last executing test programs: 2m36.9373027s ago: executing program 0 (id=212): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) setsockopt$rose(r0, 0x104, 0x1, 0x0, 0x0) 2m36.816598426s ago: executing program 0 (id=215): capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) gettid() timer_create(0x9, 0x0, &(0x7f0000bbdffc)) 2m36.683473702s ago: executing program 0 (id=218): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x9, 0xa00, 0x40800000000000, 0x800000000000002}, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0) syz_emit_ethernet(0x3e, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd6c000000000833010000000000000000004ca30000000000ff020000000000000000000000000001"], 0x0) 2m36.571481828s ago: executing program 0 (id=221): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000e00)=0x16, 0x4) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 2m35.612534766s ago: executing program 0 (id=238): syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000001180)=ANY=[], 0x1, 0x17c, &(0x7f0000000380)="$eJzskr9OAkEQxr+9O/5oFDWxooGC+KdQjkONnZbY29lI4ETiocKRKITijDEUFsbSJ+A1THwBLYwPQE1BrM2ZvZ3bLL6C+yvu2/l2ZnZ2c+d+208B+JkOajhEhIkMPhiDBSDHhDcxhD6TfpI+CcE75R2Rf0+a9Xv9JAC+nceKMC6qnud28gC+I09a/sGdgUnU6ms6qPHFKYAwDEPu1QGejgUlxwTQVnKyFrAaXSKUORYNsA6g2G1dF/1ef6vZqjbchnvpmOU9e8e2d53iWdNzbfFlyhF0FXDdBJBKQ8L3EwAeKJ7HLEwZjfbZHE5kbTJ+www9IExZayi1sTK8yrlSSsUx1sDHugmWFLcQdbEQXakCBpOCkqXMJ85KRxvbtSuvPgQDi8tGsGSP0hgJGThqUN4PsChaDallgbRCOiIdk+b+/DJWwL+PFG0EQBK31W63U+KPJFYsXjnSc5YD9cH4qS/G7OXeDGg0Go1Go9FoNBrNf+c3AAD//8PfdhM=") prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) 2m34.682781862s ago: executing program 0 (id=248): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) recvmmsg(r0, &(0x7f0000001bc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000001d00)=[{&(0x7f0000000880)=""/4093, 0xffd}], 0x1}, 0xfffffffe}], 0x2, 0x160, 0x0) recvmsg(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000580)=""/52, 0x34}], 0x1}, 0x0) 2m24.24200721s ago: executing program 1 (id=390): syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file0\x00', 0x0, &(0x7f0000000580), 0x1, 0x4db, &(0x7f00000005c0)="$eJzs3c9rHOUbAPBnZpN82zRfU0FEPUhAwUIxySah9qhevAiKVUQEMZjtD7ptShLBxIs/8FjqQfAazyL04sGb/hPiP+DBQhVRwYuuTGZnsySzyaqbDHY+H5jt++677DtPZ5/wzC8mgNqayV7SiIcj4r0kYrpvbCy6gzP557YXb1/OliQ6nQs/JZFExM3F25eLzyfdf091O2ci4tmxJC6k++dd39y6utxut9a6/bmNazfm1je3nrxybflS61Lr+sJT55aWFprNc82Rxfrnz288+u7Sc3e+eP2bzz96cPWPbH2numP9cYzKTMz0/k/2OjvqySrWH2cyVuGK8Lc0unk+HhEPxXQ0YnfjTcf5W5WuHHCkOtkC1FQi/6Gmijog2/8tlmorkuN195l8B+hm99jGdi/+sfzYSJzY2Tea/CWJ/t3abH/39Ajmz+b4+KUPXs6WOKLjEAAA/b7O6p/5svov7dU/UVL/TBXnjv6lvd9x3PVPUf9t76v/duNvDKj/5oeco/PbayuDxvrrv2zJ5i9qweNw9/2IR0rjT3rxJyXxpxHx9JBzfLX0eMkZwFzV8Xc+i3giyuMvJAefn5y7eKXdms9fS+d49YUvvx00f9XxZ9t/ckD8h/3+XxxyjvOvLH46aOzw+NM7E0nenei+887yxsZaM2IieX7/+wsHr0vxmeI7svjPPHZw/pf9/k9GxJtDxv/9h7//8M/jP1pZ/CuHbP+y+LP3bgw5x49bt04MGqs6fgAAAAAAALiXpDvXciTpbK+dprOz+T28D8Rk2l5d3zh7cfXt6yv5NR+nYzwtznRP5/0k6ze718MW/YU9/cWIuD8iPmmc3OnPvrXaHnhRBAAAAAAAAAAAAAAAAAAAANTMqT33///ayO//B2rC89qhvuQ/1Jf8h/qS/1Bf8h/qS/5Dfcl/qC/5D/Ul/6G+5D/Ul/wHAAAAgHvS1IDn//+/79n98xFxX0R81xj/X/GsfwAAAAAAAAAAAAAAAAAAAGB01je3ri632601DQ0NjV6j6r9MAAAAAAAAAAAAAAAAAABQP7s3/Va9JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQnd3n/x9do+oYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4L/qrwAAAP//9LbNlw==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x100, 0x62) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x40086610, &(0x7f00000004c0)={@desc={0x1, 0x0, @desc1}}) 2m23.922363326s ago: executing program 1 (id=391): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f0000000100)={[{@shortname_mixed}, {@utf8}, {@fat=@fmask={'fmask', 0x3d, 0x36}}, {@uni_xlate}, {@uni_xlateno}, {@fat=@fmask={'fmask', 0x3d, 0xba5}}, {@shortname_lower}, {@uni_xlateno}, {@utf8}, {@fat=@check_strict}, {@utf8no}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x7}}, {@rodir}, {@fat=@flush}, {@fat=@nfs_nostale_ro}, {@rodir}, {}]}, 0x6, 0x2b8, &(0x7f0000000640)="$eJzs3U9rK1UYB+B30mQSdZEsXInggC5cXW7v1k2K3AtiV16yUBdabAvSBKGFgn8wduXWjQsXfgJB8IO48RsIbgV3ViiMzGSmSdqYJtJUvH2eTd+eOb+Zd6aHdrro6Ycvj472szg8++LX6HSSaPSjH+dJ9KIRta9iTv+bAAD+z87zPP7IJ9bJJRHR2VxbAMAGrfbzvzktf7qTtgCADXr67ntv7+zuPn4nyzrxZPT16aD4zb74ODm+cxgfxzAO4mF04yKifFFoRfm2UJRP8jwfN7NCL14bjU8HRXL0wc/V+Xd+jyjz29GNXjl0+bZR5t/afbydTczkx0Ufz1fX7xf5R9GNFy/Dc/lHC/IxSOP1V2f6fxDd+OWj+CSGsV82Mc1/uZ1lb+bf/vn5+0V7RT4Znw7a5bypfOuOvzQAAAAAAAAAAAAAAAAAAAAAADzDHlR757Sj3L+nGKr239m6KD5pRVbrze/PM8kn9Ylm9wfK83ycx/f1/joPsyzLq4nTfDNeas5uLAgAAAAAAAAAAAAAAAAAAAD318mnnx3tDYcHx7dS1LsBNCPir6cR//Y8/ZmRV2L55HZ1zb3hsFGV83OasyOxVc9JIpa2UdzELT2Wm4rnrvVcFT/8uO4JOzfPaS2+1m0W9eo62ksWP8N21COdapF8l0ZM56Sx4rXSfzqUxzrLL114qLv2vacvlMV4yZxIljX2xm+TJ1eNJFfvIi2f6sJ4qypm4lfWxkrrOTqT+PXvFYndOgAAAAAAAAAAAAAAAAAAYKOmf/274ODZ0mgjb2+sLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4U9P//79GMa7CK0xO4/jkP75FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7oG/AwAA//83x1yS") openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x11c0, 0x0) 2m23.620803181s ago: executing program 1 (id=395): r0 = socket(0xa, 0x5, 0x0) sendto$inet6(r0, &(0x7f0000000040)='\x00', 0x1, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000140)={0x0, 0x1d, "7de534191b38ef8ce5cd2d9a0de1b48c9198ac124d30b0af9304437649"}, &(0x7f0000000080)=0x25) 2m22.652357309s ago: executing program 1 (id=407): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3004046, &(0x7f0000000280)={[{@dioread_nolock}, {@noauto_da_alloc}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x1}}, {@i_version}, {@data_err_ignore}, {@minixdf}, {@data_err_ignore}, {@auto_da_alloc}, {@init_itable}, {@data_err_ignore}, {@grpjquota}, {@dioread_nolock}]}, 0x1, 0x555, &(0x7f0000000780)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tKt9ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XtUmbddnSmc8Hbjkn996c+82939NzcxISwNCayP4UIl6OiG+SiIMRkeTrRiNfObG63cqDazPZkkSj8elfSXO7rN56rtZ++/PKSxHx21cRxwsb260tLc+XyuV0Ia9P1iuXJ2tLyycuVkpz6Vx6aWp6+vTb01PvvftO32J949w/339y58PTXx9d+e6Xe4duJXEmDuTr2uN4AtfbKxMxkb8mY3Fm3Yan+tDYTpIM+gDYlpE8z8ci6wMOxkie9cD/35cR0QCGVCL/YUi1xgGte/s+3Qc/N+5/sHoDtDH+0dX3RmJP895o30ryyJ1Rdr873of2szZ+/fP2rWyJ/r0PAbCl6zci4uTo6Mb+L8n7v+072cM269vQ/8Gzcycb/7zZafxTWBv/RD7+2dO23/4OubsdW+d/4V4fmukqG/+933H8uzZpNT6S115ojvnGkgsXy2nWt70YEcdibHdW32w+5/TK3Ua3de3jv2zJ2m+NBfPjuDe6+9F9Zkv10pPE3O7+jYhXOo5/k7Xzn3QY/2avx7ke2ziS3n6t27qt43+6Gj9FvN7x/D+c0Uo2n5+cbF4Pk62rYqO/bx75vVv7g44/O//7No9/PGmfr609fhs/7vk37bbukfij9+t/V/JZs7wrf+xqqV5fOBWxK/l44+NTD/dt1VvbZ/EfO7p5/9fp+t8bEZ/3GP/Nwz+/2lP8Azr/s491/h+/cPejL37o1n5v/d9bzdKx/JFe+r9eD/BJXjsAAAAAAADYaQoRcSCSQnGtXCgUi6uf7zgc+wrlaq1+/EJ18dJsNL8rOx5jhdZM98F1n4Edb/t8xNS6+nREHIqIb0f2NuvFmWp5doBxAwAAAAAAAAAAAAAAAAAAwE6yv8v3/zN/jAz66ICnzk9+w/DaMv/78UtPwI7k/z8ML/kPw0v+w/CS/zC85D8ML/kPw0v+w/CS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBX586ezZbGyoNrM1l99srS4nz1yonZtDZfrCzOFGeqC5eLc9XqXDktzlQrWz1fuVq9fGoqFq9O1tNafbK2tHy+Ul28VD9/sVKaS8+nY88kKgAAAAAAAAAAAAAAAAAAAHi+1JaW50vlcrqgoLCtwujOOAyFPhcG3TMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEP/BQAA///bjjXe") openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 2m22.096587987s ago: executing program 1 (id=414): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x80}]}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@ipv6_getaddr={0x2c, 0x16, 0x1, 0x70bd28, 0x25dfdbfc, {0xa, 0x7f, 0x60, 0xfd}, [@IFA_ADDRESS={0x14, 0x1, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4044064}, 0x24008004) 2m21.476068938s ago: executing program 1 (id=421): r0 = socket$inet6(0xa, 0x805, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x8805, &(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x64010100}, 0x10) getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000000080)=""/4076, &(0x7f0000001080)=0xfec) 2m21.324845655s ago: executing program 32 (id=421): r0 = socket$inet6(0xa, 0x805, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x8805, &(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x64010100}, 0x10) getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000000080)=""/4076, &(0x7f0000001080)=0xfec) 2m19.594459851s ago: executing program 33 (id=248): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) recvmmsg(r0, &(0x7f0000001bc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000001d00)=[{&(0x7f0000000880)=""/4093, 0xffd}], 0x1}, 0xfffffffe}], 0x2, 0x160, 0x0) recvmsg(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000580)=""/52, 0x34}], 0x1}, 0x0) 1m41.167675519s ago: executing program 6 (id=751): r0 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1) read(r0, &(0x7f0000001400)=""/4076, 0xfffffeea) 1m41.027672056s ago: executing program 6 (id=754): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x56e, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x9, "", [{{0x9, 0x4, 0x0, 0x10, 0x2, 0x3, 0x0, 0x6, 0x0, {0x9, 0x21, 0xfffc, 0x0, 0x1, {0x22, 0x29}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x9, 0xfc}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000680)={0x2c, &(0x7f0000000380)={0x0, 0xa, 0x29, {0x29, 0xe, "62dcd6291176b167ab2243e9ec5ed38c6e2b4fee4ea74328c31d71cdbded4126c7726c79b4dca2"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 1m38.650332913s ago: executing program 6 (id=791): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6d1cb49ada2c127b, 0x59032, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2020) 1m38.51922868s ago: executing program 6 (id=792): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000280)='./bus\x00', 0x1400c, &(0x7f0000000300), 0x3, 0x470, &(0x7f0000000880)="$eJzs3M1vG0UbAPBn13H65k0hoZSvlo9AQVQIkqYt0AMHQCBxKBISHOBoJaEqTQtqgkSrSKQcygkhJO6II/8CJ7ggxAmJK9xRpQr1QsvJaL27iZ3YTtPYcYt/P8ntM/vhmce7Y8/u2AlgaE1l/yQReyPi94iYyIutG0zl/12/tjJ349rKXBL1+tt/JY3t/r62MlduWu433lyIJA62qXfpwsUztcXFhfNFeWb57EczSxcuPnf6bO3UwqmFc0dPnDh+bPbFF44+35M8xyMtojfe++rNk1+05L8hjx6Z6rbyqXq9x9UN1l1N8cgA28H2VIrjVW30/4moNB29iXj9s7XCpwNqINA39Xq9Pt559Wod+A9LorWsy8OwKD/oy+vfdtfBL/dt9DF4V1/JL4CyvK8Xj3zNyNodg+qG69temoqId1f/+SZ7RH/uQwAAtPghG/88m412Vuayscf6+CON+5u2u7uYG5qMiHsiYl9E3BvnYn9E3BfR2PaBiHhwm/U3TZI0hpmbxz/plVtO7iZk47+Xirmt1vFfOfqLyUqjdCEvRDV5//TiwpHiNTkc1T1ZebZLHT++9tuXndY1j/+yR1Z/ORYs2nFlZE/rPvO15dqtZ9zq6qWIAyPt8k/WZgKSiHgoIg60e4J06zpOP/Pdw53WbZ1/Fz2YaKp/G/F0fvxXY0P+paT7/OTM/2Jx4chMeVZs9suvl9/qVP+O8u+B7Pj/v+35v5b/ZNI8X7u0/Tou//F5x2uaqWoRbOP8X60t10aTdxrxaLHsk9ry8vnZiNHkZN7o5uVH1/cty+X2Wf6HD7Xv//ti/ZU4GBHZSfxIRDwaEY8Vx+7xiHgiIg51yf/nV5/8YOOysTL/2+D4z2/r+K8Ho9G6JG2zTRZUzvz0fUulk+thkf+N7u9/xxvR4WLJzbz/bW5F+2Cnrx8AAADcCdKI2BtJOr0Wp+n0dP4d/v351Hfm43Pz+W8EJqOalne6Jpruh84Wl/V5+VJE5F8tKNcfi7Rx3/jrylijPD334eL8QDMHxjv0/8yflUG3Dug7P9iC4aX/w/Dq2v+ru9cOYPdt6v9d+/yevrYF2F1tPv/HBtEOYPe1G//7ez8wHDb0f9N+METc/4fhpf/D8NL/YSgtjcXWP5LvGpTPdIu7bxVMROy0hYMJonpbNKNvQaR9r2K0v6dW34LkDmzzpmBw70kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99G8AAAD//1KFzjw=") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 1m38.043162513s ago: executing program 6 (id=798): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@bridge_newneigh={0x34, 0x1c, 0x401, 0x70bd28, 0x25dfdc00, {0x7, 0x0, 0x0, r1, 0x40, 0xe4, 0x9}, [@NDA_LLADDR={0xa, 0x2, @multicast}, @NDA_FDB_EXT_ATTRS={0xc, 0xe, 0x0, 0x1, [@NFEA_ACTIVITY_NOTIFY={0x5, 0x1, 0x3}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x24040040) 1m37.386966326s ago: executing program 6 (id=809): r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000080)="01", 0x1, 0xffffffffffffffff) r1 = add_key$user(&(0x7f0000000140), &(0x7f00000007c0)={'syz', 0x0}, &(0x7f0000000280)="f40fc24077021c9b084c60ffc26fd06301176d36c2f546f1162626edb4a5e1cc09ed8c58ca4fe84b94a7b700000000000000000100000000000000dd3d0df936a10285ecc1ad2243d878dde6cfd6ea08d5abcb00bb35436929ddabce530b63fab525337057438cf64a506d54d5c83e3e593d1d53ad0e6a44168fe8cfc6ad98b653d80636e4ddc1f2ab58762b57f5b606a43e50874c90143034142cd5e1bd9b4d27d8b57fbccb69ba4376b97b7feb75b9138dde818a3c6b96dd80000000000000", 0xc0, 0xfffffffffffffffb) keyctl$dh_compute(0x17, &(0x7f0000001340)={r0, r1, r0}, &(0x7f0000001380)=""/4106, 0x100a, 0x0) 1m37.244839934s ago: executing program 34 (id=809): r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000080)="01", 0x1, 0xffffffffffffffff) r1 = add_key$user(&(0x7f0000000140), &(0x7f00000007c0)={'syz', 0x0}, &(0x7f0000000280)="f40fc24077021c9b084c60ffc26fd06301176d36c2f546f1162626edb4a5e1cc09ed8c58ca4fe84b94a7b700000000000000000100000000000000dd3d0df936a10285ecc1ad2243d878dde6cfd6ea08d5abcb00bb35436929ddabce530b63fab525337057438cf64a506d54d5c83e3e593d1d53ad0e6a44168fe8cfc6ad98b653d80636e4ddc1f2ab58762b57f5b606a43e50874c90143034142cd5e1bd9b4d27d8b57fbccb69ba4376b97b7feb75b9138dde818a3c6b96dd80000000000000", 0xc0, 0xfffffffffffffffb) keyctl$dh_compute(0x17, &(0x7f0000001340)={r0, r1, r0}, &(0x7f0000001380)=""/4106, 0x100a, 0x0) 3.398850912s ago: executing program 5 (id=1961): syz_mount_image$udf(&(0x7f0000000100), &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x495, &(0x7f0000000540)="$eJzs29trHGUYx/HfM8luNttqt22aVil0VVCpWHPo0XjRQwwVekjTRqSoEJtNXJoT2VTaIlq88dYbb0REQUGqaEHEG6+0d/4BCoKgF16I4F54AEGQmX1nZ7LZtkn3kGz7/UC7k3eemXkP+8777s67AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0uGnD/X02mrnAgAANNOJ0yM9fYz/AADcVc7w+R8AAOBuYvL0g0yDI0U7HvxdkjqWn7lwcXRwqPphnRYc2RbE+/9SvX39u/fs3bc/fL358fV2n06ePnMoe2R2em4+VyjkxrOjM/lzs+O5ZZ+h1uMr7QwqIDt9/sL4xEQh27erf9Hui5lfO9Z1Zwb2dR/0wtjRwaGh07GY9sRtX32JG83wk/K0TabfH/7MTkjyVHtd3OK902idQSF2BoUYHRwKCjKVH5tZ8HcOhxXhubI6ybCOmtAWNemS/HxZsj6f2RLydFCm7l+KdlJSW1gPjwVfDN/4wPa6XP62+fl8QdKDaoE2W8M65OknmaY3pDS8+s2KJmuXp4sy/TlQtFPB/cDvT/5t89iz2WdmJmZjscPmelSrjw/NtMbvTSl5OhHc8Ys2stqZQdP5k6W3ZdryySvBvELBvHTDwL4nT/XHZxhbb3EeP3aXmz8uZ0xOuNhhGzbz6l8uAAAAAAAAAFKHefpepuLX2SgxY/Jij4xTKj0Yyq5OFgE0inl6R6ZTI8Xga/j4upS22PqeslZ/9tfY/HemjszOXZrPT768UHV/OnXopcLC/Ni56rvV6d9n2+Ipt1rHUqOEeUrK9PxfH1v5uqX7v1sKEOXmo6eiNTOpyusH75t7S+uZwmdIB85ujW9XzfIKno/61zTztCDT4U3b3FqVtJbUmUpxX8j0x/vbXZyX9DMfnjZTOuNEfirX48d+I9MH/4WxwbIorXOxm6PYXj/WZHrr+OLY9S62K4rt82OHZLr+YvXYLVFsvx/7hkxzv2XD2LQfu8PFdkexu87NTo1Xq0pgpfz+/7NM73VlLewb7aX339L+/2o0FlypPNEN+nyt/T8TS7vi+vVZv///vS3oy0H/96r3/zdl+vTL7S6u1PeSbv/G4P+o/z8n0+R3i2PTLnZTFNu77IptEX77b5fp6JZr5bpx7e9aIGq1ePvfX/nuaFD7b4ylZdx1O+pTdEgqXLp8fmxqKjfPRq0brkavrJX8rJGNHWsjG2yscGOVb0xoCn/8/9yfRX31Y3m+48Z/9zElmln981o0/g9UnqhB4/+mWNqAm40k2qXUwvRcYquUKly6/Hh+emwyN5mb2d2zt2fP7gO9B/YnkuHkLtqqua7uRH77fyvTv+uulj/vLp7/VZ//pytP1KD23xxLSy+ar9RcdLj2vyrTA9evlb+XuNn8P/z+59GHSq/l/tmg9u+KpWXcde+pT9EBAAAAAAAAAAAAAAAAoKUlzNOHMh19ot3C35otZ/3fkh+gNWj9V3csbbxJv1eouVIBoAV48vSuTI+oaK/7Ceul4/FX3NH+DwAA///WsSBT") r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x2) getdents64(r0, 0xfffffffffffffffe, 0x29) 3.161537253s ago: executing program 5 (id=1966): capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000080)) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000440)={'ip6gre0\x00', &(0x7f00000003c0)={'syztnl1\x00', 0x0, 0x2f, 0x2, 0x7, 0x7, 0x10, @mcast2, @private2, 0x7800, 0x8000, 0x8, 0x143}}) 2.981095233s ago: executing program 5 (id=1968): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @ib_path={0x0, r1, 0x7ffffffe}}, 0x20) 2.792426052s ago: executing program 5 (id=1971): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000012c0), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000003000/0x6000)=nil, 0x6000, 0x4, 0x88012, r0, 0x0) 2.439017689s ago: executing program 5 (id=1975): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000cc0)=@newqdisc={0x70, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0x800, 0xc}}, @TCA_NETEM_LATENCY64={0xc, 0xa, 0x3}, @TCA_NETEM_REORDER={0x9, 0x3, {0x0, 0x10000003}}]}}}]}, 0x70}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) 2.22308887s ago: executing program 5 (id=1976): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201050037057b082d0800014b702c02030109021200070100a0000904"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000400)={0x34, &(0x7f00000001c0)={0x40, 0x58b93f08047b86ad, 0x6, "770b2a6e8f28"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0}) 1.522932035s ago: executing program 2 (id=1992): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x3, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000880)={r0, 0x0, 0x12, 0x0, &(0x7f0000000540)="c1dfb080cd21d308098e00008100568186dd", 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.460431038s ago: executing program 7 (id=1993): syz_open_procfs(0x0, 0x0) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lgetxattr(&(0x7f00000005c0)='./cgroup.cpu/cpuset.cpus\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) 1.349705534s ago: executing program 7 (id=1996): r0 = msgget$private(0x0, 0x0) msgget$private(0x0, 0x1e1) msgctl$IPC_RMID(r0, 0x0) 1.271157517s ago: executing program 3 (id=1997): r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) preadv(r0, &(0x7f0000000180)=[{&(0x7f00000001c0)=""/36, 0x24}], 0x1, 0x4, 0x2) 1.270840507s ago: executing program 4 (id=1998): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000013c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x12e8, 0x1128, 0x178, 0xc, 0x1128, 0x178, 0x1268, 0x258, 0x258, 0x1268, 0x258, 0x3, 0x0, {[{{@ipv6={@loopback={0x1f0}, @mcast2, [], [0x0, 0xff], 'pim6reg0\x00', 'netpci0\x00', {}, {}, 0x2e}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x0, './cgroup.cpu/syz0\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x6, 0x200}}}, {{@ipv6={@private1, @mcast1, [0x0, 0xff], [], 'wg2\x00', 'hsr0\x00', {0xff}}, 0x0, 0xa8, 0x118}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0xffff, 0x0, 0x59, 0x1, 0x0, "5b5e4637e2c868d14d9be48a2a79837d5499f42d086321ddfda71d6d982957c9efbee097d2c1e45c21510a84843e700c6ab764b15794236650ed3db73c2d916d"}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1348) 1.241016529s ago: executing program 2 (id=1999): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000000)={0x0, 0x10001, 0x9, 0x5, 0x6}, 0x21) 1.239682479s ago: executing program 7 (id=2000): sendmsg$NL80211_CMD_STOP_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000428bd7000fcdbdf255a00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099"], 0x28}, 0x1, 0x0, 0x0, 0x880}, 0x9) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCSIFBR(r0, 0x890c, &(0x7f0000000300)=@generic={0x0, 0x2}) 1.166086843s ago: executing program 3 (id=2001): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020100000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a32000000001400000011001f"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "dc"}]}], {0x14}}, 0x74}}, 0x40) 1.103168246s ago: executing program 7 (id=2002): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000200)={&(0x7f0000000180), &(0x7f0000000440)=""/179, &(0x7f0000000500), &(0x7f00000006c0), 0x3, r0}, 0x38) 1.100113176s ago: executing program 4 (id=2003): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x14) ioctl$TCXONC(r0, 0x540a, 0x3) 1.091211976s ago: executing program 2 (id=2004): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000480)={{0xfffc, 0x3, 0x6, 0x3}, 'syz1\x00', 0x4b}) 1.028038869s ago: executing program 7 (id=2005): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0x4f27, 0x5, 0x2, 0x401, 0x1, 0xcc7, 0xfff, 0x5c95239c, 0x5, 0x3ff, 0x802, 0x1600, 0x1, 0x1, 0x9, 0xe1cb, 0x6, 0x4, 0x7, 0x395, 0x80000089, 0xfffffffe, 0xb, 0xfffffff5, 0xffffeadb, 0x3, 0x3c, 0x8, 0x0, 0x8000000, 0xdffffffa]}) 997.454431ms ago: executing program 3 (id=2006): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/vmstat\x00', 0x0, 0x0) io_setup(0x3, &(0x7f0000000140)=0x0) io_submit(r1, 0x1, &(0x7f0000000040)=[&(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x3, 0x0, 0x0, r0}]) 891.086656ms ago: executing program 2 (id=2007): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x7, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}, 'macvlan1\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000001340)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000500)="ab", 0x5ea}], 0x1}}], 0x484, 0x24048084) 890.609456ms ago: executing program 4 (id=2008): syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file0\x00', 0xa00004, &(0x7f0000000180)={[{@adinicb}, {@iocharset={'iocharset', 0x3d, 'cp1255'}}, {@utf8}, {@uid}, {}, {@iocharset={'iocharset', 0x3d, 'macinuit'}}, {@mode={'mode', 0x3d, 0x8}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@adinicb}, {@gid_forget}, {@lastblock={'lastblock', 0x3d, 0x7}}, {@iocharset={'iocharset', 0x3d, 'cp874'}}, {@uid_forget}]}, 0x1, 0xc4d, &(0x7f0000000f40)="$eJzs3U9sHNd9B/DfGy3FldxWTJwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQwWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xr546nTaZsOhh9AYAOCBuDz2tVNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+/LzQ+e7eak98wH199pn49WxKxcbL83enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvnZr8vr1hcaZ585u2nx74L3+J44PXBh65uTT3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORopnv/+z1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnz32Fq6mt/6UZ2HL1UDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/ijilUjx87dPxLV8n6nuNV+MeKXMH0a8WeaLEan8YpyLeHeb7xGPploU8efl9b+wliar+0H3vnLp642vzlyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcRnIsXL//ZH1bjiqMalH7sw9PsDv9w7ZvypD9lPWfa5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vv2wGwMAAAAAAAAAAAAAAAAAAPCxVsRPI8UL75xIy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIt6PFN/55lqKFBHNiIno5Er/w24dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDqT0X8IFI0/qB5Z10tIlL1b8eJ8pdz0Txc5iejOVTmi9G8mLNVZa357YfQfnanLxXxk0jRX3/rzgXP17+v8+nO1yDe/NbGp8/WOnmou3Hgvf4njh+7MDTy+ad2Wk7bNWDwUnvm1u3G+PDIyFjP6lo++id71g3k4xZ703UiYuH1N15rTU9Pzd//QvkVuM/q3Su5i6M/yIVUe2SaamEvFqJ2IJrxcPq+Sf1h3JzYd+Xz/91I8dvv/Hv3gd95/tfjlzqf7jzh4xd/svH8f2Hrju7x+V/bWi8//8snwXbP/yd71r2QfzfSV4uoL96c6zseUV94/Y2T7ZutG1M3pmbOnTr1laGhr5w91Xc4on69PT3Vs7QnpwsAAAAAAAAAAAAAAADgwUlF/G6kaP1kLTUi4nY1XmvgwtAzJ58+FIeq8Vabxm2/OnblYuOl2Ztz81MLC1OTjfGZ9rXZyal7PVy9Gu41PjyyL535UEf2uf1H6i/Nzr0+377xh4vbbj9av3h1YXG+dW37zXEkiohm75rBqsHjwyNVo6fbrZmq6ui2g+k/ur5UxH9EimvnGukLeV0e/791hP+m8f9LW3e0h+P/P390Y/zfJ3qKlsdMqYhfRIrf+oun4gtVO4/GXecsl/ubSDF4/nO5XBwuy3Xb0HmvQGdkYFn2fyLFP7y/uWx3POSTG2VPf6ST+wgor/+xSPGDP/te/Hpet/n9D9tf/6Nbd7RP73/4VM+6o5veV7DrrpOv/8lI8eKTb8VvVGv+7wPf/9F9Y8OJTuGN93Ps0/X/1Z51A/m4v7lXnQcAAAAAAAAAAHiE9aUi/jZS/Giklp7P6+7l7/9Nbt3RPv39r0/3rJvcm/mKPnRh1ycVAAAAAA6IvlTETyPFjcW37oyh3jz+u2f85+9sjP8cTlu2Vn/O9yvVewP28s//eg3k407svtsAAAAAAAAAAAAAAAAAAABwoKRUxPN5PvWJajz/5I7zqa9Eipf/69lcLh0vy3XngR+ofq1fnp05eXF6erYei62r01ONsbnWtamy7qcixdpffy7XLar51bvzzXfmeN+Yi30+Uoz8XbdsZy727tzknfnA6+vrEafLsp+IFP/595vL5qmp89zR1X7PlGX/KlJ845+2L3t8o+zZsuz3IsWPv9Holj1alu2+H/XTG2WfuzZb7MNVAQAAAAAAAAAAAAAAAAAA4OOmLxXxp5Hiv28u3xnLn+f/7+v5WHnzWz3z/W9xu5rnf6Ca/3+n5fuZ/796r8DSTkcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHU4oi3ogUc5fX0kp/+bmjfqk9c+v2+PDI9tWOpKrmoap8+VM/febsuS8/P3S+mx9cf699Jl4du3Kx8dLszbn5qYWFqcnG+Ez72uzk1D3vYbf1txqsTkDj5mu3Jq9fX2icee7sps23B97rf+L4wIWhZ04+3S07PjwyMtZTptZ330e/S9ph/eEo4i8jxbPf/1n6UX9EEbs/Fx/y3dlvR6pODFadGB8eqToy3W7NLJYbR7snooho9FRqds/RA7gWu9KMWCqbXzZ4sOze2FxrvnV1eqox2ppfbC+2Z2dGU6e1ZX8aUcT5FLEcEav9d++uL4p4LVJ899ha+uf+iEPd8/Cly2NfO3Vm53YU+9jHe1C2s9EXsVw8AtfsAOuPIv4xUvz87RPxL/0Rtej8xBcjXinzhxFvRud6p/KLcS7i3W2+RzyaalHE/5bX/8Jaeru/vB907yuXvt746sz12Z6y3fvKI/98eJAO+L2pHkX8uLrjr6V/9d81AAAAAAAAAAAAAAAAwAFSxK9FihfeOZGq8cF3xhS3Z240rrSuTneG9XXH/nXHTK+vr683UiebOSdyLuVczrmSczVnFLl+zmaZ9fX1ifx5KedyzpWcqznjUK6fs5lzIudSzuWcKzlXc0Yt18/ZzDmRcynncs6VnKs544CM3QMAAAAAAAAAAAAAAAAAAB4vRfVPiu98cy2t93fml56ITq6YD/Sx9/8BAAD//9kg9g0=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) read(r0, &(0x7f0000001400)=""/4096, 0x1000) 782.172861ms ago: executing program 3 (id=2009): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x20, r1, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000011}, 0x20000086) 657.548188ms ago: executing program 3 (id=2010): r0 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002) ioctl$FE_READ_SIGNAL_STRENGTH(r0, 0x80026f47, &(0x7f0000000100)) ioctl$FE_GET_PROPERTY(r0, 0x80106f53, &(0x7f0000000800)={0x26, &(0x7f0000000040)=[{0x37, '\x00', @buffer={"d5bc6c7fb4141570dc03000eec00000000000000000000000000000000004000", 0x20}, 0xc0000000}]}) 469.527827ms ago: executing program 4 (id=2011): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000180)='./bus\x00', 0x804, &(0x7f0000000400)={[{@rodir}, {@fat=@nocase}, {@fat=@nfs}, {@fat=@discard}, {@shortname_mixed}, {@utf8no}, {@shortname_winnt}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macgreek'}}, {@uni_xlateno}, {@fat=@check_strict}, {@utf8}, {@shortname_winnt}, {@iocharset={'iocharset', 0x3d, 'cp932'}}, {@utf8no}, {@shortname_win95}]}, 0x1, 0x27b, &(0x7f0000000640)="$eJzs3cFqK1UYAOB/mqRJdJEsXInQAV24Kq1P0CIVxIKgZKEutNgUpAmFFgJVMXblE/gEPo8b8QV8AC93d7u43LmkM0nTyyQlvWlT7v2+TQ//+f85/5kZ2tWc/vBB//jw5Ozo4tf/otFIYm0nduIyiXasxdjvUerfJ+VxAOCRu8yyeJrl6nno/GZGbUZlde3emwMA7sX03/9V9wIAPIyvv/n2i939/b2v0rQR0f9j0Eki/5nP7x7FT9GLbmxFK55HZBP5+LPP9/eimo6046P+cNAZVfa//7u4/u7/EVf129GKdnn9dpqbqh8OOrV4p1h/pxfdL/+KVrxXXv9JSX101uPjD6f634xW/PNjnEQvDovexvW/bafpp9mfz375bhQd1SfDQac+ySuyKw/6YAAAAAAAAAAAAAAAAAAAAAAAeKNtphPtm+fvjA/+nzM/53yg4dT5PFtpmmZJnn9dX433q1Fd5d4BAAAAAAAAAAAAAAAAAADgsTg7//n4oNfrni51MP6sv2QqXtyM1CPi7mttLFoVlaK1XhKx2Fq1qF9V3p5cWXAXzVE/3dOkGst7BMkk0pye2oh8rVGkmQ+mIq+9eiOuBuO36/ggue3hNspekiUMspLXrzKzav3VSLPYQUlyc87q6+/eqeesNWMqiYja5GbOv05tuffw4X4HAQAAAAAAAAAAAAAAAAAAueuPfksmL1bQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACswPX//19gMCyKZ+VkldGgGkVkxVsEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgLfAyAAD//0MUZ+o=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 468.943597ms ago: executing program 2 (id=2012): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000180)='./bus\x00', 0x80, &(0x7f00000001c0)={[{@umask={'umask', 0x3d, 0xe}}, {@nobarrier}, {}, {@nls={'nls', 0x3d, 'ascii'}}, {}, {@uid}, {@uid}, {@part={'part', 0x3d, 0x344}}, {@creator={'creator', 0x3d, '{\v@h'}}, {@umask}, {@nobarrier}]}, 0x1, 0x6ff, &(0x7f0000000500)="$eJzs3U1sHGf5APBn1uu1N5XcbZu0/f+FFKsRETSQ2F5KgoREqBDyoUKRuPS6JE5jee1GtoucCBEXKBzhhHLooQiZQ0+oB6QiDohyRkLiinKPxD3iwKKZnVnvh73ebfyRhN9Pmp13Zt6PZ57OvN6dbbQB/M9afDsmtyOJxQtvbaXbD3bqzQc79dWiHBFTEVGKKLdXkaxFJJ9FXI32Ev+X7sy7S/Yb542Hn354/v7H9fZWOV+y+qVh7Xa1hoywnS8xGxET+XpM5f36ux5vDvR3b6yuk07cacLOFYmDk9YasD1O8xHuW+BJdy9iYnKP/bWIUxExnb8PiHx2KB1zeIdurFkOAAAAnkwTB1V4/lE8iq2YOZ5wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NmQtH8zMMmXUlGejaT4/f9Kvi9VqZxwvMN95YDjH9w8pkAAAAAAAAAA4Eh8kn9xf/ZRPIqtmCn2t5LsO//Xso3T2etz8V5sxFKsx8XYikZsxmasx3zE5ExXh5Wtxubm+vxgy19H2rLVat3LWy5ERG2g5cI+gZYO+cQBAAAAAAAA4Nn0k1iMmZMOAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuiURE+1VtpwuyrUolSNiOiIqab3tiD8V5afZn086AAAAADh61Xw9k/ynXWgl2Wf+l7PP/dPxXqzFZizHZjRjKW5kzwLan/pLf9+uNx/s1FfTZbDjb/9rrDiyHiNiIt7fZ+S5rMaZTovF+G58Py7EbFyL9ViOH0YjNmMpZqOankQ0Iolatf30olbEuXe8V3u2rvXHdrZv+9UskmrcjOUstotxvRLtxybZOaRjvto12h8qEX0jvp9mJ/lWbsQc3ej67/Wr/LlMrvX8iH0cjVp25pOdjMyluc+z8cLw3I95nfSPNB+lzjOo07ujpJv9IxU5/8E4OT/VXk2nLz/vzflhG/NRWn8mFqKUX30RL/fm/PYX77/Y2/jL//jLtVultZVbNzcuHOEpPY7ZgypMFoX+TNS7MvHK8Ksvz0QzzcT26JmY7N8xPWrLo1XJs5FNRSPOlt/JSo14resSfDduxFJcjrmYjysxF9+Ihah3rrB0OdOT13J9tTcn2b1WGpzfqkOCP/elrkq/OKDy8Urz8kJXXrtnulp2LN9z9Zcx13X1vTj86hv7r0A6/v/n5XSMn3b+4jwJejKRz81FdC8Nz8RvWunrRnNtZf1W4/aI453P1+lt+0Hv3Pzb0aPu/+t+GNLrJZ1xy9lWlpNqcb2kx17qRNubr0r+jUu7XWng2JnOsVrMxHJ8b987tZK/hxvsqX3sle5j/9ydOSv5+5viWM+7nHg3mtm7kD4HTtUAHLNTr5+qVB9W/1b9qPqz6q3qW9NvTl2Z+kIlJv9a/uPE70u/K30zeT0+ih/HzElHCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz4KNO3dXGs3m0nqnENP9ex63UNl3rOGFKB1YZ+e50TqMWsTwsZK8UDncc38aC9Xo21P8wtLj9vxJRAypU3ns4JOxr7GxC2keDqXDVqud1GxPa2KM5uWi1d51yrExHSuNpLzHHTe1exdEbaXR/Herp3k1um4Z4Bl3aXP19qWNO3e/urzaeGfpnaW1hSuXr1yuf33+a5duLjeX5tqvJx0lcBQ27tyd2GP3wC/dAgAAAAAAAAAAAE+O/P/+3/zc/5ihfECdyvrG3iOfPe5TBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5Si2/H5HYkMT93cS7dfrBTb6ZLUd6tWY6IUkQkP4pIPou4Gu0lal3dJfuN88bDTz88f//j+m5f5aJ+aVi70WznS8xGxES+PtjUHt0M9ne9q7/tzxVe0jnDNGHnisTBSftvAAAA//9u//cB") rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)='.\x02\x00') syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000240)='.\x02\x00', 0x2b12455, 0x0, 0x1, 0x0, &(0x7f0000000180)) 419.1138ms ago: executing program 3 (id=2013): syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100004b41460860163209ea800102030109021e0001000000000904"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000340)={&(0x7f0000000140)=[{0x63, 0x0, 0x0, 0x0}], 0x1}) 269.959627ms ago: executing program 4 (id=2014): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000300)=0x1) 237.414319ms ago: executing program 7 (id=2015): syz_mount_image$reiserfs(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x8488, &(0x7f0000000780), 0xfe, 0x10fd, &(0x7f0000001140)="$eJzs2T9rFEEYBvBnds8/3cqmXwQtLCQknF8ghcK1ttqIpDJVrlL8OH4cTWUf0msRsF9Zb/dO5UTwTm1+PzjmvYd9Z2fKmQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMZsmnkhxUSTtlVZKSdN3F4ipJN+V33tdVSp6eLpaPz+dPlknqb4+XZ0kZuoa2tMf3brfzdt4et48OTu5/WL5+8+rF2dnp+ThNSZfL6/1vpYzrAQAAAH7U76z5z+8HAAAAfmdvFwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf6hvNnU7FVWSknTdxeIqSbel78Y/Wh8AAACwu5Iqz5tt+eoaYONhPjZlnQ/jlzLUR3m3pR8AAAD4pf7WWHz/fb3c3JzHH2S2PpcP2d3Mcni4+j8O+XyS1EmOfpr88vrty+lX+vpv7wUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAAAAAPYKAAD///F61s8=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x2e) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, 0x0) 84.020566ms ago: executing program 2 (id=2016): timer_create(0xfffffffd, 0x0, &(0x7f0000000040)=0x0) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./bus\x00', 0xc618, &(0x7f0000000580)=ANY=[@ANYBLOB="6e6f646973636172642c7573726a71756f74613d6e6f646973636172642c61636c2c616c6c6f635f6d6f64653d72657573652c617467632c64697361626c655f726f6c6c5f666f72776172642c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c6e6f757365725f78617474722c6673796e635f6d6f64653d7374726963742c6d6f64653d61646170746976652c6a71666d743d7666736f6c642c7768696e745f6d6f64653d6f66662c00c63c750eaf211665e6acd398f0fe4593610577379e92e078522b52791067f2936db05424a1906752b5531653d979b38a77add4af917a3177"], 0x1, 0x5519, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DCJmy6H+ht1V38wF3KqgdPmiZpyG6SKU2a1p48eBQP/iei4Mmjf4MHz97Eg+JNUDLvVLe6gtC0sdvfDybPzDtvnnneUArPTEgAJ9Zi9uvPlbgU5yJiPiIuRhT7lXIr3E7hhYi4HBFzj22VcvzPgdMRcT4iLk2Sp5yV8tTnV8dXbv701i/ffHfm1IUvvv5+dqsGZu3FiOhvpP3tfop5J8WH5Xhj3C1i/8a4jOlE72w638/T+HZ7rciw3dib1yji9U6an29sDSdxvddoTmKnu16MbwzSBYfjzl6e4g0PG5vFcau9VsTuMC9iZzddd2c3/W/bHY5SnlaZ76MifYxGezGNt3faaT0bj4rYHIzK8ZQ3b7V3JnFcxvJy0cx7raKOtQN80P9zb3cHWzvZuL057OaD7Gat/lKtfqta38xb7VH7RrXRb926kS11epNp1VG70b/dyfNOr11r5v3lbKnTbFbr9WzpTnut2xhk9Xrteu1a9eZyuXc1e/3+e1mvlS1N4qvdwdao2xtm6/lmlt6xnK3Urr+8nF2pZ+/cW81WH9y9e2/13Q/uvH//lXtvvlZO+kdZ2dLKtZWVav1adaW+fILW/0lZ9BTXDwdSmXUBAMeP/h+YhYP0//1H5fET+//NBxGH3/+H/n8qjlX/e9L7/0NYPxyI/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MT6YeHLN4qdxXR8oRx/phx6rjyuRMRcRPz+BPNxel/O+TLPwr/MX/hbDd9WosgwucaZcjsfEbfL7bdnD/tTAAAAgKfXVx9f/ix16+llcdYFcZTSTZu5ix9OKV8lIhYWf5xStrnJy/NTSlb8fZ+KnSllK25gnZ1SsnTL7dS0sv0n8/vC2cdCJYW5Iy0HAAA4Evs7gaPtQgAAADhKn866AGajEnuPMveeBRffvP/rgeC5fUcAAADAMVSZdQEAAADAoSv6f7//BwAAAE+39Pt/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8wc793CYORHEAfjZ4Yf9p0Wrv28reoIwtIcccIwpIExSQAzWkAWogt5QQQYTHIRBxiOSxrUTfJzmTscyPNwgOMyMNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJceqnUVN39v2+bs9u3kGQ0AAABwybZaL+p/Zqn/vbn/s7n1u+kXEVFGxKW5+yi+nGWOmpzq9fm70+erNzXcR9QJh/eYNNe3iPjXXE+/uv4UAAAA4PPaLFfzNFtPf2ZDF0Sf0qJN+eN/prwiIqrZY6a08pD3J1NY/f0ex3WmtHoBa5opLC25jXOlvUv9cz+u2k1PmiI15cWXHYvMNnYAAKBHo7Om31kIAAAAfboaugCGUcTLVuZxK3CSmmZ77+tZDwAAAPiAiqELAAAAADpXz/97Ov9v7/w/AAAAGEY6/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAubav1YrNczdvm7Pbt5BkNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADP7M87CoRAGITB3vWdydz/sNKgqalJFQgff2MwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCxPy8pEAJBEAVzxv9O+v6HlQQ9gwgR0PCoohYNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCxcz8vclNxAMBfksnUVsVxlTmsiIIHvdjptLb2Jh6UxYN/grBsp3Xt1B/tHmwp4l68yZ57ET2KCMp66//Qcwu91FsPc6ggHkeSSWbSdtFZwSTd/Xzg5X0TQt73JbDsNy+7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCavLuIk2zTm8Vxcez2g+sbWX/nkT5zc+fuatayOKoz6SfDy9WdqN9cIgAAABweSVnfhxDupbtrWR/38vo/Lc/Jav7vn53FZT3/aN1f9mXtn7Xffr3/4nyg3myc7KLnN8ejE4+n0vn/Ztluz/3rGZ38zufvXpL8gcQfbL8wSfP7GX1769Z73Tw8Uke2AMB/cbzsi6D8fSjrh00mBsCh0akU3mX9n/SazQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgDpPt8HQZRyGE1c4iztx5cH1jr/7mzt3Vsp25cWMnfL24ZnaJNIRwfnM8OlHrbNrtytVrF9fH49Hl+oNXQghNjf5OMf2LHy1xcgiN3J/9B3+1I422BXHxsNuSz5MRNPhDCQCAAyktWlbX30t317Jj0UoI0x8erv9fr8Rhyfr//sdnblfHqtb/w9pm2H6DrUufD65cvfbm5qX1C6MLo0/fOjl8e3jq7OnTZwf5u5KBNyYAAADs23Q6nc53ukWr1v/xyuPr/8cqcViy/v/iu+FX1YET9f+eFot+TWcCAABwuD3/6p9/RHscj7rd8OX61tbl4Ww73z852zaQ6r4dKVq1/k9Wms4KAAAAqMNkO3po/f9cJQ5Lrv8/8+NLP1evmYQQjhbr/8c3Phufq286rVbHnxM3PUcAAACadbRo1fX/NP/+P55/8hCHEN54bRYX/wbwH+v/tKj/k/e/+ak6VvX7/1P1TbGV4v7sfuR9P4ROv+mMAAAAOMieKlpW7P+e7q598suxD7u+/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACo298BAAD//y5wQIQ=") timer_settime(r0, 0x1, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 0s ago: executing program 4 (id=2017): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000980)={0x6}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x20, 0x52, 0x1, 0x0, 0x4, {0x2}, [@typed={0x9, 0x1, 0x0, 0x0, @binary="aec8f29723"}]}, 0x20}}, 0x44000) kernel console output (not intermixed with test programs): [ 160.003650][ T4224] usb 6-1: Using ep0 maxpacket: 32 [ 160.024232][ T7145] jfs_create: dtInsert returned -EIO [ 160.026718][ T7153] JBD2: Ignoring recovery information on journal [ 160.029573][ T7145] ERROR: (device loop3): jfs_create: [ 160.029573][ T7145] [ 160.132714][ T4224] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.136719][ T1108] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 160.144052][ T7153] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 160.172282][ T7151] XFS (loop4): Mounting V5 Filesystem [ 160.198915][ T4224] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 160.258099][ T4187] ocfs2: Unmounting device (7,2) on (node local) [ 160.314248][ T4224] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 160.392564][ T1108] usb 8-1: Using ep0 maxpacket: 32 [ 160.392651][ T4224] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.408605][ T7151] XFS (loop4): Starting recovery (logdev: internal) [ 160.447367][ T7151] XFS (loop4): Ending recovery (logdev: internal) [ 160.470993][ T4224] usb 6-1: config 0 descriptor?? [ 160.512718][ T1108] usb 8-1: config 0 has an invalid interface number: 196 but max is 0 [ 160.528613][ T1108] usb 8-1: config 0 has no interface number 0 [ 160.552669][ T1108] usb 8-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 160.566193][ T26] audit: type=1800 audit(1774066757.422:10): pid=7151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.921" name="file2" dev="loop4" ino=7431 res=0 errno=0 [ 160.603927][ T1108] usb 8-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 160.644913][ T1108] usb 8-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 160.665287][ T1108] usb 8-1: config 0 interface 196 has no altsetting 0 [ 160.687570][ T4194] XFS (loop4): Unmounting Filesystem [ 160.843653][ T1108] usb 8-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a [ 160.863058][ T1108] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.880648][ T1108] usb 8-1: Product: syz [ 160.885462][ T1108] usb 8-1: Manufacturer: syz [ 160.890116][ T1108] usb 8-1: SerialNumber: syz [ 160.897799][ T1108] usb 8-1: config 0 descriptor?? [ 160.924715][ T7159] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 160.977089][ T4224] koneplus 0003:1E7D:2D51.000B: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.5-1/input0 [ 161.017775][ T7171] set_capacity_and_notify: 1 callbacks suppressed [ 161.017786][ T7171] loop3: detected capacity change from 0 to 32768 [ 161.156939][ T7171] [ 161.156939][ T7171] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 161.156939][ T7171] [ 161.192718][ T4224] koneplus 0003:1E7D:2D51.000B: couldn't init struct koneplus_device [ 161.200873][ T4224] koneplus 0003:1E7D:2D51.000B: couldn't install mouse [ 161.202337][ T7171] ERROR: (device loop3): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0 [ 161.202337][ T7171] [ 161.224451][ T7171] ERROR: (device loop3): remounting filesystem as read-only [ 161.231815][ T7171] JFS: Invalid stbl[1] = -128 for inode 2, block = 0 [ 161.240535][ T4224] koneplus: probe of 0003:1E7D:2D51.000B failed with error -71 [ 161.299504][ T4224] usb 6-1: USB disconnect, device number 5 [ 161.409611][ T7188] fido_id[7188]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 161.442725][ T1108] ipheth 8-1:0.196: ipheth_get_macaddr: usb_control_msg: short packet: 0 bytes [ 161.451822][ T1108] ipheth: probe of 8-1:0.196 failed with error -22 [ 161.666632][ T7200] netlink: 88 bytes leftover after parsing attributes in process `syz.3.932'. [ 161.711152][ T4224] usb 8-1: USB disconnect, device number 2 [ 161.755608][ T7194] loop2: detected capacity change from 0 to 8192 [ 161.850899][ T7194] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 161.910343][ T7194] exFAT-fs (loop2): invalid fs_name [ 161.926693][ T7194] exFAT-fs (loop2): failed to read boot sector [ 161.947549][ T7194] exFAT-fs (loop2): failed to recognize exfat type [ 162.119543][ T7185] loop4: detected capacity change from 0 to 40427 [ 162.166653][ T7185] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x1ffff [ 162.225558][ T7185] F2FS-fs (loop4): invalid crc value [ 162.334101][ T7185] F2FS-fs (loop4): Found nat_bits in checkpoint [ 162.537685][ T7185] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 162.824585][ T4224] kernel write not supported for file /input/event0 (pid: 4224 comm: kworker/1:4) [ 162.883375][ T4194] attempt to access beyond end of device [ 162.883375][ T4194] loop4: rw=2049, want=45104, limit=40427 [ 163.096619][ T7255] device macsec0 entered promiscuous mode [ 163.126522][ T7257] genirq: Flags mismatch irq 4. 00000000 (pcl816) vs. 00000000 (ttyS0) [ 163.431967][ T7269] netlink: 'syz.3.957': attribute type 3 has an invalid length. [ 163.516509][ T7269] netlink: 666 bytes leftover after parsing attributes in process `syz.3.957'. [ 165.048380][ T7283] loop7: detected capacity change from 0 to 40427 [ 165.083863][ T7340] loop4: detected capacity change from 0 to 256 [ 165.112255][ T7283] F2FS-fs (loop7): build fault injection attr: rate: 771, type: 0x1ffff [ 165.172353][ T7283] F2FS-fs (loop7): invalid crc value [ 165.177980][ T7309] loop3: detected capacity change from 0 to 32768 [ 165.193151][ T7340] exfat: Deprecated parameter 'utf8' [ 165.224594][ T7340] exfat: Deprecated parameter 'utf8' [ 165.234030][ T7283] F2FS-fs (loop7): Found nat_bits in checkpoint [ 165.256462][ T7309] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.971 (7309) [ 165.297437][ T7340] exfat: Deprecated parameter 'utf8' [ 165.374156][ T7309] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 165.397619][ T7340] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 165.422650][ T7309] BTRFS info (device loop3): force zlib compression, level 3 [ 165.461707][ T7309] BTRFS info (device loop3): force clearing of disk cache [ 165.472699][ T4442] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 165.508356][ T7309] BTRFS info (device loop3): setting nodatasum [ 165.528186][ T7309] BTRFS info (device loop3): allowing degraded mounts [ 165.555331][ T7283] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 165.570437][ T7309] BTRFS info (device loop3): enabling disk space caching [ 165.615546][ T7309] BTRFS info (device loop3): disk space caching is enabled [ 165.695319][ T7309] BTRFS info (device loop3): has skinny extents [ 165.722596][ T4442] usb 3-1: Using ep0 maxpacket: 16 [ 165.781555][ T7367] loop4: detected capacity change from 0 to 512 [ 165.818957][ T7367] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 165.870084][ T6693] attempt to access beyond end of device [ 165.870084][ T6693] loop7: rw=2049, want=45104, limit=40427 [ 165.908867][ T7367] EXT4-fs (loop4): 1 truncate cleaned up [ 165.926736][ T7367] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 166.002934][ T4442] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 166.012028][ T4442] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.024369][ T4442] usb 3-1: Product: syz [ 166.028616][ T4442] usb 3-1: Manufacturer: syz [ 166.033343][ T4442] usb 3-1: SerialNumber: syz [ 166.041890][ T4442] r8152-cfgselector 3-1: config 0 descriptor?? [ 166.101442][ T7309] BTRFS info (device loop3): clearing free space tree [ 166.110968][ T7309] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 166.135087][ T7309] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 166.350831][ T7309] BTRFS info (device loop3): balance: start -f [ 166.352668][ T4442] r8152-cfgselector 3-1: Unknown version 0x0000 [ 166.382293][ T7309] BTRFS info (device loop3): balance: ended with status: 0 [ 166.543504][ T7406] netlink: 88 bytes leftover after parsing attributes in process `syz.7.992'. [ 166.650547][ T4442] r8152-cfgselector 3-1: Unknown version 0x0000 [ 166.680893][ T4442] r8152-cfgselector 3-1: USB disconnect, device number 7 [ 166.753593][ T7405] loop4: detected capacity change from 0 to 4096 [ 166.873168][ T7405] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 167.046896][ T5970] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 167.302639][ T5970] usb 8-1: Using ep0 maxpacket: 16 [ 167.422720][ T5970] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 167.438926][ T5970] usb 8-1: config 0 has no interface number 0 [ 167.457279][ T6379] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 167.459392][ T5970] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.491441][ T5970] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 167.509226][ T5970] usb 8-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 167.534517][ T5970] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.565841][ T5970] usb 8-1: config 0 descriptor?? [ 167.576773][ T7442] loop3: detected capacity change from 0 to 1024 [ 167.732761][ T6379] usb 6-1: Using ep0 maxpacket: 32 [ 167.862957][ T6379] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 167.886854][ T7456] loop2: detected capacity change from 0 to 1024 [ 167.888246][ T6379] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 167.980463][ T7461] loop3: detected capacity change from 0 to 1024 [ 168.067319][ T7461] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,journal_dev=0x00000000000000ff,nogrpid,nobarrier,init_itable,nolazytime,,errors=continue. Quota mode: none. [ 168.102738][ T6379] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 168.122169][ T6379] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.142419][ T6379] usb 6-1: Product: syz [ 168.236271][ T6379] usb 6-1: Manufacturer: syz [ 168.252638][ T5970] uclogic 0003:28BD:0071.000C: failed retrieving string descriptor #100: -71 [ 168.266219][ T6379] usb 6-1: SerialNumber: syz [ 168.271675][ T5970] uclogic 0003:28BD:0071.000C: failed retrieving pen parameters: -71 [ 168.283483][ T5970] uclogic 0003:28BD:0071.000C: pen probing failed: -71 [ 168.291969][ T5970] uclogic 0003:28BD:0071.000C: failed probing parameters: -71 [ 168.299872][ T5970] uclogic: probe of 0003:28BD:0071.000C failed with error -71 [ 168.308606][ T6379] usb 6-1: config 0 descriptor?? [ 168.331453][ T5970] usb 8-1: USB disconnect, device number 3 [ 168.573785][ T7476] device macsec0 entered promiscuous mode [ 168.575997][ T6379] usb 6-1: USB disconnect, device number 6 [ 168.803723][ T7459] loop4: detected capacity change from 0 to 32768 [ 168.887353][ T7459] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.1009 (7459) [ 168.903805][ T7494] loop7: detected capacity change from 0 to 256 [ 168.932154][ T7459] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 168.949133][ T7459] BTRFS info (device loop4): setting nodatacow, compression disabled [ 169.018037][ T7459] BTRFS info (device loop4): setting datasum, datacow enabled [ 169.021526][ T7489] loop3: detected capacity change from 0 to 4096 [ 169.056402][ T7459] BTRFS info (device loop4): force clearing of disk cache [ 169.111901][ T7459] BTRFS info (device loop4): enabling ssd optimizations [ 169.140403][ T7459] BTRFS info (device loop4): using spread ssd allocation scheme [ 169.170987][ T7459] BTRFS info (device loop4): turning on sync discard [ 169.221728][ T7459] BTRFS info (device loop4): enabling disk space caching [ 169.233625][ T7505] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 169.292784][ T7459] BTRFS info (device loop4): enabling auto defrag [ 169.309567][ T7459] BTRFS info (device loop4): turning off barriers [ 169.318629][ T7489] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 648518346341351424 [ 169.342024][ T7459] BTRFS info (device loop4): not using ssd optimizations [ 169.385788][ T7459] BTRFS info (device loop4): not using spread ssd allocation scheme [ 169.410952][ T7489] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=12) [ 169.438518][ T7459] BTRFS info (device loop4): disk space caching is enabled [ 169.495166][ T7459] BTRFS info (device loop4): has skinny extents [ 169.515030][ T7489] Remounting filesystem read-only [ 169.520558][ T7489] NILFS (loop3): error -5 truncating bmap (ino=12) [ 169.698597][ T7536] loop5: detected capacity change from 0 to 128 [ 169.793673][ T4193] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 169.853251][ T7459] BTRFS info (device loop4): clearing free space tree [ 169.887883][ T7459] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 169.967435][ T7554] loop7: detected capacity change from 0 to 256 [ 170.025132][ T7459] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 170.094608][ T7554] exfat: Deprecated parameter 'utf8' [ 170.100149][ T7554] exfat: Deprecated parameter 'utf8' [ 170.162702][ T7554] exfat: Deprecated parameter 'utf8' [ 170.223953][ T7554] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 170.246029][ T7564] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1037'. [ 170.313607][ T26] audit: type=1800 audit(1774066767.172:11): pid=7459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1009" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 170.364546][ T7459] BTRFS info (device loop4): balance: start -sconvert=dup,soft,usage=8,limit=2 [ 170.401914][ T7459] BTRFS info (device loop4): left=0, need=98304, flags=34 [ 170.419941][ T7459] BTRFS info (device loop4): space_info 2 has 0 free, is not full [ 170.428130][ T7459] BTRFS info (device loop4): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 170.441989][ T7459] BTRFS info (device loop4): global_block_rsv: size 851968 reserved 851968 [ 170.450833][ T7459] BTRFS info (device loop4): trans_block_rsv: size 0 reserved 0 [ 170.458583][ T7459] BTRFS info (device loop4): chunk_block_rsv: size 0 reserved 0 [ 170.466369][ T7459] BTRFS info (device loop4): delayed_block_rsv: size 0 reserved 0 [ 170.474258][ T7459] BTRFS info (device loop4): delayed_refs_rsv: size 0 reserved 0 [ 170.506136][ T7459] BTRFS info (device loop4): relocating block group 1048576 flags system [ 170.530097][ T7572] tipc: Started in network mode [ 170.553015][ T7572] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 170.576367][ T7572] tipc: Enabled bearer , priority 4 [ 170.651878][ T7459] BTRFS info (device loop4): balance: ended with status: 0 [ 171.023869][ T7587] loop5: detected capacity change from 0 to 4096 [ 171.105249][ T7587] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512) [ 171.398796][ T7570] [ 171.398796][ T7570] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 171.398796][ T7570] [ 171.483177][ T7570] ERROR: (device loop2): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0 [ 171.483177][ T7570] [ 171.542861][ T7570] ERROR: (device loop2): remounting filesystem as read-only [ 171.575356][ T4191] tipc: Node number set to 8432298 [ 171.602997][ T7570] JFS: Invalid stbl[1] = -128 for inode 2, block = 0 [ 172.409188][ T7641] set_capacity_and_notify: 2 callbacks suppressed [ 172.409206][ T7641] loop7: detected capacity change from 0 to 512 [ 172.491906][ T7641] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 172.617817][ T7641] EXT4-fs (loop7): 1 truncate cleaned up [ 172.627644][ T7613] loop4: detected capacity change from 0 to 32768 [ 172.634929][ T7641] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 172.857488][ T7613] XFS (loop4): Mounting V5 Filesystem [ 172.921580][ T7672] loop2: detected capacity change from 0 to 256 [ 172.980438][ T7613] XFS (loop4): Ending clean mount [ 172.991398][ T7613] XFS (loop4): Quotacheck needed: Please wait. [ 173.129845][ T7613] XFS (loop4): Quotacheck: Done. [ 173.252351][ T7687] loop3: detected capacity change from 0 to 2048 [ 173.278205][ T4194] XFS (loop4): Unmounting Filesystem [ 173.468963][ T7702] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 173.722698][ T4191] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 174.022722][ T4191] usb 3-1: Using ep0 maxpacket: 16 [ 174.152997][ T4191] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 174.161236][ T4191] usb 3-1: config 0 has no interface number 0 [ 174.170361][ T7720] loop5: detected capacity change from 0 to 4096 [ 174.210285][ T4191] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.264065][ T7720] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512) [ 174.274183][ T7741] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1094'. [ 174.299610][ T4191] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.338197][ T4191] usb 3-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 174.399899][ T4191] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.458102][ T4191] usb 3-1: config 0 descriptor?? [ 174.853960][ T5970] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 174.950814][ T7774] loop7: detected capacity change from 0 to 512 [ 175.092678][ T5970] usb 5-1: Using ep0 maxpacket: 8 [ 175.107096][ T7774] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 175.152830][ T4191] uclogic 0003:28BD:0071.000D: failed retrieving string descriptor #100: -71 [ 175.161696][ T4191] uclogic 0003:28BD:0071.000D: failed retrieving pen parameters: -71 [ 175.212808][ T5970] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 128, changing to 7 [ 175.216471][ T4191] uclogic 0003:28BD:0071.000D: pen probing failed: -71 [ 175.256372][ T7783] syz.3.1110 (7783) used obsolete PPPIOCDETACH ioctl [ 175.282179][ T4191] uclogic 0003:28BD:0071.000D: failed probing parameters: -71 [ 175.307871][ T4191] uclogic: probe of 0003:28BD:0071.000D failed with error -71 [ 175.358824][ T4191] usb 3-1: USB disconnect, device number 8 [ 175.381836][ T7765] loop5: detected capacity change from 0 to 32768 [ 175.393287][ T5970] usb 5-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40 [ 175.409894][ T5970] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.438723][ T5970] usb 5-1: Product: syz [ 175.450709][ T5970] usb 5-1: Manufacturer: syz [ 175.462967][ T5970] usb 5-1: SerialNumber: syz [ 175.593399][ T7765] UFO tlock:0xffffc90002852048 [ 175.616112][ T7797] loop3: detected capacity change from 0 to 64 [ 175.627311][ T7765] MetaData crosses page boundary!! [ 175.651163][ T7765] lblock = 6300000010, size = -820051968 [ 175.659462][ T7765] CPU: 0 PID: 7765 Comm: syz.5.1103 Not tainted syzkaller #0 [ 175.666972][ T7765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 175.677056][ T7765] Call Trace: [ 175.680375][ T7765] [ 175.683347][ T7765] dump_stack_lvl+0x188/0x250 [ 175.688068][ T7765] ? show_regs_print_info+0x20/0x20 [ 175.693307][ T7765] ? load_image+0x400/0x400 [ 175.697849][ T7765] ? unlock_page+0x17c/0x1f0 [ 175.702477][ T7765] ? release_metapage+0x2f7/0xe10 [ 175.707536][ T7765] ? unlock_page+0x17c/0x1f0 [ 175.712250][ T7765] __get_metapage+0xbfa/0x1060 [ 175.717061][ T7765] dtSearch+0x5d5/0x2050 [ 175.721465][ T7765] dtDelete+0x123/0x2a40 [ 175.725747][ T7765] ? jfs_rmdir+0x265/0x870 [ 175.730200][ T7765] ? __mutex_lock_common+0x465/0x2400 [ 175.735712][ T7765] ? dtInsertEntry+0x1270/0x1270 [ 175.740709][ T7765] ? _raw_spin_unlock+0x24/0x40 [ 175.745584][ T7765] ? txBegin+0x4b2/0x650 [ 175.749879][ T7765] jfs_rmdir+0x340/0x870 [ 175.754246][ T7765] ? jfs_mkdir+0xad0/0xad0 [ 175.758693][ T7765] ? rwsem_write_trylock+0x135/0x1c0 [ 175.764004][ T7765] ? clear_nonspinnable+0x60/0x60 [ 175.769071][ T7765] ? bpf_lsm_inode_rmdir+0x5/0x10 [ 175.774121][ T7765] ? security_inode_rmdir+0xcb/0x110 [ 175.779442][ T7765] vfs_rmdir+0x1b2/0x430 [ 175.783724][ T7765] do_rmdir+0x2a1/0x740 [ 175.787912][ T7765] ? __phys_addr_symbol+0x2b/0x70 [ 175.792967][ T7765] ? d_delete_notify+0x150/0x150 [ 175.797937][ T7765] ? strncpy_from_user+0x1fb/0x360 [ 175.803087][ T7765] ? getname_flags+0x1fe/0x500 [ 175.807976][ T7765] __x64_sys_rmdir+0x45/0x50 [ 175.812597][ T7765] do_syscall_64+0x4c/0xa0 [ 175.817042][ T7765] ? clear_bhb_loop+0x30/0x80 [ 175.821833][ T7765] ? clear_bhb_loop+0x30/0x80 [ 175.826632][ T7765] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 175.832552][ T7765] RIP: 0033:0x7f62b5552799 [ 175.837003][ T7765] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 175.856641][ T7765] RSP: 002b:00007f62b37ac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 175.865103][ T7765] RAX: ffffffffffffffda RBX: 00007f62b57cbfa0 RCX: 00007f62b5552799 [ 175.873109][ T7765] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000400 [ 175.881113][ T7765] RBP: 00007f62b55e8c99 R08: 0000000000000000 R09: 0000000000000000 [ 175.889113][ T7765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 175.897207][ T7765] R13: 00007f62b57cc038 R14: 00007f62b57cbfa0 R15: 00007ffcc474dc08 [ 175.905412][ T7765] [ 175.939090][ T7765] bread failed! [ 175.947001][ T5970] usb 5-1: selecting invalid altsetting 1 [ 175.957688][ T7765] jfs_rmdir: dtDelete returned -5 [ 175.960738][ T7813] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1115'. [ 175.972678][ T7765] ERROR: (device loop5): jfs_rmdir: [ 175.972678][ T7765] [ 175.990595][ T7765] ERROR: (device loop5): remounting filesystem as read-only [ 176.152795][ T5970] usb 5-1: unit 0 not found! [ 176.168010][ T5970] usb 5-1: selecting invalid altsetting 1 [ 176.325018][ T7824] mmap: syz.7.1121 (7824) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 176.372972][ T5970] usb 5-1: cannot request logical cluster ID: 0 (err: -71) [ 176.390547][ T5970] usb 5-1: invalid MIXER UNIT descriptor 6 [ 176.397246][ T5970] snd-usb-audio: probe of 5-1:1.1 failed with error -71 [ 176.420109][ T5970] usb 5-1: selecting invalid altsetting 1 [ 176.462764][ T5970] usb 5-1: cannot request logical cluster ID: 0 (err: -71) [ 176.488568][ T5970] usb 5-1: invalid MIXER UNIT descriptor 6 [ 176.534241][ T5970] snd-usb-audio: probe of 5-1:1.2 failed with error -71 [ 176.583024][ T5970] usb 5-1: USB disconnect, device number 6 [ 176.625919][ T4175] udevd[4175]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 177.408277][ T7836] loop3: detected capacity change from 0 to 32768 [ 177.464639][ T7836] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.1124 (7836) [ 177.529447][ T7836] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 177.552700][ T7836] BTRFS info (device loop3): enabling disk space caching [ 177.582830][ T7836] BTRFS info (device loop3): enabling ssd optimizations [ 177.594573][ T7836] BTRFS info (device loop3): force clearing of disk cache [ 177.601796][ T7836] BTRFS info (device loop3): turning off barriers [ 177.609536][ T7838] loop7: detected capacity change from 0 to 32768 [ 177.616710][ T7836] BTRFS info (device loop3): setting nodatacow, compression disabled [ 177.638707][ T7836] BTRFS info (device loop3): using spread ssd allocation scheme [ 177.648648][ T7836] BTRFS info (device loop3): disk space caching is enabled [ 177.662152][ T7836] BTRFS info (device loop3): has skinny extents [ 177.762671][ T23] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 177.879932][ T7836] BTRFS info (device loop3): clearing free space tree [ 177.912259][ T7836] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 178.003331][ T7836] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 178.042670][ T23] usb 3-1: Using ep0 maxpacket: 32 [ 178.068974][ T7902] loop4: detected capacity change from 0 to 512 [ 178.120098][ T26] audit: type=1800 audit(1774066774.972:12): pid=7836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1124" name="file3" dev="loop3" ino=261 res=0 errno=0 [ 178.174290][ T23] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 178.182347][ T23] usb 3-1: config 0 has no interface number 0 [ 178.308104][ T7902] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.1143: couldn't read orphan inode 26 (err -116) [ 178.324984][ T7885] loop5: detected capacity change from 0 to 40427 [ 178.346818][ T7902] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 178.363283][ T4173] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 10 /dev/loop3 scanned by udevd (4173) [ 178.368829][ T7902] ext4 filesystem being mounted at /204/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 178.415032][ T23] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 178.426418][ T7885] F2FS-fs (loop5): invalid crc value [ 178.464789][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.475970][ T7885] F2FS-fs (loop5): Found nat_bits in checkpoint [ 178.509708][ T23] usb 3-1: Product: syz [ 178.540138][ T23] usb 3-1: Manufacturer: syz [ 178.556296][ T23] usb 3-1: SerialNumber: syz [ 178.591451][ T23] usb 3-1: config 0 descriptor?? [ 178.647074][ T23] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 178.662621][ T23] usb 3-1: selecting invalid altsetting 1 [ 178.666416][ T7885] F2FS-fs (loop5): Start checkpoint disabled! [ 178.670870][ T23] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 178.711674][ T7885] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 178.713883][ T23] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 178.747758][ T23] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 178.766736][ T23] usb 3-1: media controller created [ 178.800628][ T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 179.009351][ T7912] loop3: detected capacity change from 0 to 256 [ 179.073508][ T7912] exfat: Deprecated parameter 'namecase' [ 179.079597][ T7912] exfat: Deprecated parameter 'utf8' [ 179.159457][ T7912] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x22785e93, utbl_chksum : 0xe619d30d) [ 179.204845][ T7918] loop4: detected capacity change from 0 to 1024 [ 179.232397][ T7920] loop7: detected capacity change from 0 to 1024 [ 179.356983][ T4228] hfsplus: b-tree write err: -5, ino 25 [ 179.364846][ T4228] hfsplus: b-tree write err: -5, ino 4 [ 179.383746][ T7920] hfsplus: bad catalog entry type [ 179.398475][ T4228] hfsplus: b-tree write err: -5, ino 2 [ 179.587683][ T7930] loop5: detected capacity change from 0 to 256 [ 179.684364][ T7930] exfat: Deprecated parameter 'utf8' [ 179.766812][ T7936] loop7: detected capacity change from 0 to 4096 [ 179.893845][ T7930] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xf6c34595, utbl_chksum : 0xe619d30d) [ 180.008993][ T7938] loop3: detected capacity change from 0 to 32768 [ 180.029957][ T7940] loop4: detected capacity change from 0 to 128 [ 180.042933][ T7873] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 180.061084][ T7938] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 180.070269][ T7938] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 180.070764][ T7936] ntfs3: loop7: Different NTFS' sector size (2048) and media sector size (512) [ 180.099021][ T7938] gfs2: fsid=syz:syz.0: fatal: invalid metadata block [ 180.099021][ T7938] bh = 19 (type: exp=5, found=4) [ 180.099021][ T7938] function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 493 [ 180.103975][ T7940] VFS: Found a Xenix FS (block size = 1024) on device loop4 [ 180.120114][ T7938] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 180.120673][ T7938] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 180.128468][ T23] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 180.135982][ T7938] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 180.159233][ T7938] gfs2: fsid=syz:syz.0: File system withdrawn [ 180.165396][ T7938] CPU: 0 PID: 7938 Comm: syz.3.1157 Not tainted syzkaller #0 [ 180.172803][ T7938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 180.182886][ T7938] Call Trace: [ 180.186188][ T7938] [ 180.189141][ T7938] dump_stack_lvl+0x188/0x250 [ 180.193849][ T7938] ? kobject_uevent_env+0x371/0x890 [ 180.199079][ T7938] ? show_regs_print_info+0x20/0x20 [ 180.204311][ T7938] ? load_image+0x400/0x400 [ 180.208927][ T7938] ? kobject_uevent_env+0x371/0x890 [ 180.214154][ T7938] gfs2_withdraw+0x1149/0x1490 [ 180.218945][ T7938] ? gfs2_lm+0x240/0x240 [ 180.223202][ T7938] ? gfs2_meta_read+0x7de/0xa60 [ 180.228152][ T7938] ? gfs2_meta_read+0x7de/0xa60 [ 180.233003][ T7938] ? gfs2_meta_new+0x160/0x160 [ 180.237772][ T7938] gfs2_metatype_check_ii+0x74/0x90 [ 180.242974][ T7938] gfs2_meta_buffer+0x262/0x310 [ 180.247935][ T7938] __fillup_metapath+0x14d/0x340 [ 180.252880][ T7938] __gfs2_iomap_get+0x709/0x1400 [ 180.257834][ T7938] ? gfs2_alloc_extent+0x580/0x580 [ 180.262950][ T7938] ? rcu_is_watching+0x11/0xa0 [ 180.267723][ T7938] gfs2_block_map+0x2a0/0x740 [ 180.272412][ T7938] ? gfs2_iomap_end+0x7a0/0x7a0 [ 180.277262][ T7938] ? mark_lock+0x94/0x320 [ 180.281592][ T7938] ? verify_lock_unused+0x140/0x140 [ 180.286802][ T7938] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 180.292821][ T7938] ? lockdep_hardirqs_on+0x94/0x140 [ 180.298029][ T7938] gfs2_write_alloc_required+0x3ae/0x680 [ 180.303667][ T7938] ? gfs2_map_journal_extents+0xb10/0xb10 [ 180.309407][ T7938] ? _raw_spin_unlock+0x24/0x40 [ 180.314257][ T7938] ? gfs2_glock_nq+0xcb0/0x1550 [ 180.319125][ T7938] gfs2_jdesc_check+0x1c3/0x290 [ 180.323977][ T7938] init_journal+0xd02/0x22f0 [ 180.328612][ T7938] ? end_bio_io_page+0x100/0x100 [ 180.333639][ T7938] ? vsnprintf+0x1b21/0x1c20 [ 180.338336][ T7938] ? snprintf+0xe5/0x140 [ 180.342600][ T7938] ? init_journal+0x74d/0x22f0 [ 180.347373][ T7938] ? vscnprintf+0x80/0x80 [ 180.351703][ T7938] ? gfs2_glock_nq_num+0x17a/0x1b0 [ 180.356833][ T7938] init_inodes+0xdb/0x320 [ 180.361168][ T7938] gfs2_fill_super+0x16b2/0x1f00 [ 180.366125][ T7938] ? gfs2_reconfigure+0xd30/0xd30 [ 180.371335][ T7938] ? gfs2_glock_nq_num+0x82/0x1b0 [ 180.376462][ T7938] ? sb_set_blocksize+0xa5/0xe0 [ 180.381319][ T7938] get_tree_bdev+0x3f1/0x610 [ 180.385916][ T7938] ? gfs2_reconfigure+0xd30/0xd30 [ 180.390944][ T7938] gfs2_get_tree+0x4d/0x1e0 [ 180.395451][ T7938] vfs_get_tree+0x88/0x270 [ 180.399869][ T7938] do_new_mount+0x24a/0xa40 [ 180.404385][ T7938] __se_sys_mount+0x2e3/0x3d0 [ 180.409071][ T7938] ? __x64_sys_mount+0xc0/0xc0 [ 180.413929][ T7938] ? lockdep_hardirqs_on+0x94/0x140 [ 180.419129][ T7938] ? __x64_sys_mount+0x1c/0xc0 [ 180.423898][ T7938] do_syscall_64+0x4c/0xa0 [ 180.428317][ T7938] ? clear_bhb_loop+0x30/0x80 [ 180.432993][ T7938] ? clear_bhb_loop+0x30/0x80 [ 180.437855][ T7938] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 180.443749][ T7938] RIP: 0033:0x7f909d9f2a0a [ 180.448173][ T7938] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 180.467780][ T7938] RSP: 002b:00007f909bc4ae58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 180.476208][ T7938] RAX: ffffffffffffffda RBX: 00007f909bc4aee0 RCX: 00007f909d9f2a0a [ 180.484180][ T7938] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007f909bc4aea0 [ 180.492152][ T7938] RBP: 0000200000000400 R08: 00007f909bc4aee0 R09: 0000000000210401 [ 180.500134][ T7938] R10: 0000000000210401 R11: 0000000000000246 R12: 0000200000012500 [ 180.508273][ T7938] R13: 00007f909bc4aea0 R14: 000000000001263f R15: 0000200000000000 [ 180.516270][ T7938] [ 180.521193][ T7938] gfs2: fsid=syz:syz.0: my journal (0) is bad: -5 [ 180.540558][ T23] zl10353_read_register: readreg error (reg=127, ret==-71) [ 180.593419][ T23] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 180.718315][ T4194] sysv_free_block: flc_count > flc_size [ 180.740007][ T4194] sysv_free_block: flc_count > flc_size [ 180.781854][ T4194] sysv_free_block: flc_count > flc_size [ 180.789962][ T23] usb 3-1: USB disconnect, device number 9 [ 180.813795][ T4194] sysv_free_block: flc_count > flc_size [ 180.819396][ T4194] sysv_free_block: flc_count > flc_size [ 180.865658][ T4194] sysv_free_block: flc_count > flc_size [ 180.892945][ T4194] sysv_free_block: flc_count > flc_size [ 180.898604][ T4194] sysv_free_block: flc_count > flc_size [ 180.916884][ T4194] sysv_free_block: flc_count > flc_size [ 180.922473][ T4194] sysv_free_block: flc_count > flc_size [ 180.942667][ T26] audit: type=1800 audit(1774066777.792:13): pid=7936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1155" name="file2" dev="loop7" ino=31 res=0 errno=0 [ 180.972761][ T4227] Bluetooth: hci2: command 0x0406 tx timeout [ 180.975719][ T6379] Bluetooth: hci1: command 0x0406 tx timeout [ 181.007155][ T4194] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 181.011503][ T6379] Bluetooth: hci3: command 0x0406 tx timeout [ 181.209746][ T7951] EXT4-fs (loop4): Ignoring removed nobh option [ 181.303627][ T7951] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 181.328604][ T7959] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1167'. [ 181.382121][ T7951] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.1160: invalid indirect mapped block 256 (level 1) [ 181.499091][ T7951] EXT4-fs (loop4): Remounting filesystem read-only [ 181.507501][ T7951] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.1160: invalid indirect mapped block 2683928664 (level 1) [ 181.573084][ T7951] EXT4-fs (loop4): Remounting filesystem read-only [ 181.603531][ T7951] EXT4-fs (loop4): 1 truncate cleaned up [ 181.609238][ T7951] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,jqfmt=vfsv1,nobh,nodioread_nolock,discard,usrjquota=.errors=continue,errors=remount-ro,jqfmt=vfsv0,discard,,. Quota mode: writeback. [ 181.658393][ T414] hfsplus: b-tree write err: -5, ino 25 [ 181.665691][ T414] hfsplus: b-tree write err: -5, ino 4 [ 181.701752][ T414] hfsplus: b-tree write err: -5, ino 2 [ 181.729140][ T414] hfsplus: b-tree write err: -5, ino 26 [ 181.796034][ T7973] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512) [ 181.952992][ T7973] ntfs3: loop5: ino=5, "/" directory corrupted [ 181.959818][ T7973] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 182.042719][ T7973] ntfs3: loop5: ino=5, "/" directory corrupted [ 182.661085][ T8013] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpjquota=,barrier=0x0000000000000001,,errors=continue. Quota mode: none. [ 182.784993][ T8013] ext4 filesystem being mounted at /160/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 182.796470][ T7993] set_capacity_and_notify: 4 callbacks suppressed [ 182.796486][ T7993] loop2: detected capacity change from 0 to 32768 [ 182.813523][ T8013] EXT4-fs warning (device loop5): ext4_dirblock_csum_verify:406: inode #2: comm syz.5.1193: No space for directory leaf checksum. Please run e2fsck -D. [ 182.854507][ T8013] EXT4-fs error (device loop5): htree_dirblock_to_tree:1083: inode #2: comm syz.5.1193: Directory block failed checksum [ 183.033193][ T8022] loop4: detected capacity change from 0 to 8192 [ 183.339147][ T8043] sp1: Synchronizing with TNC [ 183.349519][ T8044] sp0: Synchronizing with TNC [ 183.385310][ T8040] [U] è` [ 183.639949][ T8058] loop4: detected capacity change from 0 to 256 [ 183.673536][ T8059] loop5: detected capacity change from 0 to 256 [ 183.734594][ T8058] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 183.829427][ T8058] FAT-fs (loop4): Filesystem has been set read-only [ 183.872261][ T8058] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 183.925683][ T8058] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 184.092834][ T1108] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 184.238460][ T8088] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1228'. [ 184.269487][ T8082] Invalid ELF header magic: != ELF [ 184.366128][ T8094] loop3: detected capacity change from 0 to 512 [ 184.407833][ T8094] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 184.438389][ T8094] EXT4-fs (loop3): 1 truncate cleaned up [ 184.453236][ T1108] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 184.461074][ T8094] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 184.479311][ T1108] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 184.492729][ T23] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 184.506087][ T8094] EXT4-fs error (device loop3): ext4_get_parent:1910: comm syz.3.1232: inode #2: comm syz.3.1232: iget: illegal inode # [ 184.526144][ T1108] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 184.560835][ T8102] device vlan5 entered promiscuous mode [ 184.566938][ T8102] device bridge0 entered promiscuous mode [ 184.575283][ T8102] IPv6: ADDRCONF(NETDEV_CHANGE): vlan5: link becomes ready [ 184.732870][ T1108] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 184.741966][ T1108] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.761341][ T1108] usb 6-1: Product: syz [ 184.765644][ T1108] usb 6-1: Manufacturer: syz [ 184.770293][ T1108] usb 6-1: SerialNumber: syz [ 184.876134][ T8116] loop3: detected capacity change from 0 to 512 [ 184.893162][ T23] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 184.913224][ T23] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 184.925315][ T8120] device bridge1 entered promiscuous mode [ 184.934996][ T23] usb 8-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.01 [ 184.948211][ T8120] team0: Port device bridge1 added [ 184.953487][ T23] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.991988][ T23] usb 8-1: config 0 descriptor?? [ 185.011558][ T8116] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 185.055420][ T1108] cdc_ncm 6-1:1.0: CDC Union missing and no IAD found [ 185.062927][ T8116] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 185.069280][ T1108] cdc_ncm 6-1:1.0: bind() failure [ 185.071086][ T8116] System zones: [ 185.090655][ T1108] usb 6-1: USB disconnect, device number 7 [ 185.094635][ T8116] 0-1, 15-15, 18-18, 34-34 [ 185.141107][ T8116] EXT4-fs (loop3): orphan cleanup on readonly fs [ 185.156332][ T8116] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 185.188783][ T8116] EXT4-fs warning (device loop3): ext4_enable_quotas:6486: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 185.209182][ T8116] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 185.218273][ T8116] EXT4-fs (loop3): 1 truncate cleaned up [ 185.224323][ T8116] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 185.231966][ T8129] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1247'. [ 185.310987][ T8116] EXT4-fs (loop3): changing journal_checksum during remount not supported; ignoring [ 185.325101][ T8116] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 185.349818][ T8116] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c054e098, mo2=000a] [ 185.455232][ T8137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.494607][ T8137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.506359][ T23] arvo 0003:1E7D:30D4.000E: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.7-1/input0 [ 185.518517][ T8137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.525810][ T8140] loop4: detected capacity change from 0 to 64 [ 185.529645][ T8137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.559322][ T8137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.579733][ T8137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.590263][ T8137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.602320][ T8137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.620890][ T8140] Trying to free block not in datazone [ 185.626940][ T8137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.647359][ T8137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.659376][ T8137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 185.670068][ T8137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.683119][ T8137] device macsec2 entered promiscuous mode [ 185.699939][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): vlan5: link becomes ready [ 185.707592][ T23] arvo 0003:1E7D:30D4.000E: couldn't init struct arvo_device [ 185.723173][ T23] arvo 0003:1E7D:30D4.000E: couldn't install keyboard [ 185.770016][ T23] arvo: probe of 0003:1E7D:30D4.000E failed with error -71 [ 185.821425][ T23] usb 8-1: USB disconnect, device number 4 [ 186.052056][ T8151] fido_id[8151]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/report_descriptor': No such file or directory [ 186.103804][ T8161] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1260'. [ 186.158864][ T8163] loop2: detected capacity change from 0 to 1024 [ 186.301749][ T8163] Process accounting resumed [ 186.376745][ T9] hfsplus: b-tree write err: -5, ino 25 [ 186.401027][ T9] hfsplus: b-tree write err: -5, ino 4 [ 186.402835][ T8172] netlink: 'syz.5.1266': attribute type 4 has an invalid length. [ 186.432345][ T9] hfsplus: b-tree write err: -5, ino 2 [ 186.454361][ T9] hfsplus: b-tree write err: -5, ino 20 [ 186.472795][ T8172] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1266'. [ 186.762073][ T8194] loop4: detected capacity change from 0 to 256 [ 186.816276][ T8197] use of bytesused == 0 is deprecated and will be removed in the future, [ 186.861766][ T8194] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 186.880796][ T8197] use the actual size instead. [ 187.144163][ T8213] loop4: detected capacity change from 0 to 1764 [ 187.244956][ T8213] attempt to access beyond end of device [ 187.244956][ T8213] loop4: rw=0, want=7180648576, limit=1764 [ 187.259587][ T8213] Buffer I/O error on dev loop4, logical block 1795162143, async page read [ 187.294559][ T8213] attempt to access beyond end of device [ 187.294559][ T8213] loop4: rw=0, want=7180648576, limit=1764 [ 187.340196][ T8213] Buffer I/O error on dev loop4, logical block 1795162143, async page read [ 187.364832][ T26] audit: type=1800 audit(1774066784.222:14): pid=8213 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1283" name="file0" dev="loop4" ino=1923 res=0 errno=0 [ 187.402287][ T8227] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 187.429458][ T8227] FAT-fs (loop7): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 187.502642][ T4191] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 187.545774][ T9] FAT-fs (loop7): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 187.559373][ T8235] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1293'. [ 187.782659][ T4191] usb 4-1: Using ep0 maxpacket: 32 [ 187.877845][ T8248] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 187.902919][ T4191] usb 4-1: config index 0 descriptor too short (expected 6701, got 45) [ 187.940010][ T4191] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 187.961788][ T8248] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.1298: bg 0: block 393: padding at end of block bitmap is not set [ 188.060404][ T4191] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 188.072794][ T1108] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 188.112341][ T8248] EXT4-fs (loop2): Remounting filesystem read-only [ 188.122605][ T8248] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6192: Corrupt filesystem [ 188.143123][ T4191] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 188.163788][ T8248] EXT4-fs (loop2): Remounting filesystem read-only [ 188.170934][ T8248] EXT4-fs (loop2): 2 truncates cleaned up [ 188.180029][ T4191] usb 4-1: config 0 interface 0 has no altsetting 0 [ 188.202674][ T8248] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodiscard,jqfmt=vfsv0,errors=remount-ro,noquota,. Quota mode: writeback. [ 188.215799][ T4191] usb 4-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.9d [ 188.271287][ T4191] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.290993][ T4191] usb 4-1: config 0 descriptor?? [ 188.442797][ T1108] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 188.469639][ T1108] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 188.489287][ T1108] usb 5-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 188.505883][ T1108] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.533995][ T1108] usb 5-1: config 0 descriptor?? [ 188.579033][ T8255] set_capacity_and_notify: 3 callbacks suppressed [ 188.579053][ T8255] loop5: detected capacity change from 0 to 32768 [ 188.743743][ T8255] XFS (loop5): Mounting V5 Filesystem [ 188.784513][ T4191] logitech 0003:046D:CA03.000F: unknown main item tag 0x0 [ 188.801299][ T4191] logitech 0003:046D:CA03.000F: unknown main item tag 0x0 [ 188.827085][ T8280] loop2: detected capacity change from 0 to 4096 [ 188.836553][ T4191] logitech 0003:046D:CA03.000F: unknown main item tag 0x0 [ 188.858763][ T4191] logitech 0003:046D:CA03.000F: unknown main item tag 0x0 [ 188.877893][ T4191] logitech 0003:046D:CA03.000F: unknown main item tag 0x0 [ 188.885671][ T4191] logitech 0003:046D:CA03.000F: unknown main item tag 0x0 [ 188.920736][ T4191] logitech 0003:046D:CA03.000F: unknown main item tag 0x0 [ 188.946774][ T8288] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 188.955696][ T8255] XFS (loop5): Ending clean mount [ 188.981568][ T4191] logitech 0003:046D:CA03.000F: hidraw0: USB HID v0.00 Device [HID 046d:ca03] on usb-dummy_hcd.3-1/input0 [ 189.005558][ T1108] itetech 0003:06CB:73F5.0010: collection stack underflow [ 189.023444][ T1108] itetech 0003:06CB:73F5.0010: item 0 0 0 12 parsing failed [ 189.032644][ T4191] logitech 0003:046D:CA03.000F: no inputs found [ 189.040440][ T1108] itetech: probe of 0003:06CB:73F5.0010 failed with error -22 [ 189.041372][ T8255] XFS (loop5): Quotacheck needed: Please wait. [ 189.084043][ T4191] usb 4-1: USB disconnect, device number 8 [ 189.206174][ T8291] fido_id[8291]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 189.229811][ T5970] usb 5-1: USB disconnect, device number 7 [ 189.254340][ T8255] XFS (loop5): Quotacheck: Done. [ 189.384582][ T5382] XFS (loop5): Unmounting Filesystem [ 189.727430][ T8290] loop7: detected capacity change from 0 to 32768 [ 189.787166][ T8305] loop3: detected capacity change from 0 to 512 [ 189.892604][ T5970] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 189.915634][ T8305] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 189.917926][ T8313] loop4: detected capacity change from 0 to 1024 [ 189.944086][ T8290] XFS (loop7): Mounting V5 Filesystem [ 189.949832][ T8316] loop5: detected capacity change from 0 to 128 [ 189.958637][ T8305] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 189.971656][ T8305] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a84ee02c, mo2=0002] [ 189.993365][ T8305] System zones: 1-12 [ 190.004963][ T8305] EXT4-fs (loop3): orphan cleanup on readonly fs [ 190.020304][ T8313] hfsplus: bad catalog entry type [ 190.029890][ T8290] XFS (loop7): Ending clean mount [ 190.037147][ T8290] XFS (loop7): Quotacheck needed: Please wait. [ 190.067833][ T8316] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 190.106126][ T8305] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 33619980: comm syz.3.1321: invalid block [ 190.153087][ T8316] ext4 filesystem being mounted at /176/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 190.158423][ T5970] usb 3-1: Using ep0 maxpacket: 16 [ 190.175543][ T144] hfsplus: b-tree write err: -5, ino 25 [ 190.188304][ T8305] EXT4-fs (loop3): Remounting filesystem read-only [ 190.195652][ T8305] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.1321: invalid indirect mapped block 2 (level 2) [ 190.243178][ T144] hfsplus: b-tree write err: -5, ino 4 [ 190.248786][ T144] hfsplus: b-tree write err: -5, ino 2 [ 190.258324][ T8305] EXT4-fs (loop3): Remounting filesystem read-only [ 190.271086][ T8290] XFS (loop7): Quotacheck: Done. [ 190.278075][ T8305] EXT4-fs (loop3): 1 truncate cleaned up [ 190.295971][ T8305] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,stripe=0x0000000000000006,usrquota,errors=remount-ro,max_dir_size_kb=0x0000000000000009. Quota mode: writeback. [ 190.314650][ T5970] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 190.314698][ T5970] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 190.314723][ T5970] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 190.373538][ T6693] XFS (loop7): Unmounting Filesystem [ 190.482922][ T5970] usb 3-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 190.492113][ T5970] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.500935][ T5970] usb 3-1: Product: syz [ 190.513161][ T5970] usb 3-1: Manufacturer: syz [ 190.521957][ T5970] usb 3-1: SerialNumber: syz [ 190.537813][ T5970] usb 3-1: config 0 descriptor?? [ 190.583511][ T5970] mcba_usb 3-1:0.0: Can't find endpoints [ 190.837324][ T21] usb 3-1: USB disconnect, device number 10 [ 190.970999][ T8346] loop5: detected capacity change from 0 to 1024 [ 191.047160][ T8346] EXT4-fs (loop5): Ignoring removed oldalloc option [ 191.065241][ T8346] EXT4-fs (loop5): Ignoring removed bh option [ 191.077859][ T8346] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 191.136810][ T8343] loop3: detected capacity change from 0 to 8192 [ 191.159379][ T8346] EXT4-fs (loop5): mounted filesystem without journal. Opts: delalloc,data_err=abort,bsddf,usrquota,data_err=ignore,init_itable,oldalloc,grpquota,noload,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 191.180908][ C0] vkms_vblank_simulate: vblank timer overrun [ 191.245279][ T8343] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 191.696528][ T8380] loop5: detected capacity change from 0 to 1024 [ 191.888678][ T8380] Process accounting resumed [ 191.926712][ T4236] hfsplus: b-tree write err: -5, ino 25 [ 191.932824][ T4236] hfsplus: b-tree write err: -5, ino 4 [ 191.938514][ T4236] hfsplus: b-tree write err: -5, ino 2 [ 191.951261][ T4236] hfsplus: b-tree write err: -5, ino 20 [ 192.170948][ T8402] loop4: detected capacity change from 0 to 64 [ 192.288715][ T8402] hfs: unable to locate alternate MDB [ 192.318175][ T8402] hfs: continuing without an alternate MDB [ 192.372749][ T8412] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 192.433970][ T8412] Zero length message leads to an empty skb [ 192.708120][ T8366] XFS (loop2): Mounting V5 Filesystem [ 192.901041][ T8366] XFS (loop2): Ending clean mount [ 192.908969][ T8366] XFS (loop2): Quotacheck needed: Please wait. [ 192.914905][ T8444] exfat: Deprecated parameter 'utf8' [ 192.921836][ T8440] exfat: Deprecated parameter 'utf8' [ 192.927621][ T8444] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xf6c34595, utbl_chksum : 0xe619d30d) [ 192.972290][ T8450] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1373'. [ 193.011751][ T8440] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 193.029829][ T8366] XFS (loop2): Quotacheck: Done. [ 193.029856][ T8450] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1373'. [ 193.164592][ T4187] XFS (loop2): Unmounting Filesystem [ 193.313575][ T8460] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1378'. [ 193.378175][ T8456] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 193.552402][ T8456] ntfs3: loop4: failed to convert "c46c" to cp855 [ 193.621849][ T8466] device veth1_to_team entered promiscuous mode [ 194.030434][ T8479] sock: sock_set_timeout: `syz.7.1389' (pid 8479) tries to set negative timeout [ 194.137332][ T8487] set_capacity_and_notify: 5 callbacks suppressed [ 194.137350][ T8487] loop4: detected capacity change from 0 to 256 [ 194.189614][ T8491] loop2: detected capacity change from 0 to 256 [ 194.209224][ T8487] exfat: Deprecated parameter 'utf8' [ 194.267292][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.275546][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.287247][ T8491] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66dc59, utbl_chksum : 0xe619d30d) [ 194.312647][ T4442] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 194.350847][ T8487] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf6c34595, utbl_chksum : 0xe619d30d) [ 194.572584][ T4442] usb 6-1: Using ep0 maxpacket: 16 [ 194.611591][ T8505] loop2: detected capacity change from 0 to 256 [ 194.742325][ T8505] FAT-fs (loop2): Directory bread(block 64) failed [ 194.750190][ T8505] FAT-fs (loop2): Directory bread(block 65) failed [ 194.763347][ T4191] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 194.768551][ T8505] FAT-fs (loop2): Directory bread(block 66) failed [ 194.777988][ T8505] FAT-fs (loop2): Directory bread(block 67) failed [ 194.785441][ T8505] FAT-fs (loop2): Directory bread(block 68) failed [ 194.792441][ T8505] FAT-fs (loop2): Directory bread(block 69) failed [ 194.800048][ T8505] FAT-fs (loop2): Directory bread(block 70) failed [ 194.819992][ T8505] FAT-fs (loop2): Directory bread(block 71) failed [ 194.827044][ T8505] FAT-fs (loop2): Directory bread(block 72) failed [ 194.843990][ T8505] FAT-fs (loop2): Directory bread(block 73) failed [ 194.852982][ T4442] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 194.876806][ T4442] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.893999][ T4442] usb 6-1: Product: syz [ 194.901158][ T4442] usb 6-1: Manufacturer: syz [ 194.906980][ T4442] usb 6-1: SerialNumber: syz [ 194.914373][ T4442] r8152-cfgselector 6-1: config 0 descriptor?? [ 194.951088][ T8515] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1405'. [ 195.022661][ T4191] usb 4-1: Using ep0 maxpacket: 8 [ 195.032257][ T8519] loop4: detected capacity change from 0 to 512 [ 195.058835][ T8519] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 195.164467][ T4191] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 128, changing to 7 [ 195.192655][ T4442] r8152-cfgselector 6-1: Unknown version 0x0000 [ 195.302746][ T1108] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 195.385575][ T4191] usb 4-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40 [ 195.405155][ T4191] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.421124][ T8517] loop2: detected capacity change from 0 to 32768 [ 195.427768][ T4191] usb 4-1: Product: syz [ 195.432005][ T4191] usb 4-1: Manufacturer: syz [ 195.438799][ T4191] usb 4-1: SerialNumber: syz [ 195.462759][ T4442] r8152-cfgselector 6-1: Unknown version 0x0000 [ 195.478196][ T4442] r8152-cfgselector 6-1: USB disconnect, device number 8 [ 195.562670][ T1108] usb 8-1: Using ep0 maxpacket: 8 [ 195.620939][ T8517] XFS (loop2): Mounting V5 Filesystem [ 195.682979][ T1108] usb 8-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=4d.89 [ 195.702911][ T1108] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.730889][ T4191] usb 4-1: selecting invalid altsetting 1 [ 195.776859][ T1108] usb 8-1: config 0 descriptor?? [ 195.817218][ T8517] XFS (loop2): Ending clean mount [ 195.846548][ T1108] gm12u320 8-1:0.0: [drm:gm12u320_set_ecomode] *ERROR* Misc. req. error -22 [ 195.872528][ T1108] gm12u320: probe of 8-1:0.0 failed with error -5 [ 195.884930][ T4187] XFS (loop2): Unmounting Filesystem [ 195.897946][ T1108] usb-storage 8-1:0.0: USB Mass Storage device detected [ 195.920529][ T1108] usb-storage 8-1:0.0: device ignored [ 195.955708][ T4191] usb 4-1: unit 0 not found! [ 195.995124][ T4191] usb 4-1: selecting invalid altsetting 1 [ 196.064284][ T4227] usb 8-1: USB disconnect, device number 5 [ 196.066236][ T8553] netlink: 'syz.5.1421': attribute type 3 has an invalid length. [ 196.162642][ T4191] usb 4-1: cannot request logical cluster ID: 0 (err: -71) [ 196.169917][ T4191] usb 4-1: invalid MIXER UNIT descriptor 6 [ 196.194892][ T4191] snd-usb-audio: probe of 4-1:1.1 failed with error -71 [ 196.228197][ T4191] usb 4-1: selecting invalid altsetting 1 [ 196.252980][ T4191] usb 4-1: cannot request logical cluster ID: 0 (err: -71) [ 196.260587][ T4191] usb 4-1: invalid MIXER UNIT descriptor 6 [ 196.344561][ T4191] snd-usb-audio: probe of 4-1:1.2 failed with error -71 [ 196.388529][ T4191] usb 4-1: USB disconnect, device number 9 [ 196.426582][ T4173] udevd[4173]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 196.632352][ T8571] loop2: detected capacity change from 0 to 4096 [ 196.657340][ T8575] loop7: detected capacity change from 0 to 64 [ 196.758840][ T8582] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 196.795846][ T8586] loop3: detected capacity change from 0 to 64 [ 196.980028][ T8586] Trying to free block not in datazone [ 197.179438][ T8603] loop7: detected capacity change from 0 to 256 [ 197.500506][ T8615] loop5: detected capacity change from 0 to 4096 [ 197.541843][ T8615] ntfs3: loop5: Different NTFS' sector size (2048) and media sector size (512) [ 197.572053][ T8615] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 197.685558][ T8615] ntfs3: loop5: Failed to load $Extend. [ 198.513880][ T21] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 198.727166][ T8649] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 198.730148][ T8646] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 198.792320][ T4173] udevd[4173]: incorrect nilfs2 checksum on /dev/loop3 [ 198.850404][ T8650] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 198.864628][ T8640] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 198.903742][ T21] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 198.935630][ T21] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 198.949075][ T8640] Remounting filesystem read-only [ 198.980635][ T21] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 199.001541][ T8626] XFS (loop7): Mounting V5 Filesystem [ 199.017773][ T4187] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [ 199.183213][ T21] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 199.196830][ T21] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.199945][ T8662] set_capacity_and_notify: 5 callbacks suppressed [ 199.199958][ T8662] loop2: detected capacity change from 0 to 2048 [ 199.236650][ T21] usb 5-1: Product: syz [ 199.242352][ T21] usb 5-1: Manufacturer: syz [ 199.247552][ T21] usb 5-1: SerialNumber: syz [ 199.255405][ T8626] XFS (loop7): Ending clean mount [ 199.257409][ T8664] loop3: detected capacity change from 0 to 512 [ 199.289177][ T6693] XFS (loop7): Unmounting Filesystem [ 199.311147][ T8664] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 199.332873][ T8664] ext4 filesystem being mounted at /334/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 199.404566][ T8668] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 199.544474][ T21] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found [ 199.551389][ T21] cdc_ncm 5-1:1.0: bind() failure [ 199.616273][ T21] usb 5-1: USB disconnect, device number 8 [ 199.832369][ T8675] netlink: 4356 bytes leftover after parsing attributes in process `syz.3.1471'. [ 200.017952][ T8677] loop2: detected capacity change from 0 to 4096 [ 200.196649][ T8683] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 200.212334][ T8677] attempt to access beyond end of device [ 200.212334][ T8677] loop2: rw=0, want=26388279066824, limit=4096 [ 200.234397][ T8685] loop4: detected capacity change from 0 to 256 [ 200.282317][ T8685] exfat: Deprecated parameter 'utf8' [ 200.296047][ T8677] NILFS (loop2): I/O error reading meta-data file (ino=6, block-offset=1) [ 200.358102][ T8685] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 200.595470][ T8696] tmpfs: Bad value for 'mpol' [ 200.664584][ T8671] loop5: detected capacity change from 0 to 32768 [ 200.801520][ T8671] ERROR: (device loop5): dbAlloc: the hint is outside the map [ 200.801520][ T8671] [ 200.863057][ T8671] ERROR: (device loop5): remounting filesystem as read-only [ 201.099262][ T277] blkno = 5002c, nblocks = 1 [ 201.104825][ T277] ERROR: (device loop5): dbUpdatePMap: blocks are outside the map [ 201.104825][ T277] [ 201.122562][ T5970] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 201.202562][ T8713] loop4: detected capacity change from 0 to 32768 [ 201.203611][ T8717] loop2: detected capacity change from 0 to 128 [ 201.288682][ T8717] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 201.349662][ T8713] XFS (loop4): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 201.401364][ T4191] XFS (loop4): Metadata CRC error detected at xfs_agf_read_verify+0x192/0x250, xfs_agf block 0x1 [ 201.403209][ T8717] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 201.412865][ T4191] XFS (loop4): Unmount and run xfs_repair [ 201.470410][ T4191] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 201.508602][ T4191] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 10 00 XAGF............ [ 201.532855][ T6379] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 201.540557][ T4191] 00000010: 00 00 00 01 00 00 00 02 00 00 00 00 00 00 10 00 ................ [ 201.560216][ T4191] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 201.581943][ T4191] 00000030: 00 00 00 04 00 00 0b a2 00 00 0b a0 00 00 00 00 ................ [ 201.618983][ T4191] 00000040: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 201.632349][ T4191] 00000050: 00 00 00 00 00 00 00 01 00 00 00 05 00 00 00 01 ................ [ 201.642005][ T4191] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 201.642786][ T5970] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 201.653286][ T4191] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 201.679775][ T8713] XFS (loop4): metadata I/O error in "xfs_read_agf+0x252/0x510" at daddr 0x1 len 1 error 74 [ 201.681660][ T5970] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.723115][ T5970] usb 4-1: Product: syz [ 201.733055][ T5970] usb 4-1: Manufacturer: syz [ 201.737770][ T144] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 201.752690][ T5970] usb 4-1: SerialNumber: syz [ 201.768344][ T5970] usb 4-1: config 0 descriptor?? [ 201.904257][ T8736] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1493'. [ 201.945006][ T6379] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 201.955787][ T6379] usb 8-1: config 0 has no interface number 0 [ 202.033239][ T5970] usb 4-1: USB disconnect, device number 10 [ 202.220094][ T6379] usb 8-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 202.252562][ T6379] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.260638][ T6379] usb 8-1: Product: syz [ 202.286632][ T6379] usb 8-1: Manufacturer: syz [ 202.291301][ T6379] usb 8-1: SerialNumber: syz [ 202.331095][ T6379] usb 8-1: config 0 descriptor?? [ 202.416351][ T8750] loop4: detected capacity change from 0 to 1024 [ 202.469429][ T8748] loop2: detected capacity change from 0 to 4096 [ 202.528333][ T144] hfsplus: b-tree write err: -5, ino 25 [ 202.555798][ T8748] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 202.573378][ T144] hfsplus: b-tree write err: -5, ino 4 [ 202.589169][ T144] hfsplus: b-tree write err: -5, ino 2 [ 202.602841][ T6379] usb 8-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 202.661983][ T8748] ntfs3: loop2: Failed to load $Extend. [ 202.663442][ T6379] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 202.712725][ T6379] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 202.778044][ T6379] usb 8-1: media controller created [ 202.817930][ T6379] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 202.856500][ T8738] loop5: detected capacity change from 0 to 32768 [ 202.992326][ T26] audit: type=1800 audit(1774066799.842:15): pid=8738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1496" name="file1" dev="loop5" ino=7 res=0 errno=0 [ 203.345350][ T26] audit: type=1800 audit(1774066800.202:16): pid=8766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1510" name="file1" dev="loop4" ino=30 res=0 errno=0 [ 203.381654][ T6379] usb 8-1: USB disconnect, device number 6 [ 204.013015][ T8797] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 204.061075][ T8806] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 204.118060][ T8805] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 204.139169][ T8808] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1530'. [ 204.538172][ T8820] set_capacity_and_notify: 3 callbacks suppressed [ 204.538189][ T8820] loop7: detected capacity change from 0 to 256 [ 204.591871][ T8814] loop3: detected capacity change from 0 to 8192 [ 204.786026][ T8823] loop5: detected capacity change from 0 to 1024 [ 204.795848][ T8814] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 204.822151][ T8814] REISERFS (device loop3): using ordered data mode [ 204.846121][ T8814] reiserfs: using flush barriers [ 204.891004][ T8814] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 204.996870][ T8814] REISERFS (device loop3): checking transaction log (loop3) [ 205.048145][ T8830] loop2: detected capacity change from 0 to 512 [ 205.108528][ T8833] loop7: detected capacity change from 0 to 512 [ 205.184357][ T8830] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 205.243734][ T8833] EXT4-fs (loop7): 1 truncate cleaned up [ 205.263861][ T8830] ext4 filesystem being mounted at /321/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 205.282581][ T8833] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 205.301137][ T8814] REISERFS (device loop3): Using tea hash to sort names [ 205.358194][ T8814] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 206.041106][ T8850] loop7: detected capacity change from 0 to 4096 [ 206.153144][ T8850] ntfs3: loop7: Different NTFS' sector size (4096) and media sector size (512) [ 206.230705][ T8850] ntfs3: loop7: failed to convert "c46c" to default [ 206.361758][ T8841] loop5: detected capacity change from 0 to 32768 [ 206.480432][ T8856] loop7: detected capacity change from 0 to 4096 [ 206.501601][ T8841] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop5 scanned by syz.5.1544 (8841) [ 206.535357][ T8841] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 206.572742][ T1108] Bluetooth: hci4: command 0x0406 tx timeout [ 206.592685][ T8857] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 206.593275][ T8856] NILFS error (device loop7): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 206.615709][ T8841] BTRFS info (device loop5): using free space tree [ 206.622266][ T8841] BTRFS info (device loop5): has skinny extents [ 206.671645][ T8856] NILFS (loop7): mounting fs with errors [ 206.714720][ T8848] loop2: detected capacity change from 0 to 32768 [ 206.814336][ T8848] JBD2: Ignoring recovery information on journal [ 206.873264][ T8848] jbd2_journal_bmap: journal block not found at offset 32 on loop2-75 [ 206.904398][ T8852] loop3: detected capacity change from 0 to 32768 [ 206.935488][ T8848] JBD2: bad block at offset 32 [ 206.969282][ T8848] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 206.998836][ T8852] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.1547 (8852) [ 207.027940][ T8852] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 207.061445][ T8848] (syz.2.1548,8848,1):ocfs2_read_blocks_sync:112 ERROR: status = -12 [ 207.071887][ T8852] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 207.072071][ T8848] (syz.2.1548,8848,1):ocfs2_get_suballoc_slot_bit:2719 ERROR: read block 47244640267 failed -12 [ 207.093264][ T8848] (syz.2.1548,8848,1):ocfs2_get_suballoc_slot_bit:2751 ERROR: status = -12 [ 207.101893][ T8848] (syz.2.1548,8848,1):ocfs2_test_inode_bit:2833 ERROR: get alloc slot and bit failed -12 [ 207.113061][ T8848] (syz.2.1548,8848,1):ocfs2_test_inode_bit:2874 ERROR: status = -12 [ 207.121225][ T8848] (syz.2.1548,8848,1):ocfs2_get_dentry:78 ERROR: test inode bit failed -12 [ 207.121237][ T8841] BTRFS info (device loop5): enabling ssd optimizations [ 207.138861][ T8852] BTRFS info (device loop3): use zstd compression, level 3 [ 207.167746][ T8878] FAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 207.217926][ T8852] BTRFS info (device loop3): using free space tree [ 207.262904][ T8852] BTRFS info (device loop3): has skinny extents [ 207.386891][ T4187] ocfs2: Unmounting device (7,2) on (node local) [ 207.613557][ T8852] BTRFS info (device loop3): enabling ssd optimizations [ 207.623687][ T8854] F2FS-fs (loop4): build fault injection attr: rate: 684, type: 0x1ffff [ 207.674844][ T8854] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x35f7 [ 207.772131][ T8904] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 207.784704][ T8854] F2FS-fs (loop4): invalid crc value [ 207.832752][ T8904] ext4 filesystem being mounted at /140/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 207.884076][ T8854] F2FS-fs (loop4): Found nat_bits in checkpoint [ 208.067211][ T8913] hfs: request for non-existent node 24 in B*Tree [ 208.140039][ T8854] F2FS-fs (loop4): Start checkpoint disabled! [ 208.143057][ T8913] hfs: request for non-existent node 24 in B*Tree [ 208.208584][ T8854] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 208.757464][ T8927] EXT4-fs (loop5): Test dummy encryption mode enabled [ 208.799530][ T8927] EXT4-fs (loop5): mounted filesystem without journal. Opts: test_dummy_encryption,grpquota,,errors=continue. Quota mode: writeback. [ 209.120829][ T4228] attempt to access beyond end of device [ 209.120829][ T4228] loop4: rw=2049, want=40976, limit=40427 [ 209.121512][ T8927] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 209.442407][ T8953] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1573'. [ 210.050014][ T8979] set_capacity_and_notify: 6 callbacks suppressed [ 210.050031][ T8979] loop7: detected capacity change from 0 to 4096 [ 210.200991][ T8990] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 210.322656][ T4551] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 210.448283][ T8997] bridge: RTM_NEWNEIGH with invalid state 0x1 [ 210.520048][ T8971] loop2: detected capacity change from 0 to 32768 [ 210.539557][ T9003] loop7: detected capacity change from 0 to 256 [ 210.564202][ T4551] usb 5-1: Using ep0 maxpacket: 32 [ 210.601177][ T9003] exFAT-fs (loop7): failed to read boot sector [ 210.615477][ T9003] exFAT-fs (loop7): failed to recognize exfat type [ 210.682793][ T4551] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 210.690860][ T4551] usb 5-1: config 0 has no interface number 0 [ 210.872852][ T4551] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 210.881951][ T4551] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.930928][ T4551] usb 5-1: Product: syz [ 210.955070][ T4551] usb 5-1: Manufacturer: syz [ 210.959856][ T4551] usb 5-1: SerialNumber: syz [ 211.004613][ T4551] usb 5-1: config 0 descriptor?? [ 211.045459][ T4551] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 211.065127][ T4551] usb 5-1: selecting invalid altsetting 1 [ 211.070946][ T4551] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 211.107456][ T9019] loop5: detected capacity change from 0 to 4096 [ 211.118944][ T9027] loop3: detected capacity change from 0 to 1024 [ 211.128648][ T4551] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 211.145796][ T4551] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 211.165564][ T4551] usb 5-1: media controller created [ 211.199210][ T9029] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1608'. [ 211.212807][ T9019] ntfs3: loop5: ino=3, Correct links count -> 2. [ 211.227060][ T4551] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 211.238222][ T9027] hfsplus: bad catalog entry type [ 211.252806][ T21] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 211.353438][ T4236] hfsplus: b-tree write err: -5, ino 25 [ 211.359722][ T4236] hfsplus: b-tree write err: -5, ino 4 [ 211.379720][ T4236] hfsplus: b-tree write err: -5, ino 2 [ 211.682793][ T21] usb 3-1: config index 0 descriptor too short (expected 2084, got 36) [ 211.698990][ T21] usb 3-1: config 0 has an invalid interface number: 240 but max is 0 [ 211.730214][ T21] usb 3-1: config 0 has no interface number 0 [ 211.751074][ T21] usb 3-1: config 0 interface 240 altsetting 255 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 211.785043][ T21] usb 3-1: config 0 interface 240 altsetting 255 endpoint 0x81 has invalid wMaxPacketSize 0 [ 211.806570][ T21] usb 3-1: config 0 interface 240 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 211.845938][ T21] usb 3-1: config 0 interface 240 has no altsetting 0 [ 211.864618][ T21] usb 3-1: New USB device found, idVendor=5543, idProduct=004d, bcdDevice= 0.00 [ 211.877670][ T21] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.949324][ T21] usb 3-1: config 0 descriptor?? [ 212.342853][ T8983] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 212.412724][ T4551] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 212.419776][ T4551] zl10353_read_register: readreg error (reg=127, ret==-71) [ 212.455792][ T21] uclogic 0003:5543:004D.0011: unknown main item tag 0x0 [ 212.472675][ T4551] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 212.480567][ T21] uclogic 0003:5543:004D.0011: unknown main item tag 0x0 [ 212.508215][ T21] uclogic 0003:5543:004D.0011: unknown main item tag 0x0 [ 212.532337][ T21] uclogic 0003:5543:004D.0011: unknown main item tag 0x0 [ 212.547972][ T9076] hugetlbfs: Bad value for 'size' [ 212.562790][ T21] uclogic 0003:5543:004D.0011: unknown main item tag 0x0 [ 212.569033][ T4551] usb 5-1: USB disconnect, device number 9 [ 212.576324][ T9079] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1632'. [ 212.616757][ T21] uclogic 0003:5543:004D.0011: unknown main item tag 0x0 [ 212.637729][ T21] uclogic 0003:5543:004D.0011: No inputs registered, leaving [ 212.642678][ T9079] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1632'. [ 212.684294][ T21] uclogic 0003:5543:004D.0011: hidraw0: USB HID v0.00 Device [HID 5543:004d] on usb-dummy_hcd.2-1/input240 [ 212.768422][ T21] usb 3-1: USB disconnect, device number 11 [ 212.908762][ T9090] fido_id[9090]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 213.138005][ T9100] loop3: detected capacity change from 0 to 4096 [ 213.139021][ T5202] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 213.189440][ T9100] EXT4-fs (loop3): Test dummy encryption mode enabled [ 213.250190][ T9100] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption,grpquota,,errors=continue. Quota mode: writeback. [ 213.412684][ T5202] usb 8-1: Using ep0 maxpacket: 8 [ 213.542875][ T5202] usb 8-1: config index 0 descriptor too short (expected 5924, got 36) [ 213.551205][ T5202] usb 8-1: config 250 has an invalid interface number: 228 but max is -1 [ 213.644053][ T5202] usb 8-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 213.667152][ T5202] usb 8-1: config 250 has no interface number 0 [ 213.684735][ T5202] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 213.742877][ T5202] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 213.746654][ T9104] loop4: detected capacity change from 0 to 32768 [ 213.768090][ T5202] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 213.785069][ T5202] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 213.829796][ T5202] usb 8-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 213.875319][ T5202] usb 8-1: config 250 interface 228 has no altsetting 0 [ 213.966003][ T9104] XFS (loop4): Mounting V5 Filesystem [ 213.982342][ T9126] loop3: detected capacity change from 0 to 4096 [ 214.014053][ T5202] usb 8-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 214.023441][ T5202] usb 8-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 214.031715][ T5202] usb 8-1: Product: syz [ 214.046479][ T5202] usb 8-1: SerialNumber: syz [ 214.078444][ T9139] loop2: detected capacity change from 0 to 8192 [ 214.096991][ T9126] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 214.113812][ T5202] hub 8-1:250.228: bad descriptor, ignoring hub [ 214.131290][ T5202] hub: probe of 8-1:250.228 failed with error -5 [ 214.142902][ T9104] XFS (loop4): Ending clean mount [ 214.153779][ T9104] XFS (loop4): Quotacheck needed: Please wait. [ 214.153937][ T9139] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 214.190240][ T9104] XFS (loop4): Quotacheck: Done. [ 214.199619][ T9139] REISERFS (device loop2): using ordered data mode [ 214.242264][ T9139] reiserfs: using flush barriers [ 214.248447][ T26] audit: type=1800 audit(1774066811.102:17): pid=9126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1654" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 214.288272][ T9139] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 214.329866][ T5202] usblp 8-1:250.228: usblp0: USB Bidirectional printer dev 7 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 214.401414][ T9139] REISERFS (device loop2): checking transaction log (loop2) [ 214.463392][ T4194] XFS (loop4): Unmounting Filesystem [ 214.816959][ T9139] REISERFS (device loop2): Using tea hash to sort names [ 214.824271][ T13] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 214.852257][ T9154] loop5: detected capacity change from 0 to 8 [ 214.857956][ T9139] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 214.868249][ T23] usb 8-1: USB disconnect, device number 7 [ 214.886188][ T23] usblp0: removed [ 215.229987][ T13] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 215.265975][ T13] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 215.285575][ T9163] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 215.322305][ T13] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 215.342567][ T13] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 215.413063][ T9168] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1668'. [ 215.542783][ T13] usb 4-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 215.572687][ T13] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.601149][ T13] usb 4-1: Product: syz [ 215.611271][ T13] usb 4-1: Manufacturer: syz [ 215.619980][ T13] usb 4-1: SerialNumber: syz [ 215.647502][ T13] usb 4-1: config 0 descriptor?? [ 215.723722][ T13] ums-isd200 4-1:0.0: USB Mass Storage device detected [ 215.744575][ T9188] loop4: detected capacity change from 0 to 256 [ 215.793956][ T9188] exfat: Deprecated parameter 'utf8' [ 215.794042][ T9188] exfat: Deprecated parameter 'namecase' [ 215.804414][ T9186] loop2: detected capacity change from 0 to 4096 [ 215.825683][ T9188] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d) [ 215.901954][ T9186] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 216.009519][ T9186] ntfs3: loop2: failed to convert "c46c" to default [ 216.009995][ T13] scsi host1: usb-storage 4-1:0.0 [ 216.105284][ T9196] loop7: detected capacity change from 0 to 2048 [ 216.151471][ T9200] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1683'. [ 216.195641][ T9196] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 216.234241][ T6379] usb 4-1: USB disconnect, device number 11 [ 216.552665][ T13] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 216.845674][ T9223] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_bond, syncid = 0, id = 0 [ 216.899339][ T9217] loop5: detected capacity change from 0 to 32768 [ 216.923868][ T9226] netlink: 'syz.7.1694': attribute type 2 has an invalid length. [ 216.942921][ T13] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 216.947445][ T9228] loop3: detected capacity change from 0 to 1024 [ 216.982815][ T9217] OCFS2: ERROR (device loop5): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #68: fs_generation is 3919078593 [ 216.987252][ T13] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 216.999067][ T9217] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 216.999118][ T9217] OCFS2: File system is now read-only. [ 216.999129][ T9217] (syz.5.1691,9217,1):ocfs2_read_locked_inode:521 ERROR: status = -30 [ 216.999407][ T9217] (syz.5.1691,9217,1):_ocfs2_get_system_file_inode:144 ERROR: status = -30 [ 217.042680][ T9217] (syz.5.1691,9217,1):ocfs2_init_global_system_inodes:462 ERROR: status = -30 [ 217.051573][ T9217] (syz.5.1691,9217,1):ocfs2_init_global_system_inodes:464 ERROR: Unable to load system inode 1, possibly corrupt fs? [ 217.051608][ T9217] (syz.5.1691,9217,1):ocfs2_init_global_system_inodes:473 ERROR: status = -30 [ 217.072935][ T9217] (syz.5.1691,9217,1):ocfs2_initialize_super:2281 ERROR: status = -30 [ 217.081222][ T9217] (syz.5.1691,9217,1):ocfs2_fill_super:1177 ERROR: status = -30 [ 217.125260][ T13] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 217.163185][ T13] usb 3-1: New USB device found, idVendor=056a, idProduct=006c, bcdDevice= 0.00 [ 217.191686][ T9228] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 217.210916][ T13] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.264030][ T13] usb 3-1: config 0 descriptor?? [ 217.333096][ T9228] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 217.491976][ T9239] loop7: detected capacity change from 0 to 4096 [ 217.629130][ T9245] loop4: detected capacity change from 0 to 4096 [ 217.695352][ T9245] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 217.756164][ T13] wacom 0003:056A:006C.0012: unknown main item tag 0x0 [ 217.790153][ T13] wacom 0003:056A:006C.0012: unknown main item tag 0x0 [ 217.810482][ T13] wacom 0003:056A:006C.0012: unknown main item tag 0x0 [ 217.819088][ T13] wacom 0003:056A:006C.0012: unknown main item tag 0x0 [ 217.858357][ T13] wacom 0003:056A:006C.0012: unknown main item tag 0x0 [ 217.896714][ T13] wacom 0003:056A:006C.0012: Unknown device_type for 'HID 056a:006c'. Ignoring. [ 217.962698][ T8914] usb 3-1: USB disconnect, device number 12 [ 218.240757][ T9271] loop4: detected capacity change from 0 to 512 [ 218.434468][ T9271] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 218.452774][ T9271] ext4 filesystem being mounted at /317/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 218.509938][ T9284] usb usb1: check_ctrlrecip: process 9284 (syz.7.1720) requesting ep 01 but needs 81 [ 218.914704][ T9261] loop3: detected capacity change from 0 to 32768 [ 218.986575][ T9261] JBD2: Ignoring recovery information on journal [ 218.992576][ T4551] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 219.001169][ T9280] loop5: detected capacity change from 0 to 32768 [ 219.026425][ T9261] jbd2_journal_bmap: journal block not found at offset 32 on loop3-75 [ 219.052607][ T9261] JBD2: bad block at offset 32 [ 219.094094][ T9261] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 219.121657][ T9308] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1731'. [ 219.139119][ T9308] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1731'. [ 219.156473][ T9308] netlink: 'syz.4.1731': attribute type 10 has an invalid length. [ 219.214250][ T9280] JBD2: Ignoring recovery information on journal [ 219.229017][ T9261] (syz.3.1709,9261,0):ocfs2_read_blocks_sync:112 ERROR: status = -12 [ 219.237945][ T9261] (syz.3.1709,9261,0):ocfs2_get_suballoc_slot_bit:2719 ERROR: read block 47244640267 failed -12 [ 219.239719][ T9310] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x769352d4, utbl_chksum : 0xe619d30d) [ 219.249228][ T9261] (syz.3.1709,9261,0):ocfs2_get_suballoc_slot_bit:2751 ERROR: status = -12 [ 219.273982][ T9261] (syz.3.1709,9261,1):ocfs2_test_inode_bit:2833 ERROR: get alloc slot and bit failed -12 [ 219.303042][ T9261] (syz.3.1709,9261,0):ocfs2_test_inode_bit:2874 ERROR: status = -12 [ 219.311238][ T9261] (syz.3.1709,9261,0):ocfs2_get_dentry:78 ERROR: test inode bit failed -12 [ 219.342087][ T9280] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 219.382771][ T4551] usb 8-1: config 1 interface 0 altsetting 12 endpoint 0x81 has an invalid bInterval 131, changing to 11 [ 219.426707][ T4551] usb 8-1: config 1 interface 0 has no altsetting 0 [ 219.502074][ T4193] ocfs2: Unmounting device (7,3) on (node local) [ 219.548301][ T5382] ocfs2: Unmounting device (7,5) on (node local) [ 219.593427][ T4551] usb 8-1: New USB device found, idVendor=16c0, idProduct=75e1, bcdDevice= 0.40 [ 219.622640][ T4551] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.671811][ T4551] usb 8-1: Product: syz [ 219.685974][ T4551] usb 8-1: Manufacturer: syz [ 219.709885][ T4551] usb 8-1: SerialNumber: syz [ 219.805141][ T9318] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 219.882608][ T26] audit: type=1800 audit(1774066816.732:18): pid=9318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1736" name="file1" dev="loop5" ino=1048665 res=0 errno=0 [ 219.931768][ T9318] FAT-fs (loop5): error, corrupted file size (i_pos 196, 16779008) [ 219.947298][ T9324] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 220.022688][ T9318] FAT-fs (loop5): Filesystem has been set read-only [ 220.062583][ T9324] EXT4-fs (loop4): 1 truncate cleaned up [ 220.073873][ T9322] XFS (loop2): sunit and swidth must be specified together [ 220.094961][ T9324] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 220.242753][ T4551] usbhid 8-1:1.0: can't add hid device: -71 [ 220.249051][ T4551] usbhid: probe of 8-1:1.0 failed with error -71 [ 220.287963][ T4551] usb 8-1: USB disconnect, device number 8 [ 220.313699][ T9335] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1742'. [ 220.942523][ T9353] set_capacity_and_notify: 5 callbacks suppressed [ 220.942542][ T9353] loop2: detected capacity change from 0 to 4096 [ 221.013846][ T9353] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 221.145462][ T9353] ntfs: volume version 3.1. [ 221.285534][ T9353] ntfs: (device loop2): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set ascii. You might want to try to use the mount option nls=utf8. [ 221.329626][ T9346] loop5: detected capacity change from 0 to 32768 [ 221.362710][ T9353] ntfs: (device loop2): ntfs_filldir(): Skipping unrepresentable inode 0x4. [ 221.410301][ T9364] loop4: detected capacity change from 0 to 2048 [ 221.426117][ T9346] JBD2: Ignoring recovery information on journal [ 221.440657][ T9350] loop7: detected capacity change from 0 to 32768 [ 221.460370][ T9346] jbd2_journal_bmap: journal block not found at offset 32 on loop5-75 [ 221.470549][ T9346] JBD2: bad block at offset 32 [ 221.478162][ T9346] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 221.497859][ T4173] loop4: p1 < > p4 [ 221.497859][ T4173] p4: [ 221.520917][ T4173] loop4: p4 size 722688 extends beyond EOD, truncated [ 221.530423][ T4173] loop4: p6 start 262464109 is beyond EOD, truncated [ 221.538047][ T4173] loop4: p7 size 2304 extends beyond EOD, truncated [ 221.566935][ T9346] (syz.5.1746,9346,0):ocfs2_read_blocks_sync:112 ERROR: status = -12 [ 221.575504][ T9346] (syz.5.1746,9346,0):ocfs2_get_suballoc_slot_bit:2719 ERROR: read block 47244640267 failed -12 [ 221.587466][ T9346] (syz.5.1746,9346,0):ocfs2_get_suballoc_slot_bit:2751 ERROR: status = -12 [ 221.603760][ T9346] (syz.5.1746,9346,1):ocfs2_test_inode_bit:2833 ERROR: get alloc slot and bit failed -12 [ 221.626353][ T9346] (syz.5.1746,9346,0):ocfs2_test_inode_bit:2874 ERROR: status = -12 [ 221.635849][ T9346] (syz.5.1746,9346,0):ocfs2_get_dentry:78 ERROR: test inode bit failed -12 [ 221.639541][ T9364] loop4: p1 < > p4 [ 221.639541][ T9364] p4: [ 221.644984][ T9350] XFS (loop7): Mounting V5 Filesystem [ 221.682446][ T9364] loop4: p4 size 722688 extends beyond EOD, truncated [ 221.696394][ T9364] loop4: p6 start 262464109 is beyond EOD, truncated [ 221.704087][ T9364] loop4: p7 size 2304 extends beyond EOD, truncated [ 221.733186][ T3560] loop4: p1 < > p4 [ 221.733186][ T3560] p4: [ 221.755999][ T3560] loop4: p4 size 722688 extends beyond EOD, truncated [ 221.774830][ T5382] ocfs2: Unmounting device (7,5) on (node local) [ 221.783254][ T3560] loop4: p6 start 262464109 is beyond EOD, truncated [ 221.790014][ T3560] loop4: p7 size 2304 extends beyond EOD, truncated [ 221.790846][ T9350] XFS (loop7): Ending clean mount [ 221.844986][ T6693] XFS (loop7): Unmounting Filesystem [ 221.937783][ T4191] Bluetooth: hci0: command 0x0406 tx timeout [ 221.954841][ T4175] udevd[4175]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 221.967946][ T4954] udevd[4954]: inotify_add_watch(7, /dev/loop4p5, 10) failed: No such file or directory [ 221.976954][ T5202] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 221.980493][ T4173] udevd[4173]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 221.996001][ T4176] udevd[4176]: inotify_add_watch(7, /dev/loop4p7, 10) failed: No such file or directory [ 222.086243][ T9381] netlink: 'syz.5.1759': attribute type 3 has an invalid length. [ 222.163326][ T4175] udevd[4175]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 222.176858][ T4954] udevd[4954]: inotify_add_watch(7, /dev/loop4p5, 10) failed: No such file or directory [ 222.200137][ T6804] udevd[6804]: inotify_add_watch(7, /dev/loop4p7, 10) failed: No such file or directory [ 222.211962][ T4173] udevd[4173]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 222.256055][ T4954] udevd[4954]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 222.269392][ T6804] udevd[6804]: inotify_add_watch(7, /dev/loop4p5, 10) failed: No such file or directory [ 222.292698][ T5202] usb 3-1: Using ep0 maxpacket: 16 [ 222.370120][ T9387] loop4: detected capacity change from 0 to 2048 [ 222.422169][ T5202] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 222.452610][ T5202] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 222.488834][ T5202] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 222.516318][ T9387] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 222.550555][ T9392] loop5: detected capacity change from 0 to 1024 [ 222.553046][ T9387] ext4 filesystem being mounted at /337/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 222.583170][ T5202] usb 3-1: New USB device found, idVendor=045e, idProduct=9994, bcdDevice=fc.3c [ 222.595385][ T5202] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.624523][ T9392] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 222.705044][ T5202] usb 3-1: config 0 descriptor?? [ 222.786615][ T9403] netlink: 209836 bytes leftover after parsing attributes in process `syz.7.1769'. [ 222.796229][ T9403] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 222.804915][ T9403] openvswitch: netlink: Message has 1 unknown bytes. [ 222.937244][ T9392] EXT4-fs (loop5): mounted filesystem without journal. Opts: user_xattr,nobarrier,norecovery,errors=remount-ro,grpid,. Quota mode: writeback. [ 223.046875][ T9392] EXT4-fs error (device loop5): htree_dirblock_to_tree:1112: inode #2: block 48: comm syz.5.1766: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=16, rec_len=5, size=1024 fake=0 [ 223.190600][ T5202] hid-multitouch 0003:045E:9994.0013: unknown main item tag 0x2 [ 223.214194][ T5202] hid-multitouch 0003:045E:9994.0013: unknown main item tag 0x0 [ 223.251061][ T5202] hid-multitouch 0003:045E:9994.0013: unknown main item tag 0x0 [ 223.260869][ T5202] hid-multitouch 0003:045E:9994.0013: unknown main item tag 0x0 [ 223.301381][ T5202] hid-multitouch 0003:045E:9994.0013: unknown main item tag 0x0 [ 223.311526][ T5202] hid-multitouch 0003:045E:9994.0013: unknown main item tag 0x0 [ 223.349832][ T5202] hid-multitouch 0003:045E:9994.0013: unknown main item tag 0x0 [ 223.373949][ T5202] hid-multitouch 0003:045E:9994.0013: unknown main item tag 0x0 [ 223.396667][ T5202] hid-multitouch 0003:045E:9994.0013: unknown main item tag 0x0 [ 223.408426][ T5202] hid-multitouch 0003:045E:9994.0013: unknown main item tag 0x0 [ 223.421164][ T5202] hid-multitouch 0003:045E:9994.0013: unknown main item tag 0x0 [ 223.452790][ T5202] hid-multitouch 0003:045E:9994.0013: hidraw0: USB HID v0.00 Device [HID 045e:9994] on usb-dummy_hcd.2-1/input0 [ 223.507481][ T5202] usb 3-1: USB disconnect, device number 13 [ 223.577633][ T9431] loop3: detected capacity change from 0 to 2048 [ 223.646337][ T9437] loop4: detected capacity change from 0 to 256 [ 223.672019][ T9431] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 223.699641][ T9439] loop7: detected capacity change from 0 to 1024 [ 223.706331][ T9431] NILFS (loop3): mounting unchecked fs [ 223.713318][ T9435] fido_id[9435]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 223.756120][ T9431] NILFS (loop3): recovery complete [ 223.761983][ T9437] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 223.806293][ T9440] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 223.817896][ T9439] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 223.947255][ T9417] loop5: detected capacity change from 0 to 32768 [ 224.005957][ T9439] EXT4-fs (loop7): mounted filesystem without journal. Opts: user_xattr,nobarrier,norecovery,errors=remount-ro,grpid,. Quota mode: writeback. [ 224.057721][ T9417] (syz.5.1774,9417,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 224.106269][ T9417] (syz.5.1774,9417,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 224.123562][ T9439] EXT4-fs error (device loop7): htree_dirblock_to_tree:1112: inode #2: block 48: comm syz.7.1785: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=16, rec_len=5, size=1024 fake=0 [ 224.189535][ T9446] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,grpquota,. Quota mode: writeback. [ 224.240830][ T9417] JBD2: Ignoring recovery information on journal [ 224.258472][ T9446] ext4 filesystem being mounted at /344/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 224.490644][ T9417] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 224.541337][ T9450] ntfs3: loop2: ino=5, "/" directory corrupted [ 224.899961][ T5382] ocfs2: Unmounting device (7,5) on (node local) [ 225.033566][ T9479] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1797'. [ 225.083661][ T9479] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1797'. [ 225.097631][ T9479] netlink: 'syz.5.1797': attribute type 13 has an invalid length. [ 225.146009][ T9469] ntfs3: loop7: Different NTFS' sector size (4096) and media sector size (512) [ 225.504326][ T4227] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 225.539314][ T9489] program syz.3.1803 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 225.725618][ T9491] FAT-fs (loop5): Directory bread(block 64) failed [ 225.764136][ T4227] usb 5-1: Using ep0 maxpacket: 32 [ 225.770931][ T9493] hfs: hfs: Invalid key length: 94 [ 225.786954][ T9491] FAT-fs (loop5): Directory bread(block 65) failed [ 225.817958][ T9491] FAT-fs (loop5): Directory bread(block 66) failed [ 225.837815][ T9491] FAT-fs (loop5): Directory bread(block 67) failed [ 225.852936][ T9491] FAT-fs (loop5): Directory bread(block 68) failed [ 225.859653][ T9491] FAT-fs (loop5): Directory bread(block 69) failed [ 225.902757][ T4227] usb 5-1: config 0 has an invalid interface number: 196 but max is 0 [ 225.910981][ T4227] usb 5-1: config 0 has no interface number 0 [ 225.911928][ T9491] FAT-fs (loop5): Directory bread(block 70) failed [ 225.928216][ T9503] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 225.942611][ T4227] usb 5-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 225.946466][ T9491] FAT-fs (loop5): Directory bread(block 71) failed [ 225.963778][ T9491] FAT-fs (loop5): Directory bread(block 72) failed [ 225.970364][ T9491] FAT-fs (loop5): Directory bread(block 73) failed [ 226.020131][ T4227] usb 5-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 226.060046][ T4227] usb 5-1: config 0 interface 196 has no altsetting 0 [ 226.074197][ T9515] set_capacity_and_notify: 6 callbacks suppressed [ 226.074214][ T9515] loop7: detected capacity change from 0 to 512 [ 226.108713][ T4187] hfs: node 4:3 still has 1 user(s)! [ 226.169069][ T9515] EXT4-fs (loop7): Test dummy encryption mode enabled [ 226.222704][ T9515] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 226.226865][ T9517] loop3: detected capacity change from 0 to 1024 [ 226.256345][ T9519] loop2: detected capacity change from 0 to 256 [ 226.262568][ T4227] usb 5-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 226.271701][ T4227] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.319331][ T9515] EXT4-fs error (device loop7): ext4_orphan_get:1426: comm syz.7.1814: bad orphan inode 131083 [ 226.332990][ T9515] EXT4-fs (loop7): mounted filesystem without journal. Opts: test_dummy_encryption,nobarrier,noload,,errors=continue. Quota mode: none. [ 226.387943][ T4227] usb 5-1: Product: syz [ 226.392174][ T4227] usb 5-1: Manufacturer: syz [ 226.392365][ T26] audit: type=1800 audit(1774066823.242:19): pid=9517 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1815" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 226.459207][ T4227] usb 5-1: SerialNumber: syz [ 226.498813][ T4227] usb 5-1: config 0 descriptor?? [ 226.515423][ T9525] netlink: 203516 bytes leftover after parsing attributes in process `syz.5.1817'. [ 226.536410][ T9525] netlink: get zone limit has 8 unknown bytes [ 226.823254][ T4227] ipheth 5-1:0.196: Unable to find endpoints [ 226.854209][ T4227] usb 5-1: USB disconnect, device number 10 [ 226.946451][ T9543] loop7: detected capacity change from 0 to 512 [ 226.994910][ T9543] EXT4-fs (loop7): Ignoring removed nobh option [ 227.010383][ T9543] EXT4-fs (loop7): Quota format mount options ignored when QUOTA feature is enabled [ 227.072994][ T9543] EXT4-fs error (device loop7): ext4_orphan_get:1400: inode #15: comm syz.7.1825: iget: bad i_size value: 38620345925642 [ 227.122690][ T4551] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 227.174920][ T9543] EXT4-fs error (device loop7): ext4_orphan_get:1405: comm syz.7.1825: couldn't read orphan inode 15 (err -117) [ 227.203328][ T9543] EXT4-fs (loop7): mounted filesystem without journal. Opts: nobh,jqfmt=vfsv0,data_err=ignore,,errors=continue. Quota mode: writeback. [ 227.307284][ T9543] EXT4-fs error (device loop7): ext4_free_branches:1030: inode #16: comm syz.7.1825: invalid indirect mapped block 3973251072 (level 0) [ 227.362555][ T4551] usb 6-1: Using ep0 maxpacket: 32 [ 227.458369][ T9557] loop4: detected capacity change from 0 to 1024 [ 227.465387][ T4191] Bluetooth: hci0: command 0x0c1a tx timeout [ 227.476481][ T9559] loop2: detected capacity change from 0 to 256 [ 227.483143][ T4551] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 227.559359][ T9561] loop7: detected capacity change from 0 to 2048 [ 227.561422][ T9532] loop3: detected capacity change from 0 to 32768 [ 227.573251][ T9559] exfat: Deprecated parameter 'namecase' [ 227.596476][ T9559] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 227.618670][ T9561] UDF-fs: error (device loop7): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 227.629286][ T9557] hfsplus: xattr exists yet [ 227.665964][ T4551] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 227.701681][ T9561] UDF-fs: error (device loop7): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 227.712587][ T4551] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.712620][ T4551] usb 6-1: Product: syz [ 227.712636][ T4551] usb 6-1: Manufacturer: syz [ 227.712652][ T4551] usb 6-1: SerialNumber: syz [ 227.736918][ T4551] usb 6-1: config 0 descriptor?? [ 227.770391][ T9561] UDF-fs: warning (device loop7): udf_load_vrs: No anchor found [ 227.779931][ T4551] smsc75xx v1.0.0 [ 227.783671][ T4551] smsc75xx 6-1:0.0 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 227.793678][ T9561] UDF-fs: Scanning with blocksize 512 failed [ 227.800060][ T4551] smsc75xx: probe of 6-1:0.0 failed with error -22 [ 227.812788][ T9532] XFS (loop3): Mounting V5 Filesystem [ 227.876577][ T9561] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 227.960088][ T9576] netlink: 'syz.2.1836': attribute type 6 has an invalid length. [ 228.000040][ T9578] loop2: detected capacity change from 0 to 64 [ 228.136549][ T9532] XFS (loop3): Ending clean mount [ 228.154309][ T9532] XFS (loop3): Quotacheck needed: Please wait. [ 228.345012][ T9532] XFS (loop3): Quotacheck: Done. [ 228.376651][ T1108] usb 6-1: USB disconnect, device number 9 [ 228.416578][ T9593] netlink: 'syz.7.1842': attribute type 1 has an invalid length. [ 228.472346][ T4193] XFS (loop3): Unmounting Filesystem [ 228.488412][ T9595] loop2: detected capacity change from 0 to 64 [ 228.591900][ T26] audit: type=1800 audit(1774066825.442:20): pid=9595 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1845" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 228.712924][ T9600] sp0: Synchronizing with TNC [ 228.750315][ T9599] [U] è` [ 228.923425][ T9603] rock: directory entry would overflow storage [ 228.929747][ T9603] rock: sig=0x5252, size=5, remaining=3 [ 229.036312][ T9613] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1854'. [ 229.045887][ T9612] SQUASHFS error: lzo decompression failed, data probably corrupt [ 229.074682][ T9612] SQUASHFS error: Failed to read block 0x202: -5 [ 229.111669][ T9612] SQUASHFS error: Unable to read metadata cache entry [200] [ 229.387014][ T9628] netlink: 'syz.2.1861': attribute type 17 has an invalid length. [ 229.669067][ T9641] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 229.842558][ T5202] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 229.846503][ T9641] EXT4-fs (loop2): mounted filesystem without journal. Opts: user_xattr,nobarrier,norecovery,errors=remount-ro,grpid,. Quota mode: writeback. [ 229.938117][ T9641] EXT4-fs error (device loop2): htree_dirblock_to_tree:1112: inode #2: block 48: comm syz.2.1868: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=16, rec_len=5, size=1024 fake=0 [ 229.962419][ T9652] netlink: 'syz.7.1872': attribute type 4 has an invalid length. [ 230.122774][ T5202] usb 5-1: Using ep0 maxpacket: 8 [ 230.272774][ T5202] usb 5-1: config 0 has an invalid interface number: 30 but max is 0 [ 230.302536][ T5202] usb 5-1: config 0 has no interface number 0 [ 230.308684][ T5202] usb 5-1: too many endpoints for config 0 interface 30 altsetting 222: 254, using maximum allowed: 30 [ 230.351416][ T5202] usb 5-1: config 0 interface 30 altsetting 222 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 230.369348][ T5202] usb 5-1: config 0 interface 30 altsetting 222 endpoint 0x81 has invalid wMaxPacketSize 0 [ 230.426434][ T5202] usb 5-1: config 0 interface 30 altsetting 222 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 230.440333][ T5202] usb 5-1: config 0 interface 30 has no altsetting 0 [ 230.450611][ T9663] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 230.458437][ T5202] usb 5-1: New USB device found, idVendor=256c, idProduct=006e, bcdDevice= 0.00 [ 230.470669][ T5202] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.490827][ T5202] usb 5-1: config 0 descriptor?? [ 230.776250][ T9645] XFS (loop3): Mounting V5 Filesystem [ 230.881021][ T9645] XFS (loop3): Ending clean mount [ 230.941794][ T4193] XFS (loop3): Unmounting Filesystem [ 230.981955][ T5202] uclogic 0003:256C:006E.0014: unknown main item tag 0x0 [ 231.000286][ T26] audit: type=1800 audit(1774066827.852:21): pid=9694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1896" name="file1" dev="loop7" ino=5 res=0 errno=0 [ 231.053166][ T5202] uclogic 0003:256C:006E.0014: unknown main item tag 0x0 [ 231.088654][ T5202] uclogic 0003:256C:006E.0014: unknown main item tag 0x0 [ 231.102733][ T5202] uclogic 0003:256C:006E.0014: unknown main item tag 0x0 [ 231.109811][ T5202] uclogic 0003:256C:006E.0014: unknown main item tag 0x0 [ 231.124651][ T5202] uclogic 0003:256C:006E.0014: unknown main item tag 0x0 [ 231.132366][ T5202] uclogic 0003:256C:006E.0014: No inputs registered, leaving [ 231.160837][ T5202] uclogic 0003:256C:006E.0014: hidraw0: USB HID v0.00 Device [HID 256c:006e] on usb-dummy_hcd.4-1/input30 [ 231.194819][ T5202] usb 5-1: USB disconnect, device number 11 [ 231.204324][ T4551] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 231.222526][ T23] Bluetooth: hci5: command 0x0411 tx timeout [ 231.364421][ T9701] fido_id[9701]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 231.396058][ T9707] set_capacity_and_notify: 6 callbacks suppressed [ 231.396075][ T9707] loop7: detected capacity change from 0 to 8 [ 231.442948][ T4551] usb 6-1: Using ep0 maxpacket: 16 [ 231.562910][ T4551] usb 6-1: config index 0 descriptor too short (expected 16456, got 72) [ 231.571349][ T4551] usb 6-1: config 0 has an invalid interface number: 125 but max is 1 [ 231.602703][ T4551] usb 6-1: config 0 has an invalid interface number: 125 but max is 1 [ 231.629988][ T4551] usb 6-1: config 0 has an invalid interface number: 125 but max is 1 [ 231.660979][ T4551] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 231.660986][ T9713] loop2: detected capacity change from 0 to 1024 [ 231.661009][ T4551] usb 6-1: config 0 has no interface number 0 [ 231.719002][ T9713] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 231.743777][ T4551] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 231.761000][ T9713] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (30349!=20869) [ 231.779885][ T4551] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 231.786402][ T9715] loop3: detected capacity change from 0 to 1024 [ 231.789881][ T4551] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 231.817678][ T9713] EXT4-fs (loop2): invalid journal inode [ 231.829395][ T9713] EXT4-fs (loop2): can't get journal size [ 231.833031][ T9717] netlink: 268 bytes leftover after parsing attributes in process `syz.4.1898'. [ 231.837720][ T4551] usb 6-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 231.868459][ T4551] usb 6-1: config 0 interface 125 has no altsetting 0 [ 231.888223][ T9715] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 231.891274][ T9713] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,,errors=continue. Quota mode: writeback. [ 231.902756][ T23] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 231.920645][ T9720] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1899'. [ 231.926211][ T9713] EXT4-fs (loop2): Online resizing not supported with sparse_super2 [ 231.962649][ T4551] usb 6-1: config 0 interface 125 has no altsetting 2 [ 232.124326][ T4551] usb 6-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 232.139467][ T4551] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.150745][ T4551] usb 6-1: Product: syz [ 232.162655][ T23] usb 8-1: Using ep0 maxpacket: 8 [ 232.174743][ T4551] usb 6-1: Manufacturer: syz [ 232.179905][ T4551] usb 6-1: SerialNumber: syz [ 232.189902][ T9715] EXT4-fs (loop3): mounted filesystem without journal. Opts: user_xattr,nobarrier,norecovery,errors=remount-ro,grpid,. Quota mode: writeback. [ 232.193282][ T4551] usb 6-1: config 0 descriptor?? [ 232.254437][ T4551] usb 6-1: selecting invalid altsetting 2 [ 232.343742][ T23] usb 8-1: unable to get BOS descriptor or descriptor too short [ 232.358510][ T9715] EXT4-fs error (device loop3): htree_dirblock_to_tree:1112: inode #2: block 48: comm syz.3.1886: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=16, rec_len=5, size=1024 fake=0 [ 232.452941][ T23] usb 8-1: config 4 interface 0 has no altsetting 0 [ 232.492726][ C0] usb 6-1: async_complete: urb error -71 [ 232.498640][ C0] usb 6-1: async_complete: urb error -71 [ 232.504373][ C0] usb 6-1: async_complete: urb error -71 [ 232.510082][ C0] usb 6-1: async_complete: urb error -71 [ 232.517655][ C0] vkms_vblank_simulate: vblank timer overrun [ 232.529285][ T4551] get_1284_register: usb error -71 [ 232.534619][ T4551] uss720: probe of 6-1:0.125 failed with error -71 [ 232.555844][ T4551] usb 6-1: USB disconnect, device number 10 [ 232.622092][ T9742] loop3: detected capacity change from 0 to 256 [ 232.691905][ T9742] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 232.753928][ T23] usb 8-1: string descriptor 0 read error: -22 [ 232.760207][ T23] usb 8-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 232.804047][ T23] usb 8-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 232.856848][ T23] usb 8-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 232.911996][ T23] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 232.938154][ T23] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 232.952590][ T23] usb 8-1: media controller created [ 232.974964][ T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 233.044893][ T9755] loop2: detected capacity change from 0 to 64 [ 233.294732][ T9760] loop2: detected capacity change from 0 to 256 [ 233.379301][ T9760] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d) [ 233.492674][ T9747] loop4: detected capacity change from 0 to 40427 [ 233.538557][ T9747] F2FS-fs (loop4): invalid crc value [ 233.558784][ T9747] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 233.582609][ T6379] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 233.787997][ T9747] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0 [ 233.819205][ T9747] F2FS-fs (loop4): Start checkpoint disabled! [ 233.845492][ T9747] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 233.999485][ T6379] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 234.017577][ T6379] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.044075][ T23] zl10353_read_register: readreg error (reg=127, ret==0) [ 234.063538][ T6379] usb 4-1: config 0 descriptor?? [ 234.113746][ T23] usb 8-1: USB disconnect, device number 9 [ 234.133863][ T6379] cp210x 4-1:0.0: cp210x converter detected [ 234.153146][ T9767] loop5: detected capacity change from 0 to 32768 [ 234.251208][ T9767] XFS (loop5): Mounting V5 Filesystem [ 234.356241][ T9792] [U] ¹ÉMÙ­ÕÁQ&’Ù Kœ4 [ 234.430874][ T9767] XFS (loop5): Ending clean mount [ 234.515026][ T5382] XFS (loop5): Unmounting Filesystem [ 234.585302][ T6379] usb 4-1: cp210x converter now attached to ttyUSB0 [ 234.593016][ T9798] loop2: detected capacity change from 0 to 512 [ 234.748321][ T9798] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 234.764925][ T9798] EXT4-fs (loop2): orphan cleanup on readonly fs [ 234.775907][ T9798] EXT4-fs warning (device loop2): ext4_enable_quotas:6486: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 234.803995][ T6379] usb 4-1: USB disconnect, device number 12 [ 234.812388][ T6379] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 234.831435][ T9798] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 234.835664][ T6379] cp210x 4-1:0.0: device disconnected [ 234.843985][ T23] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 234.895262][ T9798] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2923: inode #16: comm syz.2.1933: corrupted xattr block 31 [ 234.959731][ T9798] EXT4-fs warning (device loop2): ext4_evict_inode:302: xattr delete (err -117) [ 234.974306][ T9798] EXT4-fs (loop2): 1 orphan inode deleted [ 234.982319][ T9798] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 235.153169][ T9798] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 235.160542][ T9798] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 235.185805][ T9798] EXT4-fs (loop2): can't change dax mount option while remounting [ 235.422844][ T23] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 235.449962][ T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.457521][ T9823] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1945'. [ 235.474297][ T23] usb 5-1: Product: syz [ 235.484421][ T23] usb 5-1: Manufacturer: syz [ 235.484758][ T9826] loop3: detected capacity change from 0 to 128 [ 235.492821][ T23] usb 5-1: SerialNumber: syz [ 235.513244][ T23] usb 5-1: config 0 descriptor?? [ 235.684775][ T9826] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 235.730927][ T9826] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 235.859872][ T1108] usb 5-1: USB disconnect, device number 12 [ 236.007936][ T9840] erofs: (device loop5): mounted with root inode @ nid 36. [ 236.397591][ T9856] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 236.465659][ T9856] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 236.640629][ T9865] set_capacity_and_notify: 4 callbacks suppressed [ 236.640647][ T9865] loop2: detected capacity change from 0 to 512 [ 236.699985][ T9865] EXT4-fs (loop2): Mount option "nouser_xattr" will be removed by 3.5 [ 236.699985][ T9865] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 236.699985][ T9865] [ 236.792278][ T9865] EXT4-fs (loop2): mounted filesystem without journal. Opts: nolazytime,init_itable,nouser_xattr,nobarrier,,errors=continue. Quota mode: writeback. [ 236.792390][ T9865] ext4 filesystem being mounted at /423/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 236.821484][ T9875] netlink: 132 bytes leftover after parsing attributes in process `syz.7.1969'. [ 236.988040][ T9878] loop5: detected capacity change from 0 to 128 [ 237.029205][ T9844] loop3: detected capacity change from 0 to 32768 [ 237.034036][ T9878] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 237.034145][ T9878] ext4 filesystem being mounted at /311/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 237.338413][ T9888] netem: change failed [ 237.345278][ T9884] loop7: detected capacity change from 0 to 2048 [ 237.465499][ T9884] EXT4-fs (loop7): Unrecognized mount option "obj_role=seclabel" or missing value [ 237.802621][ T4191] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 237.917254][ T9906] loop3: detected capacity change from 0 to 256 [ 238.082632][ T4191] usb 6-1: Using ep0 maxpacket: 8 [ 238.222718][ T4191] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 238.412841][ T4191] usb 6-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 238.435215][ T4191] usb 6-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 238.462708][ T4191] usb 6-1: Product: syz [ 238.482620][ T4191] usb 6-1: Manufacturer: syz [ 238.501620][ T4191] usb 6-1: SerialNumber: syz [ 238.745386][ T9952] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 238.772687][ T9952] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 238.782674][ T4191] usb 6-1: Handspring Visor / Palm OS: No valid connect info available [ 238.790275][ T9952] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 238.805428][ T4191] usb 6-1: Handspring Visor / Palm OS: port 110, is for unknown use [ 238.811185][ T9952] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4) [ 238.841327][ T9952] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 238.844115][ T4191] usb 6-1: Handspring Visor / Palm OS: port 40, is for unknown use [ 238.861617][ T9952] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 238.887161][ T4191] usb 6-1: Handspring Visor / Palm OS: Number of ports: 2 [ 238.907613][ T9952] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 238.937695][ T9957] loop4: detected capacity change from 0 to 2048 [ 238.952808][ T9952] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 238.972655][ T9952] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 238.984149][ T9952] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 239.002738][ T4191] visor 6-1:1.0: Handspring Visor / Palm OS converter detected [ 239.010445][ T9952] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 239.023521][ T4191] usb 6-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 239.043024][ T9952] comedi comedi3: 8255: I/O port conflict (0x7,4) [ 239.051044][ T4191] usb 6-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 239.060977][ T9952] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4) [ 239.095493][ T9957] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 239.134813][ T9952] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4) [ 239.149043][ T26] audit: type=1800 audit(1774066836.002:22): pid=9957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2008" name="file1" dev="loop4" ino=1367 res=0 errno=0 [ 239.170101][ T9952] comedi comedi3: 8255: I/O port conflict (0xb,4) [ 239.209691][ T13] usb 6-1: USB disconnect, device number 11 [ 239.228019][ T9952] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffff5,4) [ 239.267714][ T13] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 239.282640][ T9952] comedi comedi3: 8255: I/O port conflict (0xffffffffffffeadb,4) [ 239.303123][ T13] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 239.316890][ T9952] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 239.330020][ T9973] loop4: detected capacity change from 0 to 256 [ 239.340131][ T13] visor 6-1:1.0: device disconnected [ 239.353695][ T9952] comedi comedi3: 8255: I/O port conflict (0x8,4) [ 239.360604][ T9969] loop2: detected capacity change from 0 to 1024 [ 239.517331][ T9969] hfsplus: b-tree write err: -5, ino 2 [ 239.622639][ T4551] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 239.635725][ T4228] hfsplus: b-tree write err: -5, ino 25 [ 239.643318][ T4228] hfsplus: b-tree write err: -5, ino 4 [ 239.672445][ T4228] hfsplus: b-tree write err: -5, ino 2 [ 239.692818][ T27] INFO: task syz-executor:4190 blocked for more than 143 seconds. [ 239.743266][ T27] Not tainted syzkaller #0 [ 239.757827][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 239.821883][ T27] task:syz-executor state:D stack:21168 pid: 4190 ppid: 1 flags:0x00004004 [ 239.844577][ T9979] loop7: detected capacity change from 0 to 8192 [ 239.882581][ T27] Call Trace: [ 239.882606][ T4551] usb 4-1: Using ep0 maxpacket: 8 [ 239.885954][ T27] [ 239.912680][ T27] __schedule+0x11ef/0x43c0 [ 239.921808][ T27] ? verify_lock_unused+0x140/0x140 [ 239.937677][ T27] ? mark_lock+0x94/0x320 [ 239.942068][ T27] ? release_firmware_map_entry+0x190/0x190 [ 239.958678][ T27] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 239.972557][ T27] ? lock_chain_count+0x20/0x20 [ 239.982730][ T27] ? _raw_spin_lock_irq+0xb7/0xf0 [ 239.992738][ T27] schedule+0x11b/0x1e0 [ 239.996951][ T27] io_schedule+0x7c/0xd0 [ 240.002856][ T4551] usb 4-1: config index 0 descriptor too short (expected 30, got 18) [ 240.021650][ T27] wait_on_page_bit_common+0x83b/0xe50 [ 240.028777][ T27] ? wait_on_page_bit+0x50/0x50 [ 240.042565][ T27] ? rcu_lock_release+0x20/0x20 [ 240.047553][ T27] truncate_inode_pages_range+0xa24/0xfe0 [ 240.057670][ T27] ? invalidate_inode_page+0x360/0x360 [ 240.067795][ T27] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 240.088048][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 240.093604][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 240.109031][ T27] evict+0x4dc/0x8d0 [ 240.115093][ T27] ? proc_nr_inodes+0x320/0x320 [ 240.122725][ T27] ? do_raw_spin_unlock+0x11d/0x230 [ 240.128824][ T27] evict_inodes+0x60c/0x6a0 [ 240.143668][ T27] ? __dentry_kill+0x530/0x650 [ 240.148507][ T27] ? clear_inode+0x150/0x150 [ 240.162515][ T27] generic_shutdown_super+0x93/0x300 [ 240.162800][ T4551] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 240.178068][ T27] kill_block_super+0x7c/0xe0 [ 240.188191][ T27] deactivate_locked_super+0x93/0xf0 [ 240.190699][ T4551] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.208436][ T27] cleanup_mnt+0x42d/0x4e0 [ 240.211878][ T4551] usb 4-1: Product: syz [ 240.213388][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 240.217256][ T4551] usb 4-1: Manufacturer: syz [ 240.236220][ T4551] usb 4-1: SerialNumber: syz [ 240.242045][ T27] task_work_run+0x125/0x1a0 [ 240.248679][ T4551] usb 4-1: config 0 descriptor?? [ 240.252532][ T27] exit_to_user_mode_loop+0x10f/0x130 [ 240.273257][ T27] exit_to_user_mode_prepare+0xee/0x180 [ 240.285765][ T27] syscall_exit_to_user_mode+0x16/0x40 [ 240.294844][ T4551] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 240.307715][ T27] do_syscall_64+0x58/0xa0 [ 240.316128][ T4551] usb 4-1: setting power ON [ 240.321658][ T27] ? clear_bhb_loop+0x30/0x80 [ 240.332039][ T4551] dvb-usb: bulk message failed: -22 (2/0) [ 240.347603][ T27] ? clear_bhb_loop+0x30/0x80 [ 240.354704][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 240.371932][ T4551] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 240.386157][ T27] RIP: 0033:0x7fca121ec9d7 [ 240.395099][ T27] RSP: 002b:00007fff0330d3a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 240.409423][ T27] RAX: 0000000000000000 RBX: 00007fca12281050 RCX: 00007fca121ec9d7 [ 240.423020][ T4551] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 240.433835][ T27] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff0330d460 [ 240.442030][ T4551] usb 4-1: media controller created [ 240.452132][ T27] RBP: 00007fff0330d460 R08: 00007fff0330e460 R09: 00000000ffffffff [ 240.468322][ T4551] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 240.476942][ T27] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff0330e4f0 [ 240.487555][ T27] R13: 00007fca12281050 R14: 0000000000014bc2 R15: 00007fff0330e530 [ 240.502548][ T9971] dvb-usb: bulk message failed: -22 (3/0) [ 240.519686][ T27] [ 240.523605][ T4551] usb 4-1: selecting invalid altsetting 6 [ 240.530146][ T4551] usb 4-1: digital interface selection failed (-22) [ 240.538136][ T27] [ 240.538136][ T27] Showing all locks held in the system: [ 240.546291][ T27] 1 lock held by khungtaskd/27: [ 240.551310][ T27] #0: ffffffff8c31eaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 240.561590][ T4551] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 240.570504][ T27] 1 lock held by udevd/3560: [ 240.575574][ T27] #0: ffff888020223d18 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x157/0xa60 [ 240.586239][ T27] 2 locks held by getty/3945: [ 240.591118][ T27] #0: ffff88814d439098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 240.601427][ T27] #1: ffffc90002cf62e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x5df/0x1a70 [ 240.612239][ T4551] usb 4-1: setting power OFF [ 240.617581][ T4551] dvb-usb: bulk message failed: -22 (2/0) [ 240.625553][ T27] 1 lock held by udevd/4173: [ 240.630279][ T27] #0: ffff888020223d18 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x157/0xa60 [ 240.641018][ T4551] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 240.650777][ T27] 1 lock held by syz-executor/4190: [ 240.656368][ T4551] (NULL device *): no alternate interface [ 240.668716][ T27] #0: ffff8880792280e0 (&type->s_umount_key#84){+.+.}-{3:3}, at: deactivate_super+0xa0/0xd0 [ 240.689183][ T4551] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 240.699138][ T27] 5 locks held by kworker/0:19/4551: [ 240.707377][ T27] 2 locks held by udevd/4954: [ 240.713270][ T4551] usb 4-1: USB disconnect, device number 13 [ 240.720018][ T27] #0: ffff888020217d18 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xf9/0x7d0 [ 240.730523][ T27] #1: ffff88814787e468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90 [ 240.740593][ T27] 2 locks held by syz.7.2015/9979: [ 240.746120][ T27] #0: ffff888020223d18 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xf9/0x7d0 [ 240.756910][ T27] #1: ffff88814790d468 (&lo->lo_mutex){+.+.}-{3:3}, at: lo_release+0x4d/0x1f0 [ 240.769911][ T27] 1 lock held by syz.2.2016/9987: [ 240.775388][ T27] #0: ffff888020217d18 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x157/0xa60 [ 240.785821][ T27] [ 240.788169][ T27] ============================================= [ 240.788169][ T27] [ 240.797376][ T9987] loop2: detected capacity change from 0 to 40427 [ 240.800875][ T27] NMI backtrace for cpu 0 [ 240.808245][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 [ 240.815467][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 240.825546][ T27] Call Trace: [ 240.828856][ T27] [ 240.831817][ T27] dump_stack_lvl+0x188/0x250 [ 240.836531][ T27] ? show_regs_print_info+0x20/0x20 [ 240.841770][ T27] ? load_image+0x400/0x400 [ 240.846302][ T27] ? tick_nohz_tick_stopped+0x7b/0xb0 [ 240.851702][ T27] ? nmi_cpu_backtrace+0x1b2/0x3d0 [ 240.856834][ T27] nmi_cpu_backtrace+0x3a2/0x3d0 [ 240.861809][ T27] ? nmi_trigger_cpumask_backtrace+0x280/0x280 [ 240.867987][ T27] ? _printk+0xda/0x130 [ 240.872326][ T27] ? load_image+0x400/0x400 [ 240.876826][ T27] ? load_image+0x400/0x400 [ 240.881322][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 240.887397][ T27] nmi_trigger_cpumask_backtrace+0x163/0x280 [ 240.893372][ T27] watchdog+0xe0f/0xe50 [ 240.897525][ T27] kthread+0x436/0x520 [ 240.901597][ T27] ? hungtask_pm_notify+0x40/0x40 [ 240.906799][ T27] ? kthread_blkcg+0xd0/0xd0 [ 240.911531][ T27] ret_from_fork+0x1f/0x30 [ 240.915965][ T27] [ 240.920005][ T27] Sending NMI from CPU 0 to CPUs 1: [ 240.925472][ C1] NMI backtrace for cpu 1 [ 240.925484][ C1] CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted syzkaller #0 [ 240.925499][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 240.925508][ C1] Workqueue: events_unbound cfg80211_wiphy_work [ 240.925529][ C1] RIP: 0010:unwind_next_frame+0x1ca/0x1d90 [ 240.925550][ C1] Code: f0 0f 86 f5 14 00 00 44 89 f0 4c 8d 24 85 d0 6f 9d 8e 4c 89 e0 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 8b 16 00 00 45 8b 24 24 <44> 89 f0 ff c0 4c 8d 3c 85 d0 6f 9d 8e 4c 89 f8 48 c1 e8 03 42 0f [ 240.925561][ C1] RSP: 0018:ffffc90000ce72e8 EFLAGS: 00000246 [ 240.925574][ C1] RAX: 0000000000000000 RBX: ffffc90000ce73a8 RCX: ffffffff962daf00 [ 240.925584][ C1] RDX: 000000000009007f RSI: ffffffff81be278f RDI: ffffffff81350d2c [ 240.925595][ C1] RBP: ffffffff81be278e R08: ffffc90000ce7470 R09: 0000000000000001 [ 240.925604][ C1] R10: dffffc0000000000 R11: fffff5200019ce81 R12: 0000000000029f14 [ 240.925614][ C1] R13: dffffc0000000000 R14: 000000000000be27 R15: ffffc90000ce73f0 [ 240.925625][ C1] FS: 0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 240.925637][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 240.925648][ C1] CR2: 0000001b32711ff8 CR3: 000000007a7d0000 CR4: 00000000003506e0 [ 240.925663][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 240.925672][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 240.925681][ C1] Call Trace: [ 240.925686][ C1] [ 240.925694][ C1] ? kasan_set_free_info+0x1f/0x40 [ 240.925714][ C1] ? stack_trace_save+0xf0/0xf0 [ 240.925728][ C1] arch_stack_walk+0x10c/0x140 [ 240.925746][ C1] ? kasan_set_free_info+0x1f/0x40 [ 240.925762][ C1] ? kfree+0xef/0x2a0 [ 240.925775][ C1] stack_trace_save+0xa6/0xf0 [ 240.925789][ C1] ? stack_trace_snprint+0xf0/0xf0 [ 240.925804][ C1] ? kfree+0xef/0x2a0 [ 240.925824][ C1] ? memset+0x1e/0x40 [ 240.925839][ C1] kasan_set_track+0x4b/0x70 [ 240.925853][ C1] ? kasan_set_track+0x4b/0x70 [ 240.925866][ C1] ? kasan_set_free_info+0x1f/0x40 [ 240.925901][ C1] kasan_set_free_info+0x1f/0x40 [ 240.925916][ C1] ____kasan_slab_free+0xd5/0x110 [ 240.925932][ C1] slab_free_freelist_hook+0xea/0x170 [ 240.925947][ C1] ? ieee80211_bss_info_update+0x846/0xa70 [ 240.925965][ C1] kfree+0xef/0x2a0 [ 240.925980][ C1] ieee80211_bss_info_update+0x846/0xa70 [ 240.926000][ C1] ? ieee80211_rx_bss_put+0x60/0x60 [ 240.926020][ C1] ? ieee80211_mandatory_rates+0x1c8/0x230 [ 240.926038][ C1] ieee80211_ibss_rx_queued_mgmt+0x1700/0x2ab0 [ 240.926064][ C1] ? ieee80211_ibss_rx_no_sta+0x770/0x770 [ 240.926078][ C1] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 240.926093][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 240.926110][ C1] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 240.926123][ C1] ? _raw_spin_unlock+0x40/0x40 [ 240.926136][ C1] ? kcov_remote_start+0x6f/0x4a0 [ 240.926153][ C1] ? kcov_remote_start+0xea/0x4a0 [ 240.926169][ C1] ieee80211_iface_work+0x70e/0xc60 [ 240.926187][ C1] cfg80211_wiphy_work+0x221/0x260 [ 240.926204][ C1] process_one_work+0x85f/0x1010 [ 240.926226][ C1] ? worker_detach_from_pool+0x240/0x240 [ 240.926245][ C1] ? lockdep_hardirqs_off+0x70/0x100 [ 240.926262][ C1] ? _raw_spin_lock_irq+0xb7/0xf0 [ 240.926274][ C1] ? _raw_spin_lock_irqsave+0x100/0x100 [ 240.926289][ C1] ? wq_worker_running+0x97/0x170 [ 240.926304][ C1] worker_thread+0xaa6/0x1290 [ 240.926330][ C1] kthread+0x436/0x520 [ 240.926343][ C1] ? rcu_lock_release+0x20/0x20 [ 240.926356][ C1] ? kthread_blkcg+0xd0/0xd0 [ 240.926370][ C1] ret_from_fork+0x1f/0x30 [ 240.926392][ C1] [ 240.959212][ T9987] F2FS-fs (loop2): invalid crc value [ 240.970064][ T9987] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 241.022540][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 241.201418][ T9987] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0 [ 241.201950][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 [ 241.201973][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 241.201987][ T27] Call Trace: [ 241.208534][ T9987] F2FS-fs (loop2): Start checkpoint disabled! [ 241.213063][ T27] [ 241.213074][ T27] dump_stack_lvl+0x188/0x250 [ 241.213103][ T27] ? show_regs_print_info+0x20/0x20 [ 241.232190][ T9987] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 241.233895][ T27] ? load_image+0x400/0x400 [ 241.233935][ T27] panic+0x2e5/0x810 [ 241.282633][ T9979] REISERFS (device loop7): found reiserfs format "3.5" with non-standard journal [ 241.284894][ T27] ? schedule_preempt_disabled+0x20/0x20 [ 241.289847][ T9979] REISERFS (device loop7): using ordered data mode [ 241.294329][ T27] ? bpf_jit_dump+0xd0/0xd0 [ 241.294361][ T27] ? nmi_trigger_cpumask_backtrace+0x260/0x280 [ 241.294392][ T27] watchdog+0xe4e/0xe50 [ 241.315343][ T9979] reiserfs: using flush barriers [ 241.318308][ T27] kthread+0x436/0x520 [ 241.387593][ T9979] REISERFS (device loop7): journal params: device loop7, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 241.396262][ T27] ? hungtask_pm_notify+0x40/0x40 [ 241.396297][ T27] ? kthread_blkcg+0xd0/0xd0 [ 241.396319][ T27] ret_from_fork+0x1f/0x30 [ 241.396352][ T27] [ 241.411886][ T9979] REISERFS (device loop7): checking transaction log (loop7) [ 241.413139][ T27] Kernel Offset: disabled [ 241.477078][ T27] Rebooting in 86400 seconds..