last executing test programs: 27.045398791s ago: executing program 3 (id=843): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010100060000000000002b00000008000300", @ANYRES32=r2, @ANYBLOB="040046000a0034000101010101010000080026006c0900000800270001000000300051"], 0x6c}, 0x1, 0x0, 0x0, 0x4010}, 0x0) 25.882689574s ago: executing program 3 (id=848): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, r1, 0xd55319eec59dfa33, 0xfffffffd, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x4d}, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x0, 0x64}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'ip6_vti0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0xbf56a1c5a516366}, 0xc2010) 25.611848276s ago: executing program 3 (id=850): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x1, 0x4) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) recvmmsg(r0, &(0x7f0000002cc0)=[{{0x0, 0x0, 0x0}, 0x71d8e07a}], 0x1, 0x12020, 0x0) 25.512386654s ago: executing program 3 (id=851): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x10050, &(0x7f0000000840), 0x3, 0x52c, &(0x7f0000000880)="$eJzs3dFrLFcZAPBvJtnb5N7UpOqDFqzFVm6qZpM03jb4UBVEnwpqxddrTDYhZJO9JBt7E4pN8Q8QRLTgiz75IvgHCNIX30Uo6ItPoqJoe6sPCm1HZnb23pvNbpJ73WQg+f3gZOfMzM73nQ179pydYSeAS+vJiJiOiJGIeCYiJsv1aVnioFPy/d6588pyXpLIspfeSiIp13WP9Uj5eK182lhEfP0rEd9Ojsbd2dvfWGo2G9tlfba9mbybZfsz65tLa421xtbCwvxzi88v3licG0o7pyLihS/99Uff//mXX/j1Z17+082/T383T+u/WfZq9LRjmDpNrxWvRddoRGyfRbCKjBYt7LhRcS4AABwvH+9/MCI+UYz/J2OkGM0BAAAAF0n2+Yl4N4nIAAAAgAsrjYiJSNJ6eb3vRKRpvd65hvfDcTVttnban15t7W6t5NsipqKWrq43G3PltQNTUUvy+nx5jW23/mxPfSEiHouIH06OF/X6cqu5UvWXHwAAAHBJXOuZ//97sjP/LxxUnBwAAAAwPFNVJwAAAACcOfN/AAAAuPjM/wEAAOBC++qLL+Yl697/euWfsbvR+s7MSmNno765u1xfbm3fqq+1WmvFb/ZtnnS8Zqt167OxtXt7tt3Yac/u7O3f3GztbrVvrh+6BTYAAABwjh77+Bt/SCLi4HPjRcldKbfVIrKR+3cerSJD4KykD7LzX84uD+D83f/5Pl5hHsD5M6SHy6tWdQJA5ZITtg+8eOe3w88FAAA4G9c/Ovj8/1urlaYGnLHy/H9y0vwfuHhGqk4AqEzn/N/7WUfV2QDnqXbcCMCkAC68dDjn/0+4lDDRoQAAQMUmipKk9XIeMBFpWq9HPFrcFqCWrK43G3MR8YGI+P1k7ZG8Pl88MzGaBwAAAAAAAAAAAAAAAAAAAAAAAIBTyrIksocx88eHehoAAABw/iLSv3XvzHV98umJ3u8HriT/mSweI+Lln7z049tL7fb2fL7+7bvr26+X65+t4hsMAAAAoFd3nt6dxwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAML1z55XlbjnPuP/4YkRM9Ys/GmPF41jUIuLqv5IYve95SUSMDCH+wWsR8ZF+8ZM8rZgqszgU/0pEGhHjw4rf9/U/Jn504l8bQny4zN7I+58v9Hv/pfFk8dj//Tdalv/X4P4vvdv/jQzo/x4ddNDa4erjb/5ydmD81yIeH+3f/3TjJ/nx+sR/6pRt/NY39vcHbct+FnG9X/+XHI412968Nbuztz+zvrm01lhrbC0szD+3+PzijcW52dX1ZqP82zfGDz72q/fv1d470v6rx/S/RfsHvP5Pn7L97715+86HOos9/5moxU+zbPqp/v//wqeOxu9+9n2y3Cuv569h+vo3+8Z/4he/e2JQbnn7Vwa0f+yE9k+fsv3PfO17fz7lrgDAOdjZ299YajYb2xYsPMBCPu6sPI0kkji6aan6xDoLr5bvsaVm9902pCP/ppwc3V3zdnn8ISZfQV8EAACcrXuD/t4tSTUJAQAAAAAAAAAAAAAAAAAAwCV04s+ADdqURsQpf06sN+ZBNU0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjW/wIAAP//ngbSgw==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000100)='./file0\x00') lstat(&(0x7f0000000180)='./file2\x00', 0x0) 24.967767508s ago: executing program 3 (id=856): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x210000, &(0x7f0000000440)={[{@user_xattr}, {@noquota}, {@dioread_nolock}, {@jqfmt_vfsv1}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x70}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7b1}}, {@stripe={'stripe', 0x3d, 0x20}}, {@nodioread_nolock}, {@max_batch_time={'max_batch_time', 0x3d, 0x3fe}}, {@user_xattr}, {@noinit_itable}]}, 0x3, 0x583, &(0x7f0000000800)="$eJzs3c9rHGUfAPDvbHb7+32bQilvX15eCj1Yqd00iT8qeKhH0WJBPdclmYaSTbdkN6WJBduDvXiRIohYEO969+ChePHoX1HQQpES9OBlZTazybbZJJt0Y2L384Fpn2dmNs8888z34Zl9dpgABtaJ7J9CxPGI+CyJONyxrRj5xhNL+y0+vjmRLUk0m+/9lkSSr2vvn+T/H8wz/4mIHz+JOF1YXW59fmG6Uq2ms3l+pDFzbaQ+v3DmykxlKp1Kr46Nj597ZXzs9dde7VtdX7z4x5fv3n/r3KcnF7/47uGRu0mcj0P5ts56PINbnZkTzWZ+Tkpx/qkdR/tQ2G6S7PQBsCVDeZyXIuJ46XCpHfXA8+/jiGgCAyrZZPzv1V/Ac6I9Dmjf2/fpPvgf49GbSzdAq+tfXPpuJPa17o0OLCZP3Bll97vDfSg/K+P7X+/dzZbo3/cQABu6dTsizhaLq/u/JO//tu5sD/s8XYb+D/4+97Pxz0vdxj+F5fFPdBn/HOwSu1uxcfwXHvahmDVl4783uo5/lyethofy3L9aY75ScvlKNc36tn9HxKko7c3y683nnFt80FxrW+f4L1uy8ttjwfw4Hhb3PvmZyUqj8ix17vTodsR/u45/k+X2T7q0f3Y+PuixjGPpvf+vtW3j+m+v5jcRL3Rt/5UZrWT9+cmR1vUw0r4qVvv9zrGf1yq/e/1/+mEbqtpV1v4H1q//cNI5X1vffBlf7/szXWvbVq//Pcn7rfSefN2NSqMxOxqxJ3ln9fqxlc+28+39s/qfOrl+/9ft+t8fER/2WP87R7/939brv72y+k9uqv03n3jw9kdfrVV+b+3/cit1Kl/TS//X6wE+y7kDAAAAAACA3aYQEYciKZRjX54uFMrlpd93HI0DhWqt3jh9uTZ3dTJaz8oOR6nQnuk+3PF7iNH897Dt/NhT+fGIOBIRnw/tb+XLE7Xq5E5XHgAAAAAAAAAAAAAAAAAAAHaJg8vP/8cTz/9nfhna6aMDtl1x6f3fwADa8JX//XjTE7ArbRj/wHNL/MPgEv8wuMQ/DKTWFJ/4h8El/mFwiX8YXOIfAAAAAAAAAAAAAAAAAAAAAAAAAAAA+urihQvZ0lx8fHMiy09en5+brl0/M5nWp8szcxPlidrstfJUrTZVTcsTtZmN/l61Vrs2OhZzN0Yaab0xUp9fuDRTm7vauHRlpjKVXkq9ZxwAAAAAAAAAAAAAAAAAAABWq88vTFeq1XS2D4lStZoWIqKXnSP6VOgAJrJ2u1Xs7TxvTyKJlTXF3XJaJPqa2OmeCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABW/BUAAP//2SsyHQ==") r0 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20) fallocate(r0, 0x3, 0x9, 0x10000) write$cgroup_netprio_ifpriomap(r0, &(0x7f00000000c0)={'veth0_to_batadv', 0x32, 0x37}, 0x12) 24.212619108s ago: executing program 3 (id=861): sigaltstack(&(0x7f0000001340)={&(0x7f0000002380)=""/4101, 0x80000001, 0x1005}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) mlock2(&(0x7f00003a3000/0x2000)=nil, 0x2000, 0x1) 23.750785795s ago: executing program 32 (id=861): sigaltstack(&(0x7f0000001340)={&(0x7f0000002380)=""/4101, 0x80000001, 0x1005}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) mlock2(&(0x7f00003a3000/0x2000)=nil, 0x2000, 0x1) 2.999746619s ago: executing program 0 (id=1037): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_red={{0x8}, {0x18, 0x2, [@TCA_RED_PARMS={0x14, 0x1, {0x7, 0xb1b0, 0x8, 0x17, 0xf, 0xb}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000404}, 0x0) 2.929615065s ago: executing program 0 (id=1039): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001480)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x4) close(r0) 2.823801684s ago: executing program 4 (id=1040): syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file1\x00', 0x8084, &(0x7f00000001c0)=ANY=[@ANYBLOB="616c6c6f775f7574696d653d30303030303030303030303030303030303030303030372c646f74732c646f74732c6e6f636173652c646f74732c636865636b3d72656c617865642c646f74732c6e6f646f74732c646f74732c0032884758edd2e7a17e3c116a014262927783807ed4e210440ddebdf7d64a629cc9e873202c6d1e1d7dbabad279cb290d8a6c81b9ee715a035afdc5af3e15b932174f56cf4f009847fbc0e187d20fe47e50595251e835b306e05bc51afba211073e289eb499be4d726e3efbbeb1eb175e92b262c4ee4cee83e529784e53c874b73bb376876e2f3b2e667330e12c337d3a8b8cacccd9d86bc4c2f3b8971a79fb8f69af7b1d19592bf6a7186f7d4322045a99eaa207c407ab52aeadaaf1d089c278fccfb2138f"], 0x1, 0x170, &(0x7f0000000780)="$eJzs2z+LE0EYB+B3Tdy70+ZqsViwsQpqZanICeKCoqTQSuG0uZMDr1mt8ims/YKCpErlSLIh0ZAQgmY3XJ6nyQs/knkn7B9mYN7d/nR2enH58eLlMA6zLLqPoohfWRzHtehEbRAAwFUySil+ppTSwSCOvkdKqe2OAIBtG+XTwvsfAPbG2vX/w5YaAwC2xv4/AOyf12/ePn9clieviuIw4seg6lf9+rPOnz4rT+4VE8fzbw2rqt+Z5ffrvPg7vx43pvmDpXked+/U+Th78qJcyG/G6fanDwAAAHuhV8wsXd/3eqvyuvpjf2Bh/d6NW93GpgEAbODyy9ez9+fnHz43UBxNRsyaHXSz4lsLf8vOFp3YiTYUa4vxJfu/f7nNpxLQhPlN33YnAAAAAAAAAAAAAADAKv94VCiPiCVRRL7uZMFB41MFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmd8BAAD//27zPto=") bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000000)=ANY=[], &(0x7f0000000040)=""/186, 0x3f, 0xba, 0x1}, 0x28) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) 2.760349559s ago: executing program 4 (id=1041): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x7) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000340)=0xfc) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000001c0)) 2.717620192s ago: executing program 0 (id=1042): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@bridge_newvlan={0x28, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@BRIDGE_VLANDB_ENTRY={0x10, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_TUNNEL_INFO={0x4, 0x4, 0x0, 0x1, @BRIDGE_VLANDB_TINFO_ID={0x8, 0x1, 0x3000000}}}]}, 0x28}}, 0x0) 2.548552436s ago: executing program 0 (id=1044): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x2a, &(0x7f0000000040)={0x0, 0xffffffffffffff29}, 0x1, 0x0, 0x0, 0x804}, 0x4004015) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"]) 2.343851772s ago: executing program 4 (id=1046): syz_mount_image$hfsplus(&(0x7f0000000500), &(0x7f0000000100)='./file1\x00', 0xa08800, &(0x7f0000000000)=ANY=[], 0x4, 0x67b, &(0x7f00000010c0)="$eJzs3c1rHOcdB/DvrFay5IKjJHbilkBFDGmpqa0XlFalELeHokMowT2EQi/ClmPhtRIkpSihFPX92kP+gPSgQ6GnQu+GFHpqe8tVp5JS6CUnneoys7PSyvLKu7JerPbzMaN9Zp7X+c3Mszu7mAnwf2v+apoPUmT+6pvr5frW5kxra3PmXJ3dSlKmG0mz/ZJiOSk+SW6kveSL5ca6fNGrn4+W5m5++vnWZ+21Zr1U5RsH1evPRr1kIslQ/brf8KHau9WzvYMt7KSKnT0sA3alEzg4bQ/32Rik+lNet8CzoGi/b+4znpxPMlp/Dkg9OzROdnRHb6BZDgAAAM6o57aznfVcOO1xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFlSP/+/qJdGJz2RovP8/5F6W+r0zcYpj/lpPDjtAQAAAAAAAADAEfjydrazngud9YfVL/v/ebVauVj9/ULez2oWs5JrWc9C1rKWlUwlGe9qaGR9YW1tZSpPrjn92JrTJ7K7AAAAAAAAAPC/6ueZ3/39HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAngVFMtR+qZaLnfR4Gs0ko0lGynIbyd876TOieNzGByc/DgAAAHgqo4eo89x2trOeC531h0V1z/9Sdb88mveznLUsZS2tLOZ2fQ9d3vU3tjZnWlubM/e3Nmeqjn/0sK3dznf+PdAwqhbT/u7h8T1frkqM5U6Wqi3XcqsazO00qpqly/V4dpa9nfysHNPYG7U+R3a7fi07+22vbxGOQmPQCuNVpeGdiEzWYysbev7gSDzx6DQP7GkqjZ1vfi4e0FNnl4oBY36+Uy/Jrx+J+Rv/+P0P+2zmGOxEopEqEtNdZ99LB8c8+cqf/vD23dbyvbt3Vq8e22l0Uh49J2a6IvHymY5Ec8Dyk1UkLu2sz+d7+UGuZiJvZSVL+XEWspbF1DNjFurzufw73hWlZF+kbuxZe+tJIxmpj0t7Fu1nTBM5V6UW8mpV90KWUuTd3M5iXq/+TWcq38hsZjPXdYQv9TzC1b5VM21jsKv+yleze6n/ppyp+6uX/KXfgoNrv6WWcX2+K67dc+54lde9ZTdKL/TxfjTg3Nj8Up0o+/jFYd42js2jkZjqisSLB0fid9W1sdpavrdyd+G9Hu1vPLL+2vBu+lfH+c48sPJ8eSGj9Uyy9+wo817cmWX2xmuk/sWlndfYl3epyiuKzpX6/Z5X6kj9GW5/S9NV3sv784Y6I7/clbfn81be/evpxBOAAZ3/2vmRsX+N/W3s47Ffjt0de3P0u+e+ee6VkQz/efhbzcmh1xqvFH/Mx/np7v0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweKsffHhvodVaXHl8otE762gTRf0gn15lmhnLCQzjJBNFsnHkLedIGxw+pn3vPETwadt5+8azcSjPcmIoSWfLUHaz6kN0mIeLAmfC9bX7711f/eDDry/dX3hn8Z3F5eHZ2bnJudnXZ67fWWotTrb/nvYogeOw+3ngtEcCAAAAAAAAAAAA9OsI/hfBt//Zbqpnma7uJk5rPwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICza/5qmsMpMjV5bbJc39qcaZVLJ71bspmk0UiKnyTFJ8mNtJeMdzVX9Orno6W5m59+vvXZblvNTvnGQfX6s1EvmUgyVL/uM3K49m71aq9vxc4elgG70gkcnLb/BgAA///sygN+") chdir(&(0x7f0000000240)='./file0\x00') lsetxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0xfe37, 0x0) unlink(&(0x7f0000000180)='./file1\x00') 2.115746851s ago: executing program 4 (id=1049): openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x8882, 0x0) r0 = syz_io_uring_setup(0x234, &(0x7f0000000580)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r0, 0x207a98, 0x0, 0x0, 0x0, 0x0) 2.030871017s ago: executing program 4 (id=1050): r0 = syz_usb_connect$hid(0x3, 0x59, &(0x7f0000000000)=ANY=[@ANYBLOB="120100020000004043552205000000000001090224000100001000090400000103000000092100000001220b000905810300"], 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000340)='kfree\x00'}, 0x10) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000400)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xb, {[@local, @global=@item_4={0x3, 0x1, 0x3}, @main=@item_4={0x3, 0x0, 0x9, '(D%J'}]}}, 0x0}, 0x0) 1.830671733s ago: executing program 1 (id=1051): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001000), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000001040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010600000000000000000600000008000300", @ANYRES32=r1, @ANYBLOB="05005300000000000800050004"], 0x2c}, 0x1, 0x0, 0x0, 0x20004041}, 0x0) 1.670370076s ago: executing program 1 (id=1052): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0) r1 = syz_io_uring_setup(0x6a81, &(0x7f0000000080)={0x0, 0x1252, 0x10000, 0x0, 0x29a, 0x0, r0}, &(0x7f0000000140)=0x0, &(0x7f0000000340)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2df0, 0x0, 0x0, 0x0, 0x0) 1.670286756s ago: executing program 2 (id=1053): r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180), 0xb) copy_file_range(r1, &(0x7f0000000080), r0, &(0x7f0000000100), 0xfffffffffffffff8, 0x0) 1.585889953s ago: executing program 2 (id=1054): pipe2$watch_queue(&(0x7f0000000280)={0xffffffffffffffff}, 0x80) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000002, 0x28011, r1, 0xf5ce9000) ioctl$IOC_WATCH_QUEUE_SET_FILTER(r0, 0x5761, &(0x7f0000000000)=ANY=[]) 1.508323599s ago: executing program 2 (id=1055): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x88a, &(0x7f00000001c0)={[{@usrquota}, {@usrjquota, 0x22}, {@data_ordered}, {@noload}, {@noinit_itable}, {@grpjquota, 0x22}, {@init_itable}, {@jqfmt_vfsold}, {@noblock_validity}]}, 0xfe, 0x44e, &(0x7f0000000900)="$eJzs3M1vG0UbAPDHdpw0bfMmbykfDS0ECiLiI2nSD3rgUgQSB5CQ4FDEKSRpFeo2qAkSrSIIHMIRVeKOOCLxF3ChXBBwQuIKd4QUoVwonIzW3k3dxE7ixIlL/ftJm8x4xpp5dnfs8azXAXSsoeRPLuJgRPwaEf3V7J0Vhqr/bq0sTP69sjCZi3L5jT9zlXp/rSxMZlWz5x2oZsrlDdpdejtiolSavprmR+cvvzc6d+36czOXJy5OX5y+Mn727KmTx7rPjJ9uSZx9SV8HP5w9euSVt268Nnn+xjs/fp3092BaXhtHqwxV925dT7a6sTbrq0nnutrYEZpSiIjkcBUr478/CtG7WtYfL3/S1s4Bu6pczpd7GhcvloF7WDJRBzpR9kaffP7Ntj2aetwVls/F6jrGrXSrlnRFPq1TTD8j7YahiDi/+M8XyRa7tA4BAFDr5rmIeLbe/C8fD9TU+196bWggIv4fEYci4r6IOBwR90dU6j4YEQ812f7aKyTr5z/l/m0FtkXJ/O+F9NrWnfO/bPYXA4U011eJv5i7MFOaPpHuk+Eo9iT5sQ3a+O6lXz5rVFY7/0u2pP1sLpj244+uNQt0UxPzEzuJudbyxxGDXfXiz63OeZP58ZGIGNxmGzNPf3W0Udnm8W+gBZPy8pcRT1WP/2KsiT+Ta3h9cuz5M+OnR/dFafrEaHZWrPfTz0uvN2p/R/G3wPLNcuyve/6vxj+Q2xcxd+36pcr12rnm21j67dOGn2m2e/53596spLvTxz6YmJ+/OhbRnXt1/ePjt5+b5bP6yfk/fLz++D8Ut/fEwxGRnMTHIuKRiHg07ftjEfF4RBzfIP4fXnzi3ebj32BVvoWS+Kc2O/5Re/ybTxQuff9N8/FnkuN/qpIaTh/ZyuvfVju4k30HAAAA/xX5ynfgc/mR1XQ+PzJS/Q7/4difL83OzT9zYfb9K1PV78oPRDGfrXT116yHjqVrw1l+fE3+ZLpu/Hmht5IfmZwtTbU7eOhwBxqM/8TvhXb3Dth17teCzmX8Q+cy/qFzGf/QuYx/6Fz1xv9HbegHsPc2ef/v3at+AHvP/B86l/EPncv4h47U8N74/I5u+ZdoU+Lb7p39VsPWE5G/S0K+ZxLFqFvUteUfs9hmoqduUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//j57jFA==") r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 1.284743937s ago: executing program 2 (id=1056): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000500)={0x48, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x24, 0x33, @action={{{}, {}, @device_b}, @addba_resp}}]}, 0x48}}, 0x0) 1.283802167s ago: executing program 1 (id=1064): syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f00000004c0)='./file1\x00', 0x1804810, &(0x7f0000000140)=ANY=[], 0xfb, 0x69d, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvrDd2Ni0hSZM2oEq1GgkQEYkTKy3mQkAI5VBVVTlwthKnseKkxXGRWyHi8HrtoX9AOeSCOCFx4hKpcOBCb70hH5GQuJQD4cKimZ211971Zt0mXpt+PtHs8zrPPPObl32xognwuXXlbJoPUuTK2VdWy/L6/dml9fuztzr5V5tJppKsJWW2kaT4d7vd/jC5nBQbwxTb0j7vL869/vEn63/vlJr1UvVvDFtvm7rf2rbqtW7ddJKJOv0Mtox39TOPV2zM/HKSM3UKY3coSXuLH/3l6Y2WHq1Bax/ekzkCT1bRed/scyw5Ul/o5eeA7jtvY29nN7qpEftt/wQBAAAAB031HbjZV72l5osP8zCrxdE9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcaGubz/8v6qXRzU+n6D7/f7KuS53fX17YXfcHT2oeAAAAAAAAALCHXniYh1nN0W65XVR/83+xKpysXp/K27mThSznXFYzn5WsZDkXkhzrGWhydX5lZapbGrbmxUFrLl98xES7Q7cew04DAAAAAAAAwP+fn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgPyiSiU6S4l5P9bE0mkkOJ5ksK9aSj7r5g+zBuCcAAAAAe2AqeZjVHO2W20VOJnm2+g3gcN7O7axkMStZykKuVb8LdL71N9bvzy6t35+9VS79437nn7uaRjViOr89DN7y6apHK9ezWNWcy9W8maVcS6Nas3S6nk931G3zulfOqfh27eXRZnatTss9f69O+9zd1c7uZJc/phyrInKoE5GJZKaeWxmN490jM/gI7fLobNlSFnIhjY3Jnty2pcmtO7M15ptDNoZt70idlvvzq51iPhadSPy33bGQiz1n37PDY5589Q+/++FMnd8/uzSaiTptV6+t/nNiticSz40SiRtLt2/euH7n7EGLRJ+ZKhKnNspX8v38IGczndeynMX8OPNZyUKm870qN18f/KLnkt8hUpe3lF571Ewm6zO0c7B2N6cXq3WPZjGv5s1cy0Jeqv5dzIW8nEu5lLmeI3xq+BGurvpG/1VfaX9h4OTPfK3OtJL8uk73hzKux3viunnWz1TxPr6lZjNKJ0aI0oB74zDNL9eZchs/f9SNdE9tj8SFnkg8MzwSv6luK3eWbt9cvjH/1mibO/FenSmvo18m0/vnRlKeLyfKg1WVpracHWXbMxttW+NVtp3caGv0tZ3KH9NsdreymLUdr9TJ+jNc/0gXq7bnBrbNVm2ne9oGfd4CYN878vUjk61/tP7a+qD1i9aN1iuHvzv1zannJ3PoT4e+1ZyZ+Erj+eL3+SA/3fz+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHp33nn35vzS0sLytky73b770eCmETPd59V8ytW3Z7pPhRqhc6b/9lTZdUDTRNp3d2h6UpkvPZ3s1bb2b+Y/7Xa7ril26PPbP28P1FTGFLr6OX/tfRG6MWXGdksC9sj5lVtvnb/zzrvfWLw1/8bCGwu35y5dmpuZu/TS7Pnri0sLM53Xcc8SeBI23/THPRMAAAAAAAAAAABgVI/5/wysDWoa9z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB9uVs2k+SJELM+dmyvL6/dmlcunmN3s2kzSSFD9Jig+Ty+ksOdYzXLHTdt5fnHv940/W/9XuqMer+jeGrTeatXrJdJKJTnrvcY13tU6HKobtQrGxh2XAznQDB+P2vwAAAP//eL8QGw==") r0 = syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x180) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(r0, 0xc0245720, &(0x7f0000000040)) 1.114006811s ago: executing program 1 (id=1057): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) get_robust_list(0x0, &(0x7f00000001c0)=0x0, &(0x7f0000000200)) 1.054691676s ago: executing program 2 (id=1058): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a44000000090a050600000000000000000100000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001405000d404600000014000000110001"], 0x6c}}, 0x0) sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000940)={0x14, 0xa, 0xa, 0x101, 0x0, 0x0, {0x1}}, 0x14}}, 0x0) 966.465813ms ago: executing program 2 (id=1059): syz_mount_image$ocfs2(&(0x7f00000026c0), &(0x7f00000001c0)='./file0\x00', 0x200000, &(0x7f0000000340)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c636f686572656e63793d66756c6c2c6572726f72733d636f6e74696e75652c6865617274626561743d6e6f6e652c6572726f72733d636f6e74696e75652c6e6f696e74722c67727071756f74612c001796fa694353e3807803df5ea6fd4d6e6a2613d336eb62b863dcd89e37b45f8bd04199a14c48b3e553e035ab300ba3c60c27682a8ab5656969d829535c0862f6e3a35f15fe4d50c0d5c74631344625d6224c436474bb101ff47a14c51e342ca291c09c35d9d31b06b6b86cb9dccae387b5f1e7c5e1d445d52845a3fa4c77234ea9d37c8a277c85e69a85cc6ffeb225bebbca91b569b80ee303c9a21c58db5d96fb87f1713e0e9b896e37becae2e7a978259a0847e9fb08dcb8b9f84f616463da2507db1b3489769e99"], 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzZ1ezmybb/UibpOnHJBFctCybPlXrQ1yrNpo2H9pWU2Wd3Ww3q7M76+6MFgxSgyAKghIEFT+oCqUvtSAG+lKLUPADaRVKRdH6IlKogg8GbaArM3Nvdu6d2d7JTtLS9veDdvaee8+5Z/a/99w590wKseqphdXiwmqxtFSszN6/ekvxc5VybXEuFF4lr/X56c6VyEn2r50j7/vAR+65JYQ/HPvah9bW1tZC3XDo6EDLz+f/fXq29TVRyNSpt9u5taY/1h556edveaUj8pwIIexo61ddXwjhY78IYUsIYSQuG41fB0MI20IIUQjh0d/868cDvXShxdl7X3ju2JnD+85MPf7YMxfmj254YBTCd8u7b55ffHF/323Pv+MynR4AAF7RB48fufvo5IHwZBSGzvW3f17fGb8mn4/vfNun7nq4f33/Gt3pexVDBQAAgIz1+f9w9HKH9bpkZS1ZEnzigRN3PxWt7zexfX07dNeR298/eSBe/43a9t8aF/3zvX2NNdTsum92/XckU7/z+u/6eR7+6rO/XHrr5vuf9C8573CIChOp7UJhYiKEY1PN7V3R1kK5slp95/2V2tLJzZ/3jSKdf3b1fn1Bv9v8RzPV89b/d3/i8z8b7O/lHYyF7F9tfbvY/qdMB+n8Nx7Lf/KlqKv8xzL18vK/4+nt53+1pZd3kD0jlyKdf/NC3Nd6QLE5ANTz/2Z/fv47Mu3n5f/9qXOPntjE93/q48xwVO/rQGoEeDku3+ArTGSk828GkRo641/kRtf//zL5X5NpPy//Oyv/+N3ferj/bzT+j0/10uabRzr/ZhDF1BHr1/9IIf/6vzbTfl7+vz3152c/2dO9uj3/ev/H3f+7ks4/vhGnB8/Gb7Lb8X9npv28/HeN3ffQwib6/eHBuJ9DURhr+dbpufotbGh9vboxpanvXt7ESd4E0vk3f2upS2eo+dK4/ofzx/9dmfbz8n9oz9ffc7qn7/92Hv8njf9dSec/2Ci7lPxfyuS/O9N+Xv4/PP33v9x3mcf/+vZB+Xclnf/Wtv3rz38KXc3/rsvUz3v+s2/0qUf+2sP8P+lfct7k+U/yHGI8aj7/obN0/ldteFy39/89mXp51/+3/vP80/t7Gf+jAU8AepDOf1uzsMMEsNv8r8+0n5f/F+758sf/tIn5X+MT30CSf8v8f0uz/Kjxvyvp/Lc3C1P/GOrBxv8b9/+oPff/ZvK/IdN+Xv4XDk30f+Uy3//r/R/v8Cibdun8hzY8rp7/77u4/9+YqZeX/xf3/vTFm3v6/B/CpLn+pqXzv3rD4xrX/0B+/jdl6uXl/51v/PqJB3vo/9t7qEs2/+a9PnU5xZ/Nu53/FzPt5+X/o/HzZ/dfgfnfre7/XUnn31w1v5T8s/P/vZn28/L/3pEfrPRfgec/d8gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgU0bj1+EQFSZS24XCxEQIY/H2rrA1mimdnJ4pV2Y/sxrCjri8GEaj+XJlplSeXliqnJybLpXLldkQron37wgD0Wq5Up1eLC1fe7GtwejUXGmlOjNXqoYQdsbl14ftSVszC9XF0nLj2KTOVVHps7VKtTRRW51bCbsvlm9LyudXKrXl6y62dXWhsrJ8qrQ0fXJh5d2Tk5OTYc/FPo9Ecw9U55aqzd4299brJHWHo5Y309h9Q8v5Pl2prSyVyo3yG1vqlCuzpXJLnZtazlddqS3Nlqpz0+XKfHK+YkvdlvfW2L033jceRlLvL6mbdTB+vf3Q8Y8eP3ygbX8xSue9VFucm9ze+W8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDeuJ29717dDCH3NrUII4WDyQxT/l3L23heeO3bm8L4zU48/9syF+aOdjgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh535equjiOACfGd/7WiCltBFyGRgiojsJC/pFJJXXyJZtWge1SsigKDCMaFkQBEHtooKgVVD5F0QtXLaqNrVoYRBBxehMXu4IN7zQMed5YDgzzL1nvjBw78z5HA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD6cXbHYlfWXtq1eWnr7g+hMz/3fwhhNFne/7y3I/SEEL5+mTkdVmkLPU39v5mcGy9fNfm9t3/84fXRZO31F98trtsdknSo4XhnkqZDQ2vvf6O6M/hsejAJIY1dCFEsjD05UwshdMQuhCh+fpy/mP2+/xe7EKLo/3C3K7v/tdiFEMXW3Z/6avkzHtVzvn5hsPG/v9UjeBuP6KxDb09eeZe6qZX3Mn//T/LN+2A1zJ448v557CKIZnZu6mjsGgAAgL/rXIv8P2xZ3r9/OQk93eXc/1tT/t/b1P/q+f+Ke9tvjM20FUJsK41NZsfD+9rpc+M7NXD19uua8Z6qkv9Xm/y/2uT/1Sb/rzb5f7XJ/8m8kv9X0uObexZfxC6CaOT/AABQPYeOT0zVh0eyl/9NPzrLeX1f3tbzPP3BremBRw3jRvLDf9vhYxMHDg6P5Pe9PCC4sv5DunT2ez7fo7ktTDbNu2i1/kPv04X5a53lT9T/cP5GUV9xXes/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/2J17GgbBKAyj321F1EarogkLPwk+0MCIAKQwowEdTBiAgRBQwEDOWe5NnuUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnu9f5XXx/aUx0muNSFPZZdf+OZ5mP3PfDsv77HHjVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjYgQMZAAAAAGH+1nm0HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKcCAAD//wTsyzo=") mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103) renameat2(0xffffffffffffff9c, &(0x7f00000008c0)='./file4\x00', 0xffffffffffffff9c, &(0x7f0000000900)='./file7\x00', 0x0) 511.092139ms ago: executing program 1 (id=1060): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1018e58, &(0x7f0000000800)={[{@barrier}, {@noblock_validity}, {@mblk_io_submit}, {@data_err_ignore}, {@debug}, {@inlinecrypt}]}, 0x6, 0x615, &(0x7f0000000c00)="$eJzs3c9rHGUfAPDvzCZp0uZ90768ii2KAQ8tSNOkFqtebOvBHgoW7EHEQ0OT1NDtD5oUbC2YggcFBRGvIr34D3iX4tWbCOrNs1BFKgoqXZnd2XST7CZrmt1NMp8PbHaeZ2b3eb47efI8M5NnJ4DCGs1+pBF7I+6fTSJGGtYNR23laL7dvV8r+ZpK5dVfkkiqeTfP1bdP8uddeWIwIr45EfG/0spy567fuDBZrtS8E3Fo/uKVQ3PXbxycvTh5fvr89KWJw88dOTr+/MSRiQ2Jc1f+fPLUK49/+O6bz858Wz6YxLE40//2VCyLY6OMxmjcz0NszO+LiKPZQpPPZavZBiEUWin/feyPiEdjJErVVM1IzH7Q08oBHVUpZb15Wwbb3RDYKpJ1NusdG10RoMvq44Ds+Lf+WHvUcKbDo5LuuXu8dgC0Mv6+2rmRGKweG+28lzQcGdXObezegPKzMv6+ue/T7BFLzkP8sbh3+jagnFYWbkXEY83iT6p1212NNIs/XVKPJCLGI2Igr99LD1GHpGG5E+dhVrPe+NOIOJY/Z/kn1ln+6LJ0t+MHoJjuHM878oUstdj/fRWLfVO9/1s6/hlu0netR6/7v9bjv3p/P1g9R54uG4dlY5bTzd+yf3nGj++f/LhV+Y3jv+yRlV8fC3bD3VsR+5bF/14WbD7+yeJPmuz/bJOzx9or4+Xvfj7Zal2v46/cjtjf9Pjnwag0W1rl+uShmdny9HjtZ9Myvvz6jc9bld/r+LP9v7NF/A37P13+uuwzudJmGV+cvn2x1brhNeNPfxpIasebA3nOW5Pz81cnIgaSU/kmDfmHV69LfZv6e2TxH3iqeftf8vt/a+n7DNX/ZLbhymsX7rVat57933Ax+X6lzTq0ksU/tfb+X9H+s7yP2izj99evPdFq3WrxDz1MYAAAAAAAAFBAafUabJKOLS6n6dhYbb7s/2NnWr48N//0zOVrl6YiDlT/H7I/rV/pHqmlkyw9kf8/bD19eFn6mYjYExGflIaq6bFzl8tTvQ4eAAAAAAAAAAAAAAAAAAAANold+fz/+n2qfyvV5v8DBdHJG8wBm5v2D8VVbf8rbvEEFIH+H4pL+4fi0v6huLR/KC7tH4pL+4fi0v6huLR/AAAAANiW9jx554ckIhZeGKo+MgP5OjOCYHvr73UFgJ4p9boCQM8sXvo32IfCaWv8/2f+5YCdrw7QA0mzzOrgoLJ647/T9JUAAAAAAAAAAAAAQAfs39t6/r+5wbC9mfYHxfUQ8/99dQBscb76H4rLMT6w1iz+wVYrzP8HAAAAAAAAAAAAgK4Zrj6SdCyfCzwcaTo2FvGfiNgd/cnMbHl6PCL+GxHfl/p3ZOmJXlcaAAAAAAAAAAAAAAAAAAAAtpm56zcuTJbL01cbF/5akbP5FkprbfNItP2G9bugdqHyL8a/fFUk3f94hyJic+zlTiz0NeQkEQvZnt8UFbs6F5ujGtWFHv9hAgAAAAAAAAAAAAAAAACAAmqYe9zcvs+6XCMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6L4H9//v3EKvYwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtqZ/AgAA//9ffTgl") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) setuid(0xee01) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) 506.26896ms ago: executing program 0 (id=1061): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file1\x00', 0x0, &(0x7f0000000ec0)=ANY=[@ANYRES64=0x0, @ANYBLOB="8d95f1031dccaa2df87d132b749eb198d489e226b1c19d312b4ff85eed4d63ad71c6350eb440f025e024a8c8b9e6d7fa5473650e6db510ca4f89a04b566811d15208a60abb8d988867596ae0e7e20bce530ad85891180debde4cc5096d6930c66b462c57a6acc22f6e637ea62249c5022a32f365b17cdb5fe70663b1aaa0af78968f9e73715692b8084dc1b23784aca4de7a13b709ad5c9cb9f82e810e2429db7623f0bf2da13afcd27d58c648bdf64f3e4ad96fdcd7464098ddf745da1660d18f80320b49eae50d2ac5c0f3a6f5365f21c2e91a95a7096122d75f977d012f970f2c70b3534f2e774c769472db689c06d284681ec9bd42a3ba49e20cc97abd89c37b9bf16a7ff29f550cec667f1facec6f29b6a58a15b433dafe766cfc0b163b5aa5463a509e918b754ef6aee74e711ffb9807f132145e06673e454ecffe9eb56003be94597606cdf8da0529061cf58610a2120da0357404793877b64ffe023a03688f8f1b01bb2a31b2e201716fccddf43cbadee70c94216fcc0f0f171423a077ddc816f0fcc9402e5fac419b02e8bfdcfa556ddde3b62cf100d6dc529cc71e3659829a82e3a5182cc29cebfa895e2659f36770bc7ddba4fbf9f4964b3f951bf872b69a19d6eb871234c7cb30f26faa6e5a0347e34a180f29b55149ed82a95d3c677d0e2f4a758ef8bfaebd5f296cf03bb675cd8980211e3ec0fcbf80fdeed222a69261cddbcf4a38161cf118943e208b271d317dffdc080878b940853b323bc76fd37ad1845826706291f437f1d591c810fe5ec1ef0d2794f5b16ce3121fc21e8c26aa8d45958da54362a2d0839bc41a6d7107331b781c5cb1eea8fecd62831c01a530da4a626d828c64ec540196d6c4e68e4051b932e7792a10d04fd51c3ea32a4b6f1fd73274461895c8f5ef0e7713ddec36cb00c719caceab03aaacd43ac7830511fb756c1e855ce0bebf5e6b1a280eb114b290ce8465f2cc09542a4fc96c864a0d1c7fac4a087a9f16df1141bf4eebd86717f436d28e76e6716cdf6b05390dcd749e7503215deb6788cd992788d8501f87bc8ce72e862741bde18804e2132c75a36ec47df49c9787457d774c2c1dfc156f38141b67282f5bf7087965cea1be32661c630d07cdc96b6035bc9b54feb08a6822dae57afecffa0ef66689e4be38c452adf0665a9e28688dd47f19f24687abf068d0e94fd788502c1c8e0d5f3fb65edb8726bbce2948186ec8abbad2acd2a72f458e7e3c6bf8f860f76b3cf17c0b20dfdee344a8356fd9f81fc0f417d6ab1c7e847ede9ab28b6664c693a46e7ad27146acd2cdc0f3d0f7b21f9f33e4dcd991a546707ae656fd1230bcc1996e83b79ecd156ebaff3647f43e79210844062764321ab0a01c161789b72a03b1b89d1602c864e03564323ab78174549e48008f7baa5854a2f42233c8ba2594b85de25beaa26a61a413f123123b4640af5dd57a9d3220496879ed902dd3841293449fd4962e45249b2e9ceffb8be97724d428a50516b1357337bc1e1258e3df1ad7bc7cbeb9b39769de3aad8d59376256c49a33064ed3ce0ea41b9be8e98ac3513b98d9e879cb381a2166f47968c05aaf99865de8dcdb632ec346e3889eaafbe68141804d78b39eb4ee9efced3051ccfd05027b69e2ceec0ad89ee7dcbc0a3e8313a4fd56aac3190c84de152e36e86258bfdbebdaa56124ee2a72e179f67f82234fe6820a6befa9ddfc72bae9673152985d5511f7f0864856332a47184313955fac6f5196840a4d25e634ace07fa6387ac595894dcdc82cf9ff33de3e612e498e66cb05a07620c472275003f1871890afe06c936f9d3238e50905bd2c6766960a1be32088b9b1cc9371f38da60ce4c6d2e130773cad227cf72aa48260686b557d5de2f51aa48cb457d02323a7dff20a68f328db037a459ac6ef057b6b6ee23b446af110d6741251c3aa3ba2e06560d7f06f37ad49218de79f4251c2eb81e226295157b9c4043fe96bfc8cb143bd5b454fe431cce96f539919b3bd990be397dab1bc3ec6cd16d23447a8010674b03b2331ca9b4fedbe7aac69e30c2e414ac5f5c198763ac761cb1cf218728a5041a13a54cf218db24ff96de649f56b1ae1d36e44146875f0d6d3cbf08ba3033f370408ad36588bd01a03e9e7d8729a11a7124ba7f59807cff99f96edecd02b905d00612d6b405caae7e69baac8246334ad49b2ff32980a61850bec381c51f9fca5886edb10434852a36a52e9aa887d45d10f967e6ff8323fa08e57e02a645b03d5bc0a9d7eed5da072f82ea87903ebddcc74aa684a4e137d6ddceaaeb81218b6b1af919919e48e43f6be7bcab13b69766478f31c8f43cddb8f4628153b314d4dd5f906fa51f65dd07539b221271a9f0a279d751d0b61f0859c07bc7754604af24246ee9f4cef4414a1e5e1d96244e9f0fe738d5ec9a484c9b9f695ced0d7859701a5748f48f55e16a3c5fadf39fbfb29fa3c88bc96506f0666eead5b8546e29c6cadd074468fd158bec3dda38e727fc04a75881b5233ae3593340f6dc5eda0d1f9096b0b83e172ac301d8ec05fce492110df23b014ee4ac79a91c4981d820eca6600e10f54448ffae8cd61206364693d0f3be71b4a62dacd5df08f391d5769fceb0a8a5c14f8450008cd87571408a3bc311e4b7169838dd4c1366b55f97df572f65d248ad4debeb0afa5c2f4b3763f7f1d48b9ad7d3a6d47f5c352ecbe3ee1765a2b4ad54c06807bfe0b3e52babe92b5b92a7764dd4710015c2a9082444ac27efc31056945e7646bcb37cdac7dcfcbb9d47e8a58915dc6b827f2a98c1505244f51d664fc9676eda656a096d72092c2077a27cec5e602ba62558d30f66cea3eb9843f8b6ded6239de5aff0860191e51c633475f8cb20d5de82bf30a86a495e730fb6da653b7a2216daf409ef279f42eeb96efcb0381bda9d4784d10a633ea1e8ac24a34f3d2a1a09ac008770d8d899def9ed444f678ca3566ceb3bdedc466a3a04217e91e73d532f4d046d767abb868100f37b17ff41cc83ea09eba73283f9800bd934cb7b1c62e75bb5ce1347a5cb1a2bca85c5722df3f44bc9bdede46ad72e5088b23caf0c58c10b247adfd753b84b386f1a9bacd7f46200956ec68b715c16772c4c8f5513ae883fa8ad30a862f288ff3a69a4fb75864d147b6e585bf96867d696617a43d1fa0bd77a3bd5ac77e7b89c745f2f34064527cec7fb6d2096de0970080221fbc44d3309c08ae57110bf56656f95c97cedee8d5e517775cc16411930c21e7ab7cf622ffce0ccd6dca8e85e6a488cc70f73b6bda64440e6ecafe8b30900b7e14f9dfd34c99732d4aa12e1319c74a06ca4341a806896e63fd5370250a9d6f498b854a22f329ab574b604326ee16cb333c52210bc629dfb39d554c89611a7a42346067c8f85c2f5f19427260a8e0e14460a5fb8ec9077ff4feb7892717a39db8b09bb2d928111ebc4142afeb8120f0a76e2cca92ea004280ca54df386fbd104dbeb213804eee90ae00705ad1f386bd353279df0fa9b966e0cc877ba21fec17306e2d7609147709aa99fbfe16a4c5221494deaa679581c98f7b98a9f4d6b4121a3ffac0df51872ad270909c2399c278e5ff67cc452f5a2c8bf2a2d38af1985b62a27e3249b30db3c3f52c8c1ee5119779780943af4af17799e272eeddd6bc088563e7e4e1c17afa1c2f008c0606585fd06516b34229daca6a9935e0e7975853b7f42d7c20020691cf7d1ba4365851fcfbfb99e3334ee73432fbe04774225cbd1eeade738ebb06c7d22c9183382051e67ec4f2093b41466dd5920461fd23f315d4160245964fd17f8c82875578c5ece793317bd019a7dbcf0b80a8e6502e980a0e1a445fbf6230d8aa2c83bcef47a76e9042da7a5120eca804d63f095b8e86d275e6f8a855cb069b9a5b28381e5ec8486f534d6dbbc5af55e8f1466de31e2fe9ed045a6bbb19dc2ec605b71c5c7ac75ecce8bf40e1e9a773938a855204965d8b6d363a4f4f40b92d371122cb637e9732ab1afbe3049169f238838bb30a874c293cb697a90026edaed16061ed78a41baefbc5c73960cd4131cd269ce02407867a7f8ca9e9e3de3288217ba52a463e91b5eb86d2155206197eee90e22c37437938a878f2bbe2015bb4a1fc89652e18aa282d1525494df30015369c2b1db3c92bd0fa77a4c556d5b573b777c0177ac46efae01858aa4c1fbd357ce0f2ac5f15343573197b9ec44253331a6cc4cfd467f9cc46613c4f25e942e376ff790c1e0ac2eaa3f0a9a373ae504cc247489fb23c6fca321ae286715c4afb9952e44f4fc2fc81f90a062795cce46c962ba032ef040ed75819cfed56bc5b5df91ae4ef8c198b151c7ffb3f8ed07a557304e557458a5493bde6154af909a69af9be8dc5eb4f95c8a0d99104f77b9b148b3481a257cfaa60be1b61ff3f81f07d2a6a0955c32cb735eef686a78be7f813a15ec2c07ae77f6b7ae659ef193e0bbd7bc44f2f1bde99f45869b81cc85fb9dd741a1d001249dbf3b1b1bba205d479f49713eb673cea212f8c14f9060bc8ed1c44362932230b28fc35112be7ef309f1f0ced58a8aed31726ee0d9579ad53b08db298842905b11230300cfdaeecac77852efbb438f1302417b624d4cb0b2cb114100782b12d6ff040ae95fae5e5b91c26dec6a845c3a65244e1356078d542dbd77d21a75c143baa90b274db1fcf719bf0ec3e11f160880f1df19c798f50869405897cd7d43734881b57f7f94d607b787e2cb20d41e6cb5cc979b68e6a15ffa541f522f6ac24b398041bee464ccaa7d18305d2a265c087b9976519871c191cafb782e18765d08b8b831ead366890325b8c9e27b0c656d872eda2b536a92fd36b42cf9e8fb2adb210450e544dbcad3252f16100ce27885f7217a9495bbbc8f3834a54f800630b57991cf5534e59d44cfabb43e1174d39aa86a789dffb0fc521b9c09ab1179fe63f8802acc122e87fc7d19f1e94c5bc6d7eeabba823c8dfb047601982b861e2519b59522cdc6e22be0b42e7b13c25367a5840eab8535b51ba9a2cd39d9fdd220a32a0325d3ae0ad97937757b770ce067248701da92d129f6223a4b65cb00de6585954557e2dec9f78936a0a050388f5def91e2b0c009a6dfbb0c73bc57552c07d56968fe35c3c00c75ffa3f93da71466e2134920f2115dc19ae1368aea605916acf5e11b13506ddd87579a8d267d1147e5ba0a70219ecc5380a88ce90837ff551aa6b2fd3b8ff2fb3d66d65005c647a02437ab11ea05844384846de26e2a225f732c031320b489a3db970adb55d4dc490c38d87137cfada41cd609c1906a29134b816008ee2ce144dd1df3485eae1327e8033e16c65ddea4738a545b93c95d70548729b6d64c5cdb4293cf72c6e1f9dcc72cbe56725e37aebac28871dda6e4942a35575fbe33a4b8159b939c0f6488cf521588f3ff3b38e0048212af03b99d3b78479a12aa6dcff4cd9a9d3b210e9fe177d710a7a53f9f7cc29a87a1287b4b665cf39cdc107e67f2717d6a6016ebb1666cf9b77c544d41242a23778603b36868118b1e707ea40e54eb59e00a6c097661979ec50ae2ac557636d7a0324a93c08480777f89ffc664c41b189b5819ec466c1ad74e5e66222142e58176387f708892e9a48969f64ed23ec0acb4cb1c84862acb1ca254ab92861b6ed70f38f3cc31e4f1b46ab3549e48b0c9d5afec4cacdf969a7a5b9b5c48cfee7b914aed3149c8fe58fc54235b9228a1c9a2a064587641d37785f1ce4c8208ec1377490f02dd22bf5668fc039b67f"], 0x2, 0x2ba, &(0x7f0000000240)="$eJzs3T+LI2UYAPBnsrlJVpGksJIDB7SwOm6vtckie3CYSkmhFrp4OZBNEHKw4B+MV9naWPoJBMHOL2HjNxBsBTuvOBiZyYz541z2IptVl9+v2WffeZ73febNsMsW8+4HN6dn97N48OjzX6LbTaI1iMN4nEQ/WlH7MtYMvg4A4P/scZ7H7/nCLnVJRHT31xYAsEc7//7/Ye8tAQB79vY77755PByevJVl3bg7/ep8VPxlX3xdXD9+EB/FJMZxO3rxJCL/yyK+m+f5vJ0V+vHqdH4+Kiqn7/9UzX/8W0RZfxS96JdD6/X3hidH2cJK/bzo47lq/UFRfyd68WLD+veGJ3ca6mOUxmuvrPR/K3rx84fxcUziftnEsv6Loyx7I//mj8/eK9or6pP5+ahT5i3lB1f80QAAAAAAAAAAAAAAAAAAAAAAcI3dqs7O6UR5fk8xVJ2/c/Ck+OZGZLX++vk8i/qknmjjfKB5Ht/W5+vczrIsrxKX9e14qR3tf+euAQAAAAAAAAAAAAAAAAAA4L/l4Sefnp1OJuPZpQT1aQD1a/2n7X82z2Bl5OXYntyp15pMWlXYkHxYBXFQ5yQRW9sobuKStuWi4LC55/Hsu+93nbB7Qc4Le/ncN4P66To7TZr3sBP1SDeq4MfVnDSeca10cyQt9nIynt0sG6gfjovmSRsv9Xa+9/T5MphvyYkk4unzvP7rouFqJImN5LTc1cbyG1WwUr7xbDztea53ae3S339WJE7rAAAAAAAAAAAAAAAAAACAvVq+Btxw8dHW0lbe2VtbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCllv//f4dgXhU/Q3Ias4fNK7ev8jYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC45v4MAAD//2UZVDs=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)='Q', 0x1, 0x200980) statfs(&(0x7f0000000040)='./file1\x00', 0x0) 104.415002ms ago: executing program 4 (id=1062): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@newtaction={0xf4, 0x30, 0x300, 0x71bd22, 0x25dfdbff, {}, [{0xe0, 0x1, [@m_csum={0x64, 0x19, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xe215, 0x7fffffff, 0x5, 0x7, 0xd}, 0x70}}]}, {0x19, 0x6, "368532db9b5148f0994d7ac80bedb31a6102c819bc"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0x78, 0x18, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x2, 0x9, 0x6, 0x8000, 0xf8d}}]}, {0x35, 0x6, "77b227832b90d1ff89f7a47093e4fcd6469c1b0a38a78e003c28c0247261b6866b44c2243e65a09e57be964fc0687b627b"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x4000810}, 0x20040850) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 97.881872ms ago: executing program 0 (id=1071): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x1c, r2, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0xf75abbc0cea36f80}, 0x24040040) 0s ago: executing program 1 (id=1063): syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x3000010, &(0x7f0000000100)={[{@resuid}, {@nobh}]}, 0x1, 0x519, &(0x7f00000009c0)="$eJzs3cFvI1cZAPBvJvE2u5tiFxAqlSgVLcpWsHbS0DZCCMoFTpWA5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgfEGVWqBBfEAQECIdjCAQnoII/HJevYSaBJnI1/P+mt35sZz/e9ifw8M56dCWBiPRURL0XEVEQ8GxHlYnpalDjole5yb99/daVbksiyO39JIimm9dfVbU9HxM3ibTMR8ZUvRnw9ORq3vbe/udxo1HeKdq3T3K619/ZvbzSX1+vr9a3FxYUXll5cen5pPiu8p35W+pUffeGzr3/yG7+9+6db3+ym9ZkPRSkG+nGWel0v5duir7uNds4j2BhMFf0pjTsRAABOpbuP//6I+Fi+/1+OqXxvbsDUODIDAAAAzkr2udn4VxKRAQAAAFdWGhGzkaTV4lqA2UjTa8W5gQ/GjbTRanc+sdba3VrtzouoRCld22jU54trhStRSrrtheIa2377uYH2YkQ8FhHfLV/P29WVVmN1zOc+AAAAYFLcHDj+/3s5zesnG/L/BAAAAIDLqzKyAQAAAFwVDvkBAADg6hs8/n99THkAAAAA5+JLL7/cLVn/+derr+ztbrZeub1ab29Wm7sr1ZXWznZ1vdVaz+/Z1zxpfY1Wa/tTsbV7r9aptzu19t7+3WZrd6tzd+OBR2ADAAAAF+ixj77xqyQiDj59PS9R3AcQ4AG/H3cCwFmaGncCwNi4izdMrlK/cm28eQDjk5ww38U7AADw8Jv78NHf//unAkpjzQw4b671AYDJ4/d/mFwlVwDCREsj4n296iOjlhn5+/8vThslyyLeLB+e4vwiAABcrNm8JGm1OA6YjTStViMejUgrUUrWNhr1+eL44Jfl0iPd9kL+zuTEa4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sSyIDAAAArrSI9I9Jfjf/iLnyM7OD5weuJf8oxx+Kxg/ufO/ecqezs9Cd/tf8WV7XIqLz/TulfPpzIx8fBgAAAJy15GDkrN5xevG6cKFZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB3r7/6kq/XGTcP38+IirD4k/HTP46E6WIuPG3JKYPvS+JiKkziH/wWkQ8Pix+Eu9kWVYpshgW//o5x6/km2Z4/DQibp5BfJhkb3THn5eGff7SeCp/Hf75my7KezV6/EuLyI/n49yw8efRI2trDo3xxFs/qY2M/1rEE9PDx5/++JuMiP/0kbX9M8uyozG+9tX9/VHxsx9GzA39/kkeiFXrNLdr7b392xvN5fX6en1rcXHhhaUXl55fmq+tbTTqxb9DY3znIz9957j+3xgS/ze/7o2/x/X/mVErHfDvt+7d/0CvWhoW/9bTQ79/Z2JE/LT47vt4Ue/On+vXD3r1w5788ZtPHtf/1RHb/6S//61T9v/ZL3/7d6dcFAC4AO29/c3lRqO+c0xl5hTLPIyVn81cijT+x0r2rd5f7rLk8/9Wunur/53S79UlSOxQJbuwWFNxSbr8bmWswxIAAHAOfv7uTv+4MwEAAAAAAAAAAAAAAAAAAIDJdRG3ExuMeTCergIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOs/AQAA//9GB9/T") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='devices.list\x00', 0x275a, 0x0) fallocate(r0, 0x10, 0x17e, 0x8) lseek(r0, 0x0, 0x3) kernel console output (not intermixed with test programs): urnal. Quota mode: none. [ 131.300056][ T6888] ext4 filesystem being mounted at /100/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 131.424200][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 131.504555][ T6893] loop0: detected capacity change from 0 to 64 [ 131.760918][ T6899] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 131.776688][ T6901] loop0: detected capacity change from 0 to 256 [ 131.892456][ T6903] loop2: detected capacity change from 0 to 64 [ 132.058885][ T6907] loop3: detected capacity change from 0 to 128 [ 132.103463][ T6907] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 132.124100][ T6912] loop2: detected capacity change from 0 to 64 [ 132.170125][ T6907] ext4 filesystem being mounted at /100/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 132.200339][ T6895] loop1: detected capacity change from 0 to 32768 [ 132.211844][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 132.221621][ T28] audit: type=1800 audit(1755574162.259:12): pid=6912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.364" name="file1" dev="loop2" ino=21 res=0 errno=0 [ 132.281823][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 132.288104][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 132.296243][ T28] audit: type=1800 audit(1755574162.289:13): pid=6912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.364" name="file1" dev="loop2" ino=21 res=0 errno=0 [ 132.318408][ T6895] JBD2: Ignoring recovery information on journal [ 132.351981][ T6895] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 132.361626][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 132.408120][ T5794] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 132.477082][ T28] audit: type=1800 audit(1755574162.519:14): pid=6895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.355" name="file1" dev="loop1" ino=17058 res=0 errno=0 [ 132.574323][ T6909] loop0: detected capacity change from 0 to 32768 [ 132.583922][ T6909] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.363 (6909) [ 132.616400][ T5789] ocfs2: Unmounting device (7,1) on (node local) [ 132.625521][ T6909] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 132.636814][ T28] audit: type=1326 audit(1755574162.669:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6917 comm="syz.3.365" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd4f678ebe9 code=0x0 [ 132.638290][ T6909] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 132.668282][ T6909] BTRFS info (device loop0): doing ref verification [ 132.674995][ T6909] BTRFS info (device loop0): disabling tree log [ 132.681319][ T6909] BTRFS info (device loop0): enabling auto defrag [ 132.692121][ T6909] BTRFS info (device loop0): max_inline at 4096 [ 132.698452][ T6909] BTRFS info (device loop0): using free space tree [ 132.737893][ T6909] BTRFS info (device loop0): enabling ssd optimizations [ 132.745723][ T6909] BTRFS info (device loop0): auto enabling async discard [ 132.930929][ T5795] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 133.355948][ T6952] loop0: detected capacity change from 0 to 128 [ 133.388428][ T6952] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 133.420415][ T6952] ext4 filesystem being mounted at /77/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 133.488085][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.496422][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.554846][ T5795] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 133.671154][ T6966] loop1: detected capacity change from 0 to 128 [ 133.689238][ T6966] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 133.703274][ T6966] ext4 filesystem being mounted at /105/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 133.772967][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 134.163106][ T6965] loop0: detected capacity change from 0 to 32768 [ 134.180477][ T6965] JBD2: Ignoring recovery information on journal [ 134.258680][ T6965] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 134.317344][ T6972] loop1: detected capacity change from 0 to 32768 [ 134.327203][ T6972] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.379 (6972) [ 134.344627][ T28] audit: type=1800 audit(1755574164.389:16): pid=6965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.376" name="file1" dev="loop0" ino=17058 res=0 errno=0 [ 134.349683][ T6972] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 134.375953][ T6972] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 134.385098][ T6972] BTRFS info (device loop1): doing ref verification [ 134.391939][ T6972] BTRFS info (device loop1): disabling tree log [ 134.398339][ T6972] BTRFS info (device loop1): enabling auto defrag [ 134.407541][ T6972] BTRFS info (device loop1): max_inline at 4096 [ 134.414008][ T6972] BTRFS info (device loop1): using free space tree [ 134.471159][ T6972] BTRFS info (device loop1): enabling ssd optimizations [ 134.481518][ T6972] BTRFS info (device loop1): auto enabling async discard [ 134.504549][ T5795] ocfs2: Unmounting device (7,0) on (node local) [ 134.728854][ T5789] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 135.625611][ T7007] loop1: detected capacity change from 0 to 32768 [ 135.661783][ T7007] JBD2: Ignoring recovery information on journal [ 135.719672][ T7007] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 135.941535][ T28] audit: type=1800 audit(1755574165.979:17): pid=7007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.395" name="file1" dev="loop1" ino=17058 res=0 errno=0 [ 136.200423][ T5789] ocfs2: Unmounting device (7,1) on (node local) [ 136.340784][ T7022] loop2: detected capacity change from 0 to 40427 [ 136.375435][ T7022] F2FS-fs (loop2): invalid crc value [ 136.392495][ T7030] loop3: detected capacity change from 0 to 32768 [ 136.401311][ T7030] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.396 (7030) [ 136.414723][ T7022] F2FS-fs (loop2): Found nat_bits in checkpoint [ 136.445556][ T7030] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 136.466130][ T7030] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 136.479273][ T7030] BTRFS info (device loop3): doing ref verification [ 136.493597][ T7030] BTRFS info (device loop3): disabling tree log [ 136.501599][ T7030] BTRFS info (device loop3): enabling auto defrag [ 136.508180][ T7030] BTRFS info (device loop3): max_inline at 4096 [ 136.514654][ T7030] BTRFS info (device loop3): using free space tree [ 136.517581][ T7022] F2FS-fs (loop2): Start checkpoint disabled! [ 136.531180][ T7022] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 136.560055][ T7030] BTRFS info (device loop3): enabling ssd optimizations [ 136.577138][ T7030] BTRFS info (device loop3): auto enabling async discard [ 136.837016][ T5794] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 137.015103][ T1112] kworker/u4:8: attempt to access beyond end of device [ 137.015103][ T1112] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 137.054433][ T1112] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 137.321839][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 137.520775][ T7054] loop0: detected capacity change from 0 to 32768 [ 137.572233][ T7054] JBD2: Ignoring recovery information on journal [ 137.691118][ T7054] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 137.768954][ T28] audit: type=1800 audit(1755574167.819:18): pid=7054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.407" name="file1" dev="loop0" ino=17058 res=0 errno=0 [ 138.039578][ T5795] ocfs2: Unmounting device (7,0) on (node local) [ 138.246468][ T7076] program syz.3.406 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 138.335448][ T55] Process accounting resumed [ 138.766930][ T7078] loop0: detected capacity change from 0 to 32768 [ 138.811174][ T7078] JBD2: Ignoring recovery information on journal [ 138.882819][ T7078] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 138.980644][ T28] audit: type=1800 audit(1755574169.009:19): pid=7078 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.414" name="file1" dev="loop0" ino=17058 res=0 errno=0 [ 139.117477][ T7082] loop3: detected capacity change from 0 to 32768 [ 139.141423][ T7082] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.409 (7082) [ 139.186097][ T7082] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 139.189626][ T5795] ocfs2: Unmounting device (7,0) on (node local) [ 139.207726][ T7082] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 139.226826][ T7082] BTRFS info (device loop3): doing ref verification [ 139.252480][ T7082] BTRFS info (device loop3): disabling tree log [ 139.258817][ T7082] BTRFS info (device loop3): enabling auto defrag [ 139.275633][ T7082] BTRFS info (device loop3): max_inline at 4096 [ 139.285715][ T7082] BTRFS info (device loop3): using free space tree [ 139.386582][ T7082] BTRFS info (device loop3): enabling ssd optimizations [ 139.408494][ T7082] BTRFS info (device loop3): auto enabling async discard [ 139.460970][ T7084] loop1: detected capacity change from 0 to 40427 [ 139.493337][ T7084] F2FS-fs (loop1): invalid crc value [ 139.512886][ T7084] F2FS-fs (loop1): Found nat_bits in checkpoint [ 139.594983][ T7084] F2FS-fs (loop1): Start checkpoint disabled! [ 139.615888][ T7084] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 139.693460][ T5794] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 140.352359][ T59] kworker/u4:4: attempt to access beyond end of device [ 140.352359][ T59] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 140.381551][ T59] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 140.446232][ T7116] loop2: detected capacity change from 0 to 32768 [ 140.476928][ T7116] JBD2: Ignoring recovery information on journal [ 140.549702][ T7116] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 140.613836][ T28] audit: type=1800 audit(1755574170.659:20): pid=7116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.423" name="file1" dev="loop2" ino=17058 res=0 errno=0 [ 140.753420][ T5785] ocfs2: Unmounting device (7,2) on (node local) [ 141.397804][ T7140] block nbd0: Unsupported socket: shutdown callout must be supported. [ 141.793183][ T7133] loop0: detected capacity change from 0 to 32768 [ 141.816607][ T7133] JBD2: Ignoring recovery information on journal [ 141.895410][ T7133] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 142.021073][ T7142] loop1: detected capacity change from 0 to 32768 [ 142.036724][ T28] audit: type=1800 audit(1755574172.079:21): pid=7133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.429" name="file1" dev="loop0" ino=17058 res=0 errno=0 [ 142.061776][ T7142] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.425 (7142) [ 142.093716][ T7142] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 142.104629][ T7142] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 142.121597][ T7142] BTRFS info (device loop1): doing ref verification [ 142.128280][ T7142] BTRFS info (device loop1): disabling tree log [ 142.135022][ T7142] BTRFS info (device loop1): enabling auto defrag [ 142.141703][ T7142] BTRFS info (device loop1): max_inline at 4096 [ 142.147999][ T7142] BTRFS info (device loop1): using free space tree [ 142.220055][ T5795] ocfs2: Unmounting device (7,0) on (node local) [ 142.247884][ T7142] BTRFS info (device loop1): enabling ssd optimizations [ 142.261566][ T7142] BTRFS info (device loop1): auto enabling async discard [ 142.539671][ T5789] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 142.705094][ T7153] loop3: detected capacity change from 0 to 40427 [ 142.719862][ T7153] F2FS-fs (loop3): invalid crc value [ 142.742296][ T7153] F2FS-fs (loop3): Found nat_bits in checkpoint [ 142.820092][ T7153] F2FS-fs (loop3): Start checkpoint disabled! [ 142.830804][ T7153] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 143.303766][ T59] kworker/u4:4: attempt to access beyond end of device [ 143.303766][ T59] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 143.325758][ T59] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 144.152308][ T7192] loop1: detected capacity change from 0 to 32768 [ 144.180715][ T7194] loop2: detected capacity change from 0 to 32768 [ 144.196354][ T7194] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.441 (7194) [ 144.211831][ T7192] JBD2: Ignoring recovery information on journal [ 144.229352][ T7194] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 144.240039][ T7194] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 144.248912][ T7194] BTRFS info (device loop2): doing ref verification [ 144.255780][ T7194] BTRFS info (device loop2): disabling tree log [ 144.263049][ T7194] BTRFS info (device loop2): enabling auto defrag [ 144.269911][ T7194] BTRFS info (device loop2): max_inline at 4096 [ 144.276663][ T7194] BTRFS info (device loop2): using free space tree [ 144.298429][ T7192] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 144.402838][ T7194] BTRFS info (device loop2): enabling ssd optimizations [ 144.409869][ T7194] BTRFS info (device loop2): auto enabling async discard [ 144.422883][ T7200] loop3: detected capacity change from 0 to 32768 [ 144.446278][ T7200] (syz.3.436,7200,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 144.471559][ T28] audit: type=1800 audit(1755574174.509:22): pid=7192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.440" name="file1" dev="loop1" ino=17058 res=0 errno=0 [ 144.500119][ T7200] (syz.3.436,7200,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 144.587482][ T7200] JBD2: Ignoring recovery information on journal [ 144.679542][ T5789] ocfs2: Unmounting device (7,1) on (node local) [ 144.698793][ T5785] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 144.720954][ T7200] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 145.260176][ T7225] loop0: detected capacity change from 0 to 40427 [ 145.292728][ T7225] F2FS-fs (loop0): invalid crc value [ 145.313703][ T7225] F2FS-fs (loop0): Found nat_bits in checkpoint [ 145.321895][ T5794] ocfs2: Unmounting device (7,3) on (node local) [ 145.421250][ T7239] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 145.421782][ T7225] F2FS-fs (loop0): Start checkpoint disabled! [ 145.467193][ T7225] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 145.523248][ T7240] loop1: detected capacity change from 0 to 2048 [ 145.530491][ T7240] EXT4-fs: Ignoring removed nobh option [ 145.604030][ T7240] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.624057][ T7240] ext4 filesystem being mounted at /123/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 145.746431][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.915678][ T7256] loop1: detected capacity change from 0 to 512 [ 145.947684][ T7256] EXT4-fs error (device loop1): ext4_get_branch:178: inode #13: block 2: comm syz.1.454: invalid block [ 145.981073][ T7256] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.454: invalid indirect mapped block 10 (level 1) [ 146.019634][ T7256] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.454: invalid indirect mapped block 8 (level 1) [ 146.054083][ T7256] EXT4-fs (loop1): 1 truncate cleaned up [ 146.061770][ T786] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 146.083360][ T7256] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.112538][ T59] kworker/u4:4: attempt to access beyond end of device [ 146.112538][ T59] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 146.138047][ T59] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 146.220232][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.266178][ T7254] loop3: detected capacity change from 0 to 32768 [ 146.273938][ T786] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 146.292375][ T786] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 146.307392][ T786] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 146.312697][ T7254] JBD2: Ignoring recovery information on journal [ 146.316826][ T786] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.334785][ T7252] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 146.349779][ T786] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 146.420577][ T7254] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 146.506185][ T28] audit: type=1800 audit(1755574176.549:23): pid=7254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.456" name="file1" dev="loop3" ino=17058 res=0 errno=0 [ 146.614181][ T55] usb 3-1: USB disconnect, device number 4 [ 146.639167][ T5794] ocfs2: Unmounting device (7,3) on (node local) [ 146.705813][ T786] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 146.904027][ T786] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 146.926707][ T786] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 146.957674][ T786] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 146.977273][ T786] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 146.997553][ T786] usb 2-1: SerialNumber: syz [ 147.032524][ T7264] loop0: detected capacity change from 0 to 32768 [ 147.042708][ T7264] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.457 (7264) [ 147.058897][ T7264] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 147.074447][ T7264] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 147.084740][ T7264] BTRFS info (device loop0): doing ref verification [ 147.096252][ T7264] BTRFS info (device loop0): disabling tree log [ 147.103954][ T7264] BTRFS info (device loop0): enabling auto defrag [ 147.110611][ T7264] BTRFS info (device loop0): max_inline at 4096 [ 147.120472][ T7264] BTRFS info (device loop0): using free space tree [ 147.167662][ T7264] BTRFS info (device loop0): enabling ssd optimizations [ 147.178365][ T7264] BTRFS info (device loop0): auto enabling async discard [ 147.235630][ T786] usb 2-1: 0:2 : does not exist [ 147.258918][ T786] usb 2-1: USB disconnect, device number 4 [ 147.445739][ T5795] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 148.167481][ T7303] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 148.571747][ T55] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 148.645334][ T7295] loop2: detected capacity change from 0 to 40427 [ 148.687531][ T7295] F2FS-fs (loop2): invalid crc value [ 148.715968][ T7295] F2FS-fs (loop2): Found nat_bits in checkpoint [ 148.772367][ T55] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 148.793263][ T55] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 148.800276][ T7295] F2FS-fs (loop2): Start checkpoint disabled! [ 148.817497][ T7309] loop3: detected capacity change from 0 to 32768 [ 148.824265][ T55] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 148.835349][ T55] usb 1-1: config 0 interface 0 has no altsetting 0 [ 148.835396][ T7295] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 148.846427][ T55] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 148.860622][ T7309] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.471 (7309) [ 148.911664][ T55] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 148.951228][ T7317] loop1: detected capacity change from 0 to 2048 [ 148.960527][ T55] usb 1-1: config 0 interface 0 has no altsetting 0 [ 148.976981][ T7309] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 148.992289][ T55] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 149.001777][ T7309] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 149.011945][ T55] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 149.021029][ T7309] BTRFS info (device loop3): doing ref verification [ 149.036712][ T7317] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 149.050086][ T55] usb 1-1: config 0 interface 0 has no altsetting 0 [ 149.060370][ T7309] BTRFS info (device loop3): disabling tree log [ 149.060860][ T55] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 149.070599][ T7309] BTRFS info (device loop3): enabling auto defrag [ 149.086820][ T55] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 149.100214][ T55] usb 1-1: config 0 interface 0 has no altsetting 0 [ 149.107124][ T7309] BTRFS info (device loop3): max_inline at 4096 [ 149.124083][ T55] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 149.129673][ T7309] BTRFS info (device loop3): using free space tree [ 149.156909][ T55] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 149.189239][ T55] usb 1-1: config 0 interface 0 has no altsetting 0 [ 149.216741][ T55] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 149.261637][ T55] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 149.301781][ T55] usb 1-1: config 0 interface 0 has no altsetting 0 [ 149.317509][ T7309] BTRFS info (device loop3): enabling ssd optimizations [ 149.324779][ T7309] BTRFS info (device loop3): auto enabling async discard [ 149.325645][ T55] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 149.361786][ T55] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 149.391564][ T55] usb 1-1: config 0 interface 0 has no altsetting 0 [ 149.407523][ T55] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 149.431654][ T55] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 149.471682][ T55] usb 1-1: config 0 interface 0 has no altsetting 0 [ 149.493571][ T55] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 149.516138][ T55] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 149.541586][ T55] usb 1-1: Product: syz [ 149.545871][ T55] usb 1-1: Manufacturer: syz [ 149.550951][ T55] usb 1-1: SerialNumber: syz [ 149.591345][ T55] usb 1-1: config 0 descriptor?? [ 149.624305][ T55] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0 [ 149.781306][ T5794] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 149.823122][ T3451] kworker/u4:10: attempt to access beyond end of device [ 149.823122][ T3451] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 149.859818][ T3451] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 149.883224][ T786] usb 1-1: USB disconnect, device number 7 [ 149.896946][ T786] yurex 1-1:0.0: USB YUREX #0 now disconnected [ 150.214850][ T7345] loop3: detected capacity change from 0 to 128 [ 150.258688][ T7345] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 150.317373][ T7345] ext4 filesystem being mounted at /125/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 150.417931][ T5794] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 150.464527][ T7353] bond0: entered promiscuous mode [ 150.479216][ T7353] bond_slave_0: entered promiscuous mode [ 150.486913][ T7353] bond_slave_1: entered promiscuous mode [ 150.509606][ T7353] bond0: left promiscuous mode [ 150.521912][ T7353] bond_slave_0: left promiscuous mode [ 150.537904][ T7353] bond_slave_1: left promiscuous mode [ 151.337128][ T7363] loop0: detected capacity change from 0 to 32768 [ 151.385675][ T7359] loop3: detected capacity change from 0 to 40427 [ 151.423089][ T7359] F2FS-fs (loop3): heap/no_heap options were deprecated [ 151.436177][ T7363] read_mapping_page failed! [ 151.447361][ T7359] F2FS-fs (loop3): invalid crc value [ 151.461944][ T7363] ERROR: (device loop0): txCommit: [ 151.461944][ T7363] [ 151.477466][ T7359] F2FS-fs (loop3): Found nat_bits in checkpoint [ 151.553163][ T48] read_mapping_page failed! [ 151.565192][ T48] ERROR: (device loop0): txCommit: [ 151.565192][ T48] [ 151.575880][ T7365] loop1: detected capacity change from 0 to 32768 [ 151.581671][ T48] jfs_write_inode: jfs_commit_inode failed! [ 151.603231][ T7365] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.489 (7365) [ 151.614649][ T7361] loop2: detected capacity change from 0 to 40427 [ 151.628120][ T7365] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 151.636147][ T7361] F2FS-fs (loop2): invalid crc value [ 151.645897][ T7359] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 151.657178][ T7361] F2FS-fs (loop2): Found nat_bits in checkpoint [ 151.662926][ T7365] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 151.691631][ T7365] BTRFS info (device loop1): doing ref verification [ 151.699702][ T7365] BTRFS info (device loop1): disabling tree log [ 151.718818][ T7365] BTRFS info (device loop1): enabling auto defrag [ 151.726005][ T7365] BTRFS info (device loop1): max_inline at 4096 [ 151.741713][ T7365] BTRFS info (device loop1): using free space tree [ 151.783190][ T7361] F2FS-fs (loop2): Start checkpoint disabled! [ 151.795187][ T7361] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 151.901603][ T7365] BTRFS info (device loop1): enabling ssd optimizations [ 151.914596][ T7365] BTRFS info (device loop1): auto enabling async discard [ 152.324954][ T5789] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 152.337634][ T3451] kworker/u4:10: attempt to access beyond end of device [ 152.337634][ T3451] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 152.353260][ T3451] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 153.051099][ T7388] loop0: detected capacity change from 0 to 40427 [ 153.059307][ T7388] F2FS-fs (loop0): Invalid log sectors per block(0) log sectorsize(9) [ 153.069123][ T7388] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 153.088442][ T7388] F2FS-fs (loop0): invalid crc value [ 153.151641][ T786] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 153.231976][ T7388] F2FS-fs (loop0): Start checkpoint disabled! [ 153.240745][ T7388] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 153.248397][ T7388] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 153.314486][ T59] kworker/u4:4: attempt to access beyond end of device [ 153.314486][ T59] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 153.321850][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 153.349538][ T59] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 153.371620][ T786] usb 4-1: Using ep0 maxpacket: 16 [ 153.392922][ T786] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 153.411910][ T786] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 153.441726][ T786] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 153.461771][ T786] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 153.481744][ T786] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 153.513514][ T786] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 153.531536][ T786] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 153.539666][ T786] usb 4-1: Manufacturer: syz [ 153.562993][ T786] usb 4-1: config 0 descriptor?? [ 153.811945][ T7419] loop1: detected capacity change from 0 to 32768 [ 153.830413][ T7419] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.503 (7419) [ 153.864222][ T7422] ipvlan2: entered promiscuous mode [ 153.870484][ T7419] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 153.872268][ T7422] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 153.895432][ T7419] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 153.900406][ T7422] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 153.904576][ T7419] BTRFS info (device loop1): doing ref verification [ 153.923661][ T7419] BTRFS info (device loop1): disabling tree log [ 153.929997][ T7419] BTRFS info (device loop1): enabling auto defrag [ 153.937116][ T7419] BTRFS info (device loop1): max_inline at 4096 [ 153.943553][ T7419] BTRFS info (device loop1): using free space tree [ 153.947410][ T786] rc_core: IR keymap rc-hauppauge not found [ 153.958639][ T786] Registered IR keymap rc-empty [ 153.977896][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 154.010874][ T7419] BTRFS info (device loop1): enabling ssd optimizations [ 154.018192][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 154.023276][ T7419] BTRFS info (device loop1): auto enabling async discard [ 154.052520][ T786] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 154.082883][ T786] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input10 [ 154.102865][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 154.131999][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 154.170121][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 154.215425][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 154.267203][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 154.278073][ T7444] netlink: 12 bytes leftover after parsing attributes in process `syz.2.506'. [ 154.286575][ T5789] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 154.315111][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 154.368109][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 154.411095][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 154.464967][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 154.481325][ T7447] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 154.491218][ T7447] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 154.500827][ T7447] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 154.509760][ T7447] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 154.521233][ T7447] Zero length message leads to an empty skb [ 154.552052][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 154.598352][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 154.659431][ T786] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 154.689132][ T786] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 154.715043][ T786] usb 4-1: USB disconnect, device number 3 [ 154.747942][ T7454] syz.1.507: attempt to access beyond end of device [ 154.747942][ T7454] loop3: rw=0, sector=0, nr_sectors = 8 limit=0 [ 154.780515][ T7454] F2FS-fs (loop3): Unable to read 1th superblock [ 154.792248][ T7454] syz.1.507: attempt to access beyond end of device [ 154.792248][ T7454] loop3: rw=0, sector=8, nr_sectors = 8 limit=0 [ 154.819733][ T7454] F2FS-fs (loop3): Unable to read 2th superblock [ 154.831024][ T7456] syz.1.507: attempt to access beyond end of device [ 154.831024][ T7456] loop3: rw=0, sector=0, nr_sectors = 8 limit=0 [ 154.849464][ T7456] F2FS-fs (loop3): Unable to read 1th superblock [ 154.859061][ T7456] syz.1.507: attempt to access beyond end of device [ 154.859061][ T7456] loop3: rw=0, sector=8, nr_sectors = 8 limit=0 [ 154.883448][ T7456] F2FS-fs (loop3): Unable to read 2th superblock [ 155.186932][ T7466] loop0: detected capacity change from 0 to 764 [ 155.241401][ T7466] rock: directory entry would overflow storage [ 155.271685][ T7466] rock: sig=0x4654, size=5, remaining=4 [ 155.717561][ T7468] loop1: detected capacity change from 0 to 32768 [ 155.746297][ T7468] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.516 (7468) [ 155.775937][ T7476] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 155.786922][ T7468] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 155.807481][ T7468] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 155.821078][ T7468] BTRFS info (device loop1): doing ref verification [ 155.833605][ T7478] loop3: detected capacity change from 0 to 512 [ 155.851716][ T7468] BTRFS info (device loop1): disabling tree log [ 155.858052][ T7468] BTRFS info (device loop1): enabling auto defrag [ 155.885434][ T7468] BTRFS info (device loop1): max_inline at 4096 [ 155.887254][ T7478] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a803c02c, mo2=0102] [ 155.892081][ T7468] BTRFS info (device loop1): using free space tree [ 155.920543][ T7478] System zones: 1-12 [ 155.940661][ T7478] EXT4-fs error (device loop3): ext4_xattr_inode_iget:445: comm syz.3.521: error while reading EA inode 32 err=-116 [ 155.956820][ T7478] EXT4-fs (loop3): Remounting filesystem read-only [ 155.978861][ T7478] EXT4-fs warning (device loop3): ext4_evict_inode:255: couldn't mark inode dirty (err -5) [ 155.989489][ T7478] EXT4-fs (loop3): 1 orphan inode deleted [ 156.004985][ T7478] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 156.026957][ T7501] netlink: 8 bytes leftover after parsing attributes in process `syz.0.525'. [ 156.047230][ T7468] BTRFS info (device loop1): enabling ssd optimizations [ 156.054486][ T7468] BTRFS info (device loop1): auto enabling async discard [ 156.066655][ T7501] netlink: 'syz.0.525': attribute type 2 has an invalid length. [ 156.077847][ T5794] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.203491][ T27] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 156.311083][ T5789] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 156.405425][ T27] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 156.425365][ T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.472505][ T27] usb 3-1: config 0 descriptor?? [ 156.492974][ T27] cp210x 3-1:0.0: cp210x converter detected [ 156.511561][ T786] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 156.741609][ T786] usb 4-1: Using ep0 maxpacket: 32 [ 156.758703][ T786] usb 4-1: config 0 has an invalid interface number: 85 but max is 0 [ 156.779083][ T786] usb 4-1: config 0 has no interface number 0 [ 156.799608][ T786] usb 4-1: config 0 interface 85 has no altsetting 0 [ 156.827049][ T786] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 156.836580][ T786] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.865952][ T786] usb 4-1: Product: syz [ 156.885310][ T786] usb 4-1: Manufacturer: syz [ 156.888410][ T27] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 156.899854][ T786] usb 4-1: SerialNumber: syz [ 156.923218][ T786] usb 4-1: config 0 descriptor?? [ 156.945558][ T786] appletouch 4-1:0.85: Could not find int-in endpoint [ 156.956838][ T786] appletouch: probe of 4-1:0.85 failed with error -5 [ 156.969157][ T786] usbhid 4-1:0.85: couldn't find an input interrupt endpoint [ 157.117801][ T27] cp210x 3-1:0.0: failed to get vendor val 0x370c size 15: -71 [ 157.127811][ T27] cp210x 3-1:0.0: GPIO initialisation failed: -71 [ 157.137949][ T27] usb 3-1: cp210x converter now attached to ttyUSB0 [ 157.146952][ T27] usb 3-1: USB disconnect, device number 5 [ 157.172401][ T27] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 157.173357][ T7509] netlink: 136 bytes leftover after parsing attributes in process `syz.3.526'. [ 157.192076][ T27] cp210x 3-1:0.0: device disconnected [ 157.213404][ T5173] usb 4-1: USB disconnect, device number 4 [ 157.328281][ T7528] netlink: 8 bytes leftover after parsing attributes in process `syz.1.536'. [ 157.890512][ T7550] loop3: detected capacity change from 0 to 512 [ 157.943799][ T7550] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 157.980760][ T7550] ext4 filesystem being mounted at /139/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 158.085976][ T5794] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.124485][ T7535] loop0: detected capacity change from 0 to 32768 [ 158.145026][ T7535] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.539 (7535) [ 158.179159][ T7535] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 158.201667][ T7535] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 158.221366][ T7535] BTRFS info (device loop0): doing ref verification [ 158.239917][ T7535] BTRFS info (device loop0): disabling tree log [ 158.246517][ T7535] BTRFS info (device loop0): enabling auto defrag [ 158.271630][ T7535] BTRFS info (device loop0): max_inline at 4096 [ 158.278056][ T7535] BTRFS info (device loop0): using free space tree [ 158.338605][ T7570] loop1: detected capacity change from 0 to 128 [ 158.374255][ T7570] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a80ec018, mo2=0002] [ 158.382959][ T7570] System zones: 1-3, 19-19, 35-36 [ 158.390528][ T7570] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 158.407076][ T7570] ext4 filesystem being mounted at /158/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 158.439707][ C1] vkms_vblank_simulate: vblank timer overrun [ 158.471655][ T7535] BTRFS info (device loop0): enabling ssd optimizations [ 158.478690][ T7535] BTRFS info (device loop0): auto enabling async discard [ 158.571592][ T7570] EXT4-fs (loop1): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 ro. [ 158.645330][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 158.857470][ T5795] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 159.190291][ T7603] loop3: detected capacity change from 0 to 1024 [ 159.262127][ T7603] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 159.319486][ T7603] ext4 filesystem being mounted at /145/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 159.427791][ T5794] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.449343][ T7614] loop0: detected capacity change from 0 to 512 [ 159.457367][ T7614] EXT4-fs: Ignoring removed bh option [ 159.468034][ T7614] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 159.519509][ T7614] EXT4-fs (loop0): invalid journal inode [ 159.537151][ T7614] EXT4-fs (loop0): can't get journal size [ 159.584592][ T7614] EXT4-fs (loop0): 1 truncate cleaned up [ 159.599172][ T7614] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 159.701329][ T5795] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.789577][ T7626] Driver unsupported XDP return value 0 on prog (id 57) dev N/A, expect packet loss! [ 160.195584][ T7622] loop2: detected capacity change from 0 to 32768 [ 160.211796][ T7622] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.570 (7622) [ 160.235160][ T7622] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 160.250232][ T7622] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 160.259242][ T7622] BTRFS info (device loop2): doing ref verification [ 160.271103][ T7622] BTRFS info (device loop2): disabling tree log [ 160.277596][ T7622] BTRFS info (device loop2): enabling auto defrag [ 160.292250][ T7622] BTRFS info (device loop2): max_inline at 4096 [ 160.293747][ T7642] loop0: detected capacity change from 0 to 4096 [ 160.298746][ T7622] BTRFS info (device loop2): using free space tree [ 160.396680][ T7622] BTRFS info (device loop2): enabling ssd optimizations [ 160.427066][ T7622] BTRFS info (device loop2): auto enabling async discard [ 160.450330][ T7658] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 160.587717][ T7640] loop3: detected capacity change from 0 to 32768 [ 160.656632][ T7640] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 160.698400][ T5785] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 160.774682][ T7640] XFS (loop3): Ending clean mount [ 161.251907][ T5794] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 161.412503][ T7676] loop0: detected capacity change from 0 to 32768 [ 161.424799][ T7676] XFS (loop0): Mounting V5 Filesystem 6b3d8c96-b8b2-4f73-8344-2893082bca0b [ 161.486439][ T7676] XFS (loop0): Ending clean mount [ 161.498042][ T7676] XFS (loop0): Quotacheck needed: Please wait. [ 161.529570][ T7676] XFS (loop0): Quotacheck: Done. [ 161.568147][ T5795] XFS (loop0): Unmounting Filesystem 6b3d8c96-b8b2-4f73-8344-2893082bca0b [ 162.045157][ T7702] loop1: detected capacity change from 0 to 8 [ 162.056904][ T5798] Bluetooth: hci3: command 0x0c1a tx timeout [ 162.071695][ T55] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 162.271651][ T55] usb 1-1: Using ep0 maxpacket: 16 [ 162.284910][ T55] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 162.298904][ T55] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 162.331107][ T55] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 162.369247][ T55] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 162.380249][ T55] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.391579][ T55] usb 1-1: Product: syz [ 162.395868][ T55] usb 1-1: Manufacturer: syz [ 162.402049][ T55] usb 1-1: SerialNumber: syz [ 162.579698][ T7700] loop2: detected capacity change from 0 to 32768 [ 162.594880][ T7700] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.590 (7700) [ 162.619200][ T7700] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 162.636288][ T7700] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 162.645438][ T7700] BTRFS info (device loop2): doing ref verification [ 162.657028][ T7700] BTRFS info (device loop2): disabling tree log [ 162.665395][ T7700] BTRFS info (device loop2): enabling auto defrag [ 162.675288][ T7700] BTRFS info (device loop2): max_inline at 4096 [ 162.683496][ T7700] BTRFS info (device loop2): using free space tree [ 162.726617][ T7700] BTRFS info (device loop2): enabling ssd optimizations [ 162.738379][ T7700] BTRFS info (device loop2): auto enabling async discard [ 162.821666][ T55] usb 1-1: 0:2 : does not exist [ 162.957333][ T5785] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 163.291693][ T55] usb 1-1: 1:0: cannot get min/max values for control 4 (id 1) [ 163.329179][ T55] usb 1-1: USB disconnect, device number 8 [ 163.821656][ T5173] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 163.826644][ T7754] netlink: 16255 bytes leftover after parsing attributes in process `syz.2.605'. [ 163.986889][ T55] IPVS: starting estimator thread 0... [ 164.053715][ T5173] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 164.074146][ T5173] usb 4-1: config 0 interface 0 has no altsetting 0 [ 164.086529][ T5173] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 164.101665][ T5173] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 164.102025][ T7762] IPVS: using max 19 ests per chain, 45600 per kthread [ 164.127169][ T5173] usb 4-1: Product: syz [ 164.140934][ T7765] Context (ID=0x1) not attached to queue pair (handle=0x1:0x40) [ 164.141515][ T5173] usb 4-1: Manufacturer: syz [ 164.174494][ T5173] usb 4-1: SerialNumber: syz [ 164.183442][ T5173] usb 4-1: config 0 descriptor?? [ 164.210091][ T5173] usb 4-1: selecting invalid altsetting 0 [ 164.335587][ T7750] loop1: detected capacity change from 0 to 32768 [ 164.361895][ T7750] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.603 (7750) [ 164.389416][ T7750] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 164.399997][ T7750] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 164.422604][ T7750] BTRFS info (device loop1): doing ref verification [ 164.430051][ T7750] BTRFS info (device loop1): disabling tree log [ 164.436582][ T7750] BTRFS info (device loop1): enabling auto defrag [ 164.443336][ T7750] BTRFS info (device loop1): max_inline at 4096 [ 164.449801][ T7750] BTRFS info (device loop1): using free space tree [ 164.474437][ T27] usb 4-1: USB disconnect, device number 5 [ 164.505891][ T7750] BTRFS info (device loop1): enabling ssd optimizations [ 164.517788][ T7750] BTRFS info (device loop1): auto enabling async discard [ 164.717084][ T7767] loop2: detected capacity change from 0 to 32768 [ 164.719168][ T5789] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 164.727150][ T7767] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 scanned by syz.2.610 (7767) [ 164.777315][ T7767] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 164.802036][ T7767] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 164.823427][ T7767] BTRFS info (device loop2): doing ref verification [ 164.830105][ T7767] BTRFS info (device loop2): using free space tree [ 164.999186][ T7767] BTRFS info (device loop2): enabling ssd optimizations [ 165.015765][ T7767] BTRFS info (device loop2): auto enabling async discard [ 165.223166][ T7807] loop0: detected capacity change from 0 to 8192 [ 165.312105][ T5785] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 165.699207][ T7820] netlink: 'syz.3.621': attribute type 29 has an invalid length. [ 165.731627][ T7820] netlink: 8 bytes leftover after parsing attributes in process `syz.3.621'. [ 165.751938][ T7820] netlink: 'syz.3.621': attribute type 29 has an invalid length. [ 165.771876][ T7820] netlink: 8 bytes leftover after parsing attributes in process `syz.3.621'. [ 165.783454][ T7823] IPv6: NLM_F_REPLACE set, but no existing node found! [ 165.980034][ T7827] loop1: detected capacity change from 0 to 4096 [ 166.004219][ T7827] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 166.231087][ T7827] ntfs3: loop1: ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" failed to parse mft record [ 166.455367][ T3451] ntfs3: loop1: ino=1e, failed to parse mft record [ 167.018960][ T8] kernel write not supported for file /snd/seq (pid: 8 comm: kworker/0:0) [ 167.034918][ T7857] loop0: detected capacity change from 0 to 4096 [ 167.077269][ T7857] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 167.731457][ C1] sched: RT throttling activated [ 167.770211][ T7857] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 167.783134][ T7857] ntfs3: loop0: Failed to load $Extend (-22). [ 167.789414][ T7857] ntfs3: loop0: Failed to initialize $Extend. [ 168.185479][ T7872] loop0: detected capacity change from 0 to 512 [ 168.209858][ T7872] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 168.269516][ T7872] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.306431][ T7872] ext4 filesystem being mounted at /138/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 168.403921][ T28] audit: type=1800 audit(1755574198.419:24): pid=7872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.643" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 168.485781][ T5795] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.499108][ T28] audit: type=1800 audit(1755574198.429:25): pid=7872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.643" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 168.868268][ T7882] loop0: detected capacity change from 0 to 128 [ 168.885461][ T7882] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 168.923607][ T7882] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 168.964717][ T7884] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 168.964717][ T7884] The task syz.3.646 (7884) triggered the difference, watch for misbehavior. [ 169.238718][ T7854] loop2: detected capacity change from 0 to 262144 [ 169.272884][ T7854] F2FS-fs (loop2): Found nat_bits in checkpoint [ 169.322675][ T7895] sch_tbf: burst 2 is lower than device vlan0 mtu (1514) ! [ 169.326830][ T7854] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 169.811078][ T7898] loop0: detected capacity change from 0 to 32768 [ 169.818195][ T7900] loop3: detected capacity change from 0 to 128 [ 169.829431][ T7898] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.651 (7898) [ 169.864724][ T7898] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 169.883006][ T7898] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 169.911829][ T7898] BTRFS info (device loop0): setting nodatacow, compression disabled [ 169.920115][ T7898] BTRFS info (device loop0): max_inline at 0 [ 169.932142][ T7898] BTRFS info (device loop0): enabling disk space caching [ 169.939367][ T7898] BTRFS info (device loop0): turning off barriers [ 169.957676][ T7902] netlink: 'syz.3.654': attribute type 3 has an invalid length. [ 169.961837][ T7898] BTRFS info (device loop0): turning on flush-on-commit [ 169.979411][ T7902] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.654'. [ 169.991555][ T7898] BTRFS info (device loop0): doing ref verification [ 169.998225][ T7898] BTRFS info (device loop0): force clearing of disk cache [ 170.021851][ T7898] BTRFS info (device loop0): enabling ssd optimizations [ 170.028938][ T7898] BTRFS info (device loop0): max_inline at 4096 [ 170.041611][ T7898] BTRFS info (device loop0): disk space caching is enabled [ 170.132307][ T7898] BTRFS info (device loop0): auto enabling async discard [ 170.151797][ T7898] BTRFS info (device loop0): rebuilding free space tree [ 170.171273][ T7898] BTRFS info (device loop0): disabling free space tree [ 170.205673][ T7898] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 170.237407][ T7898] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 170.278591][ T7921] netlink: 16 bytes leftover after parsing attributes in process `syz.1.656'. [ 170.540878][ T5795] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 171.598390][ T7952] loop3: detected capacity change from 0 to 2048 [ 171.627935][ T7952] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 171.713633][ T7959] loop1: detected capacity change from 0 to 256 [ 171.726659][ T7959] exfat: Deprecated parameter 'utf8' [ 171.915974][ T7963] loop3: detected capacity change from 0 to 128 [ 171.936370][ T7963] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 171.949061][ T7963] ext4 filesystem being mounted at /172/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 172.025688][ T5794] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 172.387198][ T7984] loop0: detected capacity change from 0 to 64 [ 172.408896][ T7984] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 172.504707][ T5795] minix_free_inode: bit 3 already cleared [ 172.517647][ T5795] minix_free_inode: bit 4 already cleared [ 172.536899][ T5795] minix_free_inode: bit 2 already cleared [ 172.545951][ T5795] minix_free_inode: bit 5 already cleared [ 172.601700][ T5173] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 172.754471][ T7972] loop2: detected capacity change from 0 to 32768 [ 172.762435][ T7992] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 172.798186][ T7972] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 172.809405][ T5173] usb 2-1: config 0 has an invalid interface number: 120 but max is 0 [ 172.818877][ T5173] usb 2-1: config 0 has no interface number 0 [ 172.825592][ T5173] usb 2-1: config 0 interface 120 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 172.838225][ T5173] usb 2-1: config 0 interface 120 altsetting 0 endpoint 0x8A has invalid maxpacket 255, setting to 64 [ 172.849502][ T5173] usb 2-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 172.869305][ T5173] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.902781][ T5173] usb 2-1: config 0 descriptor?? [ 172.908891][ T7982] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 172.934092][ T5173] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.120/input/input12 [ 172.960231][ C1] usbtouchscreen 2-1:0.120: usbtouch_irq - usb_submit_urb failed with result: -1 [ 173.000105][ C1] usbtouchscreen 2-1:0.120: usbtouch_irq - usb_submit_urb failed with result: -1 [ 173.052583][ T7972] XFS (loop2): Ending clean mount [ 173.165484][ T5834] usb 2-1: USB disconnect, device number 5 [ 173.180932][ T5785] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 173.629265][ T8016] loop2: detected capacity change from 0 to 256 [ 173.667339][ T8016] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xac5c0b1f, utbl_chksum : 0xe619d30d) [ 174.451233][ T8036] loop3: detected capacity change from 0 to 4096 [ 174.473658][ T8036] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 174.501784][ T8036] EXT4-fs (loop3): shut down requested (1) [ 174.547053][ T5794] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.071693][ T5173] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 175.119199][ T8046] loop0: detected capacity change from 0 to 32768 [ 175.188117][ T8046] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 175.255285][ T8046] OCFS2: ERROR (device loop0): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #17056 has an invalid fs_generation of #0 [ 175.281761][ T5173] usb 2-1: Using ep0 maxpacket: 8 [ 175.300530][ T5173] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 175.302127][ T8046] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 175.321284][ T5173] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 175.331695][ T5173] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 175.342727][ T5173] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 175.356267][ T5173] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 175.365921][ T5173] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.371572][ T8046] OCFS2: File system is now read-only. [ 175.381837][ T8046] (syz.0.703,8046,1):ocfs2_search_chain:1761 ERROR: status = -30 [ 175.391250][ T8046] (syz.0.703,8046,1):ocfs2_search_chain:1871 ERROR: status = -30 [ 175.412128][ T8046] (syz.0.703,8046,1):ocfs2_claim_suballoc_bits:1940 ERROR: status = -30 [ 175.421384][ T8046] (syz.0.703,8046,1):ocfs2_claim_suballoc_bits:1983 ERROR: status = -30 [ 175.431679][ T8046] (syz.0.703,8046,1):ocfs2_claim_new_inode:2216 ERROR: status = -30 [ 175.439779][ T8046] (syz.0.703,8046,1):ocfs2_claim_new_inode:2231 ERROR: status = -30 [ 175.441048][ T8060] loop3: detected capacity change from 0 to 256 [ 175.454115][ T8046] (syz.0.703,8046,1):ocfs2_mknod_locked:639 ERROR: status = -30 [ 175.454313][ T8046] (syz.0.703,8046,1):ocfs2_mknod:385 ERROR: status = -30 [ 175.456703][ T8046] (syz.0.703,8046,1):ocfs2_mknod:502 ERROR: status = -30 [ 175.496984][ T8046] (syz.0.703,8046,1):ocfs2_mkdir:659 ERROR: status = -30 [ 175.557331][ T5795] ocfs2: Unmounting device (7,0) on (node local) [ 175.656272][ T5173] usb 2-1: GET_CAPABILITIES returned 0 [ 175.669048][ T8054] loop2: detected capacity change from 0 to 40427 [ 175.681040][ T8054] F2FS-fs (loop2): invalid crc value [ 175.681579][ T5173] usbtmc 2-1:16.0: can't read capabilities [ 175.696362][ T8054] F2FS-fs (loop2): Found nat_bits in checkpoint [ 175.789623][ T8054] F2FS-fs (loop2): Start checkpoint disabled! [ 175.820609][ T8054] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 175.865259][ T5173] usb 2-1: USB disconnect, device number 6 [ 175.876846][ T8054] syz.2.707: attempt to access beyond end of device [ 175.876846][ T8054] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 176.087627][ T3451] kworker/u4:10: attempt to access beyond end of device [ 176.087627][ T3451] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 176.107782][ T3451] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 176.134958][ T3451] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 176.594657][ T8076] loop3: detected capacity change from 0 to 32768 [ 176.637953][ T8076] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 176.704462][ T8076] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 176.724538][ T12] (kworker/u4:1,12,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=312, inode=13845347915746889, rec_len=25793, name_len=214 [ 176.882657][ T5794] ocfs2: Unmounting device (7,3) on (node local) [ 177.336464][ T8086] loop2: detected capacity change from 0 to 32768 [ 177.382846][ T8086] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 177.480220][ T8099] loop3: detected capacity change from 0 to 4096 [ 177.511064][ T8086] XFS (loop2): Ending clean mount [ 177.539465][ T8086] XFS (loop2): Quotacheck needed: Please wait. [ 177.649608][ T8086] XFS (loop2): Quotacheck: Done. [ 177.776510][ T8097] loop0: detected capacity change from 0 to 40427 [ 177.789834][ T8097] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x7ffff [ 177.831022][ T5785] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 177.842765][ T8097] F2FS-fs (loop0): invalid crc value [ 177.886404][ T8097] F2FS-fs (loop0): Found nat_bits in checkpoint [ 177.942079][ T8115] netlink: 'syz.1.729': attribute type 1 has an invalid length. [ 177.992009][ T8115] netlink: 24 bytes leftover after parsing attributes in process `syz.1.729'. [ 178.127269][ T8097] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 178.337274][ T5795] syz-executor: attempt to access beyond end of device [ 178.337274][ T5795] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 178.359946][ T5795] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 178.956492][ T8121] loop1: detected capacity change from 0 to 32768 [ 178.984832][ T8133] loop3: detected capacity change from 0 to 256 [ 179.077580][ T8123] loop2: detected capacity change from 0 to 32768 [ 179.087300][ T8121] read_mapping_page failed! [ 179.095830][ T8123] XFS: noikeep mount option is deprecated. [ 179.116248][ T8121] ERROR: (device loop1): txCommit: [ 179.116248][ T8121] [ 179.139368][ T8121] ERROR: (device loop1): remounting filesystem as read-only [ 179.160032][ T8123] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 179.237713][ T8123] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 179.269893][ T8123] XFS (loop2): Starting recovery (logdev: internal) [ 179.300071][ T8123] XFS (loop2): Ending recovery (logdev: internal) [ 179.397771][ T5785] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 179.431881][ T8] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 179.657956][ T8] usb 1-1: unable to get BOS descriptor or descriptor too short [ 179.667667][ T8] usb 1-1: config 1 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 179.682654][ T8] usb 1-1: config 1 interface 0 altsetting 2 endpoint 0x3 has invalid maxpacket 41895, setting to 1024 [ 179.695509][ T8] usb 1-1: config 1 interface 0 altsetting 2 bulk endpoint 0x3 has invalid maxpacket 1024 [ 179.706216][ T8] usb 1-1: config 1 interface 0 has no altsetting 0 [ 179.715847][ T8] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 179.728261][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.737791][ T8] usb 1-1: Product: syz [ 179.742220][ T8] usb 1-1: Manufacturer: syz [ 179.746841][ T8] usb 1-1: SerialNumber: syz [ 179.757396][ T8142] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 179.769096][ T8142] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 179.968723][ T8167] program syz.1.748 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 180.001614][ T55] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 180.002489][ T8] usb 1-1: bad CDC descriptors [ 180.020105][ T8] usb 1-1: USB disconnect, device number 9 [ 180.194998][ T55] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 180.207027][ T55] usb 4-1: config 0 interface 0 has no altsetting 0 [ 180.224500][ T55] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 180.234487][ T55] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 180.242835][ T55] usb 4-1: Product: syz [ 180.247151][ T55] usb 4-1: Manufacturer: syz [ 180.251918][ T55] usb 4-1: SerialNumber: syz [ 180.252940][ T8176] loop1: detected capacity change from 0 to 512 [ 180.259366][ T55] usb 4-1: config 0 descriptor?? [ 180.270928][ T8176] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 180.274124][ T55] usb 4-1: selecting invalid altsetting 0 [ 180.284148][ T8176] EXT4-fs (loop1): orphan cleanup on readonly fs [ 180.299196][ T8176] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:512: comm syz.1.752: Block bitmap for bg 0 marked uninitialized [ 180.320220][ T8176] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 180.330110][ T8176] EXT4-fs (loop1): 1 orphan inode deleted [ 180.338491][ T8176] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 180.357785][ T8176] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 180.368318][ T8176] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 180.383765][ T8176] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:512: comm syz.1.752: Block bitmap for bg 0 marked uninitialized [ 180.402256][ T8176] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:512: comm syz.1.752: Block bitmap for bg 0 marked uninitialized [ 180.418318][ T8176] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:512: comm syz.1.752: Block bitmap for bg 0 marked uninitialized [ 180.432745][ T8176] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:512: comm syz.1.752: Block bitmap for bg 0 marked uninitialized [ 180.451329][ T8176] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:512: comm syz.1.752: Block bitmap for bg 0 marked uninitialized [ 180.472005][ T8176] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:512: comm syz.1.752: Block bitmap for bg 0 marked uninitialized [ 180.534943][ T786] usb 4-1: USB disconnect, device number 6 [ 180.559616][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.017831][ T8180] loop0: detected capacity change from 0 to 32768 [ 181.026487][ T8180] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.754 (8180) [ 181.042004][ T8180] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 181.052761][ T8180] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 181.061735][ T8180] BTRFS info (device loop0): setting nodatacow, compression disabled [ 181.069894][ T8180] BTRFS info (device loop0): enabling auto defrag [ 181.076510][ T8180] BTRFS info (device loop0): max_inline at 0 [ 181.082626][ T8180] BTRFS info (device loop0): using free space tree [ 181.101710][ T786] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 181.131398][ T8180] BTRFS info (device loop0): auto enabling async discard [ 181.188605][ T8201] loop3: detected capacity change from 0 to 2048 [ 181.195749][ T5795] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 181.196726][ T8201] EXT4-fs: Ignoring removed nomblk_io_submit option [ 181.213914][ T8201] EXT4-fs: Ignoring removed nobh option [ 181.275274][ T8201] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 181.313225][ T786] usb 2-1: Using ep0 maxpacket: 16 [ 181.325931][ T786] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 181.346264][ T786] usb 2-1: config 1 has an invalid descriptor of length 32, skipping remainder of the config [ 181.356895][ T786] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 181.378297][ T786] usb 2-1: config 1 has no interface number 1 [ 181.384631][ T786] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 181.397637][ T786] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 1088, setting to 64 [ 181.411529][ T786] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 181.420706][ T786] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.430020][ T786] usb 2-1: Product: syz [ 181.434296][ T786] usb 2-1: Manufacturer: syz [ 181.439005][ T786] usb 2-1: SerialNumber: syz [ 181.447359][ T5794] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.687794][ T786] usb 2-1: USB disconnect, device number 7 [ 181.784011][ T8210] netlink: 8 bytes leftover after parsing attributes in process `syz.2.759'. [ 181.891581][ T5173] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 181.940991][ T8217] netlink: 12 bytes leftover after parsing attributes in process `syz.0.762'. [ 181.951253][ T8217] netlink: 12 bytes leftover after parsing attributes in process `syz.0.762'. [ 182.081539][ T5173] usb 4-1: Using ep0 maxpacket: 32 [ 182.100185][ T5173] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.121814][ T5173] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 182.141591][ T5173] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 182.171488][ T5173] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.204095][ T5173] usb 4-1: config 0 descriptor?? [ 182.217011][ T5173] hub 4-1:0.0: USB hub found [ 182.329765][ T8215] loop2: detected capacity change from 0 to 32768 [ 182.353915][ T8215] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 182.431791][ T5173] hub 4-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 182.451256][ T8215] XFS (loop2): Ending clean mount [ 182.472419][ T8215] XFS (loop2): Quotacheck needed: Please wait. [ 182.547983][ T8215] XFS (loop2): Quotacheck: Done. [ 182.641237][ T5785] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 182.644266][ T5173] usbhid 4-1:0.0: can't add hid device: -71 [ 182.675975][ T5173] usbhid: probe of 4-1:0.0 failed with error -71 [ 182.746028][ T5173] usb 4-1: USB disconnect, device number 7 [ 183.326900][ T8244] loop1: detected capacity change from 0 to 32768 [ 183.375066][ T28] audit: type=1800 audit(1755574213.419:26): pid=8244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.771" name="bus" dev="loop1" ino=7 res=0 errno=0 [ 183.854730][ T8273] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 184.720652][ T23] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 184.875922][ T8269] loop1: detected capacity change from 0 to 131072 [ 185.043682][ T8269] F2FS-fs (loop1): Test dummy encryption mode enabled [ 185.059527][ T8269] F2FS-fs (loop1): invalid crc value [ 185.063499][ T8285] loop2: detected capacity change from 0 to 4096 [ 185.089512][ T8269] F2FS-fs (loop1): Found nat_bits in checkpoint [ 185.093263][ T8285] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 185.147192][ T8269] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 185.165293][ T8269] F2FS-fs (loop1): access invalid blkaddr:1281 [ 185.173118][ T8269] CPU: 1 PID: 8269 Comm: syz.1.778 Not tainted 6.6.102-syzkaller #0 [ 185.181699][ T8269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 185.192175][ T8269] Call Trace: [ 185.195736][ T8269] [ 185.198753][ T8269] dump_stack_lvl+0x16c/0x230 [ 185.204053][ T8269] ? show_regs_print_info+0x20/0x20 [ 185.209353][ T8269] ? f2fs_get_next_page_offset+0x690/0x690 [ 185.215375][ T8269] ? __asan_memset+0x22/0x40 [ 185.220034][ T8269] ? __lookup_extent_tree+0xba0/0xba0 [ 185.225620][ T8269] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 185.232143][ T8269] f2fs_get_read_data_page+0x3a4/0x5c0 [ 185.236716][ T8294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 185.238006][ T8269] ? f2fs_reserve_block+0x240/0x240 [ 185.238094][ T8269] ? __asan_memset+0x22/0x40 [ 185.257912][ T8269] f2fs_find_data_page+0x9f/0x3a0 [ 185.263107][ T8269] __f2fs_find_entry+0x64d/0xca0 [ 185.268967][ T8269] ? f2fs_find_target_dentry+0xbc0/0xbc0 [ 185.275492][ T8269] f2fs_lookup+0x220/0x7b0 [ 185.280638][ T8269] ? d_alloc+0x173/0x1b0 [ 185.282396][ T8294] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 185.285891][ T8269] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 185.301385][ T8269] ? __rwlock_init+0x150/0x150 [ 185.307361][ T8269] ? _raw_spin_unlock+0x28/0x40 [ 185.313800][ T8269] ? d_alloc+0x173/0x1b0 [ 185.318541][ T8269] lookup_one_qstr_excl+0x112/0x250 [ 185.324006][ T8269] filename_create+0x222/0x460 [ 185.328973][ T8269] ? kern_path_create+0x50/0x50 [ 185.334323][ T8269] ? __virt_addr_valid+0x18c/0x540 [ 185.340901][ T8269] ? __virt_addr_valid+0x469/0x540 [ 185.346406][ T8269] do_mkdirat+0xa1/0x440 [ 185.351346][ T8269] ? vfs_mkdir+0x440/0x440 [ 185.357004][ T8269] __x64_sys_mkdirat+0x89/0xa0 [ 185.363023][ T8269] do_syscall_64+0x55/0xb0 [ 185.367934][ T8269] ? clear_bhb_loop+0x40/0x90 [ 185.372925][ T8269] ? clear_bhb_loop+0x40/0x90 [ 185.377749][ T8269] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 185.383949][ T8269] RIP: 0033:0x7f6d8c78d457 [ 185.389133][ T8269] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.410210][ T8269] RSP: 002b:00007f6d8d582e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 185.419637][ T8269] RAX: ffffffffffffffda RBX: 00007f6d8d582ef0 RCX: 00007f6d8c78d457 [ 185.428821][ T8269] RDX: 00000000000001ff RSI: 0000200000000040 RDI: 00000000ffffff9c [ 185.437434][ T8269] RBP: 00002000000002c0 R08: 00002000000000c0 R09: 0000000000000000 [ 185.446164][ T8269] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000200000000040 [ 185.454927][ T8269] R13: 00007f6d8d582eb0 R14: 0000000000000000 R15: 0000000000000000 [ 185.464142][ T8269] [ 185.487712][ T23] usb 1-1: unable to get BOS descriptor or descriptor too short [ 185.504919][ T5798] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 185.505002][ T5798] Bluetooth: hci3: adv larger than maximum supported [ 185.513043][ T5798] Bluetooth: hci3: Malformed LE Event: 0x0d [ 185.528275][ T23] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 185.560166][ T23] usb 1-1: can't read configurations, error -71 [ 185.715427][ T8302] loop2: detected capacity change from 0 to 1024 [ 185.786996][ T8302] hfsplus: inconsistency in B*Tree (0,1,255,1,0) [ 185.801920][ T8302] hfsplus: xattr searching failed [ 185.961675][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 186.810614][ T8315] loop0: detected capacity change from 0 to 32768 [ 186.828843][ T8315] BTRFS: device fsid 92aec1fe-fee8-4e05-92dc-790b47b871d9 devid 1 transid 8 /dev/loop0 scanned by syz.0.797 (8315) [ 186.878097][ T8315] BTRFS info (device loop0): first mount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9 [ 186.899743][ T8315] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 186.918639][ T8315] BTRFS info (device loop0): using free space tree [ 187.007558][ T8315] BTRFS info (device loop0): enabling ssd optimizations [ 187.027884][ T8315] BTRFS info (device loop0): auto enabling async discard [ 187.075264][ T8353] loop3: detected capacity change from 0 to 1024 [ 187.146567][ T8353] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 187.181770][ T23] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 187.288129][ T5795] BTRFS info (device loop0): last unmount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9 [ 187.339910][ T5794] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.372329][ T23] usb 3-1: Using ep0 maxpacket: 32 [ 187.389262][ T23] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 187.401559][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.443086][ T23] usb 3-1: config 0 descriptor?? [ 187.564568][ T8355] loop1: detected capacity change from 0 to 32768 [ 187.674934][ T23] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 187.719205][ T23] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 187.759173][ T23] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 187.783574][ T23] usb 3-1: media controller created [ 187.932971][ T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 188.026857][ T23] az6027: usb out operation failed. (-71) [ 188.054915][ T23] az6027: usb out operation failed. (-71) [ 188.061221][ T23] stb0899_attach: Driver disabled by Kconfig [ 188.091624][ T23] az6027: no front-end attached [ 188.091624][ T23] [ 188.102304][ T23] az6027: usb out operation failed. (-71) [ 188.109525][ T23] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 188.136871][ T23] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input13 [ 188.168471][ T23] dvb-usb: schedule remote query interval to 400 msecs. [ 188.180117][ T23] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 188.196878][ T23] usb 3-1: USB disconnect, device number 6 [ 188.245485][ T8374] netlink: 28 bytes leftover after parsing attributes in process `syz.3.815'. [ 188.257065][ T8374] netlink: 8 bytes leftover after parsing attributes in process `syz.3.815'. [ 188.279867][ T23] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 188.361912][ T5173] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 188.442219][ T8380] loop1: detected capacity change from 0 to 1024 [ 188.511213][ T8380] hfsplus: bad catalog entry used to create inode [ 188.557799][ T5173] usb 1-1: unable to get BOS descriptor or descriptor too short [ 188.574420][ T5173] usb 1-1: config 6 has an invalid interface number: 200 but max is 0 [ 188.584301][ T1068] hfsplus: b-tree write err: -5, ino 4 [ 188.590277][ T5173] usb 1-1: config 6 has no interface number 0 [ 188.606363][ T5173] usb 1-1: config 6 interface 200 has no altsetting 0 [ 188.622205][ T5173] usb 1-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f [ 188.636942][ T5173] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.662092][ T5173] usb 1-1: Product: syz [ 188.666798][ T5173] usb 1-1: Manufacturer: syz [ 188.694897][ T5173] usb 1-1: SerialNumber: syz [ 189.148038][ T8409] netlink: 'syz.1.832': attribute type 14 has an invalid length. [ 189.231033][ T8411] loop3: detected capacity change from 0 to 256 [ 189.480630][ T5173] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state. [ 189.501322][ T5173] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 189.511862][ T5173] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T) [ 189.527335][ T5173] usb 1-1: media controller created [ 189.563113][ T786] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 189.572411][ T5173] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 190.613408][ T5173] dvb-usb: bulk message failed: -71 (6/0) [ 190.622414][ T5173] dvb-usb: bulk message failed: -71 (6/0) [ 190.628411][ T5173] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T' [ 190.765443][ T8424] loop3: detected capacity change from 0 to 131072 [ 190.774450][ T8424] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0) [ 190.782665][ T8424] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 190.796116][ T5173] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input14 [ 190.807568][ T8424] F2FS-fs (loop3): invalid crc value [ 190.819006][ T5173] dvb-usb: schedule remote query interval to 150 msecs. [ 190.826316][ T5173] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected. [ 190.839581][ T786] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 190.854054][ T5173] usb 1-1: USB disconnect, device number 12 [ 190.860215][ T786] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.873280][ T786] usb 3-1: config 0 descriptor?? [ 190.878342][ T8424] F2FS-fs (loop3): Found nat_bits in checkpoint [ 190.939020][ T8424] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 190.946261][ T8424] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 190.964452][ T786] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 190.992231][ T5173] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected. [ 191.127426][ T8426] loop1: detected capacity change from 0 to 32768 [ 191.175797][ T786] gp8psk: usb in 128 operation failed. [ 191.187335][ T8426] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 191.414132][ T786] gp8psk: FW Version = 12.160.214 (0xca0d6) Build 2146/135/53 [ 191.428632][ T5789] (syz-executor,5789,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72 [ 191.444541][ T5789] ocfs2: Unmounting device (7,1) on (node local) [ 191.623521][ T786] gp8psk: usb in 149 operation failed. [ 191.631733][ T786] gp8psk: failed to get FPGA version [ 191.649479][ T786] gp8psk: usb in 138 operation failed. [ 191.655370][ T786] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 191.676085][ T786] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 191.711595][ T786] usb 3-1: USB disconnect, device number 7 [ 192.551136][ T8451] loop2: detected capacity change from 0 to 4096 [ 192.714959][ T8458] loop3: detected capacity change from 0 to 512 [ 192.739970][ T8443] loop1: detected capacity change from 0 to 32768 [ 192.749472][ T8443] XFS: noikeep mount option is deprecated. [ 192.761960][ T8458] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 192.769942][ T8458] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 192.783015][ T8443] XFS: noikeep mount option is deprecated. [ 192.791177][ T8458] System zones: 0-1, 15-15, 18-18, 34-34 [ 192.805450][ T8458] EXT4-fs (loop3): orphan cleanup on readonly fs [ 192.814290][ T8458] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 192.828413][ T8458] EXT4-fs warning (device loop3): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 192.870645][ T8443] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 192.892462][ T8458] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 192.913411][ T8458] EXT4-fs error (device loop3): ext4_orphan_get:1425: comm syz.3.851: bad orphan inode 16 [ 192.929760][ T8458] ext4_test_bit(bit=15, block=18) = 1 [ 192.943261][ T8458] is_bad_inode(inode)=0 [ 192.947500][ T8458] NEXT_ORPHAN(inode)=0 [ 192.951827][ T8458] max_ino=32 [ 192.955086][ T8458] i_nlink=2 [ 192.959730][ T8458] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 193.019059][ T8458] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 193.079676][ T5794] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #13: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic f300, entries 1, max 4(0), depth 0(0) [ 193.098320][ T8443] XFS (loop1): Ending clean mount [ 193.127355][ T5794] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #13: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic f300, entries 1, max 4(0), depth 0(0) [ 193.154692][ T8443] XFS (loop1): Quotacheck needed: Please wait. [ 193.247168][ T8443] XFS (loop1): Quotacheck: Done. [ 193.294043][ T6920] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.509342][ T5789] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 193.560129][ T6920] bridge0: port 3(syz_tun) entered disabled state [ 193.652516][ T6920] syz_tun (unregistering): left allmulticast mode [ 193.670080][ T6920] syz_tun (unregistering): left promiscuous mode [ 193.690664][ T6920] bridge0: port 3(syz_tun) entered disabled state [ 193.709483][ T8483] loop0: detected capacity change from 0 to 256 [ 194.121003][ T1112] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.253546][ T1112] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.447647][ T1112] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.613841][ T1112] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.647860][ T8497] loop2: detected capacity change from 0 to 512 [ 194.683452][ T8497] EXT4-fs (loop2): orphan cleanup on readonly fs [ 194.703734][ T8497] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #4: comm syz.2.868: pblk 0 bad header/extent: too large eh_depth - magic f30a, entries 1, max 4(4), depth 2048(2048) [ 194.758114][ T8497] EXT4-fs error (device loop2): ext4_quota_enable:7132: comm syz.2.868: Bad quota inode: 4, type: 1 [ 194.801504][ T8497] EXT4-fs warning (device loop2): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 194.816804][ T8497] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 194.825171][ T8497] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 194.930925][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.941582][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.003480][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.138207][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 195.150821][ T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 195.162555][ T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 195.178815][ T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 195.191022][ T8508] netlink: 8 bytes leftover after parsing attributes in process `syz.2.872'. [ 195.203262][ T50] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 195.217947][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 195.329136][ T1112] tipc: Left network mode [ 195.573975][ T8519] netlink: 4 bytes leftover after parsing attributes in process `syz.0.876'. [ 195.691550][ T23] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 195.881657][ T23] usb 3-1: Using ep0 maxpacket: 32 [ 195.900357][ T23] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 195.909403][ T23] usb 3-1: config 0 has no interface number 0 [ 195.918841][ T23] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 195.931495][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.940248][ T23] usb 3-1: Product: syz [ 195.960538][ T23] usb 3-1: Manufacturer: syz [ 195.965483][ T23] usb 3-1: SerialNumber: syz [ 195.973521][ T23] usb 3-1: config 0 descriptor?? [ 195.982911][ T23] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 196.001785][ T23] usb 3-1: selecting invalid altsetting 1 [ 196.007751][ T23] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 196.020456][ T23] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 196.031571][ T23] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 196.040036][ T23] usb 3-1: media controller created [ 196.065837][ T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 196.256243][ T23] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-32 [ 196.265944][ T8506] chnl_net:caif_netlink_parms(): no params data found [ 196.287107][ T23] zl10353_read_register: readreg error (reg=127, ret==-32) [ 196.498547][ T8521] loop1: detected capacity change from 0 to 40427 [ 196.518872][ T8521] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x7ffff [ 196.550333][ T8521] F2FS-fs (loop1): invalid crc value [ 196.603919][ T8521] F2FS-fs (loop1): Found nat_bits in checkpoint [ 196.604147][ T8541] loop0: detected capacity change from 0 to 512 [ 196.643122][ T8541] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 196.677514][ T8541] EXT4-fs (loop0): 1 truncate cleaned up [ 196.690601][ T8541] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 196.700059][ T8521] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 196.717354][ T8506] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.730227][ T8506] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.743484][ T8506] bridge_slave_0: entered allmulticast mode [ 196.751262][ T8506] bridge_slave_0: entered promiscuous mode [ 196.758285][ T5795] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.761922][ T8506] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.775044][ T8506] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.782437][ T8506] bridge_slave_1: entered allmulticast mode [ 196.791273][ T8506] bridge_slave_1: entered promiscuous mode [ 196.845460][ T28] audit: type=1800 audit(1755574226.889:27): pid=8521 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.877" name="file1" dev="loop1" ino=10 res=0 errno=0 [ 196.924823][ T5789] syz-executor: attempt to access beyond end of device [ 196.924823][ T5789] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 196.941635][ T5789] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 197.007831][ T8506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.053393][ T8506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.269887][ T8506] team0: Port device team_slave_0 added [ 197.283214][ T8506] team0: Port device team_slave_1 added [ 197.330369][ T5798] Bluetooth: hci2: command tx timeout [ 197.339126][ T8516] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 197.350846][ T23] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 197.397944][ T23] usb 3-1: USB disconnect, device number 8 [ 197.425234][ T8506] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 197.437635][ T8506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.481779][ T8506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 197.503748][ T8506] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 197.517595][ T8506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.550292][ T8506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 197.577157][ T1112] hsr_slave_0: left promiscuous mode [ 197.591838][ T1112] hsr_slave_1: left promiscuous mode [ 197.598353][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 197.612876][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 197.627619][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 197.646477][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 197.657239][ T1112] bridge_slave_1: left allmulticast mode [ 197.663066][ T1112] bridge_slave_1: left promiscuous mode [ 197.682289][ T1112] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.689718][ T8552] netlink: 108 bytes leftover after parsing attributes in process `syz.1.885'. [ 197.717277][ T1112] bridge_slave_0: left allmulticast mode [ 197.723306][ T1112] bridge_slave_0: left promiscuous mode [ 197.729405][ T1112] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.826558][ T1112] veth1_macvtap: left promiscuous mode [ 197.838191][ T1112] veth0_macvtap: left promiscuous mode [ 197.848471][ T1112] veth1_vlan: left promiscuous mode [ 197.854586][ T1112] veth0_vlan: left promiscuous mode [ 197.946040][ T8560] loop0: detected capacity change from 0 to 256 [ 198.202076][ T786] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 198.451606][ T5173] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 198.455809][ T8572] loop2: detected capacity change from 0 to 1024 [ 198.465775][ T786] usb 2-1: Using ep0 maxpacket: 16 [ 198.473338][ T786] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 198.483382][ T786] usb 2-1: config 0 has no interface number 0 [ 198.489578][ T786] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 198.519099][ T786] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 198.532404][ T786] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 198.543124][ T786] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 198.551286][ T786] usb 2-1: Product: syz [ 198.555943][ T786] usb 2-1: SerialNumber: syz [ 198.576289][ T786] usb 2-1: config 0 descriptor?? [ 198.585659][ T786] cm109 2-1:0.8: invalid payload size 0, expected 4 [ 198.594822][ T786] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input15 [ 198.732568][ T5173] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 198.749754][ T5173] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 198.758959][ T5173] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 198.776748][ T5173] usb 1-1: config 220 has no interface number 2 [ 198.806837][ T5173] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 198.821340][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 198.831101][ T5173] usb 1-1: config 220 interface 0 has no altsetting 0 [ 198.839131][ T5173] usb 1-1: config 220 interface 76 has no altsetting 0 [ 198.846305][ T5173] usb 1-1: config 220 interface 1 has no altsetting 0 [ 198.898939][ T5173] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 198.909569][ T5173] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.917762][ T5173] usb 1-1: Product: syz [ 198.922131][ T5173] usb 1-1: Manufacturer: syz [ 198.926831][ T5173] usb 1-1: SerialNumber: syz [ 199.028306][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 199.038375][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 199.053761][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 199.061267][ T27] usb 2-1: USB disconnect, device number 8 [ 199.067346][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 199.067376][ C1] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 199.118633][ T27] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 199.155764][ T5173] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 199.167196][ T5173] usb 1-1: No valid video chain found. [ 199.173193][ T5173] usb 1-1: selecting invalid altsetting 0 [ 199.216525][ T5173] usb 1-1: selecting invalid altsetting 0 [ 199.222740][ T5173] usbtest: probe of 1-1:220.1 failed with error -22 [ 199.231068][ T1112] team0 (unregistering): Port device team_slave_1 removed [ 199.233327][ T5173] usb 1-1: USB disconnect, device number 13 [ 199.320581][ T1112] team0 (unregistering): Port device team_slave_0 removed [ 199.388982][ T1112] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 199.414231][ T5798] Bluetooth: hci2: command tx timeout [ 199.462613][ T1112] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 199.724800][ T8578] capability: warning: `syz.1.899' uses 32-bit capabilities (legacy support in use) [ 199.845539][ T8580] loop0: detected capacity change from 0 to 2048 [ 199.905161][ T8580] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.045538][ T5795] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.369005][ T1112] bond0 (unregistering): Released all slaves [ 200.685225][ T8506] hsr_slave_0: entered promiscuous mode [ 200.732202][ T8506] hsr_slave_1: entered promiscuous mode [ 200.744055][ T8506] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 200.763363][ T8506] Cannot create hsr debugfs directory [ 201.106777][ T8613] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 201.170940][ T8613] mac80211_hwsim hwsim4 wlan0: left promiscuous mode [ 201.488813][ T5798] Bluetooth: hci2: command tx timeout [ 201.546401][ T8506] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 201.564808][ T8506] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 201.580780][ T8506] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 201.636998][ T8610] loop2: detected capacity change from 0 to 32768 [ 201.643872][ T8506] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 201.848533][ T8506] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.897754][ T8506] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.935427][ T3451] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.942728][ T3451] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.978503][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.985799][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.254808][ T8630] loop1: detected capacity change from 0 to 2048 [ 202.283996][ T8630] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 202.435318][ T8621] loop0: detected capacity change from 0 to 32768 [ 202.466661][ T8621] XFS: attr2 mount option is deprecated. [ 202.520282][ T8621] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 202.552866][ T8506] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.574302][ T8621] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 202.701351][ T8621] XFS (loop0): Ending clean mount [ 202.719759][ T8621] XFS (loop0): Quotacheck needed: Please wait. [ 202.831782][ T8621] XFS (loop0): Quotacheck: Done. [ 202.969668][ T5795] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 203.051280][ T8660] loop1: detected capacity change from 0 to 1764 [ 203.171246][ T8660] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 203.365771][ T8506] veth0_vlan: entered promiscuous mode [ 203.406072][ T8506] veth1_vlan: entered promiscuous mode [ 203.495366][ T8668] loop0: detected capacity change from 0 to 1024 [ 203.496507][ T8506] veth0_macvtap: entered promiscuous mode [ 203.537912][ T8506] veth1_macvtap: entered promiscuous mode [ 203.563158][ T5798] Bluetooth: hci2: command tx timeout [ 203.604379][ T8506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 203.625553][ T8506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.662768][ T8506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 203.686030][ T8506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.706496][ T8506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 203.727622][ T8506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.752191][ T8506] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 203.782682][ T8506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 203.803914][ T8506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.805870][ T1092] hfsplus: b-tree write err: -5, ino 3 [ 203.821958][ T8506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 203.841626][ T8506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.861693][ T8506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 203.891535][ T8506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.914590][ T8506] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 203.954701][ T8506] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.978855][ T8672] loop0: detected capacity change from 0 to 64 [ 203.985247][ T8506] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.995870][ T8506] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.007788][ T8672] hfs: unable to locate alternate MDB [ 204.014023][ T8672] hfs: continuing without an alternate MDB [ 204.019968][ T8506] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.201836][ T8666] loop1: detected capacity change from 0 to 32768 [ 204.267645][ T8666] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 204.352995][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.360999][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.361590][ T8666] XFS (loop1): Ending clean mount [ 204.385549][ T8666] XFS (loop1): Quotacheck needed: Please wait. [ 204.414344][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.450503][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.465534][ T8666] XFS (loop1): Quotacheck: Done. [ 204.888282][ T5789] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 205.891803][ T5880] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 205.954790][ T8719] loop1: detected capacity change from 0 to 1024 [ 205.974962][ T8704] loop0: detected capacity change from 0 to 40427 [ 206.007200][ T8704] F2FS-fs (loop0): invalid crc value [ 206.046706][ T8704] F2FS-fs (loop0): Found nat_bits in checkpoint [ 206.090126][ T1068] hfsplus: b-tree write err: -5, ino 8 [ 206.103809][ T5880] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 206.126658][ T5880] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 206.138076][ T5880] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 206.156591][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.171989][ T8704] F2FS-fs (loop0): Start checkpoint disabled! [ 206.179761][ T5880] usb 5-1: config 0 descriptor?? [ 206.203680][ T5880] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 206.215293][ T8704] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 206.232639][ T5880] dvb-usb: bulk message failed: -22 (3/0) [ 206.253982][ T5880] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 206.272523][ T5880] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 206.290049][ T5880] usb 5-1: media controller created [ 206.308091][ T5880] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 206.335574][ T5880] dvb-usb: bulk message failed: -22 (6/0) [ 206.357309][ T5880] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 206.374485][ T5880] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input16 [ 206.406347][ T8711] dvb-usb: bulk message failed: -22 (2/0) [ 206.416309][ T5880] dvb-usb: schedule remote query interval to 150 msecs. [ 206.435055][ T5880] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 206.453860][ T5880] usb 5-1: USB disconnect, device number 2 [ 206.483551][ T59] kworker/u4:4: attempt to access beyond end of device [ 206.483551][ T59] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 206.492252][ T5880] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 206.504929][ T59] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 206.521269][ T59] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 206.596164][ T8715] loop2: detected capacity change from 0 to 40427 [ 206.609619][ T8715] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 206.620705][ T8715] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 206.629346][ T23] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 206.639662][ T8715] F2FS-fs (loop2): build fault injection attr: rate: 18446, type: 0x7ffff [ 206.677125][ T8715] F2FS-fs (loop2): invalid crc value [ 206.685185][ T8715] F2FS-fs (loop2): Found nat_bits in checkpoint [ 206.754676][ T8715] F2FS-fs (loop2): Start checkpoint disabled! [ 206.763957][ T8715] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 206.775723][ T8715] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 206.825371][ T23] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 206.834826][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.878482][ T23] usb 2-1: config 0 descriptor?? [ 206.894027][ T23] cp210x 2-1:0.0: cp210x converter detected [ 206.911350][ T8729] loop0: detected capacity change from 0 to 64 [ 206.946717][ T28] audit: type=1800 audit(1755574236.989:28): pid=8729 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.949" name="file1" dev="loop0" ino=5 res=0 errno=0 [ 207.006315][ T1068] kworker/u4:5: attempt to access beyond end of device [ 207.006315][ T1068] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 207.035320][ T1068] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 207.120597][ T8731] loop4: detected capacity change from 0 to 1024 [ 207.128034][ T8731] EXT4-fs: Ignoring removed orlov option [ 207.187183][ T8731] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.207120][ T28] audit: type=1326 audit(1755574237.249:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8730 comm="syz.4.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214038ebe9 code=0x7ffc0000 [ 207.244270][ T28] audit: type=1326 audit(1755574237.249:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8730 comm="syz.4.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214038ebe9 code=0x7ffc0000 [ 207.266714][ T28] audit: type=1326 audit(1755574237.249:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8730 comm="syz.4.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f214038d457 code=0x7ffc0000 [ 207.289206][ T28] audit: type=1326 audit(1755574237.249:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8730 comm="syz.4.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214038ebe9 code=0x7ffc0000 [ 207.291896][ T8506] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.314036][ T28] audit: type=1326 audit(1755574237.249:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8730 comm="syz.4.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=316 compat=0 ip=0x7f214038ebe9 code=0x7ffc0000 [ 207.347131][ T28] audit: type=1326 audit(1755574237.249:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8730 comm="syz.4.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f214038ebe9 code=0x7ffc0000 [ 207.363818][ T23] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 207.396152][ T23] usb 2-1: cp210x converter now attached to ttyUSB0 [ 207.593660][ T9] usb 2-1: USB disconnect, device number 9 [ 207.620708][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 207.649333][ T8745] netlink: 8 bytes leftover after parsing attributes in process `syz.2.955'. [ 207.656664][ T9] cp210x 2-1:0.0: device disconnected [ 207.669931][ T8745] vlan2: entered allmulticast mode [ 207.741382][ T8747] loop4: detected capacity change from 0 to 1024 [ 207.765975][ T8747] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 207.812806][ T8506] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.021828][ T23] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 208.211557][ T23] usb 3-1: Using ep0 maxpacket: 32 [ 208.219970][ T23] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 208.246254][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.268232][ T23] usb 3-1: config 0 descriptor?? [ 208.494262][ T23] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 208.520937][ T23] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 208.550249][ T23] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 208.569186][ T23] usb 3-1: media controller created [ 208.626731][ T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 208.694928][ T8749] az6027: more than 2 i2c messages at a time is not handled yet. TODO. [ 208.709859][ T23] az6027: usb out operation failed. (-71) [ 208.718053][ T23] az6027: usb out operation failed. (-71) [ 208.724795][ T23] stb0899_attach: Driver disabled by Kconfig [ 208.735844][ T23] az6027: no front-end attached [ 208.735844][ T23] [ 208.751765][ T23] az6027: usb out operation failed. (-71) [ 208.757588][ T23] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 208.776228][ T23] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input17 [ 208.791676][ T23] dvb-usb: schedule remote query interval to 400 msecs. [ 208.808973][ T23] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 208.810794][ T8784] loop1: detected capacity change from 0 to 1024 [ 208.830861][ T23] usb 3-1: USB disconnect, device number 9 [ 208.881295][ T8786] loop0: detected capacity change from 0 to 2048 [ 208.907325][ T23] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 208.917066][ T8786] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 208.930964][ T59] hfsplus: b-tree write err: -5, ino 4 [ 208.959369][ T8787] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 209.620430][ T8815] warning: `syz.1.986' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 209.765362][ T8817] netlink: 8 bytes leftover after parsing attributes in process `syz.4.987'. [ 209.855643][ T8819] bond_slave_0: entered promiscuous mode [ 209.861964][ T8819] bond_slave_1: entered promiscuous mode [ 209.883864][ T8819] bond_slave_0: left promiscuous mode [ 209.889869][ T8819] bond_slave_1: left promiscuous mode [ 209.992593][ T8821] loop4: detected capacity change from 0 to 1024 [ 210.231064][ T8806] loop0: detected capacity change from 0 to 40427 [ 210.240403][ T8806] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 210.251736][ T8806] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 210.263663][ T8824] netlink: 56 bytes leftover after parsing attributes in process `syz.1.991'. [ 210.277919][ T8813] loop2: detected capacity change from 0 to 32768 [ 210.287609][ T8806] F2FS-fs (loop0): build fault injection attr: rate: 17008, type: 0x7ffff [ 210.287647][ T8806] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x6 [ 210.290083][ T8806] F2FS-fs (loop0): invalid crc value [ 210.339025][ T8813] find_entry called with index = 0 [ 210.357835][ T8806] F2FS-fs (loop0): Found nat_bits in checkpoint [ 210.513303][ T8806] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 210.533479][ T8806] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 210.708125][ T5795] syz-executor: attempt to access beyond end of device [ 210.708125][ T5795] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 210.752236][ T5795] F2FS-fs (loop0): Remounting filesystem read-only [ 211.643270][ T8852] loop1: detected capacity change from 0 to 2048 [ 211.698980][ T8852] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 211.732155][ T8852] ext4 filesystem being mounted at /275/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 211.763920][ T8835] loop4: detected capacity change from 0 to 40427 [ 211.781640][ T8835] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 211.789456][ T8835] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 211.811386][ T8850] EXT4-fs error (device loop1): ext4_free_inode:356: comm syz.1.1003: bit already cleared for inode 15 [ 211.845645][ T8835] F2FS-fs (loop4): Found nat_bits in checkpoint [ 211.964671][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.983432][ T8835] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 212.018691][ T8835] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 212.780628][ T8879] pimreg: tun_chr_ioctl cmd 1074812117 [ 213.389731][ T8903] loop2: detected capacity change from 0 to 256 [ 213.410425][ T8903] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 213.434706][ T8903] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 213.491873][ T8903] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 213.538230][ T28] audit: type=1800 audit(1755574243.579:35): pid=8903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1019" name="file1" dev="loop2" ino=1048631 res=0 errno=0 [ 213.581053][ T8903] exFAT-fs (loop2): error, invalid access to FAT (entry 0xffffffff) [ 213.611615][ T8903] exFAT-fs (loop2): Filesystem has been set read-only [ 213.668642][ T8886] loop4: detected capacity change from 0 to 40427 [ 213.683371][ T8886] F2FS-fs (loop4): heap/no_heap options were deprecated [ 213.704344][ T8886] F2FS-fs (loop4): invalid crc value [ 213.727229][ T8886] F2FS-fs (loop4): Found nat_bits in checkpoint [ 213.752377][ T5875] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 213.789370][ T8886] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 213.849283][ T8913] loop2: detected capacity change from 0 to 4096 [ 213.860886][ T8913] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 213.872798][ T8506] syz-executor: attempt to access beyond end of device [ 213.872798][ T8506] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 213.883643][ T8913] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 213.892634][ T8506] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 213.942994][ T5875] usb 2-1: Using ep0 maxpacket: 32 [ 213.954463][ T5875] usb 2-1: unable to get BOS descriptor or descriptor too short [ 213.963978][ T5875] usb 2-1: config 6 has an invalid interface number: 2 but max is 0 [ 213.976565][ T5875] usb 2-1: config 6 has no interface number 0 [ 213.983239][ T5875] usb 2-1: config 6 interface 2 has no altsetting 0 [ 213.996154][ T5875] usb 2-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=5e.56 [ 214.015606][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.031541][ T5875] usb 2-1: Product: syz [ 214.040569][ T5875] usb 2-1: Manufacturer: syz [ 214.048161][ T5875] usb 2-1: SerialNumber: syz [ 214.049295][ T1112] ntfs3: loop2: ino=5, ntfs3_write_inode failed, -22. [ 214.405269][ T8923] loop2: detected capacity change from 0 to 16 [ 214.413606][ T8923] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 214.488807][ T5875] qmi_wwan 2-1:6.2: bogus CDC Union: master=0, slave=0 [ 214.880239][ T8940] netlink: 'syz.4.1034': attribute type 21 has an invalid length. [ 214.893270][ T8940] netlink: 'syz.4.1034': attribute type 1 has an invalid length. [ 214.901168][ T8940] netlink: 'syz.4.1034': attribute type 2 has an invalid length. [ 214.903285][ T5875] qmi_wwan: probe of 2-1:6.2 failed with error -22 [ 214.911708][ T8940] netlink: 9062 bytes leftover after parsing attributes in process `syz.4.1034'. [ 214.946732][ T5875] usb 2-1: USB disconnect, device number 10 [ 215.267988][ T8952] loop4: detected capacity change from 0 to 128 [ 215.429084][ T8936] loop2: detected capacity change from 0 to 32768 [ 215.447522][ T8954] sp0: Synchronizing with TNC [ 215.470027][ T8936] [ 215.470027][ T8936] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 215.470027][ T8936] [ 215.578107][ T8936] [ 215.578107][ T8936] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 215.578107][ T8936] [ 215.602433][ T8936] [ 215.602433][ T8936] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 215.602433][ T8936] [ 215.613453][ T8936] [ 215.613453][ T8936] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 215.613453][ T8936] [ 215.670003][ T8936] JFS: metapage_get_blocks failed [ 215.679170][ T8936] [ 215.679170][ T8936] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 215.679170][ T8936] [ 215.692745][ T8964] loop1: detected capacity change from 0 to 1024 [ 215.700009][ T8962] ERROR: (device loop2): diWrite: ixpxd invalid [ 215.700009][ T8962] [ 215.714389][ T8962] ERROR: (device loop2): txCommit: [ 215.714389][ T8962] [ 215.722617][ T8962] ERROR: (device loop2): diFree: invalid inoext [ 215.722617][ T8962] [ 215.769057][ T8966] loop4: detected capacity change from 0 to 1024 [ 215.781280][ T12] ERROR: (device loop2): diWrite: ixpxd invalid [ 215.781280][ T12] [ 215.790370][ T12] ERROR: (device loop2): txCommit: [ 215.790370][ T12] [ 215.792177][ T8964] hfsplus: catalog searching failed [ 215.800535][ T12] jfs_write_inode: jfs_commit_inode failed! [ 215.817796][ T5785] [ 215.817796][ T5785] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 215.817796][ T5785] [ 215.830422][ T5785] [ 215.830422][ T5785] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 215.830422][ T5785] [ 215.848948][ T8966] hfsplus: keylen 65060 too large [ 215.859253][ T8966] hfsplus: xattr search failed [ 215.864460][ T23] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 215.877354][ T1092] hfsplus: b-tree write err: -5, ino 3 [ 216.003354][ T8970] loop1: detected capacity change from 0 to 128 [ 216.031164][ T8970] EXT4-fs: Ignoring removed nobh option [ 216.064320][ T8970] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 216.076848][ T23] usb 1-1: Using ep0 maxpacket: 32 [ 216.094234][ T8973] loop2: detected capacity change from 0 to 2048 [ 216.107070][ T23] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 216.111108][ T8970] ext4 filesystem being mounted at /284/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 216.119842][ T23] usb 1-1: config 0 has no interface number 0 [ 216.147112][ T8973] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 216.153082][ T8970] fscrypt (loop1, inode 12): Can't use IV_INO_LBLK_32 policy with contents mode other than AES-256-XTS [ 216.172668][ T23] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 216.182192][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.191196][ T23] usb 1-1: Product: syz [ 216.195764][ T23] usb 1-1: Manufacturer: syz [ 216.200400][ T23] usb 1-1: SerialNumber: syz [ 216.209481][ T23] usb 1-1: config 0 descriptor?? [ 216.215292][ T8973] EXT4-fs error (device loop2): ext4_find_extent:936: inode #2: comm syz.2.1047: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 216.218384][ T23] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 216.249722][ T5789] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 216.254248][ T8973] EXT4-fs (loop2): Remounting filesystem read-only [ 216.328199][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.433457][ T23] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 216.457447][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 216.471888][ T23] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 216.615608][ T8989] loop2: detected capacity change from 0 to 512 [ 216.629323][ T8989] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 216.637756][ T8989] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 216.650101][ T8989] EXT4-fs (loop2): 1 truncate cleaned up [ 216.658320][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 216.663719][ T8989] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 216.669351][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 216.693459][ T9] usb 5-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 216.702630][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.713082][ T9] usb 5-1: config 0 descriptor?? [ 216.733800][ T8989] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 216.750457][ T8989] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 216.804972][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.853004][ C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 216.856031][ T8993] loop1: detected capacity change from 0 to 1024 [ 216.874784][ T23] usb 1-1: USB disconnect, device number 14 [ 216.887231][ T23] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 216.921150][ T23] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 216.953157][ T23] quatech2 1-1:0.51: device disconnected [ 216.967883][ T8995] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1056'. [ 217.167769][ T9] uclogic 0003:5543:0522.0003: No inputs registered, leaving [ 217.183202][ T9] uclogic 0003:5543:0522.0003: hidraw0: USB HID v0.00 Device [HID 5543:0522] on usb-dummy_hcd.4-1/input0 [ 217.391254][ T27] usb 5-1: USB disconnect, device number 3 [ 217.590263][ T9001] loop2: detected capacity change from 0 to 32768 [ 217.616153][ T9001] (syz.2.1059,9001,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 217.625972][ T9004] loop1: detected capacity change from 0 to 1024 [ 217.635167][ T9001] (syz.2.1059,9001,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 217.642691][ T9006] loop0: detected capacity change from 0 to 256 [ 217.656741][ T9004] EXT4-fs: Ignoring removed mblk_io_submit option [ 217.663501][ T9004] EXT4-fs: inline encryption not supported [ 217.663566][ T9001] JBD2: Ignoring recovery information on journal [ 217.682855][ T9004] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 217.706345][ T9004] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c802e018, mo2=0000] [ 217.707029][ T9006] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 217.725875][ T9004] EXT4-fs error (device loop1): ext4_orphan_get:1425: comm syz.1.1060: bad orphan inode 11 [ 217.731402][ T9006] FAT-fs (loop0): Filesystem has been set read-only [ 217.743296][ T9006] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 217.751922][ T9004] ext4_test_bit(bit=10, block=4) = 1 [ 217.753713][ T9006] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 217.761133][ T9004] is_bad_inode(inode)=0 [ 217.777664][ T28] audit: type=1800 audit(1755574247.819:36): pid=9006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1061" name="file1" dev="loop0" ino=1048632 res=0 errno=0 [ 217.783933][ T9004] NEXT_ORPHAN(inode)=3254779904 [ 217.803856][ T9004] max_ino=32 [ 217.806618][ T9001] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 217.818238][ T9004] i_nlink=0 [ 217.828170][ T9004] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #3: block 2: comm syz.1.1060: lblock 2 mapped to illegal pblock 2 (length 1) [ 217.843218][ T9004] Quota error (device loop1): qtree_write_dquot: dquota write failed [ 217.856844][ T9004] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #3: block 48: comm syz.1.1060: lblock 0 mapped to illegal pblock 48 (length 1) [ 217.874838][ T9004] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 217.885369][ T9004] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.1060: Failed to acquire dquot type 0 [ 217.897379][ T9004] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 217.930190][ T9004] EXT4-fs error (device loop1): ext4_evict_inode:252: inode #11: comm syz.1.1060: mark_inode_dirty error [ 217.943328][ T9004] EXT4-fs warning (device loop1): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 217.957853][ T9004] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 218.035959][ T9001] [ 218.038375][ T9001] ====================================================== [ 218.045429][ T9001] WARNING: possible circular locking dependency detected [ 218.052491][ T9001] 6.6.102-syzkaller #0 Not tainted [ 218.057687][ T9001] ------------------------------------------------------ [ 218.064749][ T9001] syz.2.1059/9001 is trying to acquire lock: [ 218.070762][ T9001] ffff88805586b498 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}, at: ocfs2_evict_inode+0x1313/0x3e60 [ 218.083292][ T9001] [ 218.083292][ T9001] but task is already holding lock: [ 218.090693][ T9001] ffff888055869818 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}, at: ocfs2_evict_inode+0x20ab/0x3e60 [ 218.103028][ T9001] [ 218.103028][ T9001] which lock already depends on the new lock. [ 218.103028][ T9001] [ 218.113460][ T9001] [ 218.113460][ T9001] the existing dependency chain (in reverse order) is: [ 218.122512][ T9001] [ 218.122512][ T9001] -> #3 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}: [ 218.132907][ T9001] down_write+0x97/0x1f0 [ 218.137814][ T9001] ocfs2_del_inode_from_orphan+0x135/0x740 [ 218.144205][ T9001] ocfs2_dio_end_io+0x47b/0x10f0 [ 218.149902][ T9001] dio_complete+0x254/0x710 [ 218.154978][ T9001] __blockdev_direct_IO+0x2dc8/0x3420 [ 218.160911][ T9001] ocfs2_direct_IO+0x240/0x2b0 [ 218.166230][ T9001] generic_file_direct_write+0x1d4/0x3e0 [ 218.172433][ T9001] __generic_file_write_iter+0x11b/0x230 [ 218.178651][ T9001] ocfs2_file_write_iter+0x1582/0x1d00 [ 218.184666][ T9001] do_iter_write+0x79a/0xc70 [ 218.189841][ T9001] do_writev+0x252/0x410 [ 218.194659][ T9001] do_syscall_64+0x55/0xb0 [ 218.199638][ T9001] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 218.206259][ T9001] [ 218.206259][ T9001] -> #2 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}: [ 218.215141][ T9001] down_write+0x97/0x1f0 [ 218.219934][ T9001] ocfs2_create_local_dquot+0x1a4/0x1790 [ 218.226242][ T9001] ocfs2_acquire_dquot+0x7cf/0xaf0 [ 218.231904][ T9001] dqget+0x77c/0xeb0 [ 218.236340][ T9001] __dquot_initialize+0x3ba/0xcb0 [ 218.241919][ T9001] ocfs2_get_init_inode+0x13c/0x1b0 [ 218.247883][ T9001] ocfs2_mknod+0x867/0x20f0 [ 218.253105][ T9001] vfs_mknod+0x32b/0x360 [ 218.258085][ T9001] do_mknodat+0x37e/0x4f0 [ 218.262991][ T9001] __x64_sys_mknodat+0xa9/0xc0 [ 218.268312][ T9001] do_syscall_64+0x55/0xb0 [ 218.273266][ T9001] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 218.279699][ T9001] [ 218.279699][ T9001] -> #1 (&dquot->dq_lock){+.+.}-{3:3}: [ 218.287386][ T9001] __mutex_lock+0x129/0xcc0 [ 218.292445][ T9001] dqget+0x6fc/0xeb0 [ 218.296900][ T9001] __dquot_initialize+0x3ba/0xcb0 [ 218.302488][ T9001] ocfs2_get_init_inode+0x13c/0x1b0 [ 218.308271][ T9001] ocfs2_mknod+0x867/0x20f0 [ 218.313322][ T9001] vfs_mknod+0x32b/0x360 [ 218.318096][ T9001] do_mknodat+0x37e/0x4f0 [ 218.323076][ T9001] __x64_sys_mknodat+0xa9/0xc0 [ 218.328395][ T9001] do_syscall_64+0x55/0xb0 [ 218.333349][ T9001] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 218.339789][ T9001] [ 218.339789][ T9001] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}: [ 218.350325][ T9001] __lock_acquire+0x2ddb/0x7c80 [ 218.355725][ T9001] lock_acquire+0x197/0x410 [ 218.360774][ T9001] down_write+0x97/0x1f0 [ 218.365572][ T9001] ocfs2_evict_inode+0x1313/0x3e60 [ 218.371263][ T9001] evict+0x486/0x870 [ 218.375709][ T9001] ocfs2_dentry_iput+0x248/0x370 [ 218.381231][ T9001] __dentry_kill+0x431/0x650 [ 218.386376][ T9001] dentry_kill+0xb8/0x290 [ 218.391251][ T9001] dput+0xfe/0x1e0 [ 218.395547][ T9001] do_renameat2+0x8b1/0xc70 [ 218.400595][ T9001] __x64_sys_renameat2+0xd2/0xe0 [ 218.406119][ T9001] do_syscall_64+0x55/0xb0 [ 218.411095][ T9001] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 218.417729][ T9001] [ 218.417729][ T9001] other info that might help us debug this: [ 218.417729][ T9001] [ 218.427985][ T9001] Chain exists of: [ 218.427985][ T9001] &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2 --> &ocfs2_quota_ip_alloc_sem_key --> &ocfs2_sysfile_lock_key[args->fi_sysfile_type] [ 218.427985][ T9001] [ 218.447840][ T9001] Possible unsafe locking scenario: [ 218.447840][ T9001] [ 218.455319][ T9001] CPU0 CPU1 [ 218.460728][ T9001] ---- ---- [ 218.466290][ T9001] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]); [ 218.473446][ T9001] lock(&ocfs2_quota_ip_alloc_sem_key); [ 218.481646][ T9001] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]); [ 218.491358][ T9001] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2); [ 218.498694][ T9001] [ 218.498694][ T9001] *** DEADLOCK *** [ 218.498694][ T9001] [ 218.506870][ T9001] 4 locks held by syz.2.1059/9001: [ 218.511996][ T9001] #0: ffff888031230418 (sb_writers#23){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 218.521267][ T9001] #1: ffff888076b2c2d8 (&type->i_mutex_dir_key#16/1){+.+.}-{3:3}, at: do_renameat2+0x427/0xc70 [ 218.531771][ T9001] #2: ffff8880312fcbd0 (&osb->nfs_sync_rwlock){.+.+}-{3:3}, at: ocfs2_nfs_sync_lock+0x107/0x250 [ 218.542338][ T9001] #3: ffff888055869818 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}, at: ocfs2_evict_inode+0x20ab/0x3e60 [ 218.555105][ T9001] [ 218.555105][ T9001] stack backtrace: [ 218.561008][ T9001] CPU: 0 PID: 9001 Comm: syz.2.1059 Not tainted 6.6.102-syzkaller #0 [ 218.569175][ T9001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 218.579351][ T9001] Call Trace: [ 218.582748][ T9001] [ 218.585718][ T9001] dump_stack_lvl+0x16c/0x230 [ 218.590436][ T9001] ? load_image+0x3b0/0x3b0 [ 218.595031][ T9001] ? show_regs_print_info+0x20/0x20 [ 218.600253][ T9001] ? print_circular_bug+0x12b/0x1a0 [ 218.605480][ T9001] check_noncircular+0x2bd/0x3c0 [ 218.610455][ T9001] ? print_deadlock_bug+0x5d0/0x5d0 [ 218.615687][ T9001] ? lockdep_lock+0xe0/0x220 [ 218.620312][ T9001] ? _find_first_zero_bit+0xd3/0x100 [ 218.625631][ T9001] __lock_acquire+0x2ddb/0x7c80 [ 218.630511][ T9001] ? ocfs2_get_system_file_inode+0x1e3/0x7b0 [ 218.636507][ T9001] ? __lock_acquire+0x7c80/0x7c80 [ 218.641553][ T9001] ? verify_lock_unused+0x140/0x140 [ 218.646795][ T9001] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 218.652497][ T9001] ? do_raw_spin_lock+0x121/0x2c0 [ 218.657542][ T9001] ? mutex_unlock+0x10/0x10 [ 218.662079][ T9001] lock_acquire+0x197/0x410 [ 218.666628][ T9001] ? ocfs2_evict_inode+0x1313/0x3e60 [ 218.672037][ T9001] ? ocfs2_get_system_file_inode+0x1f1/0x7b0 [ 218.678041][ T9001] ? __might_sleep+0xe0/0xe0 [ 218.682662][ T9001] ? read_lock_is_recursive+0x20/0x20 [ 218.688532][ T9001] ? ocfs2_fast_symlink_read_folio+0x530/0x530 [ 218.694712][ T9001] ? ocfs2_evict_inode+0xd32/0x3e60 [ 218.700067][ T9001] down_write+0x97/0x1f0 [ 218.704351][ T9001] ? ocfs2_evict_inode+0x1313/0x3e60 [ 218.709669][ T9001] ? down_read_killable+0x340/0x340 [ 218.714902][ T9001] ocfs2_evict_inode+0x1313/0x3e60 [ 218.720264][ T9001] ? ocfs2_sync_blockdev+0x40/0x40 [ 218.725481][ T9001] ? __lock_acquire+0x1334/0x7c80 [ 218.730521][ T9001] ? filemap_get_folios_tag+0xee/0x810 [ 218.736128][ T9001] ? filemap_get_folios_contig+0xdc0/0xdc0 [ 218.741984][ T9001] ? mark_lock+0x94/0x320 [ 218.746352][ T9001] ? __lock_acquire+0x1334/0x7c80 [ 218.751411][ T9001] ? verify_lock_unused+0x140/0x140 [ 218.756679][ T9001] ? mark_lock+0x94/0x320 [ 218.761027][ T9001] ? __lock_acquire+0x1334/0x7c80 [ 218.766093][ T9001] ? verify_lock_unused+0x140/0x140 [ 218.771311][ T9001] ? writeback_single_inode+0x23d/0x720 [ 218.776879][ T9001] ? __lock_acquire+0x1334/0x7c80 [ 218.781936][ T9001] ? verify_lock_unused+0x140/0x140 [ 218.787191][ T9001] ? inode_wait_for_writeback+0x1b4/0x200 [ 218.792950][ T9001] ? __lock_acquire+0x7c80/0x7c80 [ 218.797984][ T9001] ? do_raw_spin_lock+0x121/0x2c0 [ 218.803035][ T9001] ? _raw_spin_unlock+0x28/0x40 [ 218.807933][ T9001] ? __rwlock_init+0x150/0x150 [ 218.812743][ T9001] ? do_raw_spin_unlock+0x121/0x230 [ 218.818020][ T9001] ? _raw_spin_unlock+0x28/0x40 [ 218.822908][ T9001] ? inode_wait_for_writeback+0x1b4/0x200 [ 218.828764][ T9001] ? evict+0x451/0x870 [ 218.832941][ T9001] ? sb_clear_inode_writeback+0x360/0x360 [ 218.838686][ T9001] ? do_raw_spin_lock+0x121/0x2c0 [ 218.843741][ T9001] ? bit_waitqueue+0x30/0x30 [ 218.848392][ T9001] ? do_raw_spin_unlock+0x121/0x230 [ 218.853641][ T9001] ? ocfs2_sync_blockdev+0x40/0x40 [ 218.858803][ T9001] evict+0x486/0x870 [ 218.862738][ T9001] ? __lock_acquire+0x7c80/0x7c80 [ 218.867822][ T9001] ? proc_nr_inodes+0x230/0x230 [ 218.872700][ T9001] ? do_raw_spin_unlock+0x121/0x230 [ 218.877918][ T9001] ? _raw_spin_unlock+0x28/0x40 [ 218.882804][ T9001] ? iput+0x70a/0x920 [ 218.886962][ T9001] ocfs2_dentry_iput+0x248/0x370 [ 218.891926][ T9001] ? fsnotify_grab_connector+0x3f/0x230 [ 218.897582][ T9001] ? ocfs2_dentry_revalidate+0xbc0/0xbc0 [ 218.903854][ T9001] ? fsnotify_destroy_marks+0x82/0x310 [ 218.909378][ T9001] ? dentry_unlink_inode+0x2e4/0x3c0 [ 218.914696][ T9001] __dentry_kill+0x431/0x650 [ 218.919408][ T9001] dentry_kill+0xb8/0x290 [ 218.923768][ T9001] ? dput+0x3b/0x1e0 [ 218.927679][ T9001] dput+0xfe/0x1e0 [ 218.931446][ T9001] do_renameat2+0x8b1/0xc70 [ 218.935988][ T9001] ? fsnotify_move+0x4e0/0x4e0 [ 218.940770][ T9001] ? __check_object_size+0x506/0xa30 [ 218.946129][ T9001] ? getname_flags+0x20a/0x500 [ 218.950926][ T9001] __x64_sys_renameat2+0xd2/0xe0 [ 218.956181][ T9001] do_syscall_64+0x55/0xb0 [ 218.960640][ T9001] ? clear_bhb_loop+0x40/0x90 [ 218.965334][ T9001] ? clear_bhb_loop+0x40/0x90 [ 218.970026][ T9001] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 218.975954][ T9001] RIP: 0033:0x7fbe9e58ebe9 [ 218.980388][ T9001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 219.000182][ T9001] RSP: 002b:00007fbe9f31d038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 219.008728][ T9001] RAX: ffffffffffffffda RBX: 00007fbe9e7b5fa0 RCX: 00007fbe9e58ebe9 [ 219.016745][ T9001] RDX: ffffffffffffff9c RSI: 00002000000008c0 RDI: ffffffffffffff9c [ 219.024753][ T9001] RBP: 00007fbe9e611e19 R08: 0000000000000000 R09: 0000000000000000 [ 219.032759][ T9001] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 219.040747][ T9001] R13: 00007fbe9e7b6038 R14: 00007fbe9e7b5fa0 R15: 00007ffc50766998 [ 219.048772][ T9001] [ 219.060386][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.072596][ T5789] EXT4-fs error (device loop1): __ext4_get_inode_loc:4483: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 219.087908][ T5789] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 219.098626][ T5789] EXT4-fs error (device loop1): ext4_quota_off:7222: inode #3: comm syz-executor: mark_inode_dirty error [ 219.123596][ T5785] ocfs2: Unmounting device (7,2) on (node local) [ 219.157982][ T9017] loop1: detected capacity change from 0 to 512 [ 219.166767][ T9017] EXT4-fs: Ignoring removed nobh option [ 219.205525][ T9017] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #3: comm syz.1.1063: corrupted inode contents [ 219.219461][ T9017] EXT4-fs error (device loop1): ext4_dirty_inode:6106: inode #3: comm syz.1.1063: mark_inode_dirty error [ 219.233376][ T9017] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #3: comm syz.1.1063: corrupted inode contents [ 219.246438][ T9017] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #3: comm syz.1.1063: mark_inode_dirty error [ 219.258510][ T9017] Quota error (device loop1): write_blk: dquota write failed [ 219.266101][ T9017] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 219.276884][ T9017] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.1063: Failed to acquire dquot type 0 [ 219.289234][ T9017] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #16: comm syz.1.1063: corrupted inode contents [ 219.301706][ T9017] EXT4-fs error (device loop1): ext4_dirty_inode:6106: inode #16: comm syz.1.1063: mark_inode_dirty error [ 219.321483][ T9017] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #16: comm syz.1.1063: corrupted inode contents [ 219.333801][ T9017] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #16: comm syz.1.1063: mark_inode_dirty error [ 219.345700][ T9017] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #16: comm syz.1.1063: corrupted inode contents [ 219.358734][ T9017] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 219.367621][ T9017] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #16: comm syz.1.1063: corrupted inode contents [ 219.379834][ T9017] EXT4-fs error (device loop1): ext4_truncate:4288: inode #16: comm syz.1.1063: mark_inode_dirty error [ 219.392783][ T9017] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 219.404617][ T9017] EXT4-fs (loop1): 1 truncate cleaned up [ 219.411240][ T9017] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 219.424380][ T9017] ext4 filesystem being mounted at /290/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 219.471943][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.