953.606337][ T5771] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 953.636379][T26746] BTRFS info (device loop1): using free space tree [ 953.796573][T26778] loop3: detected capacity change from 0 to 64 [ 953.903503][T26746] BTRFS info (device loop1): enabling ssd optimizations [ 953.927647][T26746] BTRFS info (device loop1): auto enabling async discard [ 954.308859][ T5768] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 955.337439][T26828] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9275'. [ 955.884915][T26849] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9284'. [ 956.422123][T26871] PKCS7: Unknown OID: [4] 0.0 [ 956.426882][T26871] PKCS7: Only support pkcs7_signedData type [ 956.437488][T26867] loop1: detected capacity change from 0 to 2048 [ 956.536162][T26865] loop4: detected capacity change from 0 to 4096 [ 956.547918][T26870] xt_CT: No such helper "snmp_trap" [ 956.556542][T26865] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 956.660512][T26865] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 956.696603][T26865] ntfs3: loop4: Failed to load $Extend (-22). [ 956.724175][T26865] ntfs3: loop4: Failed to initialize $Extend. [ 957.149985][T26890] netlink: 'syz.1.9305': attribute type 7 has an invalid length. [ 957.602288][T26911] loop1: detected capacity change from 0 to 1024 [ 957.853433][T17477] Bluetooth: hci3: unexpected event for opcode 0x2062 [ 957.910122][T26922] loop3: detected capacity change from 0 to 256 [ 957.936896][T26924] netlink: 'syz.1.9321': attribute type 10 has an invalid length. [ 957.951370][T26924] syz_tun: entered promiscuous mode [ 957.990649][T26924] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 958.021501][T26922] FAT-fs (loop3): Directory bread(block 64) failed [ 958.050315][T26922] FAT-fs (loop3): Directory bread(block 65) failed [ 958.054391][T26926] netlink: 'syz.0.9323': attribute type 5 has an invalid length. [ 958.068960][T26922] FAT-fs (loop3): Directory bread(block 66) failed [ 958.081873][T26922] FAT-fs (loop3): Directory bread(block 67) failed [ 958.088605][T26922] FAT-fs (loop3): Directory bread(block 68) failed [ 958.098326][T26922] FAT-fs (loop3): Directory bread(block 69) failed [ 958.109147][T26922] FAT-fs (loop3): Directory bread(block 70) failed [ 958.118163][T26922] FAT-fs (loop3): Directory bread(block 71) failed [ 958.127610][T26922] FAT-fs (loop3): Directory bread(block 72) failed [ 958.134547][T26922] FAT-fs (loop3): Directory bread(block 73) failed [ 958.242539][T26929] loop1: detected capacity change from 0 to 1024 [ 958.398288][T26932] IPv6: Can't replace route, no match found [ 958.676793][T26942] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9331'. [ 959.150460][ T5812] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 959.356306][ T5812] usb 5-1: Using ep0 maxpacket: 8 [ 959.390131][ T5812] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 959.423080][ T5812] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 959.444929][ T5812] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 959.453208][ T5812] usb 5-1: SerialNumber: syz [ 959.487049][ T5812] usb 5-1: config 0 descriptor?? [ 959.495864][ T5812] usb 5-1: Found UVC 0.00 device (05ac:8501) [ 959.518138][ T5812] usb 5-1: Failed to create links for entity 255 [ 959.526137][ T5812] usb 5-1: Failed to register entities (-22). [ 959.668154][T26980] netlink: 'syz.3.9350': attribute type 10 has an invalid length. [ 959.712440][T26980] syz_tun: entered promiscuous mode [ 959.742577][ T5812] usb 5-1: USB disconnect, device number 22 [ 959.774010][T26980] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 960.209766][T26982] loop0: detected capacity change from 0 to 32768 [ 960.225323][T26982] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.9351 (26982) [ 960.277869][T26982] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 960.290086][T26982] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 960.300013][T26996] netlink: 'syz.3.9357': attribute type 1 has an invalid length. [ 960.313988][T26982] BTRFS info (device loop0): force clearing of disk cache [ 960.332395][T26982] BTRFS info (device loop0): enabling auto defrag [ 960.342885][T26982] BTRFS info (device loop0): max_inline at 948 [ 960.349140][T26982] BTRFS info (device loop0): ignoring data csums [ 960.370781][T26982] BTRFS info (device loop0): using free space tree [ 960.564473][T26982] BTRFS info (device loop0: state C): enabling ssd optimizations [ 960.589393][T27018] loop3: detected capacity change from 0 to 256 [ 960.730114][T27018] FAT-fs (loop3): Directory bread(block 64) failed [ 960.742416][T27018] FAT-fs (loop3): Directory bread(block 65) failed [ 960.775344][T27018] FAT-fs (loop3): Directory bread(block 66) failed [ 960.781952][T27018] FAT-fs (loop3): Directory bread(block 67) failed [ 960.803777][T27018] FAT-fs (loop3): Directory bread(block 68) failed [ 960.813467][ T5771] BTRFS info (device loop0: state C): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 960.821684][T27018] FAT-fs (loop3): Directory bread(block 69) failed [ 960.865816][T27018] FAT-fs (loop3): Directory bread(block 70) failed [ 960.899057][T27018] FAT-fs (loop3): Directory bread(block 71) failed [ 960.933574][T27018] FAT-fs (loop3): Directory bread(block 72) failed [ 960.951659][T27018] FAT-fs (loop3): Directory bread(block 73) failed [ 961.087894][T27024] loop4: detected capacity change from 0 to 8192 [ 961.163042][T27024] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 961.240322][T27032] loop1: detected capacity change from 0 to 512 [ 961.252752][T27024] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 961.290170][T27024] REISERFS (device loop4): using ordered data mode [ 961.330115][T27024] reiserfs: using flush barriers [ 961.349347][T27024] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 961.413877][T27032] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 961.466871][T27024] REISERFS (device loop4): checking transaction log (loop4) [ 961.467940][T27037] bridge4: entered promiscuous mode [ 961.479738][T27032] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 961.479764][T27032] EXT4-fs error (device loop1): ext4_orphan_get:1424: comm syz.1.9367: bad orphan inode 13 [ 961.485350][T27032] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 961.503977][T27037] bridge4: entered allmulticast mode [ 961.559199][T27024] REISERFS (device loop4): Using r5 hash to sort names [ 961.599804][T27024] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 961.689156][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 962.216212][T17477] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 962.225547][T17477] Bluetooth: hci3: Injecting HCI hardware error event [ 962.236727][T17477] Bluetooth: hci3: hardware error 0x00 [ 962.314994][T27057] netlink: 'syz.4.9378': attribute type 1 has an invalid length. [ 962.322824][T27057] netlink: 480 bytes leftover after parsing attributes in process `syz.4.9378'. [ 962.489285][T27064] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 962.496759][T27064] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 962.556192][T27068] loop4: detected capacity change from 0 to 256 [ 962.581766][T27067] batadv0: entered promiscuous mode [ 962.656486][T27068] FAT-fs (loop4): Directory bread(block 64) failed [ 962.681844][T27068] FAT-fs (loop4): Directory bread(block 65) failed [ 962.688556][T27068] FAT-fs (loop4): Directory bread(block 66) failed [ 962.724362][T27068] FAT-fs (loop4): Directory bread(block 67) failed [ 962.735414][T27068] FAT-fs (loop4): Directory bread(block 68) failed [ 962.776359][T27068] FAT-fs (loop4): Directory bread(block 69) failed [ 962.784169][T27068] FAT-fs (loop4): Directory bread(block 70) failed [ 962.815606][T27068] FAT-fs (loop4): Directory bread(block 71) failed [ 962.836783][T27068] FAT-fs (loop4): Directory bread(block 72) failed [ 962.866598][T27068] FAT-fs (loop4): Directory bread(block 73) failed [ 962.924304][T27076] overlayfs: disabling nfs_export due to verity=require [ 962.938839][T27076] overlayfs: conflicting options: userxattr,verity=require [ 963.071554][T27080] SET target dimension over the limit! [ 963.252670][T27087] netlink: 32 bytes leftover after parsing attributes in process `syz.3.9394'. [ 963.285864][T27087] netlink: 3 bytes leftover after parsing attributes in process `syz.3.9394'. [ 963.300471][T27090] fuse: blksize only supported for fuseblk [ 963.321051][T27087] netlink: 60 bytes leftover after parsing attributes in process `syz.3.9394'. [ 963.642059][T27102] netlink: 'syz.0.9401': attribute type 2 has an invalid length. [ 963.683047][T27102] netlink: 'syz.0.9401': attribute type 1 has an invalid length. [ 963.842462][T27111] cgroup: none used incorrectly [ 963.887135][T27112] loop3: detected capacity change from 0 to 512 [ 963.912262][T27112] EXT4-fs: Ignoring removed oldalloc option [ 963.922866][T27112] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 963.972160][T27112] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz.3.9405: invalid indirect mapped block 4294967295 (level 0) [ 964.026306][T27112] EXT4-fs (loop3): Remounting filesystem read-only [ 964.033224][T27112] EXT4-fs (loop3): 1 orphan inode deleted [ 964.089782][T27112] EXT4-fs (loop3): 1 truncate cleaned up [ 964.096893][T27112] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 964.281592][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 964.472455][T17477] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 964.991776][T27152] loop0: detected capacity change from 0 to 256 [ 965.037529][T27152] exfat: Deprecated parameter 'utf8' [ 965.104588][T27152] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 965.297589][T27138] loop4: detected capacity change from 0 to 32768 [ 965.336155][T27138] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.9417 (27138) [ 965.373911][T27138] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 965.422135][T27138] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 965.449888][T27138] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 965.464301][T27138] BTRFS info (device loop4): force zstd compression, level 3 [ 965.487803][T27138] BTRFS info (device loop4): turning on sync discard [ 965.505770][T27138] BTRFS info (device loop4): force clearing of disk cache [ 965.540400][T27138] BTRFS info (device loop4): enabling disk space caching [ 965.557449][T27138] BTRFS info (device loop4): turning off discard [ 965.577708][T27138] BTRFS info (device loop4): disk space caching is enabled [ 965.725575][T27138] BTRFS info (device loop4): enabling ssd optimizations [ 965.744580][T27138] BTRFS info (device loop4): rebuilding free space tree [ 965.800592][T27138] BTRFS info (device loop4): disabling free space tree [ 965.818128][T27187] loop1: detected capacity change from 0 to 1024 [ 965.824996][T27138] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 965.869490][T27138] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 965.920920][T27187] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 966.032398][T27187] EXT4-fs error (device loop1): ext4_get_first_dir_block:3606: inode #11: comm syz.1.9435: directory missing '..' [ 966.059509][T27138] BTRFS warning (device loop4: state M): 'nologreplay' is deprecated, use 'rescue=nologreplay' instead [ 966.093706][T27138] BTRFS info (device loop4: state M): disabling log replay at mount time [ 966.106954][T27138] BTRFS error (device loop4: state M): nologreplay must be used with ro mount option [ 966.196932][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 966.249233][T17475] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 966.601928][ T5759] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 11 /dev/loop4 scanned by udevd (5759) [ 966.958401][T27218] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 967.012040][ T28] audit: type=1326 audit(1769689991.505:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27219 comm="syz.0.9449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b5a99aeb9 code=0x7ffc0000 [ 967.034472][ C1] vkms_vblank_simulate: vblank timer overrun [ 967.078645][ T28] audit: type=1326 audit(1769689991.505:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27219 comm="syz.0.9449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b5a99aeb9 code=0x7ffc0000 [ 967.176508][ T28] audit: type=1326 audit(1769689991.515:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27219 comm="syz.0.9449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f4b5a99aeb9 code=0x7ffc0000 [ 967.198861][ C1] vkms_vblank_simulate: vblank timer overrun [ 967.269338][ T28] audit: type=1326 audit(1769689991.515:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27219 comm="syz.0.9449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b5a99aeb9 code=0x7ffc0000 [ 967.339510][ T28] audit: type=1326 audit(1769689991.515:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27219 comm="syz.0.9449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b5a99aeb9 code=0x7ffc0000 [ 967.361896][ C1] vkms_vblank_simulate: vblank timer overrun [ 967.589728][T27232] vcan0: entered promiscuous mode [ 967.603825][T27207] loop4: detected capacity change from 0 to 32768 [ 967.617532][T27232] A link change request failed with some changes committed already. Interface vcan0 may have been left with an inconsistent configuration, please check. [ 967.677087][T27207] (syz.4.9441,27207,1):ocfs2_find_slot:468 ERROR: no free slots available! [ 967.697230][T27207] (syz.4.9441,27207,0):ocfs2_mount_volume:1807 ERROR: status = -22 [ 967.731706][T27207] (syz.4.9441,27207,0):ocfs2_fill_super:1178 ERROR: status = -22 [ 967.857171][T27207] NILFS (loop4): couldn't find nilfs on the device [ 968.116231][T27245] AppArmor: change_hat: Invalid input, NULL hat and NULL magic [ 968.334643][T27255] netlink: 132 bytes leftover after parsing attributes in process `syz.4.9465'. [ 968.689433][T27269] cgroup: subsys name conflicts with all [ 968.795012][T27275] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.9476'. [ 968.970326][T27279] loop4: detected capacity change from 0 to 1024 [ 969.031592][T27279] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 969.052441][T27279] ext4 filesystem being mounted at /1017/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 969.071210][T27288] loop0: detected capacity change from 0 to 256 [ 969.088848][T27279] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.9478: bg 0: block 112: padding at end of block bitmap is not set [ 969.118179][T27279] EXT4-fs (loop4): Remounting filesystem read-only [ 969.157624][T27288] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d) [ 969.207578][T17475] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 969.535426][T27299] loop4: detected capacity change from 0 to 64 [ 969.614301][T27299] Trying to free block not in datazone [ 969.619993][T27299] minix_free_block (loop4:21): bit already cleared [ 969.720697][ T28] audit: type=1326 audit(1769689994.017:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27303 comm="syz.3.9489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4c559aeb9 code=0x7ffc0000 [ 969.743157][ C1] vkms_vblank_simulate: vblank timer overrun [ 969.800095][ T28] audit: type=1326 audit(1769689994.017:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27303 comm="syz.3.9489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4c559aeb9 code=0x7ffc0000 [ 969.875448][ T28] audit: type=1326 audit(1769689994.053:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27303 comm="syz.3.9489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7fe4c559aeb9 code=0x7ffc0000 [ 969.949291][T27315] netlink: 'syz.0.9494': attribute type 29 has an invalid length. [ 969.964961][ T28] audit: type=1326 audit(1769689994.053:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27303 comm="syz.3.9489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4c559aeb9 code=0x7ffc0000 [ 970.045029][ T28] audit: type=1326 audit(1769689994.053:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27303 comm="syz.3.9489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4c559aeb9 code=0x7ffc0000 [ 970.067473][ C1] vkms_vblank_simulate: vblank timer overrun [ 970.308883][T27323] loop3: detected capacity change from 0 to 256 [ 970.327458][T27323] exfat: Deprecated parameter 'namecase' [ 970.370342][T27323] exfat: Deprecated parameter 'namecase' [ 970.428425][T27323] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 970.519808][T27323] fuse: Bad value for 'fd' [ 970.693179][T27313] loop1: detected capacity change from 0 to 32768 [ 970.745177][T27313] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 970.788529][T27340] loop4: detected capacity change from 0 to 256 [ 970.850435][T27340] exfat: Deprecated parameter 'namecase' [ 970.924497][T27340] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 971.053238][T27313] XFS (loop1): Ending clean mount [ 971.226529][T27352] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9509'. [ 971.293833][ T5768] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 971.650911][T27361] netlink: 'syz.3.9514': attribute type 10 has an invalid length. [ 971.718287][T27347] loop0: detected capacity change from 0 to 32768 [ 972.286190][T27382] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 972.296535][T27382] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 972.306089][T27382] overlayfs: missing 'lowerdir' [ 972.695312][T27396] netlink: zone id is out of range [ 972.784159][T27396] netlink: set zone limit has 4 unknown bytes [ 973.100046][T27406] loop1: detected capacity change from 0 to 4096 [ 973.127575][T27406] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 973.161299][T27406] ntfs3: loop1: $AttrDef is corrupted. [ 973.211021][ T5759] I/O error, dev loop1, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 973.278626][T27415] loop0: detected capacity change from 0 to 512 [ 973.306741][T27418] loop3: detected capacity change from 0 to 8 [ 973.325839][T27418] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 973.341592][T27415] EXT4-fs: Ignoring removed bh option [ 973.438247][T27415] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 973.457877][T27415] ext4 filesystem being mounted at /2450/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 973.655942][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 973.915680][T27438] loop1: detected capacity change from 0 to 4096 [ 973.927755][T27438] EXT4-fs: Ignoring removed mblk_io_submit option [ 973.952577][T27438] EXT4-fs (loop1): Test dummy encryption mode enabled [ 973.987638][T27438] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 974.001060][ T5850] usb 4-1: new high-speed USB device number 99 using dummy_hcd [ 974.202730][ T5850] usb 4-1: Using ep0 maxpacket: 16 [ 974.232269][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 974.244729][ T5850] usb 4-1: config 254 has an invalid interface number: 235 but max is 0 [ 974.253413][ T5850] usb 4-1: config 254 has no interface number 0 [ 974.259758][ T5850] usb 4-1: config 254 interface 235 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 32 [ 974.309907][ T5850] usb 4-1: config 254 interface 235 has no altsetting 0 [ 974.331817][ T5850] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1 [ 974.349313][ T5850] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=5 [ 974.371032][ T5850] usb 4-1: Product: syz [ 974.375279][ T5850] usb 4-1: Manufacturer: syz [ 974.392115][ T5850] usb 4-1: SerialNumber: syz [ 974.401441][T27429] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 974.645985][ T5850] usbtest 4-1:254.235: couldn't get endpoints, -71 [ 974.664821][ T5850] usbtest: probe of 4-1:254.235 failed with error -71 [ 974.687338][ T5850] usb 4-1: USB disconnect, device number 99 [ 975.070593][T27454] loop4: detected capacity change from 0 to 32768 [ 975.095191][T27454] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.9557 (27454) [ 975.131385][T27454] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 975.161910][T27454] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 975.185627][T27454] BTRFS info (device loop4): using free space tree [ 975.338025][T27454] BTRFS info (device loop4): enabling ssd optimizations [ 975.351059][T27494] loop3: detected capacity change from 0 to 16 [ 975.358634][T27454] BTRFS info (device loop4): auto enabling async discard [ 975.383963][T27494] erofs: (device loop3): mounted with root inode @ nid 36. [ 975.482246][T27494] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 975.570410][T27494] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 975.626014][T17475] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 976.359913][T27522] loop3: detected capacity change from 0 to 512 [ 976.395710][T27522] EXT4-fs: Ignoring removed bh option [ 976.406134][T27522] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 976.415238][T27522] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 976.485778][T27522] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 976.559143][T27522] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 976.607313][T27522] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 976.772753][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 976.946242][T27540] netlink: 'syz.3.9589': attribute type 2 has an invalid length. [ 977.320091][T27550] loop3: detected capacity change from 0 to 4096 [ 977.321144][T27550] EXT4-fs: Ignoring removed mblk_io_submit option [ 977.322966][T27550] EXT4-fs (loop3): Test dummy encryption mode enabled [ 977.331236][T27550] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 977.379806][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 977.711316][T27536] loop4: detected capacity change from 0 to 32768 [ 977.779586][T27536] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 977.848866][T27575] netlink: zone id is out of range [ 977.869812][T27575] netlink: set zone limit has 4 unknown bytes [ 978.007731][T27536] XFS (loop4): Ending clean mount [ 978.091985][T27578] loop1: detected capacity change from 0 to 1764 [ 978.258269][T17475] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 978.506270][T27589] xt_hashlimit: Unknown mode mask E2, kernel too old? [ 978.880398][T27600] loop0: detected capacity change from 0 to 1024 [ 978.896523][T27600] EXT4-fs: Ignoring removed mblk_io_submit option [ 978.904938][T27600] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 978.929868][T27600] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 979.082394][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 979.466315][T27603] loop3: detected capacity change from 0 to 32768 [ 979.501509][T27603] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.9617 (27603) [ 979.528948][T27603] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 979.547513][T27603] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 979.557265][T27603] BTRFS info (device loop3): turning on flush-on-commit [ 979.567598][T27603] BTRFS info (device loop3): enabling disk space caching [ 979.575601][T27603] BTRFS info (device loop3): disabling tree log [ 979.584594][T27603] BTRFS info (device loop3): enabling ssd optimizations [ 979.591781][T27603] BTRFS info (device loop3): force clearing of disk cache [ 979.645976][T27603] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 979.669869][T27603] BTRFS info (device loop3): use zstd compression, level 3 [ 979.682721][T27603] BTRFS info (device loop3): setting nodatacow, compression disabled [ 979.702388][T27603] BTRFS info (device loop3): disk space caching is enabled [ 979.868784][T27603] BTRFS info (device loop3): rebuilding free space tree [ 979.962014][T27638] loop4: detected capacity change from 0 to 1024 [ 979.971524][T27603] BTRFS info (device loop3): disabling free space tree [ 979.978581][T27603] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 980.025827][T27603] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 980.086894][T27603] BTRFS info (device loop3): checking UUID tree [ 980.310232][T27603] BTRFS info (device loop3: state M): setting datasum, datacow enabled [ 980.319995][T27603] BTRFS info (device loop3: state M): force clearing of disk cache [ 980.337679][T27603] BTRFS info (device loop3: state M): use zstd compression, level 3 [ 980.358073][T27603] BTRFS info (device loop3: state M): setting nodatacow, compression disabled [ 980.393018][T27610] loop0: detected capacity change from 0 to 32768 [ 980.481028][T27610] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 980.503581][ T5775] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 980.768012][T27610] XFS (loop0): Ending clean mount [ 980.817624][T27662] loop1: detected capacity change from 0 to 128 [ 981.011488][T27662] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 981.036975][T27662] ext4 filesystem being mounted at /2478/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 981.101218][ T5771] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 981.156349][T27662] EXT4-fs warning (device loop1): ext4_group_add:1742: No reserved GDT blocks, can't resize [ 981.313766][ T5768] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 981.822565][T27688] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9644'. [ 982.016032][T27695] netlink: 88 bytes leftover after parsing attributes in process `syz.1.9646'. [ 982.780070][T27698] loop4: detected capacity change from 0 to 32768 [ 982.831702][T27698] [ 982.831702][T27698] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 982.831702][T27698] [ 982.934012][T27696] loop3: detected capacity change from 0 to 32768 [ 982.952814][T17475] [ 982.952814][T17475] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 982.952814][T17475] [ 983.001343][T17475] [ 983.001343][T17475] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 983.001343][T17475] [ 983.002517][T27696] (syz.3.9648,27696,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 983.050151][T27696] (syz.3.9648,27696,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 983.136543][T27696] JBD2: Ignoring recovery information on journal [ 983.248673][T27725] netlink: 76 bytes leftover after parsing attributes in process `syz.4.9660'. [ 983.360498][T27696] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 983.709333][T27739] netlink: 3 bytes leftover after parsing attributes in process `syz.0.9668'. [ 983.824366][T27741] netlink: 'syz.4.9669': attribute type 6 has an invalid length. [ 983.832372][T27741] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.9669'. [ 983.925714][ T5775] ocfs2: Unmounting device (7,3) on (node local) [ 983.996406][T27744] loop4: detected capacity change from 0 to 64 [ 984.027889][T27745] program syz.0.9672 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 984.287978][T27734] loop1: detected capacity change from 0 to 32768 [ 984.841649][T27761] loop3: detected capacity change from 0 to 4096 [ 984.886379][T27761] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 985.343124][T27779] netlink: 'syz.4.9687': attribute type 1 has an invalid length. [ 985.363992][T27779] netlink: 224 bytes leftover after parsing attributes in process `syz.4.9687'. [ 985.447126][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 985.696841][T27792] cgroup: name respecified [ 986.006589][T27800] loop0: detected capacity change from 0 to 256 [ 986.576273][T27816] bridge5: entered promiscuous mode [ 986.604213][T27816] bridge5: entered allmulticast mode [ 986.812898][T27798] loop3: detected capacity change from 0 to 32768 [ 987.072958][T27834] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode balance-tlb(5) [ 987.155779][T27836] loop4: detected capacity change from 0 to 512 [ 987.165474][T27836] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 987.190859][T27836] EXT4-fs (loop4): orphan cleanup on readonly fs [ 987.209794][T27836] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:512: comm syz.4.9717: Block bitmap for bg 0 marked uninitialized [ 987.253112][T27836] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6653: Corrupt filesystem [ 987.283040][T27836] EXT4-fs (loop4): 1 orphan inode deleted [ 987.292815][T27836] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 987.353867][T27836] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 987.367489][ T786] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 987.423545][T27836] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 987.495382][T17475] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 987.572146][ T786] usb 1-1: Using ep0 maxpacket: 16 [ 987.596268][ T786] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 97, changing to 7 [ 987.625204][ T786] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 24929, setting to 1024 [ 987.674659][ T786] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 987.684526][ T786] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 987.704079][ T786] usb 1-1: Product: syz [ 987.708526][ T786] usb 1-1: Manufacturer: syz [ 987.713223][ T786] usb 1-1: SerialNumber: syz [ 987.726039][ T786] usb 1-1: config 0 descriptor?? [ 987.739625][ T786] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 987.768204][ T786] em28xx 1-1:0.0: DVB interface 0 found: isoc [ 988.072126][ T786] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 988.122953][T27858] loop3: detected capacity change from 0 to 16 [ 988.155121][T27858] erofs: (device loop3): mounted with root inode @ nid 36. [ 988.180559][ T786] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 988.225484][ T786] em28xx 1-1:0.0: board has no eeprom [ 988.320970][ T786] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 988.330147][ T786] em28xx 1-1:0.0: dvb set to isoc mode. [ 988.351342][ T5812] em28xx 1-1:0.0: Binding DVB extension [ 988.386047][ T786] usb 1-1: USB disconnect, device number 80 [ 988.393076][ T786] em28xx 1-1:0.0: Disconnecting em28xx [ 988.586433][ T5812] em28xx 1-1:0.0: Registering input extension [ 988.614887][ T786] em28xx 1-1:0.0: Closing input extension [ 988.702114][ T786] em28xx 1-1:0.0: Freeing device [ 988.782847][T27869] loop1: detected capacity change from 0 to 4096 [ 988.814306][T27869] ntfs3: loop1: ino=3, Correct links count -> 2. [ 989.045287][T27883] loop4: detected capacity change from 0 to 512 [ 989.172163][T27883] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 989.259712][T27883] ext4 filesystem being mounted at /1087/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 989.289096][T27893] tmpfs: Bad value for 'mpol' [ 989.319764][T27883] Quota error (device loop4): find_block_dqentry: Quota for id 0 referenced but not present [ 989.382375][T27883] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 989.402995][T27883] EXT4-fs error (device loop4): ext4_acquire_dquot:6949: comm syz.4.9738: Failed to acquire dquot type 0 [ 989.451804][T27895] siw: device registration error -23 [ 989.479788][T27883] EXT4-fs (loop4): Remounting filesystem read-only [ 989.582534][T17475] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 990.238087][T27929] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 990.253788][T27929] overlayfs: missing 'lowerdir' [ 990.273917][T27927] : renamed from bridge_slave_0 [ 990.633777][T27945] netlink: 'syz.1.9767': attribute type 2 has an invalid length. [ 990.824946][T27953] loop1: detected capacity change from 0 to 512 [ 990.845163][T27953] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 990.881282][T27953] EXT4-fs (loop1): orphan cleanup on readonly fs [ 990.896260][T27953] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:512: comm syz.1.9772: Block bitmap for bg 0 marked uninitialized [ 990.915603][T27953] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6653: Corrupt filesystem [ 990.933681][T27953] EXT4-fs (loop1): 1 orphan inode deleted [ 990.944591][T27953] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 991.007336][T27953] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 991.030715][T27953] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 991.124712][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 991.178659][T27966] netlink: 9188 bytes leftover after parsing attributes in process `syz.3.9776'. [ 991.341256][T27974] netlink: 'syz.3.9781': attribute type 1 has an invalid length. [ 991.357458][T27974] netlink: 224 bytes leftover after parsing attributes in process `syz.3.9781'. [ 991.407882][ T5812] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 991.476722][T27978] netlink: 'syz.1.9782': attribute type 1 has an invalid length. [ 991.497565][T27980] loop4: detected capacity change from 0 to 128 [ 991.553374][T27980] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 991.571575][T27980] ext4 filesystem being mounted at /1098/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 991.599123][T27980] EXT4-fs warning (device loop4): verify_group_input:151: Cannot add at group 3 (only 1 groups) [ 991.624498][ T5812] usb 1-1: Using ep0 maxpacket: 32 [ 991.637097][ T5812] usb 1-1: config 0 has an invalid interface number: 188 but max is 0 [ 991.655041][ T5812] usb 1-1: config 0 has no interface number 0 [ 991.666528][ T5812] usb 1-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 991.696614][ T5812] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 991.706195][ T5812] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 991.722038][ T5812] usb 1-1: Product: syz [ 991.726289][ T5812] usb 1-1: Manufacturer: syz [ 991.730990][ T5812] usb 1-1: SerialNumber: syz [ 991.751982][ T5812] usb 1-1: config 0 descriptor?? [ 991.774085][T27965] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 991.791408][T17475] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 992.021997][T27965] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 992.289182][ T5812] asix 1-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 992.317120][ T5812] asix: probe of 1-1:0.188 failed with error -71 [ 992.355599][ T5812] usb 1-1: USB disconnect, device number 81 [ 992.446229][T28005] loop3: detected capacity change from 0 to 1764 [ 992.689899][T28011] loop1: detected capacity change from 0 to 4096 [ 992.710321][T28011] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 992.857751][T28011] ntfs: volume version 3.1. [ 992.880667][T28019] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9803'. [ 993.456559][T28040] loop0: detected capacity change from 0 to 64 [ 993.500739][T28040] MINIX-fs: deleted inode referenced: 3 [ 993.531834][T28040] MINIX-fs: deleted inode referenced: 3 [ 994.089362][T28030] loop3: detected capacity change from 0 to 32768 [ 994.120098][T28030] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.9809 (28030) [ 994.170159][T28030] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 994.204938][T28030] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 994.226269][T28030] BTRFS info (device loop3): setting nodatacow, compression disabled [ 994.257437][T28030] BTRFS info (device loop3): force clearing of disk cache [ 994.264679][T28030] BTRFS info (device loop3): enabling ssd optimizations [ 994.289218][T28030] BTRFS info (device loop3): using spread ssd allocation scheme [ 994.296943][T28030] BTRFS info (device loop3): turning off barriers [ 994.321572][ T5812] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 994.326534][T28030] BTRFS info (device loop3): disabling free space tree [ 994.354080][T28030] BTRFS info (device loop3): not using ssd optimizations [ 994.365198][T28030] BTRFS info (device loop3): not using spread ssd allocation scheme [ 994.392955][T28069] netdevsim netdevsim1 netdevsim2: left allmulticast mode [ 994.403212][T28069] netdevsim netdevsim1 netdevsim2: left promiscuous mode [ 994.415870][T28069] bridge0: port 1(netdevsim2) entered disabled state [ 994.520010][T28030] BTRFS info (device loop3): rebuilding free space tree [ 994.553546][ T5812] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 994.564369][ T5812] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 994.576869][T28030] BTRFS info (device loop3): disabling free space tree [ 994.585092][T28030] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 994.597889][T28030] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 994.601764][ T5812] usb 5-1: Product: syz [ 994.624535][ T5812] usb 5-1: Manufacturer: syz [ 994.629976][ T5812] usb 5-1: SerialNumber: syz [ 994.665872][ T5812] usb 5-1: config 0 descriptor?? [ 994.920630][ T5775] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 994.958146][ T5812] hso 5-1:0.0: Failed to find BULK IN ep [ 994.987138][ T5812] usb-storage 5-1:0.0: USB Mass Storage device detected [ 995.054300][ T5923] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 12 /dev/loop3 scanned by udevd (5923) [ 995.277689][ T5812] usb 5-1: USB disconnect, device number 23 [ 995.345397][T28084] loop0: detected capacity change from 0 to 32768 [ 995.400792][T28084] (syz.0.9828,28084,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 995.443901][T28084] (syz.0.9828,28084,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 995.523974][T28084] JBD2: Ignoring recovery information on journal [ 995.692468][T28084] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 995.777691][T28105] loop1: detected capacity change from 0 to 8 [ 995.835410][ T5781] udevd[5781]: incorrect cramfs checksum on /dev/loop1 [ 995.837646][T28105] cramfs: Error -3 while decompressing! [ 995.878202][T28105] cramfs: ffffffff973f7368(26)->ffff88805881a000(4096) [ 995.896870][T28105] cramfs: Error -3 while decompressing! [ 995.902518][T28105] cramfs: ffffffff973f7382(26)->ffff888051b06000(4096) [ 995.966822][T28105] cramfs: Error -3 while decompressing! [ 995.973520][T28107] loop3: detected capacity change from 0 to 16 [ 995.990133][T28105] cramfs: ffffffff973f739c(16)->ffff88804f1a2000(4096) [ 996.007852][ T5781] udevd[5781]: incorrect cramfs checksum on /dev/loop1 [ 996.033311][T28105] cramfs: Error -3 while decompressing! [ 996.045393][T28107] erofs: (device loop3): mounted with root inode @ nid 36. [ 996.054128][T28105] cramfs: ffffffff973f7368(26)->ffff88805881a000(4096) [ 996.082836][ T28] audit: type=1800 audit(1769690018.352:804): pid=28105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.9834" name="file2" dev="loop1" ino=348 res=0 errno=0 [ 996.117322][T28107] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 996.131787][T28107] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 996.340402][T28114] netlink: 'syz.4.9840': attribute type 1 has an invalid length. [ 996.369542][ T5771] ocfs2: Unmounting device (7,0) on (node local) [ 996.379776][T28114] netlink: 224 bytes leftover after parsing attributes in process `syz.4.9840'. [ 996.440787][T28114] nbd: must specify at least one socket [ 997.061502][T28140] netlink: 'syz.1.9853': attribute type 10 has an invalid length. [ 997.083022][T28140] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9853'. [ 997.247759][T28146] geneve1: entered promiscuous mode [ 997.294862][T28146] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 997.673040][T28163] netlink: 44 bytes leftover after parsing attributes in process `syz.1.9864'. [ 997.703300][T28163] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 997.757729][T28159] loop3: detected capacity change from 0 to 4096 [ 997.798609][T28159] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 998.003928][T28159] ntfs3: loop3: failed to convert "c46c" to macromanian [ 998.181755][T28175] sctp: [Deprecated]: syz.1.9870 (pid 28175) Use of int in max_burst socket option deprecated. [ 998.181755][T28175] Use struct sctp_assoc_value instead [ 998.507710][T28185] loop3: detected capacity change from 0 to 1024 [ 998.523512][T28167] loop0: detected capacity change from 0 to 32768 [ 998.548476][T28167] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 12 [ 998.567369][T28185] hfsplus: cannot replace xattr [ 999.038112][T28199] loop4: detected capacity change from 0 to 512 [ 999.083460][T28199] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.9882: Invalid inode bitmap blk 4 in block_group 0 [ 999.128117][T28199] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 999.197603][T28199] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.9882: Invalid inode bitmap blk 4 in block_group 0 [ 999.220236][T28199] EXT4-fs error (device loop4) in ext4_free_inode:363: Corrupt filesystem [ 999.308028][T17475] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 999.356128][T28211] binder: 28210:28211 ioctl c00c620f 2000000000c0 returned -22 [ 999.466925][T28216] netlink: 'syz.4.9888': attribute type 7 has an invalid length. [ 999.490115][T28216] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9888'. [ 999.510664][T28216] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9888'. [ 999.870729][T28230] loop0: detected capacity change from 0 to 256 [ 999.916581][T28232] loop4: detected capacity change from 0 to 64 [ 999.993312][T28230] FAT-fs (loop0): Directory bread(block 64) failed [ 1000.001145][T28230] FAT-fs (loop0): Directory bread(block 65) failed [ 1000.036217][T28230] FAT-fs (loop0): Directory bread(block 66) failed [ 1000.063358][T28230] FAT-fs (loop0): Directory bread(block 67) failed [ 1000.084705][T28230] FAT-fs (loop0): Directory bread(block 68) failed [ 1000.091339][T28230] FAT-fs (loop0): Directory bread(block 69) failed [ 1000.138498][T28230] FAT-fs (loop0): Directory bread(block 70) failed [ 1000.150407][T28230] FAT-fs (loop0): Directory bread(block 71) failed [ 1000.168167][T28230] FAT-fs (loop0): Directory bread(block 72) failed [ 1000.221606][T28230] FAT-fs (loop0): Directory bread(block 73) failed [ 1000.477366][T28220] loop1: detected capacity change from 0 to 32768 [ 1001.185756][T28263] usb usb9: usbfs: process 28263 (syz.1.9906) did not claim interface 0 before use [ 1001.207586][T28262] Invalid option length (1040122) for dns_resolver key [ 1001.453842][T28267] set_capacity_and_notify: 1 callbacks suppressed [ 1001.453862][T28267] loop3: detected capacity change from 0 to 2048 [ 1001.477318][T28274] netlink: 300 bytes leftover after parsing attributes in process `syz.1.9915'. [ 1001.508369][T28267] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 1001.550902][T28267] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1001.570494][T28272] xt_CT: No such helper "netbios-ns" [ 1001.751576][T28278] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1002.162153][T28294] loop4: detected capacity change from 0 to 256 [ 1002.265540][T28294] FAT-fs (loop4): Directory bread(block 64) failed [ 1002.291375][T28294] FAT-fs (loop4): Directory bread(block 65) failed [ 1002.315610][T28294] FAT-fs (loop4): Directory bread(block 66) failed [ 1002.322319][T28294] FAT-fs (loop4): Directory bread(block 67) failed [ 1002.359976][T28294] FAT-fs (loop4): Directory bread(block 68) failed [ 1002.366592][T28294] FAT-fs (loop4): Directory bread(block 69) failed [ 1002.415423][T28294] FAT-fs (loop4): Directory bread(block 70) failed [ 1002.422044][T28294] FAT-fs (loop4): Directory bread(block 71) failed [ 1002.429299][T28300] loop3: detected capacity change from 0 to 1024 [ 1002.449483][T28294] FAT-fs (loop4): Directory bread(block 72) failed [ 1002.479687][T28294] FAT-fs (loop4): Directory bread(block 73) failed [ 1002.481782][T28300] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1002.602036][T28300] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1002.698496][T28300] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #11: comm syz.3.9929: missing EA_INODE flag [ 1002.761693][T28300] EXT4-fs (loop3): Remounting filesystem read-only [ 1002.792077][ T786] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 1002.829036][T28309] loop0: detected capacity change from 0 to 2048 [ 1002.849344][T28309] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1002.885567][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1002.928909][T28310] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1002.992961][ T786] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 1003.020096][ T786] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1003.052823][T28312] tipc: Can't bind to reserved service type 2 [ 1003.060499][ T786] usb 2-1: config 0 descriptor?? [ 1003.102820][ T786] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 1003.557290][ T786] gspca_cpia1: usb_control_msg 03, error -71 [ 1003.598112][ T786] gspca_cpia1: usb_control_msg 01, error -71 [ 1003.604199][ T786] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0) [ 1003.635425][ T786] usb 2-1: USB disconnect, device number 98 [ 1003.666172][ T28] audit: type=1326 audit(1769690025.359:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28328 comm="syz.4.9942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a19b9aeb9 code=0x7ffc0000 [ 1003.725086][ T28] audit: type=1326 audit(1769690025.359:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28328 comm="syz.4.9942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a19b9aeb9 code=0x7ffc0000 [ 1003.797442][ T28] audit: type=1326 audit(1769690025.387:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28328 comm="syz.4.9942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7f7a19b9aeb9 code=0x7ffc0000 [ 1003.864599][ T28] audit: type=1326 audit(1769690025.387:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28328 comm="syz.4.9942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a19b9aeb9 code=0x7ffc0000 [ 1003.887093][ C0] vkms_vblank_simulate: vblank timer overrun [ 1003.923890][T28335] loop4: detected capacity change from 0 to 2048 [ 1003.991009][T28338] loop0: detected capacity change from 0 to 1024 [ 1003.993905][T28335] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1004.032213][T28340] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1004.038547][T28335] syz.4.9945: attempt to access beyond end of device [ 1004.038547][T28335] loop4: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 1004.164453][T28338] hfsplus: inconsistency in B*Tree (0,1,255,1,0) [ 1004.202693][T28338] hfsplus: inconsistency in B*Tree (0,1,255,1,0) [ 1004.215587][T28335] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1004.259084][T28335] Remounting filesystem read-only [ 1004.281619][T28335] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1004.303011][T28335] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1004.318942][ T28] audit: type=1800 audit(1769690025.959:809): pid=28335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.9945" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 1004.344962][T28335] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 16777227 [ 1004.355300][T28335] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=16) [ 1004.367077][T28335] NILFS (loop4): error -5 truncating bmap (ino=16) [ 1004.465960][T17475] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 1004.492995][T17475] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [ 1004.500417][T17475] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1004.509823][ T5850] usb 4-1: new high-speed USB device number 100 using dummy_hcd [ 1004.538615][T17475] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1004.556869][T17475] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1004.567870][T17475] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 1004.579875][T17475] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 1004.586726][T17475] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1004.602492][T17475] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1004.619934][T17475] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [ 1004.628971][T17475] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1004.738939][ T5850] usb 4-1: config 0 has an invalid interface number: 83 but max is 0 [ 1004.747498][ T5850] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1004.774585][ T5850] usb 4-1: config 0 has no interface number 0 [ 1004.785518][ T5850] usb 4-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61 [ 1004.804320][ T5850] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1004.821142][ T5850] usb 4-1: config 0 descriptor?? [ 1004.852143][ T5850] ttusbir 4-1:0.83: cannot find expected altsetting [ 1004.943731][T28358] xt_ecn: cannot match TCP bits for non-tcp packets [ 1005.122710][ T5832] usb 4-1: USB disconnect, device number 100 [ 1005.157624][T28364] loop0: detected capacity change from 0 to 1024 [ 1005.190468][T28364] EXT4-fs: Ignoring removed mblk_io_submit option [ 1005.215994][T28364] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1005.234688][T28366] loop1: detected capacity change from 0 to 4096 [ 1005.242985][T28364] EXT4-fs error (device loop0): ext4_orphan_get:1424: comm syz.0.9959: bad orphan inode 11 [ 1005.260477][T28364] ext4_test_bit(bit=10, block=4) = 1 [ 1005.268627][T28364] is_bad_inode(inode)=0 [ 1005.275714][T28364] NEXT_ORPHAN(inode)=3254779904 [ 1005.285872][T28364] max_ino=32 [ 1005.289148][T28364] i_nlink=0 [ 1005.296741][T28364] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 2: comm syz.0.9959: lblock 2 mapped to illegal pblock 2 (length 1) [ 1005.299518][T28368] bond0: (slave rose0): Enslaving as an active interface with an up link [ 1005.321469][T28364] Quota error (device loop0): qtree_write_dquot: dquota write failed [ 1005.330037][T28364] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 48: comm syz.0.9959: lblock 0 mapped to illegal pblock 48 (length 1) [ 1005.350825][T28364] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 1005.359965][T28364] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.9959: Failed to acquire dquot type 0 [ 1005.372557][T28364] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5920: Corrupt filesystem [ 1005.384717][T28364] EXT4-fs error (device loop0): ext4_evict_inode:252: inode #11: comm syz.0.9959: mark_inode_dirty error [ 1005.403771][T28364] EXT4-fs warning (device loop0): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 1005.416062][T28364] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1005.525064][T28366] ntfs3: loop1: ino=5, "/" directory corrupted [ 1005.544146][T10903] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 2: comm kworker/u4:0: lblock 2 mapped to illegal pblock 2 (length 1) [ 1005.567003][T28366] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1005.641497][T10903] Quota error (device loop0): qtree_write_dquot: dquota write failed [ 1005.662071][T10903] EXT4-fs error (device loop0): ext4_write_dquot:6929: comm kworker/u4:0: Failed to commit dquot type 0 [ 1005.726974][T10903] Quota error (device loop0): dquot_write_dquot: Can't write quota structure (error -117). Quota may get out of sync! [ 1005.785717][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1005.836187][ T5771] EXT4-fs error (device loop0): __ext4_get_inode_loc:4489: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 1005.882847][ T5771] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5920: Corrupt filesystem [ 1005.897762][ T5771] EXT4-fs error (device loop0): ext4_quota_off:7233: inode #3: comm syz-executor: mark_inode_dirty error [ 1006.069922][T28383] loop1: detected capacity change from 0 to 64 [ 1006.724051][ T786] usb 2-1: new full-speed USB device number 99 using dummy_hcd [ 1006.814459][T28384] loop3: detected capacity change from 0 to 32768 [ 1006.844346][T28384] XFS (loop3): invalid log iosize: 0 [not 12-30] [ 1006.888072][T28404] loop4: detected capacity change from 0 to 1024 [ 1006.923638][ T786] usb 2-1: config 1 has too many interfaces: 235, using maximum allowed: 32 [ 1006.930189][T28407] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 1006.956195][ T786] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1006.995097][ T786] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 235 [ 1007.026396][ T786] usb 2-1: config 1 has no interface number 0 [ 1007.070085][ T786] usb 2-1: config 1 has no interface number 1 [ 1007.080494][ T786] usb 2-1: config 1 interface 105 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1007.097720][ T31] hfsplus: b-tree write err: -5, ino 4 [ 1007.114497][ T786] usb 2-1: config 1 interface 105 has no altsetting 0 [ 1007.128297][ T786] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1007.137610][ T786] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1007.145758][ T786] usb 2-1: Product: syz [ 1007.157323][ T786] usb 2-1: Manufacturer: syz [ 1007.162143][ T786] usb 2-1: SerialNumber: syz [ 1007.417530][ T786] aqc111: probe of 2-1:1.105 failed with error -22 [ 1007.515171][T28416] cgroup: name respecified [ 1007.641370][ T786] usb 2-1: USB disconnect, device number 99 [ 1007.867275][T28428] netlink: 'syz.0.9989': attribute type 1 has an invalid length. [ 1008.123275][T28419] loop3: detected capacity change from 0 to 32768 [ 1008.140924][T28419] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.9985 (28419) [ 1008.186050][T28419] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1008.205014][T28419] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 1008.231848][T28419] BTRFS info (device loop3): enabling auto defrag [ 1008.238463][T28419] BTRFS info (device loop3): turning on sync discard [ 1008.248164][T28419] BTRFS info (device loop3): force clearing of disk cache [ 1008.269658][T28419] BTRFS info (device loop3): using default commit interval 30s [ 1008.292710][T28419] BTRFS info (device loop3): max_inline at 0 [ 1008.304010][T28419] BTRFS info (device loop3): disabling free space tree [ 1008.339962][T28438] loop4: detected capacity change from 0 to 2048 [ 1008.354545][T28438] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1008.487762][T28419] BTRFS info (device loop3): enabling ssd optimizations [ 1008.514224][T28419] BTRFS info (device loop3): rebuilding free space tree [ 1008.561729][T28419] BTRFS info (device loop3): disabling free space tree [ 1008.573368][T28459] loop1: detected capacity change from 0 to 512 [ 1008.580172][T28419] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1008.615780][T28419] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1008.638037][T28459] EXT4-fs error (device loop1): ext4_get_branch:178: inode #13: block 33619980: comm syz.1.9997: invalid block [ 1008.663703][T28459] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:478: comm syz.1.9997: Invalid block bitmap block 0 in block_group 0 [ 1008.765752][T28459] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6653: Corrupt filesystem [ 1008.806579][T28459] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.9997: attempt to clear invalid blocks 983261 len 1 [ 1008.876986][T28459] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.9997: invalid indirect mapped block 2683928664 (level 0) [ 1008.958198][T28459] EXT4-fs error (device loop1): __ext4_get_inode_loc:4489: comm syz.1.9997: Invalid inode table block 0 in block_group 0 [ 1009.014225][T28459] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5920: Corrupt filesystem [ 1009.056415][T28459] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 1009.089296][T28459] EXT4-fs error (device loop1): __ext4_get_inode_loc:4489: comm syz.1.9997: Invalid inode table block 0 in block_group 0 [ 1009.143971][ T5775] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1009.164093][T28459] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5920: Corrupt filesystem [ 1009.194375][T28459] EXT4-fs error (device loop1): ext4_truncate:4294: inode #13: comm syz.1.9997: mark_inode_dirty error [ 1009.226999][T28459] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 1009.252422][T28472] loop0: detected capacity change from 0 to 4096 [ 1009.278885][T28459] EXT4-fs error (device loop1): __ext4_get_inode_loc:4489: comm syz.1.9997: Invalid inode table block 0 in block_group 0 [ 1009.331221][T28459] EXT4-fs (loop1): 1 truncate cleaned up [ 1009.338110][T28472] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1009.355116][T28459] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1009.542678][T28459] EXT4-fs error (device loop1): __ext4_get_inode_loc:4489: comm syz.1.9997: Invalid inode table block 0 in block_group 0 [ 1009.585411][T28472] EXT4-fs error (device loop0): ext4_empty_dir:3154: inode #12: block 80: comm syz.0.10003: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 1009.626741][T28472] EXT4-fs (loop0): Remounting filesystem read-only [ 1009.635332][T28472] EXT4-fs warning (device loop0): ext4_empty_dir:3156: inode #12: comm syz.0.10003: directory missing '..' [ 1009.658344][T28459] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5920: Corrupt filesystem [ 1009.826097][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1009.877102][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1010.069632][ T28] audit: type=1326 audit(1769690031.268:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28485 comm="syz.0.10008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b5a99aeb9 code=0x7ffc0000 [ 1010.166412][ T28] audit: type=1326 audit(1769690031.268:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28485 comm="syz.0.10008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b5a99aeb9 code=0x7ffc0000 [ 1010.251712][ T28] audit: type=1326 audit(1769690031.295:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28485 comm="syz.0.10008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f4b5a99aeb9 code=0x7ffc0000 [ 1010.315381][ T28] audit: type=1326 audit(1769690031.295:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28485 comm="syz.0.10008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b5a99aeb9 code=0x7ffc0000 [ 1010.511381][T28497] loop0: detected capacity change from 0 to 2048 [ 1010.537059][T28497] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1010.630044][T28497] syz.0.10012: attempt to access beyond end of device [ 1010.630044][T28497] loop0: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 1010.645876][T28502] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1010.744296][T28497] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1010.778857][T28497] Remounting filesystem read-only [ 1010.784429][T28497] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1010.818817][T28497] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 1010.838519][ T28] audit: type=1800 audit(1769690031.979:814): pid=28497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.10012" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 1010.859997][T28497] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 16777227 [ 1010.870886][T28507] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10017'. [ 1010.895686][T28497] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=16) [ 1010.928518][T28497] NILFS (loop0): error -5 truncating bmap (ino=16) [ 1011.088357][ T5771] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 1011.099433][ T5771] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 1011.110290][ T5771] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1011.122537][ T5771] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1011.131575][ T5771] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1011.146021][ T5771] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 1011.159839][ T5771] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 1011.182492][ T5771] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1011.199905][ T5771] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1011.222417][ T5771] NILFS (loop0): discard dirty block: blocknr=44, size=1024 [ 1011.229794][ T5771] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1011.286576][T28486] loop1: detected capacity change from 0 to 32768 [ 1011.317239][T28486] (syz.1.10006,28486,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1011.357717][T28486] (syz.1.10006,28486,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1011.429747][T28486] JBD2: Ignoring recovery information on journal [ 1011.521823][T28486] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1011.620066][ T5832] usb 4-1: new high-speed USB device number 101 using dummy_hcd [ 1011.815195][ T5832] usb 4-1: Using ep0 maxpacket: 16 [ 1011.825213][ T5832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1011.897461][ T5832] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1011.916071][ T5832] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1011.937136][ T5832] usb 4-1: Product: syz [ 1011.950950][ T5832] usb 4-1: Manufacturer: syz [ 1011.965958][ T5832] usb 4-1: SerialNumber: syz [ 1011.995413][ T5832] usb 4-1: config 0 descriptor?? [ 1012.003257][ T5832] hub 4-1:0.0: bad descriptor, ignoring hub [ 1012.009238][ T5832] hub: probe of 4-1:0.0 failed with error -5 [ 1012.026845][ T5832] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input43 [ 1012.054836][ T5768] ocfs2: Unmounting device (7,1) on (node local) [ 1012.408445][T28540] loop0: detected capacity change from 0 to 512 [ 1012.419041][T28540] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 1012.795503][T28552] netlink: 'syz.0.10038': attribute type 1 has an invalid length. [ 1012.806140][T28552] netlink: 224 bytes leftover after parsing attributes in process `syz.0.10038'. [ 1013.059784][T28559] random: crng reseeded on system resumption [ 1013.079392][T28560] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10040'. [ 1013.186130][T28548] loop4: detected capacity change from 0 to 32768 [ 1013.628268][T28570] loop1: detected capacity change from 0 to 2048 [ 1013.639921][T28570] EXT4-fs: Ignoring removed mblk_io_submit option [ 1013.700209][T28570] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1013.859950][T28570] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.10046: bg 0: block 234: padding at end of block bitmap is not set [ 1013.947187][T28570] EXT4-fs (loop1): Remounting filesystem read-only [ 1014.113737][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1014.139535][T28583] loop3: detected capacity change from 0 to 4096 [ 1014.322834][T28592] loop0: detected capacity change from 0 to 256 [ 1014.336140][T28583] ntfs3: loop3: Failed to initialize $Extend/$ObjId. [ 1014.460938][T28595] netlink: 'syz.4.10057': attribute type 6 has an invalid length. [ 1014.864225][T28611] loop3: detected capacity change from 0 to 128 [ 1014.960109][T28609] loop4: detected capacity change from 0 to 1764 [ 1015.111705][T28617] loop3: detected capacity change from 0 to 512 [ 1015.270374][ T786] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 1015.504844][ T786] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1015.520477][ T786] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1015.528555][ T786] usb 2-1: Product: syz [ 1015.563335][ T786] usb 2-1: Manufacturer: syz [ 1015.568016][ T786] usb 2-1: SerialNumber: syz [ 1015.592973][ T786] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1015.629432][ T5812] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1016.235999][ T786] usb 2-1: USB disconnect, device number 100 [ 1016.504047][T28663] netlink: 'syz.3.10089': attribute type 10 has an invalid length. [ 1016.678125][T28663] team0 (unregistering): Port device team_slave_0 removed [ 1016.718145][T28663] team0 (unregistering): Port device team_slave_1 removed [ 1016.768480][T28669] loop0: detected capacity change from 0 to 4096 [ 1016.825687][ T5812] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 1016.873982][ T5812] ath9k_htc: Failed to initialize the device [ 1016.897374][ T786] usb 2-1: ath9k_htc: USB layer deinitialized [ 1016.962792][ T5832] usb 4-1: USB disconnect, device number 101 [ 1017.174379][T28675] loop3: detected capacity change from 0 to 1764 [ 1017.196777][T28675] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 1017.222589][T28675] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 1018.275432][T28713] set_capacity_and_notify: 1 callbacks suppressed [ 1018.275450][T28713] loop3: detected capacity change from 0 to 4096 [ 1018.309620][T28713] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 1018.319793][T28713] ntfs3: loop3: It is recommened to use chkdsk. [ 1018.344441][T28713] ntfs3: loop3: Failed to initialize $Secure::$SII (-22). [ 1018.354247][T28713] ntfs3: loop3: Failed to initialize $Secure (-22). [ 1018.855994][ T5832] usb 4-1: new high-speed USB device number 102 using dummy_hcd [ 1018.887149][T28743] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10129'. [ 1018.891254][T28742] loop1: detected capacity change from 0 to 512 [ 1018.900625][T28743] netlink: 60 bytes leftover after parsing attributes in process `syz.0.10129'. [ 1018.926107][T28743] netlink: 60 bytes leftover after parsing attributes in process `syz.0.10129'. [ 1018.956322][T28742] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a80ec118, mo2=0002] [ 1018.991050][T28742] System zones: 0-2, 18-18, 34-35 [ 1019.065335][T28742] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1019.090699][ T5832] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 1019.105142][T28742] ext4 filesystem being mounted at /2590/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1019.135171][ T5832] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1019.158607][ T5832] usb 4-1: Product: syz [ 1019.182391][ T5832] usb 4-1: Manufacturer: syz [ 1019.187071][ T5832] usb 4-1: SerialNumber: syz [ 1019.220687][ T5832] usb 4-1: config 0 descriptor?? [ 1019.238655][ T5832] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 1019.302781][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1019.309074][T28754] blktrace: Concurrent blktraces are not allowed on loop4 [ 1019.351836][T28756] netlink: 176 bytes leftover after parsing attributes in process `syz.4.10135'. [ 1019.689332][T28761] loop1: detected capacity change from 0 to 8192 [ 1019.708412][ T5832] gspca_sunplus: reg_r err -71 [ 1019.716801][ T5832] sunplus: probe of 4-1:0.0 failed with error -71 [ 1019.737767][ T5832] usb 4-1: USB disconnect, device number 102 [ 1019.780461][T28761] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 1019.814272][T28761] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 1019.862095][T28761] REISERFS (device loop1): using ordered data mode [ 1019.885962][T28761] reiserfs: using flush barriers [ 1019.897946][T28761] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1019.936882][T28761] REISERFS (device loop1): checking transaction log (loop1) [ 1019.962075][T28761] REISERFS (device loop1): Using r5 hash to sort names [ 1019.969477][T28761] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 1019.988674][T28773] netlink: 'syz.0.10142': attribute type 1 has an invalid length. [ 1020.037147][T28773] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.10142'. [ 1020.290951][T28781] loop1: detected capacity change from 0 to 128 [ 1020.338179][T28781] VFS: Found a Xenix FS (block size = 1024) on device loop1 [ 1020.447126][ T5768] sysv_free_block: flc_count > flc_size [ 1020.492872][ T5768] sysv_free_block: flc_count > flc_size [ 1020.498502][ T5768] sysv_free_block: flc_count > flc_size [ 1020.545481][ T5768] sysv_free_block: flc_count > flc_size [ 1020.556903][ T5768] sysv_free_block: flc_count > flc_size [ 1020.562520][ T5768] sysv_free_block: flc_count > flc_size [ 1020.599898][ T5768] sysv_free_block: flc_count > flc_size [ 1020.605526][ T5768] sysv_free_block: flc_count > flc_size [ 1020.646428][ T5768] sysv_free_block: flc_count > flc_size [ 1020.652079][ T5768] sysv_free_block: flc_count > flc_size [ 1020.680058][ T5768] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 1021.247670][T28815] xt_hashlimit: size too large, truncated to 1048576 [ 1021.412118][ T5850] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 1021.559293][T28829] netlink: 60 bytes leftover after parsing attributes in process `syz.4.10171'. [ 1021.632932][ T5850] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1021.666443][ T5850] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1021.694197][ T5850] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1021.714333][ T5850] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1021.770439][ T5850] usb 2-1: Quirk or no altest; falling back to MIDI 1.0 [ 1021.778362][ T5850] usb 2-1: invalid MIDI out EP 0 [ 1021.914579][ T5850] snd-usb-audio: probe of 2-1:27.0 failed with error -22 [ 1022.131990][ T5850] usb 2-1: USB disconnect, device number 101 [ 1023.116441][T28883] netlink: 20 bytes leftover after parsing attributes in process `syz.3.10198'. [ 1023.653354][T28901] loop0: detected capacity change from 0 to 4096 [ 1023.689955][T28901] NILFS (loop0): invalid segment: Checksum error in segment payload [ 1023.711395][T28901] NILFS (loop0): trying rollback from an earlier position [ 1023.724858][T28907] netlink: 209820 bytes leftover after parsing attributes in process `syz.3.10209'. [ 1023.746543][T28901] NILFS (loop0): norecovery option specified, skipping roll-forward recovery [ 1023.802879][T28901] NILFS (loop0): couldn't remount because the filesystem is in an incomplete recovery state [ 1024.127795][T28919] exFAT-fs (nullb0): mounting with "discard" option, but the device does not support discard [ 1024.166691][T28919] exFAT-fs (nullb0): invalid boot record signature [ 1024.173302][T28919] exFAT-fs (nullb0): failed to read boot sector [ 1024.206665][T28919] exFAT-fs (nullb0): failed to recognize exfat type [ 1024.247628][T28923] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10218'. [ 1024.594333][T28931] netlink: 28 bytes leftover after parsing attributes in process `syz.1.10222'. [ 1024.621716][T28931] netlink: 28 bytes leftover after parsing attributes in process `syz.1.10222'. [ 1024.661815][ T5833] usb 1-1: new high-speed USB device number 82 using dummy_hcd [ 1024.878675][ T5833] usb 1-1: Using ep0 maxpacket: 16 [ 1024.901578][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1024.935617][ T5833] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1024.958805][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1024.980039][ T5833] usb 1-1: Product: syz [ 1024.984283][ T5833] usb 1-1: Manufacturer: syz [ 1024.991972][ T5833] usb 1-1: SerialNumber: syz [ 1025.011987][ T5833] usb 1-1: config 0 descriptor?? [ 1025.021835][ T5833] hub 1-1:0.0: bad descriptor, ignoring hub [ 1025.027858][ T5833] hub: probe of 1-1:0.0 failed with error -5 [ 1025.069511][ T5833] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input45 [ 1025.084340][T28943] netlink: 40 bytes leftover after parsing attributes in process `syz.1.10228'. [ 1025.090498][T28945] loop4: detected capacity change from 0 to 512 [ 1025.207629][T28945] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1025.294766][T28945] ext4 filesystem being mounted at /1234/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1025.383306][T17475] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1025.594878][T17437] usb 1-1: USB disconnect, device number 82 [ 1026.322959][T28966] loop3: detected capacity change from 0 to 32768 [ 1026.330346][T28984] netlink: 'syz.4.10247': attribute type 1 has an invalid length. [ 1026.342942][T28966] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop3 scanned by syz.3.10238 (28966) [ 1026.386425][T28966] BTRFS info (device loop3): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 1026.410182][T28986] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10249'. [ 1026.432272][T28966] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 1026.449352][T28986] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10249'. [ 1026.466907][T28966] BTRFS info (device loop3): enabling ssd optimizations [ 1026.483438][T28966] BTRFS info (device loop3): not using ssd optimizations [ 1026.513871][T28966] BTRFS info (device loop3): turning off barriers [ 1026.520920][T28966] BTRFS info (device loop3): using free space tree [ 1026.559433][T28990] libceph: resolve '0' (ret=-3): failed [ 1027.155121][ T5775] BTRFS info (device loop3): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 1027.182704][T29026] cgroup2: Unknown parameter 'memory_hugetlb_accounting' [ 1027.696611][T29039] loop1: detected capacity change from 0 to 128 [ 1027.739911][T29039] FAT-fs (loop1): Directory bread(block 162) failed [ 1027.747042][T29039] FAT-fs (loop1): Directory bread(block 163) failed [ 1027.778968][T29039] FAT-fs (loop1): Directory bread(block 164) failed [ 1027.791152][T29039] FAT-fs (loop1): Directory bread(block 165) failed [ 1027.798374][T29039] FAT-fs (loop1): Directory bread(block 166) failed [ 1027.821758][T29039] FAT-fs (loop1): Directory bread(block 167) failed [ 1027.831854][T29039] FAT-fs (loop1): Directory bread(block 168) failed [ 1027.859000][T29039] FAT-fs (loop1): Directory bread(block 169) failed [ 1027.930261][T29039] FAT-fs (loop1): Directory bread(block 162) failed [ 1027.950742][T29039] FAT-fs (loop1): Directory bread(block 163) failed [ 1027.960468][T29039] syz.1.10266: attempt to access beyond end of device [ 1027.960468][T29039] loop1: rw=3, sector=226, nr_sectors = 6 limit=128 [ 1028.005455][T29039] syz.1.10266: attempt to access beyond end of device [ 1028.005455][T29039] loop1: rw=2051, sector=232, nr_sectors = 2 limit=128 [ 1028.092341][T29045] batadv0: entered promiscuous mode [ 1028.113046][T29045] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1028.408782][T29033] loop4: detected capacity change from 0 to 32768 [ 1028.686303][T29057] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 1028.713208][ T5833] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 1028.722066][T29041] loop3: detected capacity change from 0 to 32768 [ 1028.791472][T29041] ERROR: (device loop3): xtTruncate_pmap: XT_GETPAGE: xtree page corrupt [ 1028.791472][T29041] [ 1028.833844][T29041] ERROR: (device loop3): remounting filesystem as read-only [ 1028.845968][T29041] ERROR: (device loop3): jfs_unlink: [ 1028.845968][T29041] [ 1028.917339][ T5775] ERROR: (device loop3): xtTruncate: XT_GETPAGE: xtree page corrupt [ 1028.917339][ T5775] [ 1028.928693][ T5833] usb 2-1: Using ep0 maxpacket: 32 [ 1028.948389][ T5833] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 1028.989778][ T5833] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1029.017907][ T5833] usb 2-1: config 0 descriptor?? [ 1029.040753][ T5833] gspca_main: sq930x-2.14.0 probing 041e:403c [ 1029.259918][T29065] netlink: zone id is out of range [ 1029.269465][T29065] netlink: del zone limit has 8 unknown bytes [ 1029.446061][T29071] netlink: 'syz.0.10282': attribute type 3 has an invalid length. [ 1029.487769][ T5833] gspca_sq930x: ucbus_write failed -71 [ 1029.504190][ T5833] sq930x: probe of 2-1:0.0 failed with error -71 [ 1029.530543][ T5833] usb 2-1: USB disconnect, device number 102 [ 1029.547666][T29073] netlink: 44 bytes leftover after parsing attributes in process `syz.3.10283'. [ 1029.800072][T29083] netlink: 'syz.0.10288': attribute type 10 has an invalid length. [ 1029.834440][T29083] netlink: 40 bytes leftover after parsing attributes in process `syz.0.10288'. [ 1029.912120][T29085] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10289'. [ 1030.242197][ T27] usb 4-1: new high-speed USB device number 103 using dummy_hcd [ 1030.277964][T29099] netlink: 'syz.4.10296': attribute type 10 has an invalid length. [ 1030.457081][ T27] usb 4-1: Using ep0 maxpacket: 16 [ 1030.490660][ T27] usb 4-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 1030.510432][T29107] loop0: detected capacity change from 0 to 256 [ 1030.515453][ T27] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1030.539429][ T27] usb 4-1: New USB device found, idVendor=046b, idProduct=0000, bcdDevice= 0.00 [ 1030.551771][T29099] team0 (unregistering): Port device team_slave_0 removed [ 1030.567190][ T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1030.590695][T29107] FAT-fs (loop0): Directory bread(block 64) failed [ 1030.597313][T29107] FAT-fs (loop0): Directory bread(block 65) failed [ 1030.610784][ T27] usb 4-1: 0:2 : does not exist [ 1030.628451][T29107] FAT-fs (loop0): Directory bread(block 66) failed [ 1030.652155][T29107] FAT-fs (loop0): Directory bread(block 67) failed [ 1030.658854][T29107] FAT-fs (loop0): Directory bread(block 68) failed [ 1030.668824][T29099] team0 (unregistering): Port device team_slave_1 removed [ 1030.709256][T29107] FAT-fs (loop0): Directory bread(block 69) failed [ 1030.718733][T29107] FAT-fs (loop0): Directory bread(block 70) failed [ 1030.728659][T29107] FAT-fs (loop0): Directory bread(block 71) failed [ 1030.764715][T29107] FAT-fs (loop0): Directory bread(block 72) failed [ 1030.775586][T29107] FAT-fs (loop0): Directory bread(block 73) failed [ 1030.921385][ T27] usb 4-1: USB disconnect, device number 103 [ 1031.226136][T29119] No such timeout policy "syz0" [ 1031.248728][ T28] audit: type=1326 audit(2000000001.181:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29120 comm="syz.0.10307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b5a99aeb9 code=0x7ffc0000 [ 1031.293926][ T28] audit: type=1326 audit(2000000001.181:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29120 comm="syz.0.10307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b5a99aeb9 code=0x7ffc0000 [ 1031.359664][ T28] audit: type=1326 audit(2000000001.181:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29120 comm="syz.0.10307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=23 compat=0 ip=0x7f4b5a99aeb9 code=0x7ffc0000 [ 1031.405186][ T28] audit: type=1326 audit(2000000001.181:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29120 comm="syz.0.10307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b5a99aeb9 code=0x7ffc0000 [ 1031.973750][T29139] loop0: detected capacity change from 0 to 4096 [ 1032.003042][T29139] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 1032.062186][T29139] ntfs3: loop0: Failed to initialize $Extend/$ObjId. [ 1032.202050][T20075] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 1032.219599][T29151] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10321'. [ 1032.263405][T29153] loop4: detected capacity change from 0 to 256 [ 1032.290851][T29153] exfat: Deprecated parameter 'utf8' [ 1032.318223][T29153] exfat: Deprecated parameter 'namecase' [ 1032.335272][T29153] exfat: Deprecated parameter 'namecase' [ 1032.361165][T29157] loop3: detected capacity change from 0 to 8 [ 1032.363213][T29153] exfat: Deprecated parameter 'utf8' [ 1032.397105][T29153] exFAT-fs (loop4): failed to load upcase table (idx : 0x00012153, chksum : 0xc9bffc20, utbl_chksum : 0xe619d30d) [ 1032.409768][T20075] usb 2-1: Using ep0 maxpacket: 16 [ 1032.432058][T20075] usb 2-1: config 0 has no interfaces? [ 1032.453902][T20075] usb 2-1: config 0 has no interfaces? [ 1032.487577][T20075] usb 2-1: config 0 has no interfaces? [ 1032.497049][T29157] SQUASHFS error: lzo decompression failed, data probably corrupt [ 1032.515142][T20075] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1032.534187][T20075] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1032.550613][T29157] SQUASHFS error: Failed to read block 0x144: -5 [ 1032.580200][T29157] SQUASHFS error: Unable to read metadata cache entry [142] [ 1032.588901][T20075] usb 2-1: Product: syz [ 1032.594161][T20075] usb 2-1: Manufacturer: syz [ 1032.598807][T20075] usb 2-1: SerialNumber: syz [ 1032.613840][T29157] SQUASHFS error: Unable to read directory block [142:26] [ 1032.635505][T20075] r8152-cfgselector 2-1: config 0 descriptor?? [ 1032.788194][T29161] netlink: 'syz.0.10328': attribute type 3 has an invalid length. [ 1032.796214][T29161] netlink: 'syz.0.10328': attribute type 27 has an invalid length. [ 1032.835414][T29164] netlink: 'syz.3.10327': attribute type 2 has an invalid length. [ 1032.847322][T29165] netlink: 72 bytes leftover after parsing attributes in process `syz.4.10326'. [ 1032.879593][T20075] r8152-cfgselector 2-1: Unknown version 0x0000 [ 1033.114999][ T9] r8152-cfgselector 2-1: USB disconnect, device number 103 [ 1033.337920][T29177] loop4: detected capacity change from 0 to 4096 [ 1033.386700][T29177] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1033.645439][T17475] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1033.817179][T29199] netlink: 32 bytes leftover after parsing attributes in process `syz.4.10343'. [ 1033.936094][T29205] IPv6: Can't replace route, no match found [ 1034.128147][T29211] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 1034.499458][T29228] bridge8: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 1034.510776][T29228] bridge8: entered promiscuous mode [ 1034.516124][T29228] bridge8: entered allmulticast mode [ 1034.781337][ T9] usb 1-1: new high-speed USB device number 83 using dummy_hcd [ 1034.934691][T29244] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.10366'. [ 1034.998027][ T27] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 1034.999329][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 1035.017808][ T9] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1035.028273][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1035.036797][ T9] usb 1-1: Product: syz [ 1035.041988][ T9] usb 1-1: Manufacturer: syz [ 1035.046903][ T9] usb 1-1: SerialNumber: syz [ 1035.054731][ T9] r8152-cfgselector 1-1: config 0 descriptor?? [ 1035.196991][ T27] usb 2-1: Using ep0 maxpacket: 32 [ 1035.211674][ T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1035.223189][ T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1035.237165][ T27] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1035.246349][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1035.261328][ T27] usb 2-1: config 0 descriptor?? [ 1035.289348][ T27] hub 2-1:0.0: USB hub found [ 1035.504562][ T27] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 1035.549962][ T9] r8152-cfgselector 1-1: Unknown version 0x0000 [ 1035.569917][ T9] r8152-cfgselector 1-1: USB disconnect, device number 83 [ 1035.646748][T29256] loop4: detected capacity change from 0 to 4096 [ 1035.674497][T29256] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 1035.726217][ T27] usbhid 2-1:0.0: can't add hid device: -71 [ 1035.746297][ T27] usbhid: probe of 2-1:0.0 failed with error -71 [ 1035.764457][T29256] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 1035.812090][ T27] usb 2-1: USB disconnect, device number 104 [ 1035.867206][T29256] ntfs3: loop4: failed to convert "c46c" to cp860 [ 1035.924163][T29262] loop3: detected capacity change from 0 to 8 [ 1035.934179][T29262] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 1035.953957][T29262] cramfs: Error -3 while decompressing! [ 1035.959734][T29262] cramfs: ffffffff973f3368(26)->ffff88804fb14000(4096) [ 1035.968463][T29262] cramfs: Error -3 while decompressing! [ 1035.979775][ T5781] udevd[5781]: incorrect cramfs checksum on /dev/loop3 [ 1035.990752][T29262] cramfs: ffffffff973f3382(26)->ffff8880511e2000(4096) [ 1036.004601][T29262] cramfs: Error -3 while decompressing! [ 1036.024795][ T5781] udevd[5781]: incorrect cramfs checksum on /dev/loop3 [ 1036.033614][T29262] cramfs: ffffffff973f339c(16)->ffff888050d97000(4096) [ 1036.048193][T29262] cramfs: Error -3 while decompressing! [ 1036.056508][T29262] cramfs: ffffffff973f3368(26)->ffff88804fb14000(4096) [ 1036.569751][ T9] usb 1-1: new high-speed USB device number 84 using dummy_hcd [ 1036.697115][T29286] gretap2: entered allmulticast mode [ 1036.786407][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 1036.807585][ T9] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 1036.827991][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1036.847995][ T9] usb 1-1: Product: syz [ 1036.852341][T29294] QAT: Invalid ioctl 1076910120 [ 1036.858909][ T9] usb 1-1: Manufacturer: syz [ 1036.868337][ T9] usb 1-1: SerialNumber: syz [ 1036.878040][ T9] usb 1-1: config 0 descriptor?? [ 1037.120556][T29299] loop4: detected capacity change from 0 to 4096 [ 1037.136152][ T9] usb 1-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 1037.163926][T29299] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 1037.273280][T29299] ntfs3: loop4: Failed to initialize $Extend/$Reparse. [ 1037.354812][ T9] usb write operation failed. (-71) [ 1037.370664][ T9] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1037.392014][ T9] dvbdev: DVB: registering new adapter (Terratec H7) [ 1037.402332][ T9] usb 1-1: media controller created [ 1037.415461][ T9] usb read operation failed. (-71) [ 1037.425301][ T9] usb write operation failed. (-71) [ 1037.456848][ T9] dvb_usb_az6007: probe of 1-1:0.0 failed with error -5 [ 1037.475585][ T9] usb 1-1: USB disconnect, device number 84 [ 1037.751929][ T27] usb 4-1: new full-speed USB device number 104 using dummy_hcd [ 1037.970225][ T27] usb 4-1: config 0 has an invalid interface number: 110 but max is 0 [ 1037.978638][ T27] usb 4-1: config 0 has no interface number 0 [ 1037.984784][ T27] usb 4-1: config 0 interface 110 has no altsetting 0 [ 1038.005283][ T27] usb 4-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=af.55 [ 1038.021669][ T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1038.035857][ T27] usb 4-1: Product: syz [ 1038.040088][ T27] usb 4-1: Manufacturer: syz [ 1038.083987][ T27] usb 4-1: SerialNumber: syz [ 1038.094162][ T27] usb 4-1: config 0 descriptor?? [ 1038.145275][T29330] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 1038.367364][ T27] cdc_subset: probe of 4-1:0.110 failed with error -22 [ 1038.611355][ T27] usb 4-1: USB disconnect, device number 104 [ 1039.018482][T29368] loop0: detected capacity change from 0 to 512 [ 1039.091778][T29368] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1039.140457][T29368] ext4 filesystem being mounted at /2690/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1039.288257][T29368] Quota error (device loop0): do_check_range: Getting dqdh_next_free 2741 out of range 0-6 [ 1039.316808][T29368] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 1039.363394][T29368] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.10427: Failed to acquire dquot type 0 [ 1039.472786][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1039.634341][T29391] loop0: detected capacity change from 0 to 1764 [ 1039.865517][T29399] netlink: 20 bytes leftover after parsing attributes in process `syz.3.10443'. [ 1040.349033][T29419] loop3: detected capacity change from 0 to 512 [ 1040.412707][T29419] EXT4-fs error (device loop3): ext4_iget_extra_inode:4732: inode #15: comm syz.3.10452: corrupted in-inode xattr: invalid ea_ino [ 1040.517401][T29419] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.10452: couldn't read orphan inode 15 (err -117) [ 1040.611249][T29419] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1040.792188][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1041.533310][T29467] netlink: 'syz.3.10475': attribute type 1 has an invalid length. [ 1041.552352][T29467] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10475'. [ 1041.615144][T29469] x_tables: unsorted entry at hook 3 [ 1041.759440][T29443] loop4: detected capacity change from 0 to 32768 [ 1041.957783][T29477] netlink: 'syz.0.10480': attribute type 9 has an invalid length. [ 1042.769798][T29507] netlink: 'syz.0.10495': attribute type 21 has an invalid length. [ 1042.802995][T29507] netlink: 132 bytes leftover after parsing attributes in process `syz.0.10495'. [ 1042.823361][T29507] netlink: 'syz.0.10495': attribute type 1 has an invalid length. [ 1043.220176][T29524] loop4: detected capacity change from 0 to 2048 [ 1043.276230][T29524] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 1043.300990][T29524] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 1043.370613][T29524] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1044.119362][T29559] loop0: detected capacity change from 0 to 512 [ 1044.182405][T29559] FAT-fs (loop0): error, invalid access to FAT (entry 0x0fff7fff) [ 1044.182555][T29559] FAT-fs (loop0): Filesystem has been set read-only [ 1044.388613][T29566] binfmt_misc: register: failed to install interpreter file ./file0 [ 1044.869417][T29556] loop3: detected capacity change from 0 to 32768 [ 1044.953975][T29556] ERROR: (device loop3): dbFindCtl: Corrupt dmapctl page [ 1044.953975][T29556] [ 1044.989452][T29556] ERROR: (device loop3): remounting filesystem as read-only [ 1045.019557][T29556] ialloc: diAlloc returned -5! [ 1045.691785][T29608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10545'. [ 1045.730891][T29608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10545'. [ 1045.770839][T29608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10545'. [ 1045.808327][T29608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10545'. [ 1045.833234][T29614] /dev/nullb0: Can't open blockdev [ 1045.840770][T29608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10545'. [ 1045.877881][T29608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10545'. [ 1045.910456][T29608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10545'. [ 1045.937484][T29608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10545'. [ 1045.963809][T29608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10545'. [ 1045.994871][T29608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10545'. [ 1046.064644][T29618] sctp: [Deprecated]: syz.3.10550 (pid 29618) Use of int in maxseg socket option. [ 1046.064644][T29618] Use struct sctp_assoc_value instead [ 1046.508264][T29636] loop0: detected capacity change from 0 to 8 [ 1046.562857][T29638] openvswitch: netlink: Message has 245 unknown bytes. [ 1046.569820][T29638] openvswitch: netlink: Actions may not be safe on all matching packets [ 1047.252818][T29664] loop1: detected capacity change from 0 to 1024 [ 1047.377393][T10903] hfsplus: b-tree write err: -5, ino 4 [ 1047.470454][ T5781] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1047.949622][ T9] usb 1-1: new high-speed USB device number 85 using dummy_hcd [ 1048.187688][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 1048.199685][ T9] usb 1-1: config 0 has an invalid interface number: 223 but max is 0 [ 1048.209172][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1048.260441][ T9] usb 1-1: config 0 has no interface number 0 [ 1048.274476][ T9] usb 1-1: config 0 interface 223 altsetting 1 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 1048.312023][ T9] usb 1-1: config 0 interface 223 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1048.329091][ T9] usb 1-1: config 0 interface 223 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1048.361234][ T9] usb 1-1: config 0 interface 223 has no altsetting 0 [ 1048.384359][ T9] usb 1-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 1048.415193][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1048.445282][ T9] usb 1-1: Product: syz [ 1048.459072][ T9] usb 1-1: Manufacturer: syz [ 1048.463758][ T9] usb 1-1: SerialNumber: syz [ 1048.497267][ T9] usb 1-1: config 0 descriptor?? [ 1049.024099][ T9] usb 1-1: USB disconnect, device number 85 [ 1049.060303][T29726] netlink: 'syz.4.10604': attribute type 2 has an invalid length. [ 1049.187568][T29730] loop4: detected capacity change from 0 to 256 [ 1049.227253][T29730] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xd67973f8, utbl_chksum : 0xe619d30d) [ 1049.366998][T29730] exFAT-fs (loop4): error, found bogus dentry(12) beyond unused empty group(11) (start_clu : 5, cur_clu : 5) [ 1049.430342][T29716] loop3: detected capacity change from 0 to 32768 [ 1049.433501][T29730] exFAT-fs (loop4): Filesystem has been set read-only [ 1049.515844][T29716] JBD2: Ignoring recovery information on journal [ 1049.639855][T29716] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1050.065999][ T5775] ocfs2: Unmounting device (7,3) on (node local) [ 1050.210186][T29755] loop1: detected capacity change from 0 to 512 [ 1050.258979][T29755] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1050.466800][T29760] loop0: detected capacity change from 0 to 4096 [ 1050.491437][T29760] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 1051.278892][T29789] loop0: detected capacity change from 0 to 64 [ 1051.428181][T29794] __nla_validate_parse: 96 callbacks suppressed [ 1051.428199][T29794] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10634'. [ 1051.469881][T29794] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10634'. [ 1051.481128][T29794] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10634'. [ 1051.496509][T29794] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10634'. [ 1051.511658][T29794] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10634'. [ 1051.524283][T29794] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10634'. [ 1051.535839][T29794] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10634'. [ 1051.550086][T29794] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10634'. [ 1051.561639][T29794] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10634'. [ 1051.573826][T29794] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10634'. [ 1052.010297][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 1052.119722][T29812] netlink: 'syz.3.10644': attribute type 2 has an invalid length. [ 1052.692543][T29827] ieee802154 phy1 wpan1: encryption failed: -22 [ 1052.847312][T29816] loop0: detected capacity change from 0 to 32768 [ 1052.859711][T29831] loop3: detected capacity change from 0 to 512 [ 1052.870989][T29831] EXT4-fs: Ignoring removed i_version option [ 1052.897449][T29816] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 1052.912931][T29831] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1052.979144][T29816] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 1053.010010][T29831] EXT4-fs (loop3): 1 truncate cleaned up [ 1053.048247][T29831] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1053.131512][T29831] EXT4-fs warning (device loop3): verify_group_input:151: Cannot add at group 1029 (only 1 groups) [ 1053.230346][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1053.254414][T29817] loop4: detected capacity change from 0 to 32768 [ 1053.287755][T29817] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 1053.310026][ T5771] ocfs2: Unmounting device (7,0) on (node local) [ 1053.352049][T29817] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 1053.420815][T29817] gfs2: fsid=syz:syz.0: journal 0 mapped with 18 extents in 0ms [ 1053.479200][T17437] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 1053.486508][T17437] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 1053.639097][T29848] x_tables: duplicate underflow at hook 1 [ 1053.739162][T17437] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 233ms [ 1053.748117][T29847] loop0: detected capacity change from 0 to 4096 [ 1053.756546][T17437] gfs2: fsid=syz:syz.0: jid=0: Done [ 1053.762835][T29847] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 1053.772031][T29817] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 1053.812028][T29817] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error [ 1053.812028][T29817] inode = 0 2341 [ 1053.812028][T29817] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 472 [ 1053.888610][T29817] gfs2: fsid=syz:syz.0: G: s:SH n:2/925 f:qobnN t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 1053.897904][T29817] gfs2: fsid=syz:syz.0: H: s:SH f:AH e:0 p:29817 [syz.4.10647] inode_permission+0x23d/0x480 [ 1053.948663][T29817] gfs2: fsid=syz:syz.0: I: n:0/2341 t:4 f:0x00 d:0x00000000 s:0 p:0 [ 1053.995836][T29817] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 1054.014875][T29817] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 1054.024451][T29852] netlink: 'syz.1.10663': attribute type 49 has an invalid length. [ 1054.032849][T29817] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 1054.069738][T29817] gfs2: fsid=syz:syz.0: File system withdrawn [ 1054.094369][T29817] CPU: 0 PID: 29817 Comm: syz.4.10647 Not tainted syzkaller #0 [ 1054.101997][T29817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1054.112103][T29817] Call Trace: [ 1054.115422][T29817] [ 1054.118394][T29817] dump_stack_lvl+0x18c/0x250 [ 1054.123134][T29817] ? kobject_uevent_env+0x363/0x8b0 [ 1054.128388][T29817] ? show_regs_print_info+0x20/0x20 [ 1054.133646][T29817] ? load_image+0x400/0x400 [ 1054.138208][T29817] ? kobject_uevent_env+0x363/0x8b0 [ 1054.143474][T29817] gfs2_withdraw+0xb24/0x13d0 [ 1054.148226][T29817] ? gfs2_lm+0x240/0x240 [ 1054.152536][T29817] ? preempt_schedule+0xc0/0xd0 [ 1054.157452][T29817] ? gfs2_consist_inode_i+0xf5/0x110 [ 1054.162801][T29817] gfs2_inode_refresh+0xb89/0x1000 [ 1054.167982][T29817] ? gfs2_inode_metasync+0xf0/0xf0 [ 1054.173147][T29817] ? gfs2_glock_nq+0xd4f/0x1420 [ 1054.178189][T29817] ? do_raw_spin_lock+0x11f/0x2c0 [ 1054.183292][T29817] gfs2_instantiate+0x162/0x220 [ 1054.188216][T29817] gfs2_glock_wait+0x1d4/0x2a0 [ 1054.193080][T29817] gfs2_permission+0x25a/0x460 [ 1054.197911][T29817] ? gfs2_lookupi+0x640/0x640 [ 1054.202650][T29817] ? inode_permission+0x23d/0x480 [ 1054.207749][T29817] ? gfs2_lookupi+0x640/0x640 [ 1054.212488][T29817] inode_permission+0x23d/0x480 [ 1054.217406][T29817] may_open+0x2e9/0x440 [ 1054.221633][T29817] path_openat+0x268c/0x3230 [ 1054.226303][T29817] ? do_sys_openat2+0xda/0x1d0 [ 1054.231124][T29817] ? verify_lock_unused+0x140/0x140 [ 1054.236380][T29817] ? do_filp_open+0x430/0x430 [ 1054.241115][T29817] ? __virt_addr_valid+0x18c/0x540 [ 1054.246297][T29817] do_filp_open+0x1f5/0x430 [ 1054.250863][T29817] ? vfs_tmpfile+0x490/0x490 [ 1054.255529][T29817] ? _raw_spin_unlock+0x28/0x40 [ 1054.260428][T29817] ? alloc_fd+0x58f/0x630 [ 1054.264823][T29817] do_sys_openat2+0x134/0x1d0 [ 1054.269565][T29817] ? do_sys_open+0xe0/0xe0 [ 1054.274034][T29817] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1054.280068][T29817] ? lock_chain_count+0x20/0x20 [ 1054.284977][T29817] __x64_sys_openat+0x139/0x160 [ 1054.289891][T29817] do_syscall_64+0x55/0xa0 [ 1054.294362][T29817] ? clear_bhb_loop+0x40/0x90 [ 1054.299078][T29817] ? clear_bhb_loop+0x40/0x90 [ 1054.303832][T29817] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1054.309789][T29817] RIP: 0033:0x7f7a19b5b78e [ 1054.314259][T29817] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1054.333925][T29817] RSP: 002b:00007f7a1aadbda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1054.342387][T29817] RAX: ffffffffffffffda RBX: 00007f7a1aadc6c0 RCX: 00007f7a19b5b78e [ 1054.350407][T29817] RDX: 0000000000010000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1054.358434][T29817] RBP: 00002000000002c0 R08: 0000000000000000 R09: 0000000000000000 [ 1054.366451][T29817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000100 [ 1054.374478][T29817] R13: 00007f7a1aadbea0 R14: 0000000000012806 R15: 0000200000002080 [ 1054.382515][T29817] [ 1054.421735][T29857] loop0: detected capacity change from 0 to 256 [ 1054.429533][T29857] exfat: Deprecated parameter 'namecase' [ 1054.460081][T29857] exfat: Deprecated parameter 'utf8' [ 1054.512173][T29857] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 1054.585807][ T28] audit: type=1400 audit(2000000022.707:819): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=29859 comm="syz.3.10667" [ 1054.782428][T29864] netlink: 'syz.1.10671': attribute type 3 has an invalid length. [ 1055.222172][T29880] netlink: 'syz.0.10677': attribute type 21 has an invalid length. [ 1055.546347][T20075] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 1055.594222][T29894] netlink: 'syz.4.10684': attribute type 4 has an invalid length. [ 1055.716145][T29891] loop3: detected capacity change from 0 to 4096 [ 1055.754388][T20075] usb 2-1: config 0 has an invalid interface number: 117 but max is 0 [ 1055.785913][T20075] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1055.799542][T20075] usb 2-1: config 0 has no interface number 0 [ 1055.805761][T20075] usb 2-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1055.829537][T20075] usb 2-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1055.870010][T20075] usb 2-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1055.893580][T20075] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1055.914837][T20075] usb 2-1: Product: syz [ 1055.925696][T20075] usb 2-1: Manufacturer: syz [ 1055.930359][T20075] usb 2-1: SerialNumber: syz [ 1055.957681][T20075] usb 2-1: config 0 descriptor?? [ 1056.226689][T20075] usbtouchscreen: probe of 2-1:0.117 failed with error -71 [ 1056.267057][T20075] usb 2-1: USB disconnect, device number 105 [ 1056.498157][T29918] netlink: 'syz.4.10696': attribute type 6 has an invalid length. [ 1057.042578][T29943] loop1: detected capacity change from 0 to 2048 [ 1057.063188][T29943] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1057.199077][T29948] loop4: detected capacity change from 0 to 16 [ 1057.249799][T29948] erofs: (device loop4): mounted with root inode @ nid 36. [ 1058.439423][T29991] loop1: detected capacity change from 0 to 4096 [ 1058.546855][T29991] ntfs: (device loop1): ntfs_read_locked_inode(): Corrupt standard information attribute in inode. [ 1058.592811][T29991] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1058.632585][T29991] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1058.725091][T29991] ntfs: volume version 3.1. [ 1059.010670][T30011] __nla_validate_parse: 91 callbacks suppressed [ 1059.010689][T30011] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10741'. [ 1059.045430][T30011] netlink: 68 bytes leftover after parsing attributes in process `syz.0.10741'. [ 1059.072243][T30011] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10741'. [ 1059.081982][T30011] netlink: 68 bytes leftover after parsing attributes in process `syz.0.10741'. [ 1059.438611][T30022] loop3: detected capacity change from 0 to 4096 [ 1060.152243][T30050] netlink: 'syz.4.10760': attribute type 30 has an invalid length. [ 1060.523861][T30067] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10768'. [ 1060.546153][T30067] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10768'. [ 1060.582919][T30067] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10768'. [ 1061.880872][T30127] netlink: 304 bytes leftover after parsing attributes in process `syz.4.10796'. [ 1062.027419][T17437] usb 1-1: new high-speed USB device number 86 using dummy_hcd [ 1062.059244][T30130] loop3: detected capacity change from 0 to 2048 [ 1062.126223][T30130] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1062.182128][ T28] audit: type=1800 audit(2000000029.720:820): pid=30130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.10799" name="bus" dev="loop3" ino=1367 res=0 errno=0 [ 1062.254983][T17437] usb 1-1: Using ep0 maxpacket: 8 [ 1062.276744][T17437] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 1062.285108][T17437] usb 1-1: config 179 has no interface number 0 [ 1062.327614][T17437] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 1062.352427][T17437] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 1062.398009][T17437] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 1062.427951][T17437] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 1062.446349][T30138] netlink: 24 bytes leftover after parsing attributes in process `syz.3.10804'. [ 1062.464742][T17437] usb 1-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1062.503355][T30138] netlink: 24 bytes leftover after parsing attributes in process `syz.3.10804'. [ 1062.508084][T17437] usb 1-1: config 179 interface 65 has no altsetting 0 [ 1062.535475][T17437] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1062.570317][T17437] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1062.592984][T30143] loop1: detected capacity change from 0 to 16 [ 1062.624494][T30143] erofs: (device loop1): mounted with root inode @ nid 36. [ 1062.650942][T17437] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input47 [ 1062.668485][T30143] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 1062.722985][T30143] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 1062.766897][ T5123] input input47: unable to receive magic message: -110 [ 1062.819809][ T5123] input input47: unable to receive magic message: -32 [ 1062.944786][ T5123] input input47: unable to receive magic message: -32 [ 1062.957718][ T5123] input input47: unable to receive magic message: -32 [ 1063.023264][ T5123] input input47: unable to receive magic message: -32 [ 1063.082397][ T5123] input input47: unable to receive magic message: -32 [ 1063.164686][ T5833] usb 1-1: USB disconnect, device number 86 [ 1063.164761][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1063.187304][ T5833] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 1063.518563][T30169] loop3: detected capacity change from 0 to 1024 [ 1064.402633][T30198] loop0: detected capacity change from 0 to 4096 [ 1064.442419][T30198] ntfs: (device loop0): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 1064.466575][T30198] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing. [ 1064.493604][T30198] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 1064.541944][T30198] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1064.595396][T30198] ntfs: volume version 3.1. [ 1064.700023][T30198] ntfs: (device loop0): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 1064.741536][T30198] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x40 as bad. Run chkdsk. [ 1065.345136][T30200] loop4: detected capacity change from 0 to 32768 [ 1065.410005][T30200] ERROR: (device loop4): dbFindCtl: Corrupt dmapctl page [ 1065.410005][T30200] [ 1065.428922][T30200] ERROR: (device loop4): remounting filesystem as read-only [ 1065.852908][T30238] netlink: 'syz.4.10852': attribute type 3 has an invalid length. [ 1065.893918][T30238] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.10852'. [ 1066.047668][T30218] loop3: detected capacity change from 0 to 32768 [ 1066.100144][T30218] [ 1066.100144][T30218] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1066.100144][T30218] [ 1066.311921][ T5775] [ 1066.311921][ T5775] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1066.311921][ T5775] [ 1066.342273][ T5775] [ 1066.342273][ T5775] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1066.342273][ T5775] [ 1066.426171][T30250] loop1: detected capacity change from 0 to 1024 [ 1066.454875][T30250] EXT4-fs: Ignoring removed oldalloc option [ 1066.481743][T30250] EXT4-fs: Ignoring removed orlov option [ 1066.487454][T30250] EXT4-fs: Ignoring removed oldalloc option [ 1066.503367][T30250] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1066.548896][T30250] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1066.672083][T30250] EXT4-fs error (device loop1): ext4_xattr_set_entry:1669: inode #13: comm syz.1.10858: corrupted xattr entries [ 1066.786984][T30250] EXT4-fs (loop1): Remounting filesystem read-only [ 1066.793576][T30250] EXT4-fs warning (device loop1): ext4_xattr_ibody_set:2276: inode #18: comm syz.1.10858: dec ref error=-5 [ 1066.932411][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1067.076875][T30235] loop0: detected capacity change from 0 to 32768 [ 1067.150090][T30235] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 1067.175030][T30235] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 1067.237420][T30235] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 1067.258081][T30272] loop1: detected capacity change from 0 to 2048 [ 1067.297869][T30272] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1067.319263][ T5833] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 1067.333591][ T5833] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 1067.464656][T30272] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #12: block 2: comm syz.1.10867: lblock 0 mapped to illegal pblock 2 (length 1) [ 1067.611023][ T5833] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 255ms [ 1067.629873][ T5833] gfs2: fsid=syz:syz.0: jid=0: Done [ 1067.637213][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1067.645975][T30235] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 1067.730397][T30235] gfs2: fsid=syz:syz.0: gfs2_check_dirent: name length is greater than space in dirent (first in block) [ 1067.766097][T30235] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error [ 1067.766097][T30235] inode = 12 2341 [ 1067.766097][T30235] function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602 [ 1067.818653][T30235] gfs2: fsid=syz:syz.0: G: s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 1067.832197][T30235] gfs2: fsid=syz:syz.0: H: s:SH f:H e:0 p:30235 [syz.0.10849] __gfs2_lookup+0xad/0x2a0 [ 1067.840439][T30284] program syz.3.10873 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1067.850143][T30235] gfs2: fsid=syz:syz.0: I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0 [ 1067.864667][T30235] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 1067.883635][T30235] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 1067.892627][T30235] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 1067.917026][T30235] gfs2: fsid=syz:syz.0: File system withdrawn [ 1067.929691][T30235] CPU: 0 PID: 30235 Comm: syz.0.10849 Not tainted syzkaller #0 [ 1067.937314][T30235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1067.947448][T30235] Call Trace: [ 1067.950774][T30235] [ 1067.953742][T30235] dump_stack_lvl+0x18c/0x250 [ 1067.958560][T30235] ? kobject_uevent_env+0x363/0x8b0 [ 1067.963808][T30235] ? show_regs_print_info+0x20/0x20 [ 1067.969061][T30235] ? load_image+0x400/0x400 [ 1067.973617][T30235] ? kobject_uevent_env+0x363/0x8b0 [ 1067.978908][T30235] gfs2_withdraw+0xb24/0x13d0 [ 1067.983664][T30235] ? gfs2_lm+0x240/0x240 [ 1067.987986][T30235] ? load_image+0x400/0x400 [ 1067.992538][T30235] ? gfs2_consist_inode_i+0xf5/0x110 [ 1067.997882][T30235] gfs2_dirent_scan+0x525/0x650 [ 1068.002795][T30235] ? gfs2_dirent_search+0x7f0/0x7f0 [ 1068.008048][T30235] gfs2_dirent_search+0x2ed/0x7f0 [ 1068.013133][T30235] ? gfs2_dirent_search+0x7f0/0x7f0 [ 1068.018392][T30235] ? gfs2_permission+0x384/0x460 [ 1068.023412][T30235] ? __might_sleep+0xe0/0xe0 [ 1068.028050][T30235] ? gfs2_dir_search+0x220/0x220 [ 1068.033030][T30235] ? gfs2_lookupi+0x640/0x640 [ 1068.037767][T30235] ? do_raw_spin_lock+0x11f/0x2c0 [ 1068.042858][T30235] gfs2_dir_search+0x4d/0x220 [ 1068.047589][T30235] gfs2_lookupi+0x45c/0x640 [ 1068.052144][T30235] ? gfs2_lookup_meta+0x180/0x180 [ 1068.057234][T30235] ? __gfs2_lookup+0xad/0x2a0 [ 1068.061977][T30235] __gfs2_lookup+0xad/0x2a0 [ 1068.066538][T30235] ? gfs2_atomic_open+0x220/0x220 [ 1068.071632][T30235] ? do_raw_spin_unlock+0x121/0x230 [ 1068.076894][T30235] ? _raw_spin_unlock+0x28/0x40 [ 1068.081803][T30235] ? d_alloc+0x1eb/0x250 [ 1068.086111][T30235] lookup_one_qstr_excl+0x112/0x250 [ 1068.091365][T30235] filename_create+0x23e/0x480 [ 1068.096181][T30235] ? kern_path_create+0x50/0x50 [ 1068.101071][T30235] ? __virt_addr_valid+0x18c/0x540 [ 1068.106255][T30235] ? __virt_addr_valid+0x18c/0x540 [ 1068.111426][T30235] do_mknodat+0x18b/0x500 [ 1068.115801][T30235] ? do_o_path+0x200/0x200 [ 1068.120278][T30235] __x64_sys_mknod+0x8e/0xa0 [ 1068.124917][T30235] do_syscall_64+0x55/0xa0 [ 1068.129382][T30235] ? clear_bhb_loop+0x40/0x90 [ 1068.134095][T30235] ? clear_bhb_loop+0x40/0x90 [ 1068.138834][T30235] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1068.144799][T30235] RIP: 0033:0x7f4b5a99aeb9 [ 1068.149259][T30235] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1068.169002][T30235] RSP: 002b:00007f4b5b8cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 1068.177458][T30235] RAX: ffffffffffffffda RBX: 00007f4b5ac15fa0 RCX: 00007f4b5a99aeb9 [ 1068.185459][T30235] RDX: 0000000000000701 RSI: 0000000000000000 RDI: 0000200000000000 [ 1068.193466][T30235] RBP: 00007f4b5aa08c1f R08: 0000000000000000 R09: 0000000000000000 [ 1068.201488][T30235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1068.209507][T30235] R13: 00007f4b5ac16038 R14: 00007f4b5ac15fa0 R15: 00007ffc48b01848 [ 1068.217539][T30235] [ 1068.220662][ C0] vkms_vblank_simulate: vblank timer overrun [ 1068.907939][T30307] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 1069.058939][T30286] loop1: detected capacity change from 0 to 32768 [ 1069.138090][T30286] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 1069.221701][T30286] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1069.313130][ T31] (kworker/u4:2,31,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=312, inode=13845347915746889, rec_len=25793, name_len=214 [ 1069.500889][T30286] [ 1069.503284][T30286] ====================================================== [ 1069.510332][T30286] WARNING: possible circular locking dependency detected [ 1069.517393][T30286] syzkaller #0 Not tainted [ 1069.521836][T30286] ------------------------------------------------------ [ 1069.528876][T30286] syz.1.10872/30286 is trying to acquire lock: [ 1069.535054][T30286] ffff88805ec23ff8 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_init_acl+0x30a/0x770 [ 1069.544445][T30286] [ 1069.544445][T30286] but task is already holding lock: [ 1069.551839][T30286] ffff88807c810ce8 (&journal->j_trans_barrier){.+.+}-{3:3}, at: ocfs2_start_trans+0x3a8/0x6f0 [ 1069.562154][T30286] [ 1069.562154][T30286] which lock already depends on the new lock. [ 1069.562154][T30286] [ 1069.572587][T30286] [ 1069.572587][T30286] the existing dependency chain (in reverse order) is: [ 1069.581658][T30286] [ 1069.581658][T30286] -> #3 (&journal->j_trans_barrier){.+.+}-{3:3}: [ 1069.590242][T30286] down_read+0x46/0x2e0 [ 1069.594978][T30286] ocfs2_start_trans+0x3a8/0x6f0 [ 1069.600498][T30286] ocfs2_shutdown_local_alloc+0x1fc/0xaa0 [ 1069.606818][T30286] ocfs2_dismount_volume+0x1e5/0x8a0 [ 1069.612674][T30286] generic_shutdown_super+0x134/0x2b0 [ 1069.618607][T30286] kill_block_super+0x44/0x90 [ 1069.623853][T30286] deactivate_locked_super+0x97/0x100 [ 1069.629794][T30286] cleanup_mnt+0x43b/0x4d0 [ 1069.634776][T30286] task_work_run+0x1d4/0x260 [ 1069.639933][T30286] exit_to_user_mode_loop+0xe6/0x110 [ 1069.645805][T30286] exit_to_user_mode_prepare+0xee/0x180 [ 1069.651929][T30286] syscall_exit_to_user_mode+0x1a/0x50 [ 1069.657948][T30286] do_syscall_64+0x61/0xa0 [ 1069.662951][T30286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1069.669413][T30286] [ 1069.669413][T30286] -> #2 (sb_internal#5){.+.+}-{0:0}: [ 1069.676936][T30286] ocfs2_start_trans+0x2a9/0x6f0 [ 1069.682442][T30286] ocfs2_setattr+0x10b6/0x1bc0 [ 1069.687769][T30286] notify_change+0xb0d/0xe10 [ 1069.692930][T30286] chown_common+0x413/0x5d0 [ 1069.698032][T30286] do_fchownat+0x14b/0x240 [ 1069.703020][T30286] __x64_sys_lchown+0x85/0x90 [ 1069.708261][T30286] do_syscall_64+0x55/0xa0 [ 1069.713252][T30286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1069.719717][T30286] [ 1069.719717][T30286] -> #1 (&ocfs2_file_ip_alloc_sem_key){++++}-{3:3}: [ 1069.728554][T30286] down_write+0x97/0x200 [ 1069.733380][T30286] ocfs2_try_remove_refcount_tree+0xb7/0x340 [ 1069.739931][T30286] ocfs2_xattr_set+0x61b/0x13e0 [ 1069.745448][T30286] ocfs2_set_acl+0x4e1/0x590 [ 1069.750633][T30286] ocfs2_iop_set_acl+0x1b2/0x2b0 [ 1069.756161][T30286] vfs_set_acl+0x803/0xa60 [ 1069.761159][T30286] path_setxattr+0x41d/0x5d0 [ 1069.766359][T30286] __x64_sys_setxattr+0xbb/0xd0 [ 1069.771797][T30286] do_syscall_64+0x55/0xa0 [ 1069.776808][T30286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1069.783284][T30286] [ 1069.783284][T30286] -> #0 (&oi->ip_xattr_sem){++++}-{3:3}: [ 1069.791168][T30286] __lock_acquire+0x2df1/0x7d40 [ 1069.796592][T30286] lock_acquire+0x19e/0x420 [ 1069.801661][T30286] down_read+0x46/0x2e0 [ 1069.806389][T30286] ocfs2_init_acl+0x30a/0x770 [ 1069.811638][T30286] ocfs2_mknod+0x140f/0x2300 [ 1069.816798][T30286] ocfs2_create+0x196/0x430 [ 1069.821860][T30286] path_openat+0x12a0/0x3230 [ 1069.827014][T30286] do_filp_open+0x1f5/0x430 [ 1069.832077][T30286] do_sys_openat2+0x134/0x1d0 [ 1069.837421][T30286] __x64_sys_creat+0x90/0xb0 [ 1069.842588][T30286] do_syscall_64+0x55/0xa0 [ 1069.847570][T30286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1069.854039][T30286] [ 1069.854039][T30286] other info that might help us debug this: [ 1069.854039][T30286] [ 1069.864302][T30286] Chain exists of: [ 1069.864302][T30286] &oi->ip_xattr_sem --> sb_internal#5 --> &journal->j_trans_barrier [ 1069.864302][T30286] [ 1069.878274][T30286] Possible unsafe locking scenario: [ 1069.878274][T30286] [ 1069.885849][T30286] CPU0 CPU1 [ 1069.891243][T30286] ---- ---- [ 1069.896637][T30286] rlock(&journal->j_trans_barrier); [ 1069.902072][T30286] lock(sb_internal#5); [ 1069.908888][T30286] lock(&journal->j_trans_barrier); [ 1069.916738][T30286] rlock(&oi->ip_xattr_sem); [ 1069.921456][T30286] [ 1069.921456][T30286] *** DEADLOCK *** [ 1069.921456][T30286] [ 1069.929653][T30286] 8 locks held by syz.1.10872/30286: [ 1069.934975][T30286] #0: ffff88807cece418 (sb_writers#32){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 1069.944282][T30286] #1: ffff88805ec242d8 (&type->i_mutex_dir_key#28){++++}-{3:3}, at: path_openat+0x7dc/0x3230 [ 1069.954613][T30286] #2: ffff888049c52658 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#4){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x16e/0x44c0 [ 1069.968344][T30286] #3: ffff88805ec209d8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x16e/0x44c0 [ 1069.982078][T30286] #4: ffff88805ec22658 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x16e/0x44c0 [ 1069.995897][T30286] #5: ffff88807cece608 (sb_internal#5){.+.+}-{0:0}, at: ocfs2_mknod+0xf1d/0x2300 [ 1070.005198][T30286] #6: ffff88807c810ce8 (&journal->j_trans_barrier){.+.+}-{3:3}, at: ocfs2_start_trans+0x3a8/0x6f0 [ 1070.015979][T30286] #7: ffff888028e3e990 (jbd2_handle#2){.+.+}-{0:0}, at: start_this_handle+0x1f7a/0x21c0 [ 1070.025916][T30286] [ 1070.025916][T30286] stack backtrace: [ 1070.031845][T30286] CPU: 1 PID: 30286 Comm: syz.1.10872 Not tainted syzkaller #0 [ 1070.039441][T30286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1070.049537][T30286] Call Trace: [ 1070.052850][T30286] [ 1070.055817][T30286] dump_stack_lvl+0x18c/0x250 [ 1070.060552][T30286] ? load_image+0x400/0x400 [ 1070.065097][T30286] ? show_regs_print_info+0x20/0x20 [ 1070.070345][T30286] ? print_circular_bug+0x12b/0x1a0 [ 1070.075590][T30286] check_noncircular+0x2fc/0x400 [ 1070.080574][T30286] ? print_deadlock_bug+0x5d0/0x5d0 [ 1070.085823][T30286] ? _find_first_zero_bit+0xd3/0x100 [ 1070.091155][T30286] ? add_lock_to_list+0x191/0x280 [ 1070.096231][T30286] __lock_acquire+0x2df1/0x7d40 [ 1070.101160][T30286] ? verify_lock_unused+0x140/0x140 [ 1070.106438][T30286] ? __lock_acquire+0x7d40/0x7d40 [ 1070.111507][T30286] ? do_raw_spin_lock+0x11f/0x2c0 [ 1070.116583][T30286] lock_acquire+0x19e/0x420 [ 1070.121132][T30286] ? ocfs2_init_acl+0x30a/0x770 [ 1070.126046][T30286] ? __might_sleep+0xe0/0xe0 [ 1070.130689][T30286] ? read_lock_is_recursive+0x20/0x20 [ 1070.136113][T30286] ? trace_ocfs2_claim_new_inode_at_loc+0x1c0/0x1c0 [ 1070.142751][T30286] ? mark_lock+0x94/0x320 [ 1070.147131][T30286] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1070.153173][T30286] down_read+0x46/0x2e0 [ 1070.157404][T30286] ? ocfs2_init_acl+0x30a/0x770 [ 1070.162302][T30286] ocfs2_init_acl+0x30a/0x770 [ 1070.167032][T30286] ? ocfs2_mknod_locked+0x159/0x290 [ 1070.172275][T30286] ? ocfs2_acl_chmod+0x330/0x330 [ 1070.177262][T30286] ? dquot_alloc_inode+0x211/0xa40 [ 1070.182398][T30286] ? ocfs2_block_signals+0x9b/0xe0 [ 1070.187524][T30286] ? ocfs2_free_mem_caches+0x50/0x50 [ 1070.192820][T30286] ? mark_lock+0x94/0x320 [ 1070.197156][T30286] ? ocfs2_init_security_get+0x139/0x1a0 [ 1070.202831][T30286] ocfs2_mknod+0x140f/0x2300 [ 1070.207433][T30286] ? ocfs2_mkdir+0x430/0x430 [ 1070.212056][T30286] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 1070.217975][T30286] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 1070.223879][T30286] ? ocfs2_inode_unlock+0xa5/0x140 [ 1070.228998][T30286] ? __lock_acquire+0x7d40/0x7d40 [ 1070.234048][T30286] ? __rwlock_init+0x150/0x150 [ 1070.238819][T30286] ? do_raw_spin_unlock+0x121/0x230 [ 1070.244028][T30286] ? rcu_is_watching+0x15/0xb0 [ 1070.248802][T30286] ? ocfs2_lookup+0x494/0x950 [ 1070.253483][T30286] ocfs2_create+0x196/0x430 [ 1070.257989][T30286] ? ocfs2_update_inode_fsync_trans+0x240/0x240 [ 1070.264242][T30286] ? from_kgid+0x16d/0x690 [ 1070.268710][T30286] ? ocfs2_lookup+0x950/0x950 [ 1070.273412][T30286] ? HAS_UNMAPPED_ID+0x11a/0x180 [ 1070.278394][T30286] ? inode_permission+0xf3/0x480 [ 1070.283340][T30286] ? bpf_lsm_inode_create+0x9/0x10 [ 1070.288451][T30286] ? security_inode_create+0xb7/0x100 [ 1070.293832][T30286] ? ocfs2_lookup+0x950/0x950 [ 1070.298521][T30286] path_openat+0x12a0/0x3230 [ 1070.303122][T30286] ? do_filp_open+0x430/0x430 [ 1070.307798][T30286] ? __virt_addr_valid+0x18c/0x540 [ 1070.312933][T30286] do_filp_open+0x1f5/0x430 [ 1070.317445][T30286] ? vfs_tmpfile+0x490/0x490 [ 1070.322047][T30286] ? _raw_spin_unlock+0x28/0x40 [ 1070.326898][T30286] ? alloc_fd+0x58f/0x630 [ 1070.331242][T30286] do_sys_openat2+0x134/0x1d0 [ 1070.335932][T30286] ? do_sys_open+0xe0/0xe0 [ 1070.340352][T30286] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1070.346337][T30286] ? lock_chain_count+0x20/0x20 [ 1070.351204][T30286] __x64_sys_creat+0x90/0xb0 [ 1070.355822][T30286] do_syscall_64+0x55/0xa0 [ 1070.360251][T30286] ? clear_bhb_loop+0x40/0x90 [ 1070.364939][T30286] ? clear_bhb_loop+0x40/0x90 [ 1070.369627][T30286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1070.375542][T30286] RIP: 0033:0x7f133e79aeb9 [ 1070.379961][T30286] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1070.399582][T30286] RSP: 002b:00007f133f64b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 1070.407999][T30286] RAX: ffffffffffffffda RBX: 00007f133ea15fa0 RCX: 00007f133e79aeb9 [ 1070.415970][T30286] RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000200000000580 [ 1070.423953][T30286] RBP: 00007f133e808c1f R08: 0000000000000000 R09: 0000000000000000 [ 1070.431932][T30286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1070.439909][T30286] R13: 00007f133ea16038 R14: 00007f133ea15fa0 R15: 00007ffcca1e1a18 [ 1070.447925][T30286] SYZFAIL: failed to send rpc fd=3 want=43088 sent=0 n=-1 (errno 32: Broken pipe) [ 1070.468201][T30286] syz.1.10872 (30286) used greatest stack depth: 18224 bytes left [ 1070.612247][ T5768] ocfs2: Unmounting device (7,1) on (node local) [ 1070.927576][ T5775] bond0: (slave syz_tun): Releasing backup interface [ 1071.352580][ T1129] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.386620][ T5768] bond0: (slave syz_tun): Releasing backup interface [ 1071.441029][ T1129] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.497421][ T1129] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.550425][ T1129] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.676230][ T1129] : left promiscuous mode [ 1072.052594][ T5812] xfrm0 speed is unknown, defaulting to 1000 [ 1072.360605][ T1129] dvmrp0 (unregistering): left allmulticast mode [ 1072.869219][ T1129] hsr_slave_0: left promiscuous mode [ 1072.875191][ T1129] hsr_slave_1: left promiscuous mode [ 1072.884259][ T1129] veth0_macvtap: left promiscuous mode [ 1072.890689][ T1129] veth1_vlan: left promiscuous mode [ 1072.895959][ T1129] veth0_vlan: left promiscuous mode [ 1073.010780][ T1129] bond4 (unregistering): Released all slaves [ 1073.079028][ T1129] bond3 (unregistering): Released all slaves [ 1073.205690][ T1129] bond2 (unregistering): Released all slaves [ 1073.419166][ T1129] bond1 (unregistering): Released all slaves [ 1073.809241][ T1129] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1073.903493][ T1129] bond0 (unregistering): Released all slaves [ 1074.406694][ T1129] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1074.465512][ T1129] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1074.522549][ T1129] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1074.687318][ T1129] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1074.811972][ T1129] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1074.822706][ T1129] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1074.855916][ T1129] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1074.868636][ T1129] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1074.943983][ T1129] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1074.954674][ T1129] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1075.028512][ T1129] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1075.039011][ T1129] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1075.149403][ T1129] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1075.191815][ T1129] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1075.235206][ T1129] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1075.289907][ T1129] netdevsim netdevsim4 ªªªªªª (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1075.460415][ T1129] ~ÿ: left promiscuous mode [ 1076.562123][ T1129] IPVS: stopping backup sync thread 18051 ... [ 1076.569145][ T1129] IPVS: stopping backup sync thread 22615 ... [ 1077.629231][ T1129] hsr_slave_0: left promiscuous mode [ 1077.636071][ T1129] hsr_slave_1: left promiscuous mode [ 1077.642041][ T1129] bond0: left allmulticast mode [ 1077.655805][ T1129] bond_slave_0: left allmulticast mode [ 1077.701557][ T1129] macvlan0: left allmulticast mode [ 1077.706734][ T1129] veth1_vlan: left allmulticast mode [ 1077.713055][ T1129] bond0: left promiscuous mode [ 1077.717869][ T1129] bond_slave_0: left promiscuous mode [ 1077.724539][ T1129] bridge0: port 3(bond0) entered disabled state [ 1077.733014][ T1129] bridge_slave_1: left allmulticast mode [ 1077.738699][ T1129] bridge_slave_1: left promiscuous mode [ 1077.745193][ T1129] bridge0: port 2(bridge_slave_1) entered disabled state [ 1077.754707][ T1129] bridge_slave_0: left allmulticast mode [ 1077.760535][ T1129] bridge0: port 1(bridge_slave_0) entered disabled state [ 1077.790522][ T1129] hsr_slave_0: left promiscuous mode [ 1077.800466][ T1129] hsr_slave_1: left promiscuous mode [ 1077.815093][ T1129] hsr_slave_0: left promiscuous mode [ 1077.824135][ T1129] hsr_slave_1: left promiscuous mode [ 1077.830898][ T1129] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1077.838322][ T1129] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1077.848936][ T1129] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1077.860011][ T1129] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1077.868621][ T1129] dummy0: left allmulticast mode [ 1077.874404][ T1129] dummy0: left promiscuous mode [ 1077.879444][ T1129] bridge0: port 3(dummy0) entered disabled state [ 1077.888249][ T1129] bridge_slave_1: left allmulticast mode [ 1077.894397][ T1129] bridge_slave_1: left promiscuous mode [ 1077.900144][ T1129] bridge0: port 2(bridge_slave_1) entered disabled state [ 1077.909766][ T1129] bridge_slave_0: left allmulticast mode [ 1077.915932][ T1129] bridge_slave_0: left promiscuous mode [ 1077.921660][ T1129] bridge0: port 1(bridge_slave_0) entered disabled state [ 1077.943459][ T1129] veth0_macvtap: left promiscuous mode [ 1077.949716][ T1129] veth1_vlan: left promiscuous mode [ 1077.957517][ T1129] veth1_macvtap: left promiscuous mode [ 1077.964542][ T1129] veth0_macvtap: left promiscuous mode [ 1077.972537][ T1129] veth1_vlan: left promiscuous mode [ 1077.979770][ T1129] veth1_vlan: left promiscuous mode [ 1078.097880][ T1129] infiniband syz2: set down [ 1078.260720][ T1129] bond4 (unregistering): Released all slaves [ 1078.574454][ T1129] bond3 (unregistering): Released all slaves [ 1078.654523][ T1129] bond2 (unregistering): Released all slaves [ 1078.954479][ T1129] bond1 (unregistering): Released all slaves [ 1079.098367][ T1129] bond0 (unregistering): (slave macvlan0): Releasing backup interface [ 1079.236477][ T1129] team0 (unregistering): Port device team_slave_1 removed [ 1079.278494][ T1129] team0 (unregistering): Port device team_slave_0 removed [ 1079.316253][ T1129] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1079.463709][ T1129] bond0 (unregistering): Released all slaves