last executing test programs: 4m31.782416081s ago: executing program 1 (id=2026): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xca) getsockopt$ax25_int(r0, 0x101, 0x5, 0x0, 0x0) 4m31.661662283s ago: executing program 1 (id=2028): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) flock(r0, 0xc) 4m31.434468807s ago: executing program 1 (id=2032): r0 = syz_io_uring_setup(0x237, &(0x7f0000000380)={0x0, 0x80fd, 0x10, 0x4, 0x2cf}, &(0x7f0000000300), &(0x7f00000002c0)) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x13, &(0x7f00000001c0)=[0x39e], 0x2) 4m31.378046582s ago: executing program 1 (id=2033): syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000300)={[{@iocharset={'iocharset', 0x3d, 'cp1255'}}, {@namecase}, {@time_offset={'time_offset', 0x3d, 0x5}}, {@dmask={'dmask', 0x3d, 0x2}}, {@iocharset={'iocharset', 0x3d, 'macinuit'}}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp869'}}, {@discard}, {@umask={'umask', 0x3d, 0x5}}, {@iocharset={'iocharset', 0x3d, 'cp863'}}, {@namecase}]}, 0x1, 0x1531, &(0x7f0000001f80)="$eJzs3AucTtX6OPDnWWvtMSS9TXIZ1lrP5k1imSTJJUkuSZIkSW4JSZMcSUgMuSUNSch1SC5DSC4Tk8b9fr8kJEmTJCG5Jev/Ef7qVL9zzu/0O86neb6fz/5Yz+z9rP287/Ne1t6YbzoOqtageuV6RAT/FrzwRxIAxAJAPwC4BgACACgdVzru/P7sEpP+vZOwP9fDqVe6AnYlcf+zNu5/1sb9z9q4/1kb9z9r4/5nbdz/rI37z1hWtnFq/mt5y7ob3///66vzh3v4+/8vJLPE6C9Wl7i+E0DMP5vC/c/auP9/WcE/cxD3P2vj/mdVsVe6APZfgN//f0lNfh1m+8MDuf9ZG/efsazsSt9/vtIbRLL2c3ClX3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxrKGU/6i0+AVAFwKr3RdjDHGGGOMMcYY+/P4bFe6AsYYY4wxxhhjjP3fQxAgQUEAMZANYiE75AABAFdDLrgGInAtxMF1kBuuhzyQF/JBfoiHAlAQNBiwQBBCISgMUbgBisCNUBRugmJQHByUgAS4GUrCLVAKboXScBuUgduhLJSD8lAB7oCKcCdUgrugMtwNVaAqVIPqcA/UgHuhJtwHteB+qA0PQB14EOrCQ1APHob68Ag0gEehITwGjaAxNIGm0Ox/lf8idIWXoBt0hyToAT3hZegFvaEP9IV+8Ar0h1dhALwGyTAQBsHrMBjegCHwJgyFYTAc3oIRMBJGwWgYA2MhBcbBeHgbJsA7MBEmwWSYAqkwFabBuzAdZsBMeA9mwfswG+bAXJgHafABzIcFkA4fwkL4CDJgESyGJbAUlsFyWAErYRWshjWwFtbBetgAG2ETbIYtsBW2wXb4GHbAJ7ATdsFu+BT2wGf/Yv7Jv8vvhICAAgUqVBiDMRiLsZgDc2BOzIm5MBdGMIJxGIe5MTfmwTyYD/NhPMZjQSyIBg0SEhbCQhjFKBbBIlgUi2IxLIYOHSZgApbEW7AUlsLSWBrLYBksi+WwHFbAClgRK2IlrISVsTJWwSpYDavhPXgP9sCaWBNrYS2sjbUv3Z7CelgP62N9bIANsCE2xEbYCJtgE2yGzbA5NscW2AJbYStsja2xDbbBREzEttgW22E7bI/tsQN2wI7YETthZ+yc+WI2wJfwJeyOVUQP7Ik9sRcmZ+uDfbEvvoL98VV8FV/DZByIg/B1fB3fwCF4AofiMByOw7GiGImjcDSSGIspmILjcTxOwAk4ESfhJJyCqTgVp+E0nI4zcAa+h7PwfXwf5+AcnIdpmIbzcQGmYzouxJOYgYtwMS7BpbgMl+IKXIkrcDWuwdW4DtfhBtyAm3ATbsEtuA234ceoAPAT3IW7MBn34B7ci3txH+7D/bgfMzETD+ABPIgH8RAewsN4GI/gUTyGR/E4HscTeBJP4Sk8g2fwLD4f/1X9j29alQziPCWUiBExIlbEihwih8gpcopcIpeIiIiIE3Eit8gt8og8Ip/IJ+JFvCgoCgojjCARxgCAiIqoKCKKiKKiqCgmigknnEgQCaKkKClKiVKitLhNlBG3i7KinGjpKogKoqJo5SqJu0RlUVlUEVVFNVFdVBc1RA1RU9QUtUQtUVvUFnXEg6Ku6IF98GFxvjMNxEBsKAZhI9FYyIufYM3FEGwhWopW4kkxDIdiG9HcJYpnRFsxCtuJv4nR+JzoIMZiR/GC6CQ6iy7iRdFVtHDdRHcxEXuInmIK9hK9RR/RV0zHquI9nJW9mnhNJIuBYpB4XczDN8QQ8aYYKoaJ4eItMUKMFKPEaDFGjBUpYpwYL94WE8Q7YqKYJCaLKSJVTBXTxLtiupghZor3xCzxvpgt5oi5Yp5IEx+I+WKBSBcfioXiI5EhFonFYolYKpaJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Cq2ie3iY7FDfCJ2il1it/hU7BGfib3ic7FPfCH2iy9FpvhKHBBfi4PiG3FIfCsOi+/EEXFUHBPfi+PiB3FCnBSnxGlxRvwozoqfxDnhBUiUQkqpZCBjZDYZK7PLHPIqmVMGF5/da2WcvE7mltfLPDKvzCfzy3hZQBaUWhppJclQFpKFZVTeIIvIG2VReZMsJotLJ0vIBHmzLClvkaXkrbK0vE2WkbfLsrKcLC8ryDtkRXmnhMiFc1SRVWU1WV3eI5PgXllT3idryftlbfmArCMflHXlQ7KefFjWl4/IBvJR2VA+JhvJxrKJbCqbycdlc/mEbCFbylbySdlaPiXbyKdlonxGtpX+4kvkOdlBPi87yhdkJ9lZdpE/yXPSy26yu4QeIHvKl2Uv2Vv2kX1lP/mK7C9flQPkazJZDpSD5OtysHxDDpFvyqFymBwu35Ij5Eg5So6WY+RYmSLHyfHybTlBviMnyklyspwiU+VU2efiTDOl/If5b/9O/oCfz75BbpSb5Ga5RW6V2+R2+bHcIXfInXKn3C13yz1yj9wr98p9cp/cL/fLTJkpD8gD8qA8KA/JQ/KwPCyPyKPytPxeHpc/yBPypDwpT8sz8ow8e/E5AIVKKKmUClSMyqZiVXaVQ12lcqqrVS51jYqoa1Wcuk7lVterPCqvyqfyq3hVQBVUWhllFalQFVKFVVTdgBdfMKqYKq6cKqES1M3/Sr4qom5URdVNv8q/VF/SH9TXTDVTzVVz1UK1UK1UK9VatVZtVBuVqBJVW9VWtVPtVHvVXnVQHVRH1VF1Up1UF9VFdVVdVTfVTSWpJNVTvax6qd6qj+qr+qlXVH/VXw1QA1SySlaD1CA1WA1WQ9QQNVQNVcPVcDVCjVCj1Cg1Ro1RKSpFjVfj1QQ1QU1UE9VkNVmlqlQ1TU1T09V0NVPNVLPULDVbzVZz1VyVptLUfDVfpat0tVAtVBlqkVqklqglaplaplaoFWqVWqXWqDVqnVqnMtRGtVFtVpvVVrVVbVfb1Q61Q+1UO9VutVvtUXvUXrVX7VP71H61X2WqTHVAHVAH1UF1SB1Sh9VhdUQdUcfUMXVcHVcn1Al1Sp1SZ9QZdVadVefUufPLvkAEIlCBCmKCmCA2iA1yBDmCnEHOIFeQK4gEkSAuiAtyB9cHeYK8Qb4gfxAfFAgKBjowgQ3ExaZHgxuCIsGNQdHgpqBYUDxwQYkgIbg5KBncEpQKbg1KB7cFZYLbg7JBuaB8UCG4I6gY3BlUCu4KKgd3B1WCqkG1oHpwT1AjuDeoGdwX1AruD2oHDwR1ggeDusFDQb3g4aB+8EjQIHg0aBg8FjQKGgdNgqZBsz91fu9P5H3CddPddZLuoXvql3Uv3Vv30X11P/2K7q9f1QP0azpZD9SD9Ot6sH5DD9Fv6qF6mB6u39Ij9Eg9So/WY/RYnaLH6fH6bT1Bv6Mn6kl6sp6iU/VUPU2/q6frGXqmfk/P0u/r2XqOnqvn6TT9gZ6vF+h0/aFeqD/SGXqRXqyX6KV6mV6uV+iVepVerdfotXqdXq836I16k96st+itepverj/WO/QneqfepXfrT/Ue/Zneqz/X+/QXer/+Umfqr/QB/bU+qL/Rh/S3+rD+Th/RR/Ux/b0+rn/QJ/RJfUqf1mf0j/qs/kmf0/784v7817tRRpkYE2NiTazJYXKYnCanyWVymYiJmDgTZ3Kb3CaPyWPymXwm3sSbgqagOY8MmUKmkImaqCliipiipqgpZooZZ5xJMAmmpClpSplSprQpbcqYMqasKWvKm/LmDnOHudPcae4yd5m7zd2mqqlqqpvqpoapYWqamqaWqWVqm9qmjqlj6pq6pp6pZ+qb+qaBaWAamoamkWlkmpgmpplpZpqb5qaFaWFamVamtWlt2pg2JtEkmramrWln2pn2pr3pYDqYjqaj6WQ6mS6mi+lquppupptJMkmmp+lpeplepo/pY/qZfqa/6W8GmAEm2SSbQWaQGWwGmyFmiBlqhpnh5xeqZqQZZUZ/O8aMNSkmxYw3480EM8FMNBPNZDPZpJpUM81MM9PNdDPTzDSzzCwz28w2c81ck2bSzHwz36SbdLPQLDQZJsMsNovNUrPULDfLzUqz0qw2q81aWGvWm/Vmo9loNpvNZqvZarab7WaH2WF2mp1mt9lt9pg9Zq/Za/aZfWa/2W8yTaY5YA6Yg+agOWQOmcPmsDlijphj5pg5bo6bE+aEOWVOmTMm78XvS29ibXabw15lc9qrbS57jf37OJ/Nb+NtAVvQapvH5v1VbKy1Re1Ntpgtbp0tYRPszb+Jy9pytrytYO+wFe2dttJv4hr2XlvT3mdr2fttdXvPr+La9gFbxz5q6yIC2Ma2vm1qG9hHbUP7mG1kG9smtqltbZ+ybezTNtE+Y9vaZ38Tz7cL7Eq7yq62a+xOu8uesqftQfuNPWN/tN1sd9vPvmL721ftAPuaTbYDfxMPt2/ZEXakHWVH2zF27G/iyXaKTbVT7TT7rp1uZ/wmTrMf2Fk23c62c+xcO+/n+HxN6fZDu9B+ZDNsAIvtErvULrPL7Yr/X+sSu86utxvsDvuJ3Wy32K12m91+aSFsd9nd9lO7x35mD9iv7T77hd1vD9lM+9XP8fnHd8h+aw/b7+wRe9Qes9/b4/YH9XPuyF4A9kf7vf3JnrPeAiEBSVIUUAxlo1jKTjnoKspJV1MuuoYidC3F0XWUm66nPJSX8lF+iqcCVJA0GbJEFFIhKkxRuoEulVeMipOjEpRAN1NJuoVK0a1Umm6jMnQ7laVyVJ4q0B1Uke6kSnQXVaa7qQpVpWpUne6hGnQv1aT7qBbdT7XpAapDD1Jdeojq0cNUnx6hBvQoNaTHqBE1pibUlJrR49ScnqAW1JJa0ZPUmp6iNvQ0JdIz1JaepXb0N2pPz1EHep460gvUiTpTF3qRutJL1I26UxL1oJ70MvWi3tSH+lI/eoX606s0gF6jZBpIg+h1Gkxv0BB6k4bSMBpOb9EIGkmjaDSNobGUQuNoPL1NE+gdmkiTaDJNoVSaStPoXZpOM2gmvUez6H2aTXNoLs2jNPqA5tMCSqcPaSF9RBm0iBbTElpKy2g5raCVtIpW0xpaS+toPW2gjbSJNtMW2krbaDt9TDvoE9pJu2g3fUp76DPaS5/TPvqC9tOXlElf0QH6mg7SN3SIvvXd6Ts6QkfpGH1Px+kHOkEn6RSdpjP0I52ln+gceYIQQxHKUIVBGBNmC2PD7GGO8KowZ3h1mCu8JoyE14Zx4XVh7vD6ME+YN8wX5g/jwwJhwVCHJrQhhWFYKCwcRsMbwiLhjWHREMNiYfHQhSXChPDmsGR4S1gqvDUsHd4WlglvD8uG5cJH768Q3hFWDO8MK4V3hZXDu8MqYdWwWlg9vCesEd4b1gzvC2uF94elwgfCOuGDYd3wobBe+HBYP3wkbBA+GjYMHwsbhY3DJmHTsFn4eNg8fCJsEbYMW4VPhq3Dp8I24dNhYvhM2DZ89uf9Dyz44/1JYY+wZ/hy+HLo/X1ybnReNC36QXR+dEE0PfphdGH0o2hGdFF0cXRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10fXRD1Pvq2cChE0465QIX47K5WJfd5XBXuZzuapfLXeMi7loX565zud31Lo/L6/K5/C7eFXAFnXbGWUcudIVcYRd1N7gi7kZX1N3kirnizrkSLsE1dc1cM9fcPeFauJaulXvSPemeck+5p93T7hnX1j3r2rm/ufbuOdfBPe+edy+4Tq6z6+JedF3duFwX3pNJrqfr6Xq5Xq6P6+P6uX6uv+vvBrgBLtklu0FukBvsBrshbogb6oa64W64G+FGuFFulBvjxrgUl+LGu/FugpvgJrqJbrKb7FJdqpvmprnpbrqrOOPCWWa72W6um+vSXJqb786vGdPdQrfQZbgMt9gtdkvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O9wOt9Nfc2FSt8ftdXvdPrfP7Xdfukz3lTvgvnYH3TfukPvWHXbfuSPuqDvmvnfH3Q/uhDvpTrnT7oz70Z11P7lzzruUyLjI+MjbkQmRdyITI5MikyNTIqmRqZFpkXcj0yMzIjMj70VmRd6PzI7MicyNzIukRT6IzI8siKRHPowsjHwUyYgsiiyOLIksjSyLeF9gc+gL+cI+6m/wRfyNvqi/yRfzxb3zJXyCv9mX9Lf4Uv5WX9rf5sv4231ZX86X94/5Rr6xb+Kb+mb+cd/cP+Fb+Ja+lX/St/ZP+Tb+aZ/on/Ft/bO+nf+bb++f8x38876jf8F38p19F/+i7+pf8t18d5/ke/ie/mXfy/f2fXxf38+/4vv7V/0A/5pP9gP9IP+6H+zf8EP8m36oH+aHx7zlR1y6RIaxPsWP8+P9236Cf8dP9JP8ZD/Fp/qpfpp/10/3M/xM/56f5d/3s/0cP9fP82n+Az/fL/Dp/kO/0H/kM/yiSzeV/XK/wq/0q/xqv8av9ev8er/Bb/Sb/Ga/xW/12/x2/7Hf4T/xO/0uv9t/6vf4z/xe/7nf57/w+/2XPtN/5Q/4r/1B/40/5L/1h/13/og/6o/57/1x/4M/4U/6U/60P+N/9Gf9T/4c/581xhhjjLF/yrjLQ/HrPRdu5/f4nRzxi4N7AsDVW/Jn/nL/+RXl2jwXxr1FfOsIADzTvePDl7YqVZKSki4emyEhKDwH4NLfBJ0XA5fjRdAKnoJEaAklf7f+3qLzGfoH80dvA8jxi5xYuBxfnv9zAEz6nfkff3L4/DLhqbj/Yf45AEULX87JDpfjRdDq5/srLaHUH9Sft/kv64/97fzZv0gBaPGLnJxwOb5cfwI8Ac9C4q+OZIwxxhhjjDHGLugtyre/dP156V98/t71eby6nJMNLsf/6PqcMcYYY4wxxhhjV95znbs8/XhiYsv2//qg0v8q658eNIT/q5l58LsD7wEu/UQBwL85IcD5gfxPPopN/5FzJV986/z9rqWnfQD/Ha38MwZX+IOJMcYYY4wx9qe7vOj/9c/VlSqIMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLgv4Tv07sSj9GxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Er7fwEAAP//nXwDKg==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) 4m30.855926744s ago: executing program 1 (id=2048): r0 = socket$inet6(0xa, 0x2, 0x11) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000001100)={0xa, 0x0, 0x0, @loopback}, 0x1c) 4m30.510299689s ago: executing program 1 (id=2042): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, &(0x7f0000000040)={'ah\x00'}, &(0x7f0000000600)=0x1e) 4m30.147702515s ago: executing program 32 (id=2042): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, &(0x7f0000000040)={'ah\x00'}, &(0x7f0000000600)=0x1e) 41.837647633s ago: executing program 2 (id=4920): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0x8}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x18) 41.512807515s ago: executing program 2 (id=4921): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000740)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000050000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868ee30a0e8c1bf176db2a6b2feb4b6fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872061ce618117c56f0979bd10b97163c953ab1abda4589e9cbe8d0d26b5069f8a98f7dc8f76b74635fc9f9de9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346d2014006000000e1ffff8816326d7d35c32aac1c7d5b5be399f6609876b5887437a172751151b633fbc02a74067529194e533583412dff048f0000000000000000b2728a04816cfb851cd364ff19ffcafe3e64be033c9d2f002cc93c1c13ceec04a347383420336bec88c24a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bd0339454c13ad30000000000170022626165866c156a25148972700000b515a1000000000000000eb2e9c15b6c8f6198282d0000000000c2ccf3f69cfcf1e15ea7a9e57aee78e12a2caebaada42811754e19a7e9b531636794a718b4766d2c7c61c3dba128c7fcd1f97989ccf1d55de496eae46c590c2d0225f9cd07005ac7f76d9d560a08c9fd0caafd9d095cb9db0099014cd0d4df62af52b088b01adeadc4c5225a6cd8486b03f83805dffe90dbf7ad042012b7213a2b03e3b1634ddfc9d6f570c4990fbbc7306871d9a52a157fb1a10fa2868df06faf83a8420e9ce62567043ce7e56d1ebe81"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0xffff0000, 0x40f, 0x0, &(0x7f0000001a40)="2b206d074843b397737ea49da2aa", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x48) 41.194896567s ago: executing program 2 (id=4923): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = gettid() sendmsg$unix(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000009c0)="ec663189d334", 0x6}], 0x1, &(0x7f0000000780)=[@rights={{0x1c, 0x1, 0x1, [r0, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {r1, 0x0, 0xee01}}}], 0x40}, 0x0) 41.025774624s ago: executing program 2 (id=4927): syz_mount_image$iso9660(&(0x7f0000000380), &(0x7f00000000c0)='./file0\x00', 0x204818, &(0x7f00000007c0)={[{@map_off}, {@check_strict}, {@cruft}, {@map_off}, {@unhide}, {@iocharset={'iocharset', 0x3d, 'cp437'}}, {@map_off}, {@mode={'mode', 0x3d, 0x483}}]}, 0x1, 0x544, &(0x7f0000001000)="$eJzs3V9v01YfwPGfS/sQ5ZGqRw8TQlWBQ9mkIpXgJBAUceU5J+mBxI5sB7VXqKIpqkhhokxae8O4YZu0vQh2uRexd4T2EjbZTvqHJjHQv6u+nwjOiX3s8zup5Z/cxscCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADEcmu2XbSkabzOkhrNrQV+a/dtf+sDC+TWvmJMvyJW/E9yObmSLrry1e7qy/F/czKbvpuVXFzkZPu/l//34NLkxGD7MQF/lt+/cE+bW9vPV3q97qujCuQMunpx9LqG9kzom5bT0MqEvqpWKvadxXqo6qapw+Uw0i3lBtqJ/EDNu7dUsVotK11Y9jteo+Y09WDh/dsl266oh4W2doLQ9+48LITuomk2jddI2sSr4zb34wPxkYlUpJ2WUmvrvW45awBxo+KnNCplNSrZpVKxWCoVK/eq9+7b9uSBBfZH5ECLozto8e90hGdv4HAm+vlfmmLEk44siRr6cqUmgfjSGrG+b5D/v7mjx/a7N/8PsvyV3dUzkuT/a+m7a6Py/4hYTu61KVuyLc9lRXrSk668OvWITvbVEC2eGAnFFyMtcZIlqr9ESVUqUhFbnsii1CUUJXUx0hQtoSxLKJHo5IhyJRAtjkTiSyBK5sWVW6KkKFWpSlmUaCnIsvjSEU8aUhMn2cuarCefe1mUNSrGnUbFkcPID467rpTGjJb8j8M70vM3cBh/D/I/AAAAAAA4t6zkt+/x9f+UXE1qddPU9mmHBQAAAAAAjlDyl//ZuJiKa1fF4vofAAAAAIDzxkrusbNEJC/X09qaWMntUvwSAAAAAACAcyL5+/+1uEjmQLku1s50KVz/AwAAAABwTvycOcd+2L5o/fmXBMGU9ba99LW1kczN62xcSLe78PEeo/qMNd3fSVJU0mJy0tWzVi5ttDMJ5od+sZYVh7UbgLMTwI+fE8ClSflVbqRtbqym5epgTdpLvm6auuD6zQdFcZzpiUgvRd+/WP9BkuH/4rWmrZys97qFpy97q0ksb+O9vN3oT6B4YB7FMbG8TuZbSO65GDriqeRGjH6/eUvW1ntde+/4J9LNJ/b3+GZ6TJ/vZC5tNdef8Ta/f/y5uM9iYdTo+1EUDznyd3IzbXNz/mZaDImilBVFaW8Uwz+Lw0dRzoqifMgoAOC0rGVkIUsO5N0vOMt9WXaXz8zu72Q+bTM/k5xYJ2eGnNHtrDO6fcjs9seBZyCNyrFxv799lFXfxxu8H9lv2CxZ8Ud44fXGd3J5c2v79vrGyrPus+6LUqlcse/a9r2STCXD6BfkHgDAEHufsWMNzf+ZT+Gx7mZcVf9/5ysFBXkqL6Unq7KQ3G2QfONg6F7ze76GsJBx1ZpP0mT6hJeFMVd1/0nuchjstzS27f4YyifwkwAA4OTMZeThT8n/CxnX3ftz+fir4/yep7UBAIDjoYMPVj76yQoC035SrFaLTrSoVeC7j1Rgag2tjBfpwF10vIZW7cCPfNdvxpXHpqZDFXbabT+IVN0PVNsPzVIyfaDqP/o91C3Hi4wbtpvaCbVyfS9y3EjVTOiqdufbpgkXdZBsHLa1a+rGdSLjeyr0O4GrC0qFWu9paGrai0zdxFVPtQPTcoKceuw3Oy2tajp0A9OO/HSHg76MV/eDVrLbwml/2AAAnBGbW9vPV3q97qtjrAztOHfiQwUAAH0ZWRoAAAAAAAAAAAAAAAAAAAAAAJwBJ3H/H5VzXhlMBX1W4qFyBJXMU8ebYz85AThW/wQAAP//rVVPjw==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) 40.751228732s ago: executing program 2 (id=4928): syz_mount_image$nilfs2(&(0x7f0000000100), &(0x7f0000000f00)='./file0\x00', 0x32100d2, &(0x7f0000000040)={[{@order_strict}, {@errors_remount_ro}, {@order_relaxed}, {@errors_continue}, {@order_strict}, {@discard}, {@norecovery}, {@nobarrier}], [], 0x2c}, 0x3, 0xf0e, &(0x7f0000000f40)="$eJzs3UFsHNXdAPA3613biU28Bj4w8BHywfeJwAd2SCI1vQWBqp4Ql95BIaERhqKGHogCCT0gKiGKhDhVHKi4UCqlSK0EqlShntqeWvXGCfVCpSqVgnopUuIqznvr9YuHXY/t2V3v7yf9/fbNm53/f7yWPTOefRuAsdVY/Xr06EIRwrufvvP4K88Uv7m27J7OGgdWvxax1w4htLr6Rba9L+KCK5fPndioLcLh1a+pH5641HnuTAjhQjgQPgvt8NHS8lcfvvfYwY9fn77trbPPvbpDu9+R7wcAAOxGF/+0/PkDf//jQ/NfX9x/PEx1lqfj83bsz8Tj/kPxQDkdLzfC+n7RFd0ms/UmYjSy9Say9ZpZnmZJvla2nVbJepM98k10LdtoPwEAAGAUpfPadigai+v6jcbi4vXz/mu+mJssFl84vXzqzIAKBQAAACr71/nVm26FELsiDg1BDUJsJpprf5AGXosQ2xjnPvdzLYQQYuhiZW5glx4AAACAMZXPF3aDC9s7U1dna+3+8l96tLHx82Eb1P3zL/9o5f/gNb9xAACobrceTab9SsfRaR6DfB7Biex5mz3+b2TbaW6yzrJ5BUdlvsGyOvPv67Aqq3+zr+OglNWfz4c5rMrqz+fpHFZl9U/VXEdVZfVP11xHVWX176m5jqrK6t9bcx1VldU/U3MdVZXVP1tzHVU1wn0bLr+p9kqqKfv+76u5jqrK6h+V22rL6m/3euKQ/IErq3++5jqqKqv/5prrqKqs/ltqrqOqsvpvrbmOQbk7tun7sD8b7z5/zs/pRuUcDwAAAMbdv83/J4QQQgix/dEaghqEEJuN766eJA2+jhgrc4OvQeymOD/oCxAAAADAwKX3BaR3va9EaXyix3izx3irx/hkj/GpHuMAAABACL9949Qdbxdr7/Pf6nx4ad6oNP/SZucxyucj3Gz+rc57ttX8ozJvGQAAAOOl+M5nVx98/P2X5r++uP9419nv1Xi+m+YBbcZrA5/EfrovYDbrF+kc+vj6PI2S9fLrAzeVbe/JLe4oAAAAjLF0/t4ORWOx67y7HRqNxcW18/GF0CpOnV4+eSj20+ez/GGuNXVt+SM11w0AAAD0b+18f+Pz//Q5vgthslh84fTyqTPX+7Od5a1G93WBubXlRfd1gXa2/HDJ8iOxnz6/8/tze1aXL574wfIz273zAAAAMCbOvHz2uaeXl0/+0AMPPPCg82DQv5kAAIDt9uWX77R+dGT2d9ff/782/116//+B2G/Huf3+HFdI9wmk9wHc8H79p9bnmStb78X167Wz9SZiTGV1T3dtJ3TNN5ieN1+Wr71+O5Ml+WayfLNZvnyegma2fsq3L1uez0+Y1pvLlufzMDazHEWW/94AAAAA5ZZeev7FpTMvn3349PNPP3vy2ZMvHDl87NvHjh165FuPLK3e17/UfXc/AAAAMIrWbvoddCUAAAAAAAAAAAAAAAAAAAAwvur4OLFB7yMAAACMu3+eDyFciNHueixKojkENYga4/pHYA6+DiGEEGLsovN5yENQy8jExBDUIIQY2lhZyT9pHgAAAGBnXbl87kR3e4MLxbbm62ytfb25GvOmdvbhv85fi7TapUfXXy/Zu63VMO7q/vmXf7Tyf/Da9uafTg/6/v3XWL+B49Xy3r/0i4Xu/Hc2+8yf7/+T1fIfzPLfH/rLv/J+lv+pavkfyPLv7TP/Dfv/YrX8D8b8C7F/8L5vzN9cy7/+9Z+KbdqPPX3m//9s/58J35i/fP/bfSbMPBTzA8A4agy6gB2SjhLScfRM7Kf9TQc0+d0Pmz3+b2TbaW658vXbTcdBt8d+Ol6azfImm61/JtveTRXrzI3KXSVl9W/X67jTyupv1VxHVWX1T9ZcR1Vl9U/VXEdVZfVP11xHVWX193seOmhl9Y/KdeWy+mdqrqOqsvpna66jqrL6N/t3fFDK6t9Xcx1VldU/V3MdVZXVX/GyWu3K6p+vuY6qyuq/ueY6qiqr/5aa66iqrP5ba65jUO6Kbdn5cDr/nItjqd/O+lMbfC9367UFAAAAGDX/OD/4OQiEEEIIIYYomkNQgxBCCLHtsbIy6CsQDFL3uwGKUbnpHYAt29nZLBh2Xv/x5vUfb15/vkm6h7/I+slEj/Fmj/FWj/HJbDz/eZ3qMX5Ltt2VKI3f2mP8v3qM7+sxfnuP8YUe43f0GL+zx/hdPcYBAAAYD7fF1vkhAAAA7F6v/PKTN399/1OX57++uP94mLxh3vlDsT8V/7f+Ruzn894nrfg//x/H/s9j+/vY/i1b3/0nAAAAsPPS58T4/z8AAADsXulzSp3/AwAAwO41H1vn/wAAALB73Rxb5/8AAACwixXTGy+ObboucG9s+53XDwAYfv8d27tjuz+298T2f2KbjgPui+3/1lQfALB9fva9nxx7u1ib7/9INn4lLk/tDS5cv1JQNNbP5L8ntntj+3991pN/HkC/+ZN9febZqfxzW8wPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOwejdWvR48uFCG8++k7j/908s2/XFt2T2eNA6tfi9hrhxBaneel0bX+r+KKVy6fO9HdXo1tEQ6HIhSd5eGJS51MMyGEC+FA+Cy0w0dLy199+N5jBz9+ffq2t84+9+oOfgvW7R8AAADsRv8JAAD//wfEHO4=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x80) open_by_handle_at(r0, &(0x7f0000000240)=@reiserfs_2={0x4b, 0x2, {0xb}}, 0x36f0516f) 40.284387419s ago: executing program 2 (id=4931): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$VIDIOC_ENUMSTD(r0, 0xc0485619, &(0x7f0000000740)={0xc, 0xc00000, "fd3cd93fd6c01e8f2e1ac2895736a9950aaf6d1ed4696093", {0x2, 0x80}, 0x4}) 39.825309245s ago: executing program 33 (id=4931): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$VIDIOC_ENUMSTD(r0, 0xc0485619, &(0x7f0000000740)={0xc, 0xc00000, "fd3cd93fd6c01e8f2e1ac2895736a9950aaf6d1ed4696093", {0x2, 0x80}, 0x4}) 3.521911707s ago: executing program 3 (id=5306): syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100004b41460860163209ea800102030109021e0001000000000904"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000080)={&(0x7f00000002c0)=[{0x63, 0x5401, 0x90, &(0x7f00000001c0)="70bad6d6134eb9c3fea3e1fdacfdddded02438edb6917ed837d79450af8618ef9949a85f1ef0e9ef94b3b9f6031edb897532fb8233e274df8bf706ad240402a166ec5c8045659c0377fce1d2f8daee9876a77928c19abfc9c93f1855b69870e8bfad51661c612c79b600ffea6e05b54ebb00153fc447b5403d43d145e1b51b4789910fe2eea45985fae0dffddaa102c2"}], 0x1}) 2.145909855s ago: executing program 0 (id=5317): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0xfffffffb}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) 2.050470285s ago: executing program 3 (id=5318): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r0, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000740)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r1, &(0x7f0000000300), 0x0}, 0x20) 1.937938696s ago: executing program 0 (id=5319): r0 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @rand_addr=0x64010101}, @address_request}}}}, 0x0) sendmsg(r0, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x2c, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x3e}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 1.920285628s ago: executing program 3 (id=5320): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000003c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@commit={'commit', 0x3d, 0x4}}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@data_journal}, {@nobh}, {@dioread_nolock}, {@bh}, {@noacl}]}, 0x0, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0), &(0x7f0000000200)=ANY=[], 0x841, 0x0) lgetxattr(&(0x7f0000000240)='./file1\x00', &(0x7f0000000280)=@known='trusted.overlay.upper\x00', &(0x7f0000000f40)=""/199, 0x841) 1.737757786s ago: executing program 0 (id=5323): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000170000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000009b00000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x52}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)='syzkaller\x00'}, 0x27) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, 0x50) 1.631295577s ago: executing program 0 (id=5326): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000300)={{0x6, @rose, 0x4}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) sendto$netrom(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={{0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @bcast, @null]}, 0x48) 1.506402579s ago: executing program 3 (id=5328): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x2c, r1, 0x201, 0x70bd2c, 0x25dfdbff, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40800) 1.434110127s ago: executing program 3 (id=5329): syz_mount_image$nilfs2(&(0x7f000000a000), &(0x7f0000000400)='./file0\x00', 0x94, &(0x7f000000a380)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xd99, &(0x7f0000006900)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/azCM7LCy4i7+wN4w6P7/yn0PS3r03D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r9X/V8/ov9Jg1ubVy/3jv0D/aik2nei0/tr/cB3aqv/L/lMsvrXks9Vb+yu9C+fFGpT36cyj/cI/l39f+01sr/y+5/PKyzZ3ttfz1GleNzfWI+43LfQDjfuPir6H95d5+fbd/ix213crlwygbln4m+zUs/X92U5Zb1oN59dw6Tlfuvx37O+i3/uW+3+V34JGw/Krm903/n8Otrv/P8vlb0P8n7DsfOv5nMIzssLKyMtCuT0a135W9YtCv/6C3IQdd/qBf/zqx/8/4fyn2/xnjsf/PGI/9f8Z47F8rxmP/n/H1jP1/xvjJsNzYP+h0TfwrNfFTNfGv1sRP18Tj/7cYn62Jn6mJz9TEH66JP1oTP1sT/0ZN/LGa+OM18bma+H739ZyOavthlMV+I33/YXSU4z/dvv9TNXFgeMV+neP3+5s1cWB4lfM8fL9hBFWd79gR97eX/bhv5vSdnL6f0492rILshm/l9Ns5/U5Ov5vTczmdz+lCTvUNOdx+869TZ25WG+f5HQvxXs8njdcDxPvEnO+xPvH4XL/ns57ssZydKn+Ll4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI3G2uPi4nSV0tu33rr4n6kf/Hh1ykwrx+za43geW0opNVNKVR4fD8u7PrGefvbJtUud0ipdWHss4+nZu615j6zOn2bT7TSZnvv45M2XPnhm+b0TN05cfGPuzs60HgAAAEbDFwEAAP//ManlwQ==") r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40106e80, &(0x7f0000000100)={0x1, 0x100000000, 0x9, 0x0, 0x4000040c, 0x4fe4, 0x2401}) 1.255699594s ago: executing program 0 (id=5331): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={[{@mode={'mode', 0x3d, 0x8000000d315}}]}) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='debugfs\x00', 0x0, &(0x7f0000000100)) 1.022285368s ago: executing program 0 (id=5333): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x88c0, &(0x7f00000004c0)=ANY=[@ANYBLOB="636f6d6d69743d30303030303030303030303030303030303030302c6865617274626561743d6e6f6e652c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030332c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c616c6c6f633d30303030303030303030303030303036353533362c636f686572656e63793d66756c6c2c61636c2c6c6f63616c666c6f636b732c008d14cfbafabecbadbe0cfb4e630fd98c220e63fdc182592677dcbb86"], 0x2, 0x442c, &(0x7f00000088c0)="$eJzs3c9PHFUcAPA3A1qobYXaQ01M3MQmGjUEelJpIqW0FFqsqbYxXrYLbFt0YRtYjIce8NbEk4kH46HRxBunhoPX+id48VjPTfTgxcSkEbO7s8AMu7I2LNjm80nKMO/37nfn7Zsmw4sTlZtzS7m5pVxhIVeeub50MvdZubQ8XwzxHtnv/mlPJ+Ik9vvn0plzH1w9GcJPs788XF9fXw9V3aGpoS2///nH7Zmtx4Y4U6fabvPWdsvHIYRj28ZV1RVC+OjHEKIQwukkbTQ59oYQjoR63tXbX17L7dJo7j0onso/mrqzNnxicvXuWuvXHoXwbenFN2/M//ZK1/Cvr+9S9wAAAAAAAAAAAAAAAAAAPOHGL1+68v7gULgfhe7VaPvzuuPJsdXzseu75uXOv1gAAAAAAAAAAAAAAAAAAAD4n9p8/j8XHW3y/P9YchxpUX/93c6Pkc6ZeO/S2NnBoWT/92hb/ltJ0u+nu0J/k33fs/u/n87Ub77/+/Z+HldjfI1++0IUD6TO43hgIITvk43fj0cH41J5qfLG9fLywuyuDeOJlY5/fff+VHSSDf3bjf9opv3O7///wrZPU/X82u59xJ5q6fh3tSz3wxdRW/E/k6m3F/Gve6az3Tyl0vHvrqX1bi0wUp8AqvH/qnvn+I9l2u9U/I+EEHJRday51AxQXcNU0zfWKz4W/yod//qblZo6kzey1fX/Vyb+ZzPtN+LfuTA0n/9Xsl9ENJWO/7O1tJ5Uic3rvz/e+fo/l2l/P77/q+Nf8f3flnT8D9QTu1NFau9ku/P/eKb9TsX/SpyM80iU+gSsRvX0Vn+vjrR0/Hu25W/e/8Vtrf/OZ+rv1f1fo9/G/V9j+n8tqt//0Vw6/r0ty7V7/U9k6nV6/h+prf94XOn4H6ylpf+vr6/2s934T2ba71T8a6uSnkb8N+eTvw/U07+z/mtLOv7P1RPjrSVWaj9r679o5/X/hUz7+7H+q45/Je5sr0+LdPwPtSxXjf/PbXz/X8zU63z8Qxi01n9s6fgfblmudv337Bz/qUy9Tsf/1U42DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAEGE2OfSGKB1LncTwwEMKZ5Px4OBhNF2bz06XyzKdLIYwl6blwNLpRKk8XSvm5hfJsMV8olcozIZxN8o+FnmipVK7k5wu3zm201RvdLBYWK9PFQiWEMJ6kvxQON9qanqvMF26FEM5v5D0flxdv3Sws5GfnFt8ZHBwcDBMbY+iPip9XiguVeu/13BAmN+r2RVsGV8u+sDGWQ9En5eXFhUKpln5xS51SeaZQ2lJnKsn7OvRHlcXlhZlCpZgvlW80+ttPI8lxbOLyh5cvDm3LvxbVj6N7OywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/qP7w29/E0Lorp/FIYRclPwSJf9S7j0onso/mrqzNnxicvXu2sNmZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiHHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzSO27CQBAA0PVGUdocI5Vld2kdJYqSIo6QOAEcg8PAUbgEd6CgoKVCMmsk/JHcQPVeY8+MdmekHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDpvmf1/L8ow3OKt8vdvvl5ucS/Kb/+GD7/9IAZuZ+fv/rzqyjTu2e9+ntKHarYVE/H1SIMfFubzp5c9+lGv0/X2L6Nzdf2fQ1ZzEMIVaq/ZTHm+bS7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADO7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHjgUAAAAAhPlbR9G3AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CsAAP//aQIeXw==") setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40)=ANY=[@ANYBLOB="020000000100000000df83000400000000837000100000000000000020"], 0x24, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) 978.263342ms ago: executing program 3 (id=5335): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000280)=[@in6={0xa, 0x4e21, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}, 0x2}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000000)={r1, @in6={{0xa, 0x4e21, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}}}, 0x90) 812.787219ms ago: executing program 4 (id=5336): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000080)={0x20, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_REG_RULES={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x44000}, 0x2400c000) 766.030234ms ago: executing program 5 (id=5337): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) connect$802154_dgram(r0, &(0x7f0000000000)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) 715.635769ms ago: executing program 4 (id=5338): r0 = socket$inet6(0xa, 0x1, 0x0) r1 = eventfd(0x3ff) sendfile(r1, r0, 0x0, 0xb011) 581.316632ms ago: executing program 5 (id=5339): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c0000001800ffffffff7bfbfcdbdf250a148000ff01fd07"], 0x1c}}, 0x0) sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0) 555.923204ms ago: executing program 4 (id=5340): r0 = socket(0x2, 0x3, 0xff) setsockopt$inet_int(r0, 0x0, 0x3, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000007140)=[{{&(0x7f00000001c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10, 0x0}}, {{&(0x7f00000003c0)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000034"], 0x30}}], 0x2, 0x4800) 418.374629ms ago: executing program 5 (id=5341): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90) r0 = io_uring_setup(0x5053, &(0x7f0000000140)={0x0, 0xfffffffc, 0x3681, 0x0, 0x1d9}) io_uring_enter(r0, 0x0, 0xfe95, 0xf, 0x0, 0x0) 386.587541ms ago: executing program 4 (id=5343): r0 = socket(0x2b, 0x80801, 0x1) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x10000, @loopback, 0x1}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x5, &(0x7f0000000000)=0x2, 0x4) 278.842793ms ago: executing program 5 (id=5344): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={[{@mode={'mode', 0x3d, 0x8000000d315}}]}) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='debugfs\x00', 0x0, &(0x7f0000000100)) 258.479304ms ago: executing program 4 (id=5345): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x7f83, 0x7}, 0x50) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) 127.477378ms ago: executing program 5 (id=5346): r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2) ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f00000000c0)=0x1) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000580)={0x0, @bt={0x13, 0x7c5, 0x1, 0x2800, 0xd59f82, 0x2, 0x5, 0xb, 0x8, 0x0, 0x722, 0x1, 0x7, 0xea91, 0x2b, 0x0, {0xffff945a, 0x1}, 0xff, 0xf1}}) 578.27µs ago: executing program 5 (id=5347): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000080)={0x20, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_REG_RULES={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x44000}, 0x2400c000) 0s ago: executing program 4 (id=5355): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1b) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x11) kernel console output (not intermixed with test programs): 380.160604][T15882] XFS (loop2): syz.2.4378 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported [ 380.269607][T15889] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 380.298508][ T5782] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 380.387152][T15889] XFS (loop0): Starting recovery (logdev: internal) [ 380.494723][ T8] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 380.500129][T15889] XFS (loop0): Ending recovery (logdev: internal) [ 380.546531][ T8] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -71 [ 380.547821][T15889] XFS (loop0): Quotacheck needed: Please wait. [ 380.591064][ T8] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 380.614042][ T8] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 380.648651][ T8] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 380.686209][ T8] lan78xx: probe of 5-1:1.0 failed with error -71 [ 380.711032][T15889] XFS (loop0): Quotacheck: Done. [ 380.749060][ T8] usb 5-1: USB disconnect, device number 12 [ 380.948495][ T5785] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 381.005478][T15943] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4393'. [ 381.313581][T15949] loop4: detected capacity change from 0 to 16 [ 381.349500][T15949] erofs: (device loop4): mounted with root inode @ nid 36. [ 381.416363][ T27] kauditd_printk_skb: 76 callbacks suppressed [ 381.416377][ T27] audit: type=1800 audit(1762956210.501:250): pid=15949 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4396" name="file1" dev="loop4" ino=86 res=0 errno=0 [ 381.552304][T15957] netlink: 332 bytes leftover after parsing attributes in process `syz.0.4392'. [ 381.765206][T15966] overlayfs: cannot append lower layer [ 381.901239][T15971] ieee802154 phy0 wpan0: encryption failed: -22 [ 382.059686][T15973] loop3: detected capacity change from 0 to 4096 [ 382.134057][T15979] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 382.134789][T15973] NILFS error (device loop3): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 382.185879][T15973] NILFS (loop3): mounting fs with errors [ 382.840316][T16000] loop0: detected capacity change from 0 to 128 [ 382.870116][T16000] EXT4-fs (loop0): Test dummy encryption mode enabled [ 382.920981][T16000] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a802c118, mo2=0002] [ 382.960874][T16000] System zones: 1-3, 19-19, 35-36 [ 382.996078][T16000] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 383.074642][T16000] ext4 filesystem being mounted at /1098/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 383.175460][T16000] EXT4-fs error (device loop0): ext4_validate_block_bitmap:421: comm syz.0.4420: bg 0: bad block bitmap checksum [ 383.292254][ T5785] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 383.323614][T16021] loop2: detected capacity change from 0 to 1764 [ 383.367711][T16023] overlayfs: disabling nfs_export due to verity=require [ 383.391911][T16023] overlayfs: conflicting options: userxattr,verity=require [ 383.429727][T16020] loop3: detected capacity change from 0 to 4096 [ 383.443818][T16020] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 383.587322][T16029] loop2: detected capacity change from 0 to 256 [ 383.599749][T16029] exfat: Deprecated parameter 'namecase' [ 383.624497][T16029] exfat: Deprecated parameter 'namecase' [ 383.650676][T16029] exfat: Deprecated parameter 'utf8' [ 383.751434][T16029] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5417aa89, utbl_chksum : 0xe619d30d) [ 384.054574][ T5849] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 384.098223][T16041] loop3: detected capacity change from 0 to 256 [ 384.123352][T16044] loop2: detected capacity change from 0 to 128 [ 384.166731][T16044] EXT4-fs (loop2): Test dummy encryption mode enabled [ 384.238593][T16044] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a802c118, mo2=0002] [ 384.254261][T16048] No such timeout policy "syz0" [ 384.285390][T16044] System zones: 1-3, 19-19, 35-36 [ 384.292170][T16044] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 384.317371][ T5849] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 384.328189][T16044] ext4 filesystem being mounted at /1089/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 384.328634][ T5849] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.354922][ T5849] usb 1-1: Product: syz [ 384.359143][ T5849] usb 1-1: Manufacturer: syz [ 384.363760][ T5849] usb 1-1: SerialNumber: syz [ 384.386682][ T5849] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 384.421851][ T23] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 384.452747][T16044] EXT4-fs error (device loop2): ext4_validate_block_bitmap:421: comm syz.2.4439: bg 0: bad block bitmap checksum [ 384.598456][ T5782] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 384.767730][ C1] usb 1-1: ath9k_htc: invalid pkt_len (fd7e) [ 384.977275][ T5836] usb 1-1: USB disconnect, device number 24 [ 385.272912][T16073] loop3: detected capacity change from 0 to 1764 [ 385.284752][ T8] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 385.346471][ T5850] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 385.474349][ T23] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 385.481425][ T23] ath9k_htc: Failed to initialize the device [ 385.485410][ T8] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 385.498703][ T5836] usb 1-1: ath9k_htc: USB layer deinitialized [ 385.511889][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.526532][ T8] usb 3-1: Product: syz [ 385.530860][ T8] usb 3-1: Manufacturer: syz [ 385.535988][ T5850] usb 5-1: Using ep0 maxpacket: 32 [ 385.541272][ T8] usb 3-1: SerialNumber: syz [ 385.555996][ T5850] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 385.584494][ T5850] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 385.596734][ T5850] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 385.619656][ T5850] usb 5-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 385.629104][ T5850] usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 385.637557][ T5850] usb 5-1: Product: syz [ 385.641866][ T5850] usb 5-1: Manufacturer: syz [ 385.652024][ T5850] usb 5-1: SerialNumber: syz [ 385.674024][ T5850] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input19 [ 385.743375][T16076] loop3: detected capacity change from 0 to 32768 [ 385.760449][T16076] (syz.3.4453,16076,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 385.793591][T16076] (syz.3.4453,16076,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 385.846774][T16076] (syz.3.4453,16076,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xecaf217e, computed 0x51d812ae. Applying ECC. [ 385.867920][T16076] JBD2: Ignoring recovery information on journal [ 385.922333][T16076] (syz.3.4453,16076,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xecaf217e, computed 0x51d812ae. Applying ECC. [ 385.940927][T16076] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 385.942821][ T5850] usb 5-1: USB disconnect, device number 13 [ 386.007918][ T8] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 386.036340][ T5850] appletouch 5-1:1.0: input: appletouch disconnected [ 386.043400][ T8] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -71 [ 386.073427][ T8] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 386.089373][ T8] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 386.102923][ T8] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 386.117898][ T8] lan78xx: probe of 3-1:1.0 failed with error -71 [ 386.131118][ T8] usb 3-1: USB disconnect, device number 22 [ 386.151563][ T5783] ocfs2: Unmounting device (7,3) on (node local) [ 386.924016][T16092] netlink: 332 bytes leftover after parsing attributes in process `syz.4.4460'. [ 387.100726][T16084] loop0: detected capacity change from 0 to 32768 [ 387.111467][T16086] loop3: detected capacity change from 0 to 32768 [ 387.190423][T16084] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 387.237973][T16086] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 387.380596][ T5850] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 [ 387.419540][ T5850] XFS (loop3): Unmount and run xfs_repair [ 387.453695][ T5850] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 387.483625][ T5850] 00000000: 58 41 47 46 00 00 00 00 00 00 00 00 00 00 10 00 XAGF............ [ 387.498426][T16084] XFS (loop0): Ending clean mount [ 387.513995][ T5850] 00000010: 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 01 ................ [ 387.549011][T16084] XFS (loop0): Quotacheck needed: Please wait. [ 387.555403][ T5850] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 387.575894][ T5850] 00000030: 00 00 00 04 00 00 0b a2 00 00 0b a0 00 00 00 00 ................ [ 387.624378][ T5850] 00000040: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 387.633335][ T5850] 00000050: 00 00 00 00 00 00 00 01 00 00 00 05 00 00 00 01 ................ [ 387.665640][ T5850] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 387.674821][ T5850] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 387.685190][T16086] XFS (loop3): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x1 len 1 error 74 [ 387.695980][T16084] XFS (loop0): Quotacheck: Done. [ 387.723710][T16086] XFS (loop3): Error -117 reserving per-AG metadata reserve pool. [ 387.744794][T16086] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_fs_reserve_ag_blocks+0x25e/0x2d0 (fs/xfs/xfs_fsops.c:592). Shutting down filesystem. [ 387.794733][T16086] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 387.803142][T16086] XFS (loop3): Ending clean mount [ 387.834822][T16086] XFS (loop3): Failed to initialize disk quotas. [ 387.840139][T16112] loop4: detected capacity change from 0 to 32768 [ 387.841530][T16086] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 387.880616][ T5785] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 387.890838][T16112] (syz.4.4464,16112,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 387.904627][ T787] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 387.910129][T16112] (syz.4.4464,16112,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 387.965018][T16112] (syz.4.4464,16112,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xecaf217e, computed 0x51d812ae. Applying ECC. [ 388.034959][T16112] JBD2: Ignoring recovery information on journal [ 388.084670][ T787] usb 3-1: Using ep0 maxpacket: 32 [ 388.103678][ T787] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 388.159670][ T787] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 388.192555][ T787] usb 3-1: New USB device found, idVendor=28bd, idProduct=0074, bcdDevice= 0.00 [ 388.229870][ T787] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.243781][T16112] (syz.4.4464,16112,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xecaf217e, computed 0x51d812ae. Applying ECC. [ 388.253853][ T787] usb 3-1: config 0 descriptor?? [ 388.318157][T16112] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 388.618352][T10370] ocfs2: Unmounting device (7,4) on (node local) [ 388.714739][ T787] uclogic 0003:28BD:0074.0001: interface is invalid, ignoring [ 388.966927][ T5850] usb 3-1: USB disconnect, device number 23 [ 389.173140][ T27] audit: type=1326 audit(1762956218.251:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16146 comm="syz.4.4480" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f27b3d8f6c9 code=0x0 [ 389.460832][T16161] mkiss: ax0: crc mode is auto. [ 389.654428][ T5850] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 389.855148][ T5850] usb 1-1: Using ep0 maxpacket: 32 [ 389.872864][ T5850] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 389.894656][ T5850] usb 1-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00 [ 389.903745][ T5850] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.945058][ T5850] usb 1-1: config 0 descriptor?? [ 390.362857][ T5850] cypress 0003:04B4:DE61.0002: item fetching failed at offset 0/2 [ 390.392134][ T5850] cypress 0003:04B4:DE61.0002: parse failed [ 390.411661][ T5850] cypress: probe of 0003:04B4:DE61.0002 failed with error -22 [ 390.564874][ T5850] usb 1-1: USB disconnect, device number 25 [ 390.637595][T16205] sock: sock_set_timeout: `syz.4.4510' (pid 16205) tries to set negative timeout [ 391.090572][T16217] loop2: detected capacity change from 0 to 8192 [ 391.131106][T16217] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 391.167872][T16217] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 391.226434][T16217] REISERFS (device loop2): using ordered data mode [ 391.293946][T16217] reiserfs: using flush barriers [ 391.321663][ T5850] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 391.333557][T16217] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 391.368230][ T27] audit: type=1326 audit(1762956220.441:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16236 comm="syz.0.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1bdf8f6c9 code=0x7ffc0000 [ 391.406071][T16217] REISERFS (device loop2): checking transaction log (loop2) [ 391.438921][ T27] audit: type=1326 audit(1762956220.441:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16236 comm="syz.0.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1bdf8f6c9 code=0x7ffc0000 [ 391.475860][T16217] REISERFS (device loop2): Using r5 hash to sort names [ 391.491599][ T27] audit: type=1326 audit(1762956220.441:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16236 comm="syz.0.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1bdf8f6c9 code=0x7ffc0000 [ 391.536363][ T27] audit: type=1326 audit(1762956220.441:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16236 comm="syz.0.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1bdf8f6c9 code=0x7ffc0000 [ 391.584561][ T5850] usb 5-1: Using ep0 maxpacket: 8 [ 391.605601][ T27] audit: type=1326 audit(1762956220.451:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16236 comm="syz.0.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb1bdf8f6c9 code=0x7ffc0000 [ 391.629957][ T5850] usb 5-1: config index 0 descriptor too short (expected 30, got 18) [ 391.671136][ T5850] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 391.685967][ T5850] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.693995][ T5850] usb 5-1: Product: syz [ 391.705913][ T27] audit: type=1326 audit(1762956220.451:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16236 comm="syz.0.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1bdf8f6c9 code=0x7ffc0000 [ 391.759500][ T5850] usb 5-1: Manufacturer: syz [ 391.764154][ T5850] usb 5-1: SerialNumber: syz [ 391.801388][ T5850] usb 5-1: config 0 descriptor?? [ 391.807781][ T27] audit: type=1326 audit(1762956220.451:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16236 comm="syz.0.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1bdf8f6c9 code=0x7ffc0000 [ 391.845127][ T5850] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 391.902853][ T27] audit: type=1326 audit(1762956220.451:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16236 comm="syz.0.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1bdf8f6c9 code=0x7ffc0000 [ 391.925524][ T5850] usb 5-1: setting power ON [ 391.930839][ T5850] dvb-usb: bulk message failed: -22 (2/0) [ 392.012692][ T5850] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 392.041782][ T27] audit: type=1326 audit(1762956220.481:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16236 comm="syz.0.4509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=76 compat=0 ip=0x7fb1bdf8f6c9 code=0x7ffc0000 [ 392.046789][T16224] dvb-usb: bulk message failed: -22 (3/0) [ 392.085106][ T5850] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 392.104025][ T5850] usb 5-1: media controller created [ 392.138099][T16224] cxusb: i2c wr: len=80 is too big! [ 392.138099][T16224] [ 392.199519][ T5850] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 392.302728][ T5850] usb 5-1: selecting invalid altsetting 6 [ 392.320547][ T5850] usb 5-1: digital interface selection failed (-22) [ 392.333112][ T5850] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 392.353205][ T5850] usb 5-1: setting power OFF [ 392.359068][T16264] CIFS mount error: No usable UNC path provided in device string! [ 392.359068][T16264] [ 392.374495][ T5850] dvb-usb: bulk message failed: -22 (2/0) [ 392.380844][ T5850] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 392.389879][T16264] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 392.414655][ T5850] (NULL device *): no alternate interface [ 392.453442][T16266] loop2: detected capacity change from 0 to 256 [ 392.474187][T16262] loop3: detected capacity change from 0 to 4096 [ 392.500968][T16266] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 392.526040][ T5850] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 392.527839][T16266] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d) [ 392.546176][ T5850] usb 5-1: USB disconnect, device number 14 [ 393.383044][T16286] sock: sock_set_timeout: `syz.2.4533' (pid 16286) tries to set negative timeout [ 393.453217][T16268] loop0: detected capacity change from 0 to 32768 [ 393.467634][T16288] loop4: detected capacity change from 0 to 2048 [ 393.482985][T16288] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=3932051, location=3932051 [ 393.514388][ T8] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 393.530656][T16288] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 393.551904][T16291] mkiss: ax0: crc mode is auto. [ 393.573176][T16268] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 393.651339][T16268] XFS (loop0): Ending clean mount [ 393.704371][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 393.719908][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 393.748154][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 393.786762][ T8] usb 4-1: New USB device found, idVendor=28bd, idProduct=0074, bcdDevice= 0.00 [ 393.796672][ T5785] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 393.843367][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.878791][T16302] loop2: detected capacity change from 0 to 64 [ 393.884969][ T8] usb 4-1: config 0 descriptor?? [ 393.987341][T16302] Trying to free block not in datazone [ 393.995018][T16302] Trying to free block not in datazone [ 394.349287][ T8] uclogic 0003:28BD:0074.0003: interface is invalid, ignoring [ 394.576526][ T5849] usb 4-1: USB disconnect, device number 21 [ 394.693081][T16325] loop2: detected capacity change from 0 to 512 [ 394.736774][T16325] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 394.782567][T16325] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 394.834135][T16325] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.4546: invalid indirect mapped block 4294967295 (level 1) [ 394.861712][T16325] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.4546: invalid indirect mapped block 4294967295 (level 1) [ 394.881168][T16325] EXT4-fs (loop2): 2 truncates cleaned up [ 394.900840][T16325] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 394.922920][T16333] mkiss: ax0: crc mode is auto. [ 395.089736][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 395.196559][T16335] loop0: detected capacity change from 0 to 8192 [ 395.231828][T16335] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 395.320840][T16335] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 395.397730][T16335] REISERFS (device loop0): using ordered data mode [ 395.435014][T16335] reiserfs: using flush barriers [ 395.501328][T16335] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 395.534017][T16335] REISERFS (device loop0): checking transaction log (loop0) [ 395.559894][T16335] REISERFS (device loop0): Using r5 hash to sort names [ 396.742401][T16399] loop4: detected capacity change from 0 to 8192 [ 396.775624][T16399] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 396.804406][T16399] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 396.814727][T16399] REISERFS (device loop4): using ordered data mode [ 396.821328][T16399] reiserfs: using flush barriers [ 396.842894][T16399] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 396.860221][T16399] REISERFS (device loop4): checking transaction log (loop4) [ 396.871163][T16399] REISERFS (device loop4): Using r5 hash to sort names [ 396.881668][T16406] loop0: detected capacity change from 0 to 2048 [ 396.922725][T16406] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=3932051, location=3932051 [ 396.967318][T16406] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 397.349316][T16417] loop3: detected capacity change from 0 to 512 [ 397.375492][T16417] EXT4-fs: Ignoring removed orlov option [ 397.381224][T16417] EXT4-fs: Ignoring removed nobh option [ 397.431380][T16417] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 397.513069][T16417] EXT4-fs (loop3): orphan cleanup on readonly fs [ 397.545653][T16417] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.4579: bg 0: block 248: padding at end of block bitmap is not set [ 397.629630][T16417] __quota_error: 4 callbacks suppressed [ 397.629645][T16417] Quota error (device loop3): write_blk: dquota write failed [ 397.636615][T16423] loop4: detected capacity change from 0 to 4096 [ 397.650886][T16417] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 397.662301][T16417] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.4579: Failed to acquire dquot type 1 [ 397.679748][T16417] EXT4-fs (loop3): 1 truncate cleaned up [ 397.681182][T16423] ntfs: (device loop4): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 397.714051][T16417] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 397.761117][T16423] ntfs: (device loop4): ntfs_read_locked_inode(): Corrupt standard information attribute in inode. [ 397.799195][T16423] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 397.827717][T16417] EXT4-fs: Ignoring removed orlov option [ 397.833127][T16423] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 397.855943][T16417] EXT4-fs: Ignoring removed nobh option [ 397.864444][T16417] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 397.888406][T16423] ntfs: volume version 3.1. [ 397.900063][T16417] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 397.962077][T16417] EXT4-fs error (device loop3): __ext4_remount:6736: comm syz.3.4579: Abort forced by user [ 397.993663][T16417] EXT4-fs (loop3): Remounting filesystem read-only [ 398.013248][T16417] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 398.045858][T16417] ext4 filesystem being remounted at /1128/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 398.062304][ T2894] ntfs: (device loop4): ntfs_write_block(): Writing beyond initialized size is not supported yet. Sorry. [ 398.126630][T10370] ntfs: (device loop4): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 398.168795][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 398.413027][T16452] loop3: detected capacity change from 0 to 512 [ 398.444633][T16452] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 398.462161][T16452] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 398.477219][T16452] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.4594: invalid indirect mapped block 4294967295 (level 1) [ 398.565835][T16452] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.4594: invalid indirect mapped block 4294967295 (level 1) [ 398.588436][T16458] sg_write: data in/out 59925/10 bytes for SCSI command 0x2d-- guessing data in; [ 398.588436][T16458] program syz.0.4596 not setting count and/or reply_len properly [ 398.615905][T16452] EXT4-fs (loop3): 2 truncates cleaned up [ 398.622917][T16452] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 398.793758][T16462] loop0: detected capacity change from 0 to 1024 [ 398.808410][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 399.031934][T16467] [U] ¹ [ 399.097914][T16444] loop2: detected capacity change from 0 to 32768 [ 399.148286][T16472] netlink: 'syz.0.4600': attribute type 13 has an invalid length. [ 399.288819][T16474] loop4: detected capacity change from 0 to 4096 [ 399.441173][T16474] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 399.505100][T16481] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4606'. [ 399.514101][T16481] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 399.559814][T16474] ntfs3: loop4: Failed to load $Extend (-22). [ 399.572947][T16474] ntfs3: loop4: Failed to initialize $Extend. [ 399.634886][ T5850] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 399.865840][ T5850] usb 3-1: Using ep0 maxpacket: 8 [ 399.894215][ T5850] usb 3-1: config index 0 descriptor too short (expected 30, got 18) [ 399.925185][ T5850] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 399.941782][ T5850] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 399.951235][ T5850] usb 3-1: Product: syz [ 399.957321][ T5850] usb 3-1: Manufacturer: syz [ 399.962367][ T5850] usb 3-1: SerialNumber: syz [ 399.979630][ T5850] usb 3-1: config 0 descriptor?? [ 399.991447][ T5850] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 400.024554][ T5850] usb 3-1: setting power ON [ 400.029121][ T5850] dvb-usb: bulk message failed: -22 (2/0) [ 400.056865][ T5850] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 400.092109][T16491] loop0: detected capacity change from 0 to 4096 [ 400.094850][ T5850] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 400.117135][ T5850] usb 3-1: media controller created [ 400.127626][T16491] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 400.158947][T16491] ntfs: (device loop0): ntfs_read_locked_inode(): Corrupt standard information attribute in inode. [ 400.164945][ T5850] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 400.180577][T16491] ntfs: volume version 3.1. [ 400.198518][T16477] dvb-usb: bulk message failed: -22 (3/0) [ 400.205556][T16477] cxusb: i2c wr: len=80 is too big! [ 400.205556][T16477] [ 400.245725][ T5850] usb 3-1: selecting invalid altsetting 6 [ 400.251592][ T5850] usb 3-1: digital interface selection failed (-22) [ 400.275604][ T5850] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 400.286102][ T5850] usb 3-1: setting power OFF [ 400.290730][ T5850] dvb-usb: bulk message failed: -22 (2/0) [ 400.311100][ T5850] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 400.334645][ T787] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 400.337812][ T5850] (NULL device *): no alternate interface [ 400.407309][ T5850] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 400.452487][ T5850] usb 3-1: USB disconnect, device number 24 [ 400.524372][ T787] usb 5-1: Using ep0 maxpacket: 32 [ 400.536812][ T787] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 400.554015][ T787] usb 5-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00 [ 400.564102][ T787] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.586999][ T787] usb 5-1: config 0 descriptor?? [ 400.984646][T16518] sg_write: data in/out 59925/10 bytes for SCSI command 0x2d-- guessing data in; [ 400.984646][T16518] program syz.2.4624 not setting count and/or reply_len properly [ 401.009253][ T787] cypress 0003:04B4:DE61.0004: item fetching failed at offset 0/2 [ 401.033531][ T787] cypress 0003:04B4:DE61.0004: parse failed [ 401.064641][ T787] cypress: probe of 0003:04B4:DE61.0004 failed with error -22 [ 401.238875][ T787] usb 5-1: USB disconnect, device number 15 [ 401.694460][ T5836] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 401.884358][ T5836] usb 4-1: Using ep0 maxpacket: 8 [ 401.907669][ T5836] usb 4-1: config index 0 descriptor too short (expected 30, got 18) [ 401.920800][ T5836] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 401.941405][ T5836] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.965447][ T5836] usb 4-1: Product: syz [ 401.969689][ T5836] usb 4-1: Manufacturer: syz [ 401.993367][ T5836] usb 4-1: SerialNumber: syz [ 402.017911][ T5836] usb 4-1: config 0 descriptor?? [ 402.033848][ T5836] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 402.049152][ T5836] usb 4-1: setting power ON [ 402.068553][ T5836] dvb-usb: bulk message failed: -22 (2/0) [ 402.090924][ T5836] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 402.102051][ T5836] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 402.119800][ T5836] usb 4-1: media controller created [ 402.153537][ T5836] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 402.222398][ T5836] usb 4-1: selecting invalid altsetting 6 [ 402.258993][ T5836] usb 4-1: digital interface selection failed (-22) [ 402.271596][T16535] dvb-usb: bulk message failed: -22 (3/0) [ 402.277818][ T5836] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 402.291969][T16535] cxusb: i2c wr: len=80 is too big! [ 402.291969][T16535] [ 402.300980][T16547] loop0: detected capacity change from 0 to 32768 [ 402.302294][ T5836] usb 4-1: setting power OFF [ 402.319170][ T5836] dvb-usb: bulk message failed: -22 (2/0) [ 402.327326][ T5836] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 402.357090][ T5836] (NULL device *): no alternate interface [ 402.458325][ T5836] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 402.502727][ T5836] usb 4-1: USB disconnect, device number 22 [ 402.742310][T16569] loop2: detected capacity change from 0 to 4096 [ 402.752783][T16569] __ntfs_warning: 4 callbacks suppressed [ 402.752797][T16569] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 402.830156][T16569] ntfs: (device loop2): ntfs_read_locked_inode(): Corrupt standard information attribute in inode. [ 402.851313][T16569] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 402.898730][T16569] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 402.948065][T16569] ntfs: volume version 3.1. [ 403.106791][ T3442] ntfs: (device loop2): ntfs_write_block(): Writing beyond initialized size is not supported yet. Sorry. [ 403.178331][ T5782] ntfs: (device loop2): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 403.447012][T16586] loop4: detected capacity change from 0 to 2048 [ 403.447477][T16591] loop2: detected capacity change from 0 to 1024 [ 403.495410][T16591] EXT4-fs: Ignoring removed mblk_io_submit option [ 403.503175][T16586] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 403.527199][T16591] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 403.547913][T16586] ext4 filesystem being mounted at /652/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 403.584484][T16591] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 403.650254][T16591] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #11: comm syz.2.4661: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 403.689295][T16599] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4663'. [ 403.693904][T16586] overlayfs: failed to create directory ./bus/index (errno: 28); mounting read-only [ 403.705564][T16591] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.4661: couldn't read orphan inode 11 (err -117) [ 403.710386][T16586] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 403.746145][T16591] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 403.871801][T16601] loop0: detected capacity change from 0 to 256 [ 403.927530][T10370] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 403.928992][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 404.210299][T16609] loop3: detected capacity change from 0 to 4096 [ 404.227283][T16609] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 404.271105][ T27] audit: type=1326 audit(1762956233.351:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16613 comm="syz.0.4667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1bdf8f6c9 code=0x7ff00000 [ 404.313748][ T27] audit: type=1326 audit(1762956233.351:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16613 comm="syz.0.4667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1bdf8f6c9 code=0x7ff00000 [ 404.340092][ T27] audit: type=1326 audit(1762956233.351:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16613 comm="syz.0.4667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1bdf8f6c9 code=0x7ff00000 [ 404.391281][T16609] ntfs: volume version 3.1. [ 404.782978][T16631] loop2: detected capacity change from 0 to 256 [ 404.973261][T16638] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4681'. [ 405.147376][T16644] netlink: 'syz.4.4684': attribute type 3 has an invalid length. [ 405.395413][T16658] netlink: 'syz.3.4690': attribute type 1 has an invalid length. [ 405.531824][T16662] loop3: detected capacity change from 0 to 1024 [ 405.592372][T16662] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 405.729801][T16662] EXT4-fs error (device loop3): ext4_get_first_dir_block:3606: inode #11: comm syz.3.4692: directory missing '..' [ 405.844032][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 406.006611][T16656] loop4: detected capacity change from 0 to 32768 [ 406.080552][T16680] xt_hashlimit: overflow, try lower: 18446744073709551614/15680 [ 406.437376][T16692] loop3: detected capacity change from 0 to 64 [ 406.921802][T16708] loop3: detected capacity change from 0 to 256 [ 407.050998][T16708] FAT-fs (loop3): Directory bread(block 64) failed [ 407.084827][T16708] FAT-fs (loop3): Directory bread(block 65) failed [ 407.091504][T16708] FAT-fs (loop3): Directory bread(block 66) failed [ 407.118168][T16708] FAT-fs (loop3): Directory bread(block 67) failed [ 407.125407][T16708] FAT-fs (loop3): Directory bread(block 68) failed [ 407.131993][T16708] FAT-fs (loop3): Directory bread(block 69) failed [ 407.157975][T16708] FAT-fs (loop3): Directory bread(block 70) failed [ 407.185369][T16708] FAT-fs (loop3): Directory bread(block 71) failed [ 407.192027][T16708] FAT-fs (loop3): Directory bread(block 72) failed [ 407.208055][T16708] FAT-fs (loop3): Directory bread(block 73) failed [ 407.652355][T16732] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 ! [ 407.914179][T16716] loop0: detected capacity change from 0 to 32768 [ 407.928698][T16716] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz.0.4726 (16716) [ 407.941506][ T5836] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 407.971161][T16716] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 407.982828][T16716] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 407.993115][T16716] BTRFS info (device loop0): using free space tree [ 408.070651][T16716] BTRFS info (device loop0): enabling ssd optimizations [ 408.078743][T16716] BTRFS info (device loop0): auto enabling async discard [ 408.138172][ T5836] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 408.154332][ T5836] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.162433][ T5836] usb 4-1: Product: syz [ 408.166886][ T5836] usb 4-1: Manufacturer: syz [ 408.171504][ T5836] usb 4-1: SerialNumber: syz [ 408.174410][ T5849] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 408.178641][ T5836] usb 4-1: config 0 descriptor?? [ 408.261651][ T5785] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 408.378038][ T5849] usb 3-1: config 0 has an invalid interface number: 117 but max is 0 [ 408.390484][ T5849] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 408.401447][ T5849] usb 3-1: config 0 has no interface number 0 [ 408.410110][ T5836] hso 4-1:0.0: Failed to find BULK IN ep [ 408.439674][ T5849] usb 3-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 408.440474][ T5836] usb-storage 4-1:0.0: USB Mass Storage device detected [ 408.451359][ T5849] usb 3-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 408.504345][ T5849] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 408.514653][ T5849] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.522694][ T5849] usb 3-1: Product: syz [ 408.531689][ T5849] usb 3-1: Manufacturer: syz [ 408.536558][ T5849] usb 3-1: SerialNumber: syz [ 408.552860][ T5849] usb 3-1: config 0 descriptor?? [ 408.648208][ T5836] usb 4-1: USB disconnect, device number 23 [ 408.767964][T16768] loop4: detected capacity change from 0 to 1024 [ 408.795751][T16768] EXT4-fs: Ignoring removed oldalloc option [ 408.801720][T16768] EXT4-fs: Ignoring removed bh option [ 408.859189][T16768] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 408.906806][T16768] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 408.978898][T10370] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 409.248958][ T5836] usb 3-1: USB disconnect, device number 25 [ 409.723867][T16781] loop4: detected capacity change from 0 to 32768 [ 409.795880][T16781] [ 409.795880][T16781] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 409.795880][T16781] [ 410.064107][T16787] loop3: detected capacity change from 0 to 32768 [ 410.104440][T16787] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 scanned by syz.3.4742 (16787) [ 410.182272][T16787] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 410.198593][T16781] blkno = 0, nblocks = 40 [ 410.203533][T16781] ERROR: (device loop4): dbFree: block to be freed is outside the map [ 410.203533][T16781] [ 410.213035][T16787] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 410.253895][T16787] BTRFS info (device loop3): using free space tree [ 410.292560][T10370] [ 410.292560][T10370] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 410.292560][T10370] [ 410.347541][T10370] [ 410.347541][T10370] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 410.347541][T10370] [ 410.431344][T16787] BTRFS info (device loop3): enabling ssd optimizations [ 410.464939][T16787] BTRFS info (device loop3): auto enabling async discard [ 410.767621][T16823] loop4: detected capacity change from 0 to 4096 [ 410.800908][ T5783] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 410.924567][T16823] ntfs3: loop4: failed to convert name for inode 1e. [ 410.945664][T16797] loop2: detected capacity change from 0 to 32768 [ 411.032721][T16797] JBD2: Ignoring recovery information on journal [ 411.198406][T16797] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 411.537720][ T5782] ocfs2: Unmounting device (7,2) on (node local) [ 411.800787][T16843] loop4: detected capacity change from 0 to 256 [ 411.967580][T16827] loop0: detected capacity change from 0 to 32768 [ 412.023899][T16827] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.4754 (16827) [ 412.080097][T16827] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 412.129691][T16827] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 412.162393][T16827] BTRFS info (device loop0): using free space tree [ 412.486220][T16827] BTRFS info (device loop0): enabling ssd optimizations [ 412.526309][T16827] BTRFS info (device loop0): auto enabling async discard [ 412.780341][ T5785] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 412.935056][T16891] loop2: detected capacity change from 0 to 2048 [ 412.974440][T16891] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 413.023466][T16891] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 413.308018][T16881] loop4: detected capacity change from 0 to 32768 [ 413.364756][T16881] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.4767 (16881) [ 413.491037][T16881] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 413.582085][T16881] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 413.639350][T16881] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8) [ 413.681716][T16881] BTRFS info (device loop4): use lzo compression, level 0 [ 413.734603][T16881] BTRFS info (device loop4): using free space tree [ 413.862395][T16914] loop3: detected capacity change from 0 to 4096 [ 413.903426][T16881] BTRFS info (device loop4): enabling ssd optimizations [ 413.913088][T16881] BTRFS info (device loop4): auto enabling async discard [ 413.920958][T16914] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 414.041615][T16940] loop2: detected capacity change from 0 to 164 [ 414.134089][ T6007] blk_print_req_error: 17 callbacks suppressed [ 414.134105][ T6007] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 414.153046][ T27] kauditd_printk_skb: 339 callbacks suppressed [ 414.153060][ T27] audit: type=1800 audit(1762956243.231:602): pid=16914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4777" name="file1" dev="loop3" ino=30 res=0 errno=0 [ 414.332153][T10370] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 414.711765][ T5799] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 9 /dev/loop4 scanned by udevd (5799) [ 414.838231][T16960] loop0: detected capacity change from 0 to 256 [ 414.866295][T16960] exfat: Deprecated parameter 'namecase' [ 414.927957][T16960] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 415.584646][T16979] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4796'. [ 415.600786][T16976] loop0: detected capacity change from 0 to 4096 [ 415.612134][T16980] loop4: detected capacity change from 0 to 256 [ 415.651785][T16980] exfat: Deprecated parameter 'namecase' [ 415.705196][T16980] exfat: Deprecated parameter 'namecase' [ 415.709196][T16950] loop3: detected capacity change from 0 to 32768 [ 415.772412][T16980] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d) [ 415.797355][T16976] ntfs3: loop0: failed to convert name for inode 1e. [ 415.806221][T16950] JBD2: Ignoring recovery information on journal [ 415.838534][T16983] loop2: detected capacity change from 0 to 512 [ 415.878188][T16950] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode. [ 416.069554][T16983] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 416.167504][T16983] ext4 filesystem being mounted at /1186/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 416.225393][ T5783] ocfs2: Unmounting device (7,3) on (node local) [ 416.301644][T16997] EXT4-fs error (device loop2): ext4_ext_remove_space:2929: inode #15: comm syz.2.4798: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 416.321803][T16997] EXT4-fs error (device loop2): ext4_evict_inode:263: comm syz.2.4798: couldn't truncate inode 15 (err -117) [ 416.477604][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 417.205040][T17006] loop2: detected capacity change from 0 to 32768 [ 417.220946][T17006] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 9 [ 417.267507][T17015] loop0: detected capacity change from 0 to 8192 [ 417.314114][T17015] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 417.342051][T17024] loop4: detected capacity change from 0 to 2048 [ 417.355326][T17015] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 417.365000][T17015] REISERFS (device loop0): using ordered data mode [ 417.371534][T17015] reiserfs: using flush barriers [ 417.441502][T17015] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 417.442008][T17015] REISERFS (device loop0): checking transaction log (loop0) [ 417.451380][T17015] REISERFS (device loop0): Using r5 hash to sort names [ 417.479855][T17015] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 417.504879][T17024] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 417.608859][ T5799] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 9 [ 417.773211][T10370] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 417.991157][T17042] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4820'. [ 418.468592][T17045] loop2: detected capacity change from 0 to 32768 [ 418.478914][T17045] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 9 [ 418.576861][T17054] loop4: detected capacity change from 0 to 8192 [ 418.608716][T17054] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 418.634910][ T5799] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 9 [ 418.674445][T17054] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 418.674570][T17054] REISERFS (device loop4): using ordered data mode [ 418.674582][T17054] reiserfs: using flush barriers [ 418.680165][T17054] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 418.680771][T17054] REISERFS (device loop4): checking transaction log (loop4) [ 418.698231][T17054] REISERFS (device loop4): Using r5 hash to sort names [ 418.698722][T17054] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 419.404437][ T8] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 419.583654][T17061] loop0: detected capacity change from 0 to 32768 [ 419.622855][T17061] [ 419.622855][T17061] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 419.622855][T17061] [ 419.634535][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 419.641525][ T8] usb 5-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00 [ 419.651878][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.689475][ T8] usb 5-1: config 0 descriptor?? [ 419.741848][T17067] loop2: detected capacity change from 0 to 32768 [ 419.784983][T17067] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 9 [ 419.930476][ T5777] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 9 [ 419.969052][T17061] blkno = 0, nblocks = 40 [ 419.973442][T17061] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 419.973442][T17061] [ 420.088539][ T5785] [ 420.088539][ T5785] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 420.088539][ T5785] [ 420.120274][ T5785] [ 420.120274][ T5785] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 420.120274][ T5785] [ 420.124494][ T8] uclogic 0003:145F:0212.0005: interface is invalid, ignoring [ 420.267231][T17079] GUP no longer grows the stack in syz.0.4837 (17079): 200000005000-200000008000 (200000004000) [ 420.283092][T17079] CPU: 1 PID: 17079 Comm: syz.0.4837 Not tainted syzkaller #0 [ 420.290611][T17079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 420.299163][T17074] loop3: detected capacity change from 0 to 32768 [ 420.300667][T17079] Call Trace: [ 420.310436][T17079] [ 420.313391][T17079] dump_stack_lvl+0x16c/0x230 [ 420.318103][T17079] ? show_regs_print_info+0x20/0x20 [ 420.323332][T17079] ? load_image+0x3b0/0x3b0 [ 420.324124][ T8] usb 5-1: USB disconnect, device number 16 [ 420.327837][T17079] ? find_vma+0x12e/0x1b0 [ 420.327875][T17079] fixup_user_fault+0x652/0x710 [ 420.327905][T17079] fault_in_user_writeable+0x71/0xe0 [ 420.327933][T17079] futex_lock_pi+0x21b/0x8d0 [ 420.327957][T17079] ? fixup_pi_state_owner+0x5c0/0x5c0 [ 420.358307][T17079] ? userfaultfd_unmap_prep+0x3d0/0x3d0 [ 420.363895][T17079] ? mas_find_setup+0x493/0x590 [ 420.368783][T17079] do_futex+0x23d/0x3e0 [ 420.372984][T17079] ? __ia32_sys_get_robust_list+0x90/0x90 [ 420.378732][T17079] __se_sys_futex+0x36f/0x3f0 [ 420.383455][T17079] ? __x64_sys_futex+0xf0/0xf0 [ 420.388238][T17079] ? __x64_sys_futex+0x21/0xf0 [ 420.393001][T17079] do_syscall_64+0x55/0xb0 [ 420.397421][T17079] ? clear_bhb_loop+0x40/0x90 [ 420.402092][T17079] ? clear_bhb_loop+0x40/0x90 [ 420.406764][T17079] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 420.412653][T17079] RIP: 0033:0x7fb1bdf8f6c9 [ 420.417065][T17079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.436668][T17079] RSP: 002b:00007fb1bedd0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 420.445082][T17079] RAX: ffffffffffffffda RBX: 00007fb1be1e5fa0 RCX: 00007fb1bdf8f6c9 [ 420.453047][T17079] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000 [ 420.461010][T17079] RBP: 00007fb1be011f91 R08: 0000000000000000 R09: 0000000000000000 [ 420.468978][T17079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 420.476943][T17079] R13: 00007fb1be1e6038 R14: 00007fb1be1e5fa0 R15: 00007ffd9eb5e3d8 [ 420.484921][T17079] [ 420.488353][T17074] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 9 [ 420.653410][ T27] audit: type=1326 audit(1762956249.731:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17082 comm="syz.0.4846" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb1bdf8f6c9 code=0x0 [ 420.660312][ T5799] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 9 [ 420.751488][T17081] loop3: detected capacity change from 0 to 8192 [ 420.772273][T17081] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 420.795657][T17081] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 420.810147][T17081] REISERFS (device loop3): using ordered data mode [ 420.817475][T17081] reiserfs: using flush barriers [ 420.827328][T17081] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 420.849469][T17081] REISERFS (device loop3): checking transaction log (loop3) [ 420.859351][T17081] REISERFS (device loop3): Using r5 hash to sort names [ 420.866774][T17081] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 421.670304][T17110] loop3: detected capacity change from 0 to 736 [ 422.223951][T17102] loop2: detected capacity change from 0 to 32768 [ 422.260631][T17102] [ 422.260631][T17102] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 422.260631][T17102] [ 422.287875][T17127] loop4: detected capacity change from 0 to 256 [ 422.311582][T17129] loop0: detected capacity change from 0 to 512 [ 422.351593][T17127] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 422.378793][T17127] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 422.420394][T17129] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 422.493720][T17102] blkno = 0, nblocks = 40 [ 422.498235][T17102] ERROR: (device loop2): dbFree: block to be freed is outside the map [ 422.498235][T17102] [ 422.500364][T17129] ext4 filesystem being mounted at /1206/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 422.565879][ T27] audit: type=1326 audit(1762956251.651:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17133 comm="syz.3.4860" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fefcdd8f6c9 code=0x0 [ 422.633055][ T5782] [ 422.633055][ T5782] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 422.633055][ T5782] [ 422.679216][ T5782] [ 422.679216][ T5782] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 422.679216][ T5782] [ 422.800459][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 423.012124][T17147] loop2: detected capacity change from 0 to 512 [ 423.040052][T17147] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 423.074554][T17147] ext4 filesystem being mounted at /1199/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 423.186559][T17147] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #2: comm syz.2.4865: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 423.243248][T17145] loop0: detected capacity change from 0 to 32768 [ 423.266343][T17145] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 9 [ 423.282654][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 423.351472][T17151] loop4: detected capacity change from 0 to 512 [ 423.449734][T17151] EXT4-fs error (device loop4): ext4_orphan_get:1399: inode #15: comm syz.4.4875: inode has both inline data and extents flags [ 423.490837][ T5799] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 9 [ 423.537434][T17151] EXT4-fs error (device loop4): ext4_orphan_get:1404: comm syz.4.4875: couldn't read orphan inode 15 (err -117) [ 423.608724][T17151] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 423.798229][T10370] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 424.051771][T17174] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4873'. [ 424.073304][ T5836] IPVS: starting estimator thread 0... [ 424.175279][T17179] IPVS: using max 18 ests per chain, 43200 per kthread [ 424.244553][ T8] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 424.314562][ T5874] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 424.326538][T17189] loop4: detected capacity change from 0 to 256 [ 424.350956][T17189] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d) [ 424.424924][ T1185] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 424.435121][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 424.447431][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 424.460824][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 424.471057][ T8] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 424.500430][ T5874] usb 4-1: config index 0 descriptor too short (expected 3133, got 61) [ 424.504337][ T8] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 424.510359][ T5874] usb 4-1: config 0 has an invalid interface number: 156 but max is 1 [ 424.527377][ T5874] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 424.529602][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.538132][ T5874] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 424.555125][ T5874] usb 4-1: config 0 has no interface number 0 [ 424.561300][ T5874] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 424.563463][ T8] usb 3-1: config 0 descriptor?? [ 424.583902][ T5874] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 424.595210][ T5874] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 424.606260][ T5874] usb 4-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 424.619945][ T5874] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 424.629103][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.639559][ T5874] usb 4-1: config 0 descriptor?? [ 424.653429][ T5874] gspca_main: spca561-2.14.0 probing abcd:cdee [ 424.659344][ T1185] usb 1-1: unable to get BOS descriptor or descriptor too short [ 424.670710][ T1185] usb 1-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 424.683527][ T1185] usb 1-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db [ 424.693631][ T1185] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.701752][ T1185] usb 1-1: Product: syz [ 424.710138][ T1185] usb 1-1: Manufacturer: syz [ 424.714916][ T1185] usb 1-1: SerialNumber: syz [ 424.809784][ T3442] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.859432][ T5874] spca561: probe of 4-1:0.156 failed with error -22 [ 424.869027][ T5874] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 424.876505][ T5874] usb 4-1: MIDIStreaming interface descriptor not found [ 424.984839][ T5874] usb 4-1: USB disconnect, device number 24 [ 425.010201][ T3442] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.071967][ T8] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0006/input/input21 [ 425.183728][ T3442] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.244769][ T8] microsoft 0003:045E:07DA.0006: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 425.276191][ T3442] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.286101][ T8] usb 3-1: USB disconnect, device number 26 [ 425.349803][T17192] fido_id[17192]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 425.638836][T17196] loop3: detected capacity change from 0 to 256 [ 425.666934][T17196] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 425.692720][ T1185] usb 1-1: reset high-speed USB device number 26 using dummy_hcd [ 425.722467][T17196] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 425.925673][ T1185] usb 1-1: unable to get BOS descriptor or descriptor too short [ 426.252345][ T5849] usb 1-1: USB disconnect, device number 26 [ 426.309347][ T5798] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 426.322863][ T5798] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 426.357074][ T5798] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 426.380985][ T5798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 426.401290][ T5798] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 426.410906][ T5798] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 426.455238][ T5790] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 426.465474][ T5790] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 426.466038][T17221] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4888'. [ 426.472879][ T5790] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 426.482793][ T23] IPVS: starting estimator thread 0... [ 426.495622][ T5790] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 426.506269][ T5790] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 426.513686][ T5790] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 426.644534][T17222] IPVS: using max 17 ests per chain, 40800 per kthread [ 426.982548][T17232] can0: slcan on ttyprintk. [ 427.010828][T17234] loop2: detected capacity change from 0 to 256 [ 427.036035][T17234] exfat: Deprecated parameter 'utf8' [ 427.041422][T17234] exfat: Deprecated parameter 'namecase' [ 427.127522][T17231] can0 (unregistered): slcan off ttyprintk. [ 427.142017][T17234] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 427.320026][T17229] loop3: detected capacity change from 0 to 32768 [ 427.529340][T17243] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4900'. [ 427.538551][T17243] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4900'. [ 427.810364][ T3442] hsr_slave_0: left promiscuous mode [ 427.867636][ T3442] hsr_slave_1: left promiscuous mode [ 427.874861][ T787] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 427.900966][ T3442] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 427.917953][ T3442] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 427.948935][ T3442] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 427.972857][ T3442] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 428.001894][ T3442] bridge_slave_1: left allmulticast mode [ 428.016951][ T3442] bridge_slave_1: left promiscuous mode [ 428.025374][ T3442] bridge0: port 2(bridge_slave_1) entered disabled state [ 428.077374][ T3442] bridge_slave_0: left allmulticast mode [ 428.083076][ T3442] bridge_slave_0: left promiscuous mode [ 428.085732][ T787] usb 4-1: Using ep0 maxpacket: 8 [ 428.103553][ T787] usb 4-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00 [ 428.112049][ T3442] bridge0: port 1(bridge_slave_0) entered disabled state [ 428.130564][ T787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.162688][ T787] usb 4-1: config 0 descriptor?? [ 428.209659][ T3442] veth1_macvtap: left promiscuous mode [ 428.216223][ T3442] veth0_macvtap: left promiscuous mode [ 428.221832][ T3442] veth1_vlan: left promiscuous mode [ 428.483685][ T3442] bond1 (unregistering): Released all slaves [ 428.575704][ T5790] Bluetooth: hci3: command tx timeout [ 428.639022][ T787] uclogic 0003:145F:0212.0007: interface is invalid, ignoring [ 428.695363][ T23] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 428.852951][ T787] usb 4-1: USB disconnect, device number 25 [ 428.890608][ T23] usb 3-1: Using ep0 maxpacket: 32 [ 428.915683][ T23] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 428.924079][ T23] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 428.938254][ T23] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 428.949433][ T23] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 428.962908][ T23] usb 3-1: config 0 interface 0 has no altsetting 0 [ 428.997492][ T23] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 429.006649][ T23] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 429.015402][ T23] usb 3-1: Product: syz [ 429.019594][ T23] usb 3-1: Manufacturer: syz [ 429.025235][ T23] usb 3-1: SerialNumber: syz [ 429.035957][ T23] usb 3-1: config 0 descriptor?? [ 429.055837][ T23] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 429.073763][ T23] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 429.127047][ T3442] team0 (unregistering): Port device team_slave_1 removed [ 429.178136][ T3442] team0 (unregistering): Port device team_slave_0 removed [ 429.224754][ T3442] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 429.272421][ T23] usb 3-1: USB disconnect, device number 27 [ 429.295375][ T23] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 429.303488][ T3442] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 429.514189][T17277] loop3: detected capacity change from 0 to 47 [ 429.640596][T17279] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4909'. [ 429.652587][T17279] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4909'. [ 430.197267][ T3442] bond0 (unregistering): Released all slaves [ 430.400070][T17213] chnl_net:caif_netlink_parms(): no params data found [ 430.554812][T17301] loop2: detected capacity change from 0 to 47 [ 430.655325][ T5790] Bluetooth: hci3: command tx timeout [ 430.795753][ T5850] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 430.828408][T17213] bridge0: port 1(bridge_slave_0) entered blocking state [ 430.845167][T17311] loop0: detected capacity change from 0 to 1024 [ 430.855105][T17213] bridge0: port 1(bridge_slave_0) entered disabled state [ 430.873656][T17213] bridge_slave_0: entered allmulticast mode [ 430.886910][T17213] bridge_slave_0: entered promiscuous mode [ 430.919873][T17213] bridge0: port 2(bridge_slave_1) entered blocking state [ 430.934910][T17213] bridge0: port 2(bridge_slave_1) entered disabled state [ 430.942177][T17213] bridge_slave_1: entered allmulticast mode [ 430.991311][T17213] bridge_slave_1: entered promiscuous mode [ 431.024756][ T5850] usb 4-1: Using ep0 maxpacket: 16 [ 431.057870][ T5850] usb 4-1: config 1 has an invalid interface number: 105 but max is 0 [ 431.073469][ T5850] usb 4-1: config 1 has no interface number 0 [ 431.090269][ T12] hfsplus: b-tree write err: -5, ino 4 [ 431.101304][ T5850] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 431.134908][ T5850] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 431.158498][ T5850] usb 4-1: config 1 interface 105 has no altsetting 0 [ 431.190452][ T5850] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 431.212208][T17213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 431.216413][ T5850] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 431.246405][ T5850] usb 4-1: Product: syz [ 431.250442][T17213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 431.250595][ T5850] usb 4-1: Manufacturer: syz [ 431.275093][ T5850] usb 4-1: SerialNumber: syz [ 431.287510][T17299] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 431.295065][T17299] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 431.386559][T17213] team0: Port device team_slave_0 added [ 431.390107][ T3442] IPVS: stop unused estimator thread 0... [ 431.431329][T17213] team0: Port device team_slave_1 added [ 431.631389][T17331] loop2: detected capacity change from 0 to 164 [ 431.665606][T17213] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 431.672624][T17213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 431.722206][T17213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 431.735650][T17299] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 431.742930][T17299] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 431.778359][T17213] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 431.799650][T17213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 431.829317][ T5782] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 431.862836][ T5782] ISOFS: unable to read i-node block [ 431.879499][ T5782] ISOFS: unable to read i-node block [ 431.886030][T17213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 431.999757][ T5850] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71 [ 432.029451][ T5850] aqc111: probe of 4-1:1.105 failed with error -71 [ 432.083176][ T5850] usb 4-1: USB disconnect, device number 26 [ 432.147499][T17213] hsr_slave_0: entered promiscuous mode [ 432.165090][T17213] hsr_slave_1: entered promiscuous mode [ 432.171447][T17213] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 432.179541][T17213] Cannot create hsr debugfs directory [ 432.734476][ T5790] Bluetooth: hci3: command tx timeout [ 432.936148][T17338] loop0: detected capacity change from 0 to 32768 [ 433.083268][T17338] ERROR: (device loop0): xtSearch: XT_GETPAGE: xtree page corrupt [ 433.083268][T17338] [ 433.119299][T17338] ERROR: (device loop0): remounting filesystem as read-only [ 433.370752][ T5798] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 433.385664][ T5798] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 433.404671][ T5798] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 433.412759][ T5798] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 433.422401][ T5798] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 433.434846][ T5798] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 433.596986][T17366] loop3: detected capacity change from 0 to 512 [ 433.682338][T17366] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.4938: inode has both inline data and extents flags [ 433.753978][T17370] sp0: Synchronizing with TNC [ 433.795774][T17366] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.4938: couldn't read orphan inode 15 (err -117) [ 433.834104][T17366] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 433.919609][T17213] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 433.979828][T17213] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 433.983998][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 434.019619][T17213] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 434.045379][T17213] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 434.101925][T17358] chnl_net:caif_netlink_parms(): no params data found [ 434.139719][T17383] can0: slcan on ttyprintk. [ 434.204985][T17382] can0 (unregistered): slcan off ttyprintk. [ 434.254511][ T23] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 434.330887][T17358] bridge0: port 1(bridge_slave_0) entered blocking state [ 434.338716][T17358] bridge0: port 1(bridge_slave_0) entered disabled state [ 434.348036][T17358] bridge_slave_0: entered allmulticast mode [ 434.355445][T17358] bridge_slave_0: entered promiscuous mode [ 434.378832][T17358] bridge0: port 2(bridge_slave_1) entered blocking state [ 434.386710][T17358] bridge0: port 2(bridge_slave_1) entered disabled state [ 434.393943][T17358] bridge_slave_1: entered allmulticast mode [ 434.402462][T17358] bridge_slave_1: entered promiscuous mode [ 434.451890][ T23] usb 1-1: Using ep0 maxpacket: 16 [ 434.459828][T17358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 434.474870][ T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 434.477907][T17358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 434.503811][ T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 434.519936][ T23] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 434.533313][ T23] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 434.549501][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.566753][T17213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 434.574002][ T23] usb 1-1: config 0 descriptor?? [ 434.599799][T17358] team0: Port device team_slave_0 added [ 434.620385][T17358] team0: Port device team_slave_1 added [ 434.642581][T17213] 8021q: adding VLAN 0 to HW filter on device team0 [ 434.710786][ T2894] bridge0: port 1(bridge_slave_0) entered blocking state [ 434.718014][ T2894] bridge0: port 1(bridge_slave_0) entered forwarding state [ 434.735663][T17358] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 434.744581][T17358] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 434.774911][T17358] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 434.790758][ T2894] bridge0: port 2(bridge_slave_1) entered blocking state [ 434.798071][ T2894] bridge0: port 2(bridge_slave_1) entered forwarding state [ 434.813469][T17358] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 434.822726][ T5790] Bluetooth: hci3: command tx timeout [ 434.833496][T17358] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 434.860476][T17358] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 434.917890][T17358] hsr_slave_0: entered promiscuous mode [ 434.925131][T17358] hsr_slave_1: entered promiscuous mode [ 434.932050][T17358] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 434.939716][T17358] Cannot create hsr debugfs directory [ 435.036162][ T23] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0008/input/input22 [ 435.159256][ T23] microsoft 0003:045E:07DA.0008: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 435.228442][ T23] usb 1-1: USB disconnect, device number 27 [ 435.369037][T17406] fido_id[17406]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 435.478061][T17358] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 435.511489][T17358] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 435.528644][T17358] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 435.545102][ T5790] Bluetooth: hci2: command tx timeout [ 435.552342][T17358] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 435.647144][T17213] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 435.752865][T17358] 8021q: adding VLAN 0 to HW filter on device bond0 [ 435.809808][T17358] 8021q: adding VLAN 0 to HW filter on device team0 [ 435.839407][ T2894] bridge0: port 1(bridge_slave_0) entered blocking state [ 435.846619][ T2894] bridge0: port 1(bridge_slave_0) entered forwarding state [ 435.892304][ T2950] bridge0: port 2(bridge_slave_1) entered blocking state [ 435.899497][ T2950] bridge0: port 2(bridge_slave_1) entered forwarding state [ 436.022233][T17434] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4941'. [ 436.072319][T17358] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 436.284983][ T5836] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 436.344973][T17213] veth0_vlan: entered promiscuous mode [ 436.406543][T17213] veth1_vlan: entered promiscuous mode [ 436.495199][T17213] veth0_macvtap: entered promiscuous mode [ 436.506679][ T5836] usb 1-1: Using ep0 maxpacket: 16 [ 436.520668][ T5836] usb 1-1: config 1 has an invalid interface number: 105 but max is 0 [ 436.529747][ T5836] usb 1-1: config 1 has no interface number 0 [ 436.537585][ T5836] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 436.551047][T17213] veth1_macvtap: entered promiscuous mode [ 436.558965][ T5836] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 436.590593][T17358] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 436.597668][ T5836] usb 1-1: config 1 interface 105 has no altsetting 0 [ 436.615622][ T5836] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 436.636639][ T5836] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 436.655931][T17213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.675649][ T5836] usb 1-1: Product: syz [ 436.679863][ T5836] usb 1-1: Manufacturer: syz [ 436.689604][T17213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.704382][ T5836] usb 1-1: SerialNumber: syz [ 436.716620][T17213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.727665][T17432] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 436.755602][T17432] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 436.767137][T17213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.795311][T17213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.812288][T17213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.866584][T17213] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 436.889089][T17213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 436.931849][T17213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.942186][T17213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 436.968844][T17213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.996146][T17213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 437.012204][T17213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 437.024847][T17213] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 437.043149][T17462] sp0: Synchronizing with TNC [ 437.068196][T17213] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.095254][T17213] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.116630][T17213] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.135182][T17213] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.206925][T17432] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 437.229307][T17432] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 437.417663][T17358] veth0_vlan: entered promiscuous mode [ 437.459937][ T5836] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71 [ 437.466484][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 437.485048][ T5836] aqc111: probe of 1-1:1.105 failed with error -71 [ 437.497497][T17358] veth1_vlan: entered promiscuous mode [ 437.517293][ T5836] usb 1-1: USB disconnect, device number 28 [ 437.533074][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 437.612102][T17358] veth0_macvtap: entered promiscuous mode [ 437.620618][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 437.623427][T17358] veth1_macvtap: entered promiscuous mode [ 437.629346][ T5790] Bluetooth: hci2: command tx timeout [ 437.684545][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 437.728791][T17358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 437.760832][T17358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 437.783416][T17358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 437.800333][T17358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 437.811370][T17358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 437.834812][T17358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 437.849482][T17358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 437.862381][T17358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 437.880828][T17358] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 437.921361][T17358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 437.946032][T17358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 437.966331][T17358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 437.994562][T17358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 438.019728][T17358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 438.019748][T17358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 438.019770][T17358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 438.019783][T17358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 438.021380][T17358] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 438.041210][T17358] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.041244][T17358] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.041270][T17358] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.041295][T17358] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.384636][T17498] netlink: 168 bytes leftover after parsing attributes in process `syz.0.4949'. [ 438.400606][ T3442] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 438.410229][ T3442] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 438.425277][T17498] netlink: 160 bytes leftover after parsing attributes in process `syz.0.4949'. [ 438.513138][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 438.525674][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 439.044664][ T787] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 439.247390][ T787] usb 6-1: unable to get BOS descriptor or descriptor too short [ 439.267371][ T787] usb 6-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 439.296206][ T787] usb 6-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db [ 439.314409][ T787] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.332769][ T787] usb 6-1: Product: syz [ 439.337488][ T787] usb 6-1: Manufacturer: syz [ 439.363803][ T787] usb 6-1: SerialNumber: syz [ 439.597238][T17536] loop3: detected capacity change from 0 to 4096 [ 439.629913][T17536] ntfs: volume version 3.1. [ 439.677015][T17536] ntfs: (device loop3): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -28). [ 439.693969][T17536] ntfs: (device loop3): ntfs_attr_extend_allocation(): Cannot extend allocation of inode 0x44, attribute type 0x80, because the allocation of clusters failed with error code -28. [ 439.713183][ T5790] Bluetooth: hci2: command tx timeout [ 440.034029][ T5836] kernel write not supported for file /input/mice (pid: 5836 comm: kworker/0:5) [ 440.178743][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.185200][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.274544][ T787] usb 6-1: reset high-speed USB device number 2 using dummy_hcd [ 440.275796][T17546] netlink: 168 bytes leftover after parsing attributes in process `syz.3.4969'. [ 440.321562][T17546] netlink: 160 bytes leftover after parsing attributes in process `syz.3.4969'. [ 440.367115][T17540] loop4: detected capacity change from 0 to 32768 [ 440.439431][T17540] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 440.439431][T17540] [ 440.461868][T17540] ERROR: (device loop4): remounting filesystem as read-only [ 440.480321][T17538] loop0: detected capacity change from 0 to 32768 [ 440.491924][ T787] usb 6-1: unable to get BOS descriptor or descriptor too short [ 440.532515][T17548] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4970'. [ 440.562188][T17548] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4970'. [ 440.738785][T17552] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 440.768109][ T9096] usb 6-1: USB disconnect, device number 2 [ 440.964376][ T8] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 441.009513][T17554] loop4: detected capacity change from 0 to 1024 [ 441.017941][T17554] EXT4-fs: Ignoring removed mblk_io_submit option [ 441.039870][T17554] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 441.087343][T17554] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2802: inode #12: comm syz.4.4971: corrupted in-inode xattr: bad magic number in in-inode xattr [ 441.118239][T17554] EXT4-fs (loop4): Remounting filesystem read-only [ 441.143431][T17213] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 441.164437][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 441.174582][ T8] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 441.184601][ T8] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 441.204375][ T8] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 441.216352][ T8] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 441.230534][ T8] usb 4-1: config 0 interface 0 has no altsetting 0 [ 441.242096][ T8] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 441.251756][ T8] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 441.260962][ T8] usb 4-1: Product: syz [ 441.265525][ T8] usb 4-1: Manufacturer: syz [ 441.270212][ T8] usb 4-1: SerialNumber: syz [ 441.279479][ T8] usb 4-1: config 0 descriptor?? [ 441.287677][ T8] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 441.302980][ T8] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 441.368062][T17561] loop4: detected capacity change from 0 to 128 [ 441.392285][T17561] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 441.410196][T17561] ext4 filesystem being mounted at /10/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 441.513584][T17561] EXT4-fs warning (device loop4): verify_group_input:151: Cannot add at group 7 (only 1 groups) [ 441.536704][ T8] usb 4-1: USB disconnect, device number 27 [ 441.574680][ T8] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 441.597125][T17213] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 441.780126][ T5790] Bluetooth: hci2: command tx timeout [ 442.543290][T17572] loop5: detected capacity change from 0 to 32768 [ 442.614770][T17596] tmpfs: Bad value for 'gid' [ 442.648357][T17572] ERROR: (device loop5): xtSearch: XT_GETPAGE: xtree page corrupt [ 442.648357][T17572] [ 442.708221][T17572] ERROR: (device loop5): remounting filesystem as read-only [ 442.964354][ T8] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 443.074976][T17604] loop0: detected capacity change from 0 to 32768 [ 443.176047][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 443.197560][ T8] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 443.234502][ T8] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 443.260871][ T8] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 443.305445][ T8] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 443.349434][ T8] usb 5-1: config 0 interface 0 has no altsetting 0 [ 443.367278][ T8] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 443.400159][ T8] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 443.436553][ T8] usb 5-1: Product: syz [ 443.449616][ T8] usb 5-1: Manufacturer: syz [ 443.475309][ T8] usb 5-1: SerialNumber: syz [ 443.495435][ T8] usb 5-1: config 0 descriptor?? [ 443.515705][ T8] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 443.527471][T17610] loop0: detected capacity change from 0 to 4096 [ 443.551885][ T8] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 443.678292][T17610] ntfs: volume version 3.1. [ 443.768495][ T8] usb 5-1: USB disconnect, device number 17 [ 443.779937][T17610] ntfs: (device loop0): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -28). [ 443.805303][ T8] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 443.811268][T17610] ntfs: (device loop0): ntfs_attr_extend_allocation(): Cannot extend allocation of inode 0x44, attribute type 0x80, because the allocation of clusters failed with error code -28. [ 443.991967][T17626] program syz.3.5008 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 444.363052][T17638] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5014'. [ 444.908956][T17663] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5024'. [ 444.935332][T17663] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5024'. [ 445.585637][T17659] loop3: detected capacity change from 0 to 32768 [ 445.958658][T17690] tmpfs: Bad value for 'gid' [ 445.986974][T17692] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5037'. [ 446.016948][T17692] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5037'. [ 446.289181][T17698] loop4: detected capacity change from 0 to 1024 [ 446.311632][T17698] EXT4-fs: inline encryption not supported [ 446.354600][T17698] EXT4-fs: Ignoring removed i_version option [ 446.385422][T17698] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 446.487081][T17698] EXT4-fs error (device loop4): ext4_map_blocks:718: inode #3: block 1: comm syz.4.5040: lblock 1 mapped to illegal pblock 1 (length 1) [ 446.558886][T17698] Quota error (device loop4): write_blk: dquota write failed [ 446.559935][T17682] loop0: detected capacity change from 0 to 32768 [ 446.590090][T17698] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 446.614687][T17682] [ 446.614687][T17682] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 446.614687][T17682] [ 446.650808][T17698] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.5040: Failed to acquire dquot type 0 [ 446.674030][T17698] EXT4-fs error (device loop4): ext4_free_blocks:6676: comm syz.4.5040: Freeing blocks not in datazone - block = 0, count = 4096 [ 446.696228][ T9096] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 446.732015][T17698] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.5040: Invalid inode bitmap blk 0 in block_group 0 [ 446.746562][ T2894] EXT4-fs error (device loop4): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:6: lblock 1 mapped to illegal pblock 1 (length 1) [ 446.764655][ T12] ERROR: (device loop0): diWrite: ixpxd invalid [ 446.764655][ T12] [ 446.767939][T17698] EXT4-fs error (device loop4) in ext4_free_inode:363: Corrupt filesystem [ 446.780407][ T12] ERROR: (device loop0): txCommit: [ 446.780407][ T12] [ 446.790113][ T2894] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 446.797979][ T12] jfs_write_inode: jfs_commit_inode failed! [ 446.803612][ T2894] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u4:6: Failed to release dquot type 0 [ 446.816448][T17698] EXT4-fs (loop4): 1 orphan inode deleted [ 446.823451][T17698] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 446.866441][ T5785] [ 446.866441][ T5785] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 446.866441][ T5785] [ 446.882936][ T5785] [ 446.882936][ T5785] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 446.882936][ T5785] [ 446.902296][T17698] EXT4-fs error (device loop4): ext4_map_blocks:608: inode #3: block 1: comm syz.4.5040: lblock 1 mapped to illegal pblock 1 (length 1) [ 446.956575][ T9096] usb 4-1: Using ep0 maxpacket: 8 [ 446.968751][ T9096] usb 4-1: config 2 has an invalid interface number: 31 but max is 0 [ 446.979505][T17698] Quota error (device loop4): find_tree_dqentry: Can't read quota tree block 1 [ 447.003455][ T9096] usb 4-1: config 2 has no interface number 0 [ 447.018617][ T9096] usb 4-1: config 2 interface 31 has no altsetting 0 [ 447.030044][T17711] program syz.5.5048 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 447.040375][T17698] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 60928 [ 447.053746][ T9096] usb 4-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 447.073258][ T9096] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 447.081410][T17698] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.5040: Failed to acquire dquot type 0 [ 447.094845][ T9096] usb 4-1: Product: syz [ 447.099034][ T9096] usb 4-1: Manufacturer: syz [ 447.103642][ T9096] usb 4-1: SerialNumber: syz [ 447.187929][T17213] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 447.463372][T17721] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5051'. [ 447.495124][ T1185] kernel write not supported for file /input/mice (pid: 1185 comm: kworker/0:2) [ 447.757403][ T9096] ch9200: probe of 4-1:2.31 failed with error -22 [ 447.793673][T17733] loop4: detected capacity change from 0 to 256 [ 447.804542][ T9096] usb 4-1: USB disconnect, device number 28 [ 447.863423][T17733] FAT-fs (loop4): Directory bread(block 64) failed [ 447.881309][T17733] FAT-fs (loop4): Directory bread(block 65) failed [ 447.909130][T17733] FAT-fs (loop4): Directory bread(block 66) failed [ 447.921471][T17733] FAT-fs (loop4): Directory bread(block 67) failed [ 447.930245][T17733] FAT-fs (loop4): Directory bread(block 68) failed [ 447.943594][T17733] FAT-fs (loop4): Directory bread(block 69) failed [ 447.953081][T17733] FAT-fs (loop4): Directory bread(block 70) failed [ 447.960031][T17733] FAT-fs (loop4): Directory bread(block 71) failed [ 447.968874][T17733] FAT-fs (loop4): Directory bread(block 72) failed [ 447.994377][T17733] FAT-fs (loop4): Directory bread(block 73) failed [ 448.278554][T17745] loop5: detected capacity change from 0 to 1024 [ 448.310535][T17745] EXT4-fs: Ignoring removed bh option [ 448.351949][T17745] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 448.679136][T17358] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 448.702835][T17762] loop3: detected capacity change from 0 to 512 [ 448.778678][T17762] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 448.824649][T17762] ext4 filesystem being mounted at /1259/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 448.886408][T17770] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 448.974537][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 449.030561][T17774] loop5: detected capacity change from 0 to 4096 [ 449.085748][T17774] ntfs3: loop5: ino=3, ntfs_set_state failed, -22. [ 449.092320][T17774] ntfs3: loop5: Failed to initialize $Extend/$ObjId. [ 449.237071][ T3442] ntfs3: loop5: ino=3, ntfs3_write_inode failed, -22. [ 449.263762][T17358] ntfs3: loop5: ino=3, ntfs_set_state failed, -22. [ 449.272800][T17358] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 449.284650][T17358] ntfs3: loop5: ino=3, ntfs_set_state failed, -22. [ 449.312578][ T2943] ntfs3: loop5: ino=3, ntfs3_write_inode failed, -22. [ 449.473694][T17786] loop0: detected capacity change from 0 to 164 [ 449.521215][T17786] rock: directory entry would overflow storage [ 449.544773][T17786] rock: sig=0x4d4e, size=5, remaining=4 [ 450.351897][T17820] tipc: Started in network mode [ 450.360496][T17820] tipc: Node identity aaaaaaaaaa3, cluster identity 4711 [ 450.373830][T17820] tipc: Enabled bearer , priority 10 [ 450.624496][ T787] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 450.745111][ T8] IPVS: starting estimator thread 0... [ 450.834547][ T787] usb 6-1: Using ep0 maxpacket: 32 [ 450.841783][ T787] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 450.854340][T17837] IPVS: using max 18 ests per chain, 43200 per kthread [ 450.871530][ T787] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 450.894348][ T787] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 450.933058][ T787] usb 6-1: Product: syz [ 450.937360][ T787] usb 6-1: Manufacturer: syz [ 450.941979][ T787] usb 6-1: SerialNumber: syz [ 450.973537][ T787] usb 6-1: config 0 descriptor?? [ 450.989628][T17822] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 451.009695][ T787] hub 6-1:0.0: bad descriptor, ignoring hub [ 451.028079][ T787] hub: probe of 6-1:0.0 failed with error -5 [ 451.257647][T17828] loop0: detected capacity change from 0 to 32768 [ 451.313725][T17828] jfs_rename did not expect dtDelete to return rc = -2 [ 451.329396][T17828] ERROR: (device loop0): jfs_rename: [ 451.329396][T17828] [ 451.342431][T17828] ERROR: (device loop0): remounting filesystem as read-only [ 451.374794][ T1185] usb 6-1: USB disconnect, device number 3 [ 451.487780][ T787] tipc: Node number set to 10136234 [ 451.771515][T17858] loop4: detected capacity change from 0 to 32768 [ 451.817748][ T27] audit: type=1800 audit(1762956280.891:605): pid=17858 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.5118" name="file1" dev="loop4" ino=4 res=0 errno=0 [ 451.848606][T17858] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 451.848606][T17858] [ 451.867029][T17858] ERROR: (device loop4): remounting filesystem as read-only [ 451.897158][T17858] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 451.897158][T17858] [ 451.909981][T17858] xtLookup: xtSearch returned -5 [ 451.916045][T17858] ERROR: (device loop4): xtTruncate: XT_GETPAGE: xtree page corrupt [ 451.916045][T17858] [ 452.302581][T17872] loop0: detected capacity change from 0 to 128 [ 452.350301][T17875] loop4: detected capacity change from 0 to 1024 [ 452.377622][T17875] hfsplus: bad catalog entry type [ 452.475217][ T2943] hfsplus: b-tree write err: -5, ino 4 [ 452.774999][T17891] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5131'. [ 452.984167][T17897] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5134'. [ 453.062391][T17901] loop0: detected capacity change from 0 to 256 [ 453.168783][T17901] FAT-fs (loop0): Directory bread(block 64) failed [ 453.194049][T17901] FAT-fs (loop0): Directory bread(block 65) failed [ 453.214486][T17901] FAT-fs (loop0): Directory bread(block 66) failed [ 453.227510][T17901] FAT-fs (loop0): Directory bread(block 67) failed [ 453.244580][T17901] FAT-fs (loop0): Directory bread(block 68) failed [ 453.252383][T17901] FAT-fs (loop0): Directory bread(block 69) failed [ 453.260104][T17901] FAT-fs (loop0): Directory bread(block 70) failed [ 453.278181][T17901] FAT-fs (loop0): Directory bread(block 71) failed [ 453.293224][T17901] FAT-fs (loop0): Directory bread(block 72) failed [ 453.300481][T17901] FAT-fs (loop0): Directory bread(block 73) failed [ 453.377880][T17909] nbd: must specify a device to reconfigure [ 453.698410][T17915] netlink: 'syz.0.5143': attribute type 1 has an invalid length. [ 453.719732][T17915] NCSI netlink: No device for ifindex 0 [ 453.860662][T17906] loop3: detected capacity change from 0 to 32768 [ 453.888956][T17906] [ 453.888956][T17906] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 453.888956][T17906] [ 453.893774][T17917] loop5: detected capacity change from 0 to 4096 [ 453.931799][T17917] ntfs3: loop5: Different NTFS sector size (2048) and media sector size (512). [ 454.075505][ T2943] ERROR: (device loop3): diWrite: ixpxd invalid [ 454.075505][ T2943] [ 454.102269][ T2943] ERROR: (device loop3): txCommit: [ 454.102269][ T2943] [ 454.120068][ T2943] jfs_write_inode: jfs_commit_inode failed! [ 454.147779][ T5783] [ 454.147779][ T5783] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 454.147779][ T5783] [ 454.177179][ T5783] [ 454.177179][ T5783] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 454.177179][ T5783] [ 454.735681][T17921] loop0: detected capacity change from 0 to 32768 [ 454.973087][T17943] loop3: detected capacity change from 0 to 164 [ 455.041400][T17943] rock: directory entry would overflow storage [ 455.074339][T17943] rock: sig=0x4d4e, size=5, remaining=4 [ 455.178220][T17947] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5168'. [ 456.597082][T17972] tipc: Started in network mode [ 456.617857][T17972] tipc: Node identity aaaaaaaaaa3, cluster identity 4711 [ 456.634699][T17972] tipc: Enabled bearer , priority 10 [ 456.756775][T17979] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5176'. [ 456.902826][T17987] loop3: detected capacity change from 0 to 1024 [ 456.955149][T17987] hfsplus: bad catalog entry type [ 457.019522][ T49] hfsplus: b-tree write err: -5, ino 4 [ 457.027880][T17993] nbd: must specify a device to reconfigure [ 457.234623][T18000] netlink: 'syz.5.5185': attribute type 1 has an invalid length. [ 457.251126][T18000] NCSI netlink: No device for ifindex 0 [ 457.365026][T18005] loop3: detected capacity change from 0 to 128 [ 457.403596][T18005] FAT-fs (loop3): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 457.420203][T18009] loop4: detected capacity change from 0 to 128 [ 457.639610][T18014] loop3: detected capacity change from 0 to 1024 [ 457.723545][T18014] hfsplus: bad catalog entry type [ 457.756038][ T8] tipc: Node number set to 10136234 [ 457.816620][T18019] netlink: 'syz.4.5194': attribute type 21 has an invalid length. [ 457.864907][ T2950] hfsplus: b-tree write err: -5, ino 4 [ 458.473577][T18041] loop4: detected capacity change from 0 to 4096 [ 458.519209][T18041] ntfs3: loop4: ino=3, ntfs_set_state failed, -22. [ 458.534827][T18041] ntfs3: loop4: Failed to initialize $Extend/$ObjId. [ 458.609072][T18050] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 458.634052][T18050] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 458.679520][T18050] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 458.718305][T18050] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 458.744599][T18050] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 458.756817][T18050] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 458.777234][T18050] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 458.791603][T18050] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 458.805147][T18050] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 458.831744][T18055] loop5: detected capacity change from 0 to 1764 [ 458.844469][T18050] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 458.861609][T18050] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 458.874575][T18050] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 459.012721][T18057] loop3: detected capacity change from 0 to 256 [ 459.122383][T18057] FAT-fs (loop3): Directory bread(block 64) failed [ 459.130255][T18057] FAT-fs (loop3): Directory bread(block 65) failed [ 459.137463][T18057] FAT-fs (loop3): Directory bread(block 66) failed [ 459.144141][T18057] FAT-fs (loop3): Directory bread(block 67) failed [ 459.150999][T18057] FAT-fs (loop3): Directory bread(block 68) failed [ 459.157735][T18057] FAT-fs (loop3): Directory bread(block 69) failed [ 459.164604][T18057] FAT-fs (loop3): Directory bread(block 70) failed [ 459.171267][T18057] FAT-fs (loop3): Directory bread(block 71) failed [ 459.182362][T18057] FAT-fs (loop3): Directory bread(block 72) failed [ 459.190210][T18057] FAT-fs (loop3): Directory bread(block 73) failed [ 459.316721][ T49] ntfs3: loop4: ino=3, ntfs3_write_inode failed, -22. [ 459.341468][T17213] ntfs3: loop4: ino=3, ntfs_set_state failed, -22. [ 459.403067][T17213] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 459.420028][T17213] ntfs3: loop4: ino=3, ntfs_set_state failed, -22. [ 459.463776][ T3442] ntfs3: loop4: ino=3, ntfs3_write_inode failed, -22. [ 459.586665][T18059] loop5: detected capacity change from 0 to 2048 [ 459.641229][T18059] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 459.732161][T18063] loop0: detected capacity change from 0 to 4096 [ 459.751081][T18063] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 459.829854][T17358] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 460.144607][T18077] loop3: detected capacity change from 0 to 4096 [ 460.208862][T18077] ntfs3: loop3: ino=3, ntfs_set_state failed, -22. [ 460.234052][T18077] ntfs3: loop3: Failed to initialize $Extend/$ObjId. [ 460.389992][ T49] ntfs3: loop3: ino=3, ntfs3_write_inode failed, -22. [ 460.411096][ T5783] ntfs3: loop3: ino=3, ntfs_set_state failed, -22. [ 460.421846][ T5783] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 460.444414][ T5783] ntfs3: loop3: ino=3, ntfs_set_state failed, -22. [ 460.484565][ T12] ntfs3: loop3: ino=3, ntfs3_write_inode failed, -22. [ 460.620904][T18089] loop0: detected capacity change from 0 to 2048 [ 460.713787][T18094] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 460.814221][T18096] loop3: detected capacity change from 0 to 256 [ 460.899884][T18096] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xc1a35cbb, utbl_chksum : 0xe619d30d) [ 461.038813][T18100] loop0: detected capacity change from 0 to 1024 [ 461.112736][T18100] hfsplus: bad catalog entry type [ 461.202213][ T2950] hfsplus: b-tree write err: -5, ino 4 [ 461.372450][T18085] loop4: detected capacity change from 0 to 32768 [ 461.499004][T18085] jfs_rename did not expect dtDelete to return rc = -2 [ 461.544892][T18085] ERROR: (device loop4): jfs_rename: [ 461.544892][T18085] [ 461.583799][T18085] ERROR: (device loop4): remounting filesystem as read-only [ 462.275529][T18130] loop4: detected capacity change from 0 to 512 [ 462.298798][T18109] loop5: detected capacity change from 0 to 32768 [ 462.328131][ T27] audit: type=1800 audit(1762956291.411:606): pid=18109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.5245" name="file1" dev="loop5" ino=4 res=0 errno=0 [ 462.339326][T18109] ERROR: (device loop5): xtSearch: XT_GETPAGE: xtree page corrupt [ 462.339326][T18109] [ 462.361294][T18109] ERROR: (device loop5): remounting filesystem as read-only [ 462.374113][T18130] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 462.375399][ T8] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 462.391497][T18109] ERROR: (device loop5): xtSearch: XT_GETPAGE: xtree page corrupt [ 462.391497][T18109] [ 462.403098][T18130] ext4 filesystem being mounted at /73/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 462.407232][T18109] xtLookup: xtSearch returned -5 [ 462.420655][T18109] ERROR: (device loop5): xtTruncate: XT_GETPAGE: xtree page corrupt [ 462.420655][T18109] [ 462.564118][T17213] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 462.704440][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 462.713796][ T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 462.739365][T18141] loop0: detected capacity change from 0 to 128 [ 462.761352][ T8] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 462.804396][ T8] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 462.821198][T18141] FAT-fs (loop0): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 462.850182][ T8] usb 4-1: Product: syz [ 462.865135][ T8] usb 4-1: Manufacturer: syz [ 462.869790][ T8] usb 4-1: SerialNumber: syz [ 462.943480][ T8] usb 4-1: config 0 descriptor?? [ 462.974676][T18126] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 462.986728][ T8] hub 4-1:0.0: bad descriptor, ignoring hub [ 463.014667][ T8] hub: probe of 4-1:0.0 failed with error -5 [ 463.408840][T18159] loop5: detected capacity change from 0 to 128 [ 463.424966][ T8] usb 4-1: USB disconnect, device number 29 [ 463.452603][T18159] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 463.532904][T18159] ext4 filesystem being mounted at /70/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 463.614115][T18159] EXT4-fs warning (device loop5): verify_group_input:151: Cannot add at group 7 (only 1 groups) [ 463.696580][T17358] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 463.922899][T18155] loop0: detected capacity change from 0 to 32768 [ 463.975213][ T27] audit: type=1800 audit(1762956293.051:607): pid=18155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.5258" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 464.019087][T18155] ERROR: (device loop0): xtSearch: XT_GETPAGE: xtree page corrupt [ 464.019087][T18155] [ 464.059267][T18155] ERROR: (device loop0): remounting filesystem as read-only [ 464.124846][T18155] ERROR: (device loop0): xtSearch: XT_GETPAGE: xtree page corrupt [ 464.124846][T18155] [ 464.177355][T18155] xtLookup: xtSearch returned -5 [ 464.182370][T18155] ERROR: (device loop0): xtTruncate: XT_GETPAGE: xtree page corrupt [ 464.182370][T18155] [ 464.398676][T18187] loop0: detected capacity change from 0 to 128 [ 464.406757][T18186] sit0: entered promiscuous mode [ 464.437616][T18187] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 464.458370][T18186] netlink: 'syz.5.5281': attribute type 1 has an invalid length. [ 464.502241][T18186] netlink: 1 bytes leftover after parsing attributes in process `syz.5.5281'. [ 464.513096][T18187] ext4 filesystem being mounted at /1311/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 464.668008][T18190] loop4: detected capacity change from 0 to 2048 [ 464.682940][T18187] EXT4-fs warning (device loop0): verify_group_input:151: Cannot add at group 7 (only 1 groups) [ 464.763867][T18190] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 464.794447][ T5785] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 464.940112][T17213] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 465.150398][T18201] loop3: detected capacity change from 0 to 2048 [ 465.204462][T18201] NILFS (loop3): invalid segment: Inconsistency found [ 465.214473][T18201] NILFS (loop3): trying rollback from an earlier position [ 465.244994][T18201] NILFS (loop3): recovery complete [ 465.286430][T18206] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 465.689609][T18197] loop5: detected capacity change from 0 to 32768 [ 465.795304][T18197] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 465.820123][T18218] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 465.864408][T18218] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 465.890693][T18218] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 465.915825][T18218] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 465.926755][T18197] XFS (loop5): Ending clean mount [ 465.933714][T18218] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 465.950168][T18218] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 465.965483][T18197] XFS (loop5): Quotacheck needed: Please wait. [ 465.975356][T18218] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 466.001208][T18218] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 466.014563][T18218] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 466.031588][T18218] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 466.065868][T18218] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 466.083056][T18218] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 466.092162][T18197] XFS (loop5): Quotacheck: Done. [ 466.471773][T18212] loop3: detected capacity change from 0 to 32768 [ 466.546329][ T27] audit: type=1800 audit(1762956295.631:608): pid=18212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.5282" name="file1" dev="loop3" ino=4 res=0 errno=0 [ 466.579839][T18212] ERROR: (device loop3): xtSearch: XT_GETPAGE: xtree page corrupt [ 466.579839][T18212] [ 466.614699][T18212] ERROR: (device loop3): remounting filesystem as read-only [ 466.712515][T18212] ERROR: (device loop3): xtSearch: XT_GETPAGE: xtree page corrupt [ 466.712515][T18212] [ 466.755912][T18212] xtLookup: xtSearch returned -5 [ 466.760922][T18212] ERROR: (device loop3): xtTruncate: XT_GETPAGE: xtree page corrupt [ 466.760922][T18212] [ 466.993919][T18236] loop0: detected capacity change from 0 to 2048 [ 467.032790][T18236] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 467.222847][T18197] XFS: attr2 mount option is deprecated. [ 467.271028][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 467.370696][T17358] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 467.474876][T18246] loop0: detected capacity change from 0 to 256 [ 467.509661][T18249] loop3: detected capacity change from 0 to 512 [ 467.593894][T18249] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 467.656509][T18249] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a003c11c, mo2=0002] [ 467.660213][T18246] FAT-fs (loop0): Directory bread(block 64) failed [ 467.674616][T18249] System zones: 1-12 [ 467.699273][T18246] FAT-fs (loop0): Directory bread(block 65) failed [ 467.706243][T18246] FAT-fs (loop0): Directory bread(block 66) failed [ 467.712816][T18249] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2249: inode #15: comm syz.3.5297: corrupted in-inode xattr: e_value size too large [ 467.728367][T18246] FAT-fs (loop0): Directory bread(block 67) failed [ 467.735174][T18246] FAT-fs (loop0): Directory bread(block 68) failed [ 467.741866][T18246] FAT-fs (loop0): Directory bread(block 69) failed [ 467.748800][T18246] FAT-fs (loop0): Directory bread(block 70) failed [ 467.751375][T18249] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.5297: couldn't read orphan inode 15 (err -117) [ 467.755731][T18246] FAT-fs (loop0): Directory bread(block 71) failed [ 467.755838][T18246] FAT-fs (loop0): Directory bread(block 72) failed [ 467.780981][T18246] FAT-fs (loop0): Directory bread(block 73) failed [ 467.852930][T18249] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 468.221093][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 468.608708][T18253] loop4: detected capacity change from 0 to 32768 [ 468.658129][T18253] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 468.810452][T18253] XFS (loop4): Ending clean mount [ 468.830187][T18253] XFS (loop4): Quotacheck needed: Please wait. [ 468.913254][T18253] XFS (loop4): Quotacheck: Done. [ 469.086474][T17213] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 469.261264][T18281] loop5: detected capacity change from 0 to 1024 [ 469.304605][ T5836] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 469.524735][ T5836] usb 4-1: Using ep0 maxpacket: 8 [ 469.532518][ T5836] usb 4-1: config index 0 descriptor too short (expected 30, got 18) [ 469.553471][ T5836] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 469.563676][ T5836] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 469.584322][ T5836] usb 4-1: Product: syz [ 469.588531][ T5836] usb 4-1: Manufacturer: syz [ 469.593148][ T5836] usb 4-1: SerialNumber: syz [ 469.635698][ T5836] usb 4-1: config 0 descriptor?? [ 469.656737][ T5836] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 469.671330][ T5836] usb 4-1: setting power ON [ 469.676715][ T5836] dvb-usb: bulk message failed: -22 (2/0) [ 469.686867][ T5836] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 469.708053][ T5836] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 469.721810][ T5836] usb 4-1: media controller created [ 469.746508][ T5836] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 469.821161][ T5836] usb 4-1: selecting invalid altsetting 6 [ 469.831842][ T5836] usb 4-1: digital interface selection failed (-22) [ 469.848986][T18275] cxusb: i2c rd: len=112 is too big! [ 469.848986][T18275] [ 469.861353][ T5836] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 469.882641][ T5836] usb 4-1: setting power OFF [ 469.892304][ T5836] dvb-usb: bulk message failed: -22 (2/0) [ 469.898200][ T5836] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 469.910812][ T5836] (NULL device *): no alternate interface [ 469.960044][ T5836] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 470.001475][ T5836] usb 4-1: USB disconnect, device number 30 [ 470.118169][T18291] loop5: detected capacity change from 0 to 32768 [ 470.359609][T18300] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 470.394571][T18300] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 470.402759][T18300] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 470.444479][T18300] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 470.464483][T18300] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 470.488752][T18300] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 470.524695][T18300] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 470.540369][T18300] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 470.577008][T18300] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 470.614661][T18300] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 470.630043][T18300] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 470.649726][T18300] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 470.799866][T18310] loop3: detected capacity change from 0 to 1024 [ 470.832725][T18310] EXT4-fs: Ignoring removed nobh option [ 470.860235][T18310] EXT4-fs: Ignoring removed bh option [ 470.870351][T18310] ext4: Unknown parameter 'noacl' [ 471.086728][T18320] loop5: detected capacity change from 0 to 512 [ 471.129146][T18320] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 471.175677][T18320] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a003c11c, mo2=0002] [ 471.195321][T18320] System zones: 1-12 [ 471.206020][T18320] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2249: inode #15: comm syz.5.5327: corrupted in-inode xattr: e_value size too large [ 471.226726][T18320] EXT4-fs error (device loop5): ext4_orphan_get:1404: comm syz.5.5327: couldn't read orphan inode 15 (err -117) [ 471.246555][T18320] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 471.297417][T18326] loop3: detected capacity change from 0 to 4096 [ 471.366642][T18327] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 471.380496][T17358] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 472.078791][T18350] Zero length message leads to an empty skb [ 472.304217][T18339] loop0: detected capacity change from 0 to 32768 [ 472.341817][T18339] JBD2: Ignoring recovery information on journal [ 472.499792][T18339] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 472.575947][T18339] [ 472.578322][T18339] ====================================================== [ 472.585417][T18339] WARNING: possible circular locking dependency detected [ 472.592452][T18339] syzkaller #0 Not tainted [ 472.596878][T18339] ------------------------------------------------------ [ 472.603907][T18339] syz.0.5333/18339 is trying to acquire lock: [ 472.609982][T18339] ffff88805b3b6d98 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x165/0x4360 [ 472.623270][T18339] [ 472.623270][T18339] but task is already holding lock: [ 472.630648][T18339] ffff88805b3b06f8 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_xattr_set+0x410/0x11f0 [ 472.640171][T18339] [ 472.640171][T18339] which lock already depends on the new lock. [ 472.640171][T18339] [ 472.647076][T18366] can0: slcan on ttyS3. [ 472.650562][T18339] [ 472.650562][T18339] the existing dependency chain (in reverse order) is: [ 472.650571][T18339] [ 472.650571][T18339] -> #5 (&oi->ip_xattr_sem){++++}-{3:3}: [ 472.671559][T18339] down_read+0x46/0x2e0 [ 472.676264][T18339] ocfs2_init_acl+0x2fa/0x720 [ 472.681494][T18339] ocfs2_mknod+0x12e5/0x20f0 [ 472.686631][T18339] vfs_mknod+0x32b/0x360 [ 472.691422][T18339] do_mknodat+0x37e/0x4f0 [ 472.696286][T18339] __x64_sys_mknod+0x8e/0xa0 [ 472.701422][T18339] do_syscall_64+0x55/0xb0 [ 472.706382][T18339] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 472.712823][T18339] [ 472.712823][T18339] -> #4 (jbd2_handle){++++}-{0:0}: [ 472.720147][T18339] start_this_handle+0x1e9d/0x20c0 [ 472.725803][T18339] jbd2__journal_start+0x2bb/0x5b0 [ 472.731459][T18339] jbd2_journal_start+0x2a/0x40 [ 472.736854][T18339] ocfs2_start_trans+0x376/0x6c0 [ 472.742343][T18339] ocfs2_modify_bh+0xe9/0x470 [ 472.747563][T18339] ocfs2_local_read_info+0x13fd/0x1770 [ 472.753570][T18339] dquot_load_quota_sb+0x757/0xb80 [ 472.759231][T18339] dquot_load_quota_inode+0x2dc/0x5d0 [ 472.765158][T18339] ocfs2_enable_quotas+0x1c7/0x440 [ 472.770815][T18339] ocfs2_fill_super+0x3f6d/0x4d90 [ 472.776379][T18339] mount_bdev+0x22b/0x2d0 [ 472.781251][T18339] legacy_get_tree+0xea/0x180 [ 472.786475][T18339] vfs_get_tree+0x8c/0x280 [ 472.791424][T18339] do_new_mount+0x24b/0xa40 [ 472.796459][T18339] __se_sys_mount+0x2da/0x3c0 [ 472.801674][T18339] do_syscall_64+0x55/0xb0 [ 472.806632][T18339] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 472.813074][T18339] [ 472.813074][T18339] -> #3 (&journal->j_trans_barrier){.+.+}-{3:3}: [ 472.821623][T18339] down_read+0x46/0x2e0 [ 472.826330][T18339] ocfs2_start_trans+0x36a/0x6c0 [ 472.831813][T18339] ocfs2_modify_bh+0xe9/0x470 [ 472.837071][T18339] ocfs2_local_read_info+0x13fd/0x1770 [ 472.843074][T18339] dquot_load_quota_sb+0x757/0xb80 [ 472.848729][T18339] dquot_load_quota_inode+0x2dc/0x5d0 [ 472.854644][T18339] ocfs2_enable_quotas+0x1c7/0x440 [ 472.860290][T18339] ocfs2_fill_super+0x3f6d/0x4d90 [ 472.865881][T18339] mount_bdev+0x22b/0x2d0 [ 472.870749][T18339] legacy_get_tree+0xea/0x180 [ 472.875965][T18339] vfs_get_tree+0x8c/0x280 [ 472.880923][T18339] do_new_mount+0x24b/0xa40 [ 472.885969][T18339] __se_sys_mount+0x2da/0x3c0 [ 472.891189][T18339] do_syscall_64+0x55/0xb0 [ 472.896165][T18339] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 472.902602][T18339] [ 472.902602][T18339] -> #2 (sb_internal#4){.+.+}-{0:0}: [ 472.910108][T18339] ocfs2_start_trans+0x26b/0x6c0 [ 472.915599][T18339] ocfs2_shutdown_local_alloc+0x201/0xa10 [ 472.921862][T18339] ocfs2_dismount_volume+0x1e2/0x890 [ 472.927689][T18339] generic_shutdown_super+0x134/0x2b0 [ 472.933612][T18339] kill_block_super+0x44/0x90 [ 472.938824][T18339] deactivate_locked_super+0x97/0x100 [ 472.944744][T18339] cleanup_mnt+0x429/0x4c0 [ 472.949700][T18339] task_work_run+0x1ce/0x250 [ 472.954837][T18339] exit_to_user_mode_loop+0xe6/0x110 [ 472.960667][T18339] exit_to_user_mode_prepare+0xf6/0x180 [ 472.966762][T18339] syscall_exit_to_user_mode+0x1a/0x50 [ 472.972758][T18339] do_syscall_64+0x61/0xb0 [ 472.977717][T18339] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 472.984164][T18339] [ 472.984164][T18339] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}: [ 472.994706][T18339] down_write+0x97/0x1f0 [ 472.999502][T18339] ocfs2_reserve_suballoc_bits+0x165/0x4360 [ 473.005939][T18339] ocfs2_reserve_clusters_with_limit+0x2fc/0xba0 [ 473.012821][T18339] ocfs2_reserve_suballoc_bits+0x6eb/0x4360 [ 473.019261][T18339] ocfs2_reserve_new_metadata_blocks+0x404/0x940 [ 473.026141][T18339] ocfs2_extend_dir+0xc60/0x4760 [ 473.031622][T18339] ocfs2_prepare_dir_for_insert+0x2fc7/0x5480 [ 473.038246][T18339] ocfs2_mknod+0x818/0x20f0 [ 473.043290][T18339] vfs_mknod+0x32b/0x360 [ 473.048083][T18339] do_mknodat+0x37e/0x4f0 [ 473.052951][T18339] __x64_sys_mknod+0x8e/0xa0 [ 473.058100][T18339] do_syscall_64+0x55/0xb0 [ 473.063062][T18339] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 473.069494][T18339] [ 473.069494][T18339] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}: [ 473.080044][T18339] __lock_acquire+0x2ddb/0x7c80 [ 473.085436][T18339] lock_acquire+0x197/0x410 [ 473.090483][T18339] down_write+0x97/0x1f0 [ 473.095276][T18339] ocfs2_reserve_suballoc_bits+0x165/0x4360 [ 473.101720][T18339] ocfs2_reserve_new_metadata_blocks+0x404/0x940 [ 473.108602][T18339] ocfs2_init_xattr_set_ctxt+0x2f8/0x6e0 [ 473.114784][T18339] ocfs2_xattr_set+0xb6d/0x11f0 [ 473.120178][T18339] ocfs2_set_acl+0x4e1/0x590 [ 473.125316][T18339] ocfs2_iop_set_acl+0x1ab/0x2a0 [ 473.130793][T18339] vfs_set_acl+0x803/0xa60 [ 473.135736][T18339] do_set_acl+0xf5/0x180 [ 473.140510][T18339] path_setxattr+0x39f/0x550 [ 473.145612][T18339] __x64_sys_setxattr+0xbb/0xd0 [ 473.150975][T18339] do_syscall_64+0x55/0xb0 [ 473.155899][T18339] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 473.162295][T18339] [ 473.162295][T18339] other info that might help us debug this: [ 473.162295][T18339] [ 473.172504][T18339] Chain exists of: [ 473.172504][T18339] &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5 --> jbd2_handle --> &oi->ip_xattr_sem [ 473.172504][T18339] [ 473.188213][T18339] Possible unsafe locking scenario: [ 473.188213][T18339] [ 473.195646][T18339] CPU0 CPU1 [ 473.200991][T18339] ---- ---- [ 473.206339][T18339] lock(&oi->ip_xattr_sem); [ 473.210971][T18339] lock(jbd2_handle); [ 473.217556][T18339] lock(&oi->ip_xattr_sem); [ 473.224643][T18339] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5); [ 473.231908][T18339] [ 473.231908][T18339] *** DEADLOCK *** [ 473.231908][T18339] [ 473.240037][T18339] 3 locks held by syz.0.5333/18339: [ 473.245215][T18339] #0: ffff888058ef2418 (sb_writers#29){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 473.254453][T18339] #1: ffff88805b3b09d8 (&type->i_mutex_dir_key#21){+.+.}-{3:3}, at: vfs_set_acl+0x37a/0xa60 [ 473.264619][T18339] #2: ffff88805b3b06f8 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_xattr_set+0x410/0x11f0 [ 473.274520][T18339] [ 473.274520][T18339] stack backtrace: [ 473.280389][T18339] CPU: 1 PID: 18339 Comm: syz.0.5333 Not tainted syzkaller #0 [ 473.287836][T18339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 473.297889][T18339] Call Trace: [ 473.301155][T18339] [ 473.304075][T18339] dump_stack_lvl+0x16c/0x230 [ 473.308745][T18339] ? load_image+0x3b0/0x3b0 [ 473.313230][T18339] ? show_regs_print_info+0x20/0x20 [ 473.318416][T18339] ? print_circular_bug+0x12b/0x1a0 [ 473.323598][T18339] check_noncircular+0x2bd/0x3c0 [ 473.328526][T18339] ? look_up_lock_class+0x75/0x140 [ 473.333621][T18339] ? print_deadlock_bug+0x5d0/0x5d0 [ 473.338809][T18339] ? lockdep_lock+0xe0/0x220 [ 473.343389][T18339] ? _find_first_zero_bit+0xd3/0x100 [ 473.348672][T18339] __lock_acquire+0x2ddb/0x7c80 [ 473.353515][T18339] ? ocfs2_get_system_file_inode+0x1e3/0x7b0 [ 473.359480][T18339] ? __lock_acquire+0x7c80/0x7c80 [ 473.364487][T18339] ? verify_lock_unused+0x140/0x140 [ 473.369669][T18339] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 473.375286][T18339] ? do_raw_spin_lock+0x121/0x2c0 [ 473.380304][T18339] ? mutex_unlock+0x10/0x10 [ 473.384813][T18339] lock_acquire+0x197/0x410 [ 473.389321][T18339] ? ocfs2_reserve_suballoc_bits+0x165/0x4360 [ 473.395395][T18339] ? ocfs2_get_system_file_inode+0x1f1/0x7b0 [ 473.401361][T18339] ? __might_sleep+0xe0/0xe0 [ 473.405945][T18339] ? read_lock_is_recursive+0x20/0x20 [ 473.411307][T18339] ? ocfs2_fast_symlink_read_folio+0x530/0x530 [ 473.417448][T18339] ? verify_lock_unused+0x140/0x140 [ 473.422632][T18339] ? check_noncircular+0x175/0x3c0 [ 473.427731][T18339] down_write+0x97/0x1f0 [ 473.431991][T18339] ? ocfs2_reserve_suballoc_bits+0x165/0x4360 [ 473.438061][T18339] ? down_read_killable+0x340/0x340 [ 473.443264][T18339] ocfs2_reserve_suballoc_bits+0x165/0x4360 [ 473.449157][T18339] ? mark_lock+0x94/0x320 [ 473.453477][T18339] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 473.459446][T18339] ? lock_chain_count+0x20/0x20 [ 473.464292][T18339] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 473.470172][T18339] ? ocfs2_block_group_search+0x470/0x470 [ 473.475886][T18339] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 473.481771][T18339] ? _raw_spin_unlock+0x40/0x40 [ 473.486609][T18339] ? stack_trace_save+0x9c/0xe0 [ 473.491450][T18339] ? stack_trace_snprint+0xf0/0xf0 [ 473.496554][T18339] ? __stack_depot_save+0x560/0x630 [ 473.501740][T18339] ? kasan_set_track+0x5f/0x70 [ 473.506493][T18339] ? kasan_set_track+0x4e/0x70 [ 473.511244][T18339] ? __kasan_kmalloc+0x8f/0xa0 [ 473.515997][T18339] ? ocfs2_reserve_new_metadata_blocks+0x114/0x940 [ 473.522492][T18339] ? ocfs2_init_xattr_set_ctxt+0x2f8/0x6e0 [ 473.528287][T18339] ? ocfs2_xattr_set+0xb6d/0x11f0 [ 473.533304][T18339] ? ocfs2_set_acl+0x4e1/0x590 [ 473.538089][T18339] ? ocfs2_iop_set_acl+0x1ab/0x2a0 [ 473.543194][T18339] ? vfs_set_acl+0x803/0xa60 [ 473.547776][T18339] ? do_set_acl+0xf5/0x180 [ 473.552186][T18339] ? path_setxattr+0x39f/0x550 [ 473.556941][T18339] ? __x64_sys_setxattr+0xbb/0xd0 [ 473.561953][T18339] ? do_syscall_64+0x55/0xb0 [ 473.566539][T18339] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 473.572608][T18339] ocfs2_reserve_new_metadata_blocks+0x404/0x940 [ 473.578939][T18339] ? ocfs2_init_steal_slots+0x160/0x160 [ 473.584481][T18339] ? ocfs2_xattr_block_set+0x2b40/0x2b40 [ 473.590117][T18339] ocfs2_init_xattr_set_ctxt+0x2f8/0x6e0 [ 473.595742][T18339] ? ocfs2_xattr_set+0xb33/0x11f0 [ 473.600758][T18339] ? ocfs2_prepare_refcount_xattr+0xf20/0xf20 [ 473.606817][T18339] ? ocfs2_truncate_log_needs_flush+0x135/0x2e0 [ 473.613051][T18339] ? ocfs2_remove_btree_range+0x1480/0x1480 [ 473.618938][T18339] ? down_write+0x162/0x1f0 [ 473.623435][T18339] ? down_read_killable+0x340/0x340 [ 473.628627][T18339] ? up_write+0x1c3/0x410 [ 473.632947][T18339] ocfs2_xattr_set+0xb6d/0x11f0 [ 473.637802][T18339] ? __ocfs2_xattr_set_handle+0xf10/0xf10 [ 473.643509][T18339] ? __kasan_kmalloc+0x8f/0xa0 [ 473.648259][T18339] ? ocfs2_set_acl+0x11e/0x590 [ 473.653017][T18339] ? ocfs2_iop_set_acl+0x1ab/0x2a0 [ 473.658120][T18339] ? vfs_set_acl+0x803/0xa60 [ 473.662715][T18339] ? path_setxattr+0x39f/0x550 [ 473.667469][T18339] ? do_syscall_64+0x55/0xb0 [ 473.672066][T18339] ? ocfs2_set_acl+0x11e/0x590 [ 473.676838][T18339] ? rcu_is_watching+0x15/0xb0 [ 473.681715][T18339] ? ocfs2_set_acl+0x11e/0x590 [ 473.686487][T18339] ? __kmalloc+0xe2/0x240 [ 473.690820][T18339] ? ocfs2_inode_lock_atime+0x4e0/0x4e0 [ 473.696363][T18339] ocfs2_set_acl+0x4e1/0x590 [ 473.700957][T18339] ocfs2_iop_set_acl+0x1ab/0x2a0 [ 473.705889][T18339] ? ocfs2_xattr_get+0x220/0x220 [ 473.710832][T18339] ? evm_inode_set_acl+0xbb/0x410 [ 473.715851][T18339] ? down_read_killable+0x340/0x340 [ 473.721043][T18339] ? evm_revalidate_status+0x4f/0xb0 [ 473.726322][T18339] ? posix_acl_valid+0x352/0x3d0 [ 473.731255][T18339] vfs_set_acl+0x803/0xa60 [ 473.735671][T18339] do_set_acl+0xf5/0x180 [ 473.739933][T18339] path_setxattr+0x39f/0x550 [ 473.744534][T18339] ? simple_xattrs_free+0x150/0x150 [ 473.749741][T18339] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 473.755716][T18339] ? lock_chain_count+0x20/0x20 [ 473.760558][T18339] __x64_sys_setxattr+0xbb/0xd0 [ 473.765402][T18339] do_syscall_64+0x55/0xb0 [ 473.769809][T18339] ? clear_bhb_loop+0x40/0x90 [ 473.774476][T18339] ? clear_bhb_loop+0x40/0x90 [ 473.779141][T18339] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 473.785029][T18339] RIP: 0033:0x7fb1bdf8f6c9 [ 473.789441][T18339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 473.809066][T18339] RSP: 002b:00007fb1bedd0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 473.817471][T18339] RAX: ffffffffffffffda RBX: 00007fb1be1e5fa0 RCX: 00007fb1bdf8f6c9 [ 473.825433][T18339] RDX: 0000200000002b40 RSI: 0000200000002a40 RDI: 0000200000002a00 [ 473.833394][T18339] RBP: 00007fb1be011f91 R08: 0000000000000000 R09: 0000000000000000 [ 473.841355][T18339] R10: 0000000000000024 R11: 0000000000000246 R12: 0000000000000000 [ 473.849321][T18339] R13: 00007fb1be1e6038 R14: 00007fb1be1e5fa0 R15: 00007ffd9eb5e3d8 [ 473.857287][T18339] [ 473.885697][T18384] OCFS2: ERROR (device loop0): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #1792 has bad signature [ 473.902071][T18384] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 473.914356][T18384] OCFS2: File system is now read-only. [ 473.919930][T18384] (syz.0.5333,18384,1):ocfs2_search_chain:1785 ERROR: status = -30 [ 473.929795][T18384] (syz.0.5333,18384,1):ocfs2_search_chain:1871 ERROR: status = -30 [ 473.940540][T18384] (syz.0.5333,18384,1):ocfs2_claim_suballoc_bits:1940 ERROR: status = -30 [ 473.954382][T18365] can0 (unregistered): slcan off ttyS3. [ 473.976586][T18384] (syz.0.5333,18384,0):ocfs2_claim_suballoc_bits:1983 ERROR: status = -30 [ 473.985290][T18384] (syz.0.5333,18384,0):ocfs2_claim_new_inode:2216 ERROR: status = -30 [ 473.993636][T18384] (syz.0.5333,18384,0):ocfs2_claim_new_inode:2231 ERROR: status = -30 [ 474.002095][T18384] (syz.0.5333,18384,0):ocfs2_mknod_locked:639 ERROR: status = -30 [ 474.010241][T18384] (syz.0.5333,18384,0):ocfs2_mknod:385 ERROR: status = -30 [ 474.020106][T18384] (syz.0.5333,18384,0):ocfs2_mknod:502 ERROR: status = -30 [ 474.035046][T18384] (syz.0.5333,18384,0):ocfs2_create:676 ERROR: status = -30 [ 474.063633][ T5785] ocfs2: Unmounting device (7,0) on (node local)