last executing test programs: 5m45.670833423s ago: executing program 0 (id=7902): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) write$UHID_CREATE2(r0, &(0x7f00000001c0)={0xb, {'syz0\x00', 'syz0\x00', 'syz1\x00', 0x0, 0x0, 0x85b, 0x8000, 0x6, 0x4}}, 0x118) 5m45.388247393s ago: executing program 0 (id=7908): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x40000, 0x0) ioctl$RTC_AIE_OFF(r0, 0x7002) 5m45.151290996s ago: executing program 0 (id=7911): r0 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r0, &(0x7f0000001040)={&(0x7f0000000040)={0x2, 0xfffc, @empty}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000280)='\b\x00', 0x2}, {&(0x7f0000000180)="2d0b00008058", 0x6}], 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x24) 5m44.934608013s ago: executing program 0 (id=7914): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000300)='./file0\x00', 0x2000004, &(0x7f0000000500)=ANY=[@ANYBLOB="00e3078fbb81fca067351e718b1742354077ee6bdefb8addaf7c0c235850b66dac0ba564a370a77264f1a57d44c84efc49fa6c64b9351ea8fd59a458a7791fedcc466b0eab6ca6dd32fcc642517fa3219450b91e3118bf2b9d3cfa562ea44c058252d29181c81c637c6ba7d179122eee61e5c9f68165b6abd469da8d90c0632f7265bb040411d5748c475bb33a7ce77afb2ea533f1653d8cb67dad989bb0a1c16881f0d91d6cbd3751c289aecf4a00"/185, @ANYBLOB="b12398658f5ec6488081d04c33b5a507b1cac8c4376c1895046a1e6e068e53d002eb4279796b4c014f4febee026f87bd0eea7d27598f7ff2687552fdd651", @ANYRESOCT=0x0, @ANYRES64], 0x1, 0x497, &(0x7f0000002480)="$eJzs281vG8Ufx/HPbGJnk/b3w31yC6qEJSSKiiix05I+gRRa0iL1gbYJAqEWhcYJVhMnitOqraCtxKFHoEggJA7l0AtCVZHgAgcOcOM/4MKtBy6YEycQms2sd+26JK0fEjfvl5R4vPv17uzM7OysdywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACC9/MpQf9Ysdy4AAEA7HTt1sj/H9R8AgFVlhPt/AACA1cTI0ycy+uHTsjkavF/gHykUz18cPThc/2O9JvhkVxBv//xsbmDnrhcGd4ev//35Zntcx0+NDGUOzEzPzuVLpfx4ZrRYODsznl/yFhr9fK3tQQFkps+dH5+YKGVyOwaqVl9M3e1Zk07tG0zvfzqMHT04PHwqFtOdeOi93+N+I/ykPF2XUfnj2+aYJE+Nl8UibafVeoOD2B4cxOjB4eBApgpjxXm70oQF4VWXSTIsozbURUM2SjZfJtmce7aEPJVktCldNscldYXl8GzwxfDiG/Cako0HZvN5WlJGHVBnK1iPPO2S0Y09Kb1myyys/27p/eXOHFquW55uy2jbS2VzIugP7Plku80jr2deLU7MxGKNcWdUp18f2mmF902+PB0LzviyObncmUHb2cHSaRntHLkQjCsUjEsf2zd46PBIfISxeZHt2NgdLr2Ua3IiNnQwyzSGAAAAAAAAAB51vvGC7+I+/8YP3mfcMyCsEsbT8zL683A5eDQen5fQFZvfUdHpz35am/9e/8DM7KW5wuS783XX9/lD75Tm58bO1l+tXnvyVX0dvtg8hgYljKfdMrr6z51ovylj064biHZ0a3+UN9/UrA3azf8X5rOEzxD2Dm+Op+tm+QGej6XcfumfgOYwxtOQjCa+3+LmfvTpnj7IxX0roz9ubnVxXtIGhadpKvjvTxSm8v029icZffl3GBtMM9MaF7shis3aWE9GHx2tjl3rYjdGsTkbe0hGP5+pH7spih2wsR/IaPb3TBjbZ2OfdLHpKHbH2Zmp8ZYV8Apn+/8rMlr/YsaEdenKy3WzXZXYW+9F/f212g3dp89vtP9PxZZdc+3wrm2vZ7YEbS9or1799npdRl9/t9XFLbSVpFu/Lvgftdc3ZDT5S3Vsn4tdH8Vml1ywHcLW/9syyhXvVMrG1b+rgdj1P1b/T9S2jhbV/7rYspTbb09zDh2SSpcunxubmsrPkSBBYgmJHq2IbCySCPvlh9/OMndMaAt7/f9MRm+e+LUy3nHXfzesjsZ/f12Jrv97azfUouv/+tiyvW40kuiW/Pnp2URa8kuXLj9XmB6bzE/miwO57J7+PTsHs4lkOLaLUg0X1SMp4e7VLnz4VeX+rHr8V3/831e7oRbV/waXzXCfUSfVlMNf9Wz9/yajt368U7mPtvV/sxJRPf4P77OeeWrhtXJ+tqj+N8aWpdx+/9eE4wYAAAAAAAAAAAAAAACATpcwnm7IyD/dbcLfRi1l/t89P5hq0fyvdGzZeJt+r9BwoQJAB/Dk6QsZbVPZXLUL1kpH4694pP0bAAD//3VdHM0=") mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x80, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 5m44.470728308s ago: executing program 0 (id=7920): r0 = socket$igmp6(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0x22, &(0x7f0000000000)={{0xa, 0x0, 0x101, @mcast1, 0x8}, {0xa, 0x0, 0xfffffffd, @private2, 0x6}, 0x0, {[0x6, 0x200, 0x1, 0xfffffefc, 0x2d, 0x1, 0x0, 0x200003]}}, 0x5c) 5m43.618282905s ago: executing program 0 (id=7928): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x2d, &(0x7f0000000040)=[{&(0x7f0000000780)="d8000000140081044e81f782db44b9040a1d080201000000040000a118000200ff020000000000000000000000000001a80016ea1f00084003bc5f54c92011148ed08734843cb12b00000803600cfab94dcf5c0461c1d67f722f054f55153c6f94007134cf6ee08000a09108e8d8ef075c0100000000000000cb490000001fb791643a5e835913b06218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f52eb4edbb57a5025ccca9e00360d8bcc00400040fad95667e0060000000000000580bb9ad809d5e1cace81b341139fe3cd4032e8edb12d", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0xc04) 5m42.920092973s ago: executing program 32 (id=7928): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x2d, &(0x7f0000000040)=[{&(0x7f0000000780)="d8000000140081044e81f782db44b9040a1d080201000000040000a118000200ff020000000000000000000000000001a80016ea1f00084003bc5f54c92011148ed08734843cb12b00000803600cfab94dcf5c0461c1d67f722f054f55153c6f94007134cf6ee08000a09108e8d8ef075c0100000000000000cb490000001fb791643a5e835913b06218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f52eb4edbb57a5025ccca9e00360d8bcc00400040fad95667e0060000000000000580bb9ad809d5e1cace81b341139fe3cd4032e8edb12d", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0xc04) 3.110704669s ago: executing program 2 (id=12406): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x401, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4801, 0x15319}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'bond0\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x5}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x6de3a2a161c5107b}, 0x0) 2.71115192s ago: executing program 2 (id=12412): r0 = userfaultfd(0x80001) ppoll(&(0x7f0000000140)=[{r0}], 0x1, 0x0, 0x0, 0x0) 2.374780717s ago: executing program 2 (id=12417): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='attr/current\x00') write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file0'}, 0xb) 2.149882908s ago: executing program 2 (id=12421): r0 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x33, 0x0, 0x2e2e}}) 2.148766819s ago: executing program 1 (id=12422): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000013c0)=@newtaction={0x8ec, 0x30, 0xffffffffffffffff, 0x0, 0x40002, {}, [{0x8d8, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x66, 0xffffff80, 0xffffffffffffffff, 0x0, 0x8af}, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0xff000000, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_police={0x880, 0x2, 0x0, 0x0, {{0xb}, {0x854, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x80, 0x914, 0xffffffff, 0x3, 0x0, 0xd39f, 0x4314, 0x1, 0x200, 0x6, 0xffff0ced, 0x2, 0x9, 0x7, 0x8, 0x2, 0xffff, 0x3, 0xff, 0x8, 0x8, 0x4, 0x401, 0x7fff, 0x5, 0xf, 0x419c6eaa, 0x1, 0x3, 0x1, 0x4, 0x1, 0x7, 0x9, 0x8, 0x401, 0x8, 0x8a, 0xfffffffb, 0x4, 0x7, 0x3, 0x7, 0x3e, 0xbc, 0x1, 0x6, 0x5, 0x5, 0x0, 0x6, 0x0, 0x3, 0x200, 0xfffffff8, 0x20000, 0x2, 0x6, 0x1, 0x8000, 0xffff8001, 0x100, 0x9d, 0x1, 0xfffffff7, 0x5864, 0x3, 0x80000001, 0x7fff, 0xedc, 0x7ff, 0xfffeffff, 0x3, 0x8, 0x7, 0x6, 0x8, 0x9, 0x9, 0x8, 0x3f48bf0a, 0x5, 0xffffffff, 0x370, 0x7, 0x9942, 0xfffffffa, 0x80000000, 0xbff8, 0x9, 0xfff, 0x10000, 0x0, 0x4, 0x4, 0x3ff, 0x1, 0xda, 0x0, 0x8, 0x8, 0x2f, 0x7fffffff, 0x7, 0x2, 0x8, 0x9, 0x1, 0x101, 0xffff95af, 0x265d, 0x9, 0x4, 0x9, 0x1, 0x2, 0x0, 0x37a, 0x5, 0x5, 0x8001, 0x200, 0x5, 0xffffffff, 0x5, 0x200, 0xffff3db5, 0x2, 0x401, 0x9, 0xfffff145, 0x64, 0x9, 0x9, 0x400, 0x7ff, 0x1ff, 0x9, 0xffffffff, 0xfffffffb, 0x10001, 0x6, 0x80000001, 0xfc0, 0x5, 0x3, 0x9, 0x4, 0xfffffbff, 0x4, 0x4, 0x9, 0x3d6, 0x9, 0x7fff, 0x1, 0x3, 0x4, 0x7401, 0xcd5, 0x2, 0x7, 0xf3, 0x80, 0x9, 0x800, 0x2, 0x1, 0x1, 0x65887464, 0x4, 0x6, 0x5, 0x0, 0x2, 0x8, 0x4, 0x4, 0x120000, 0x7, 0x200, 0x4, 0x8001, 0x4, 0xa8, 0x3, 0x7, 0x7, 0x9, 0x9, 0x9, 0x78, 0x9, 0x6, 0xf93, 0x401, 0x9, 0xfffffffe, 0x8001, 0x3ff, 0x7, 0x80000001, 0x8000, 0x6, 0x7fffffff, 0x6e4b, 0x8, 0x8, 0x8, 0x2, 0x4, 0x0, 0xfff, 0xffffff7f, 0xa7, 0x3, 0x2, 0x1, 0x3, 0x6, 0x2, 0x1, 0xec, 0x4d, 0xe99, 0xa, 0xfffffff9, 0x40, 0x6, 0x9, 0x7de6, 0x8001, 0x1000, 0x4, 0x7, 0x0, 0x5, 0x9, 0x5, 0x3, 0x81, 0x4, 0x5, 0x4, 0xd2, 0x56e, 0x1, 0x5, 0x795, 0xffff, 0x8cac, 0x5, 0x1, 0x7, 0x406e]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x5, 0x720b, 0x10001, 0x8001, 0x1, 0x80000000, 0x7, 0x4, 0xfffffffb, 0x8, 0x0, 0x7f, 0xdd, 0x6, 0xfffffffa, 0x2, 0x8, 0x6, 0x2, 0x6, 0x0, 0x0, 0x3, 0x6, 0x0, 0x10000, 0x8, 0x4, 0x8, 0x0, 0x2, 0x0, 0x9, 0xff, 0x3, 0x7, 0x9, 0xfffffffe, 0x6, 0x6, 0x3, 0x0, 0x1, 0x2, 0x7ff, 0x40, 0x1, 0x100, 0x7, 0x3, 0x7f, 0x8000, 0xffff, 0x81, 0x4, 0x8, 0x6, 0x10001, 0x101, 0x6e7, 0x8, 0x7, 0xc, 0xfffffff8, 0x1, 0x7, 0x6, 0x6, 0x7, 0x9, 0x4, 0x4, 0x8, 0xffff, 0x5, 0x1, 0xa93, 0x9, 0xf, 0xf31, 0x8001, 0x0, 0x0, 0x6, 0x3, 0x9, 0xffff, 0xf, 0x2, 0x7, 0x2, 0x0, 0x4, 0x800, 0x6, 0xeca, 0x76, 0x5, 0x4d, 0x57, 0xfffff9b3, 0x4, 0x8c, 0x2, 0x7f, 0xbb, 0x1, 0x2000, 0x80, 0x3, 0x80, 0x80000000, 0xb, 0x6a, 0xfffffff7, 0x8, 0xa8, 0x7, 0x9, 0x9957, 0xfffffffe, 0x4, 0xffffaa90, 0x7f, 0x81, 0x8, 0xfffffff8, 0x7, 0xa, 0x2, 0x8, 0x9, 0x7, 0x8, 0x0, 0x800, 0x7, 0x2, 0x6, 0x2, 0x9, 0x6, 0x1, 0x8001, 0x8, 0x2, 0x40, 0x6, 0x1, 0x10001, 0x3, 0x8, 0x81, 0x2, 0x6, 0x8000, 0x10000, 0xfffffffe, 0x6, 0x9, 0x3ff, 0x6, 0x81, 0x7fffffff, 0xc7, 0x7, 0x2, 0x8, 0xfffffeff, 0x4, 0xffff, 0x8, 0x2, 0x9f, 0x7, 0x2, 0x7fff, 0xff, 0xfffffff7, 0x7, 0xa8, 0x8, 0x7, 0x401, 0x1, 0x7, 0x59b, 0x6, 0x2, 0x2, 0x87, 0x1, 0x10000, 0x400, 0x800, 0x1b, 0x5, 0x56474848, 0xbfe, 0x9, 0x6, 0x7, 0xff, 0x5, 0x3ff, 0x3, 0x5, 0x798515b1, 0x3cc, 0x1, 0x10, 0x7, 0x32e, 0x3, 0xfffffffc, 0x3ff, 0x7f, 0x1, 0x1080, 0x401, 0x4, 0x0, 0x6, 0x6, 0x5, 0x4, 0x8, 0x5, 0x5, 0xf8a4, 0x10c, 0x8, 0x1ff, 0x8, 0xba1f, 0x3, 0x1000, 0x3, 0x401, 0x7, 0x4, 0x0, 0x5, 0x79, 0x81, 0x8, 0xfffffffa, 0xfffffffa, 0x3, 0x884, 0x98b, 0xb3, 0xffffffff, 0x8, 0x6, 0x6]}], [@TCA_POLICE_RATE64={0xc, 0x8, 0xffffffff00000000}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x80000000, 0x7, 0x2, 0x7, 0x400, {0x6, 0x1, 0x4, 0x5, 0x1, 0xf}, {0x1d, 0x1, 0x5, 0x3, 0x1000, 0x2}, 0x5, 0x5d, 0x4}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}]}]}, 0x8ec}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 2.008862408s ago: executing program 4 (id=12424): r0 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e20, 0x9c000000, @dev={0xfe, 0x80, '\x00', 0x30}, 0x1df}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=[{0x10, 0x110, 0x1}], 0x10}, 0x0) 1.903801644s ago: executing program 1 (id=12426): r0 = syz_open_dev$media(&(0x7f0000000040), 0x0, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0x541b, 0x0) 1.816320708s ago: executing program 6 (id=12427): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SWAP(r0, &(0x7f000000be00)={0x0, 0x0, &(0x7f000000bdc0)={&(0x7f000000bd40)={0x28, 0x6, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x40000) 1.815757086s ago: executing program 2 (id=12428): syz_read_part_table(0x5db, &(0x7f0000000080)="$eJzs0r1rW1cYB+D33kZROhiJEMjQpZCQSU2KlhQqUYpRhRcnhLRk6D+QDIUEOngwUpXMaTx1s/FHwXgxHdrJ0MXYBuOCPBl59Vg6mC4ayi2Srl2K+zEYu7V5nkHnnt89r95zOSe40NL4JcuyJOJKFI+yr/I3Ec/f/+fqT1can0y8+/DjR48jkngWEZPvPfth8CbJV2T5v36Xzx/k84litTu/PX64Ut65tbt5ezGNKAzyqxHRHtS3l0on+yXx4ek/mUtktb5RevnqRfP1VP3pXnP6oJDnM/cXaq2fb9aepKM7tZYel/zxFNlf3LHT9b+W57Njdwub3X51K59XktN24v9o9bdsoJgNzv+j6YO5G51epz95Z7lwr3K9t956Mzz3H/+uvHCumwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC611fpG6eWrF2lEZG+NosY7Xze+mLm/UGt9drP2JB2Fa+kZ9R8b9m++nqo/3WtOH9zufvDtT9m1mB27W9i82q9u5esqyZ/KWmezG85bfv+Oz3/uRqfX6U/eWf7yXuV6b731Jvnm+WDdlf96owAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAhdH4dT8iHj2OSOLziBhPy0uDPCtGlPdPrn9QHI0TxWp3fnv8cKW8c2u3HIsP83wtjWjH28Pn74e/U0elpdFQGA3tiEjP9tv4d78HAAD//5Qvfrc=") bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000180)=@generic={0x0}, 0x18) 1.676591908s ago: executing program 4 (id=12430): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x114, 0x2e, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x103, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x16}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) 1.633361702s ago: executing program 5 (id=12431): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x37, 0x0, @void}, 0x10) 1.607490134s ago: executing program 1 (id=12432): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x84, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@aname={'aname', 0x3d, '9p\x00'}}]}}) 1.482901973s ago: executing program 3 (id=12433): r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) 1.334186052s ago: executing program 2 (id=12434): syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100004366b408c70b0800c84f0102030109022d00010000000009040000032eb47d000905f9ffffff00000009050f47"], 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) 1.329147475s ago: executing program 1 (id=12435): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000300)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)}}], 0x1, 0x4000081) io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f0000000200)=[@ioring_restriction_register_op={0x0, 0x1e}], 0x1) 1.303182031s ago: executing program 5 (id=12436): r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f00000001c0)=@profile={'permprofile ', ':\':\x02'}, 0x10) 1.218857628s ago: executing program 4 (id=12437): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x540, 0x0) ioctl$RTC_SET_TIME(r0, 0x40187014, &(0x7f00000006c0)={0x60, 0x2000011, 0x40000000, 0x12, 0x4, 0x3ff, 0x4001005, 0x34, 0x1}) 1.192978448s ago: executing program 3 (id=12438): r0 = socket$inet6(0xa, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000000)={'bridge0\x00', 0x0}) 1.113932756s ago: executing program 6 (id=12439): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x10, {{@in=@multicast1, @in=@remote, 0x0, 0x0, 0xffff, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {0x1, 0x0, 0x80}, 0x10000}, [@tmpl={0x44, 0x5, [{{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x6c}, 0x8, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x1, 0x2, 0x0, 0x1, 0xff}]}]}, 0xfc}}, 0x0) 1.015125026s ago: executing program 3 (id=12440): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x50) 985.547694ms ago: executing program 1 (id=12441): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS(r0, 0x4b72, &(0x7f0000000040)={0x2, 0x80, 0x2, 0x0, 0xb, "0060a10000efa489020000000000fffffff600"}) 954.373311ms ago: executing program 4 (id=12442): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=@newtaction={0x44, 0x30, 0x1, 0x70bd2b, 0x25dfdbde, {}, [{0x30, 0x1, [@m_bpf={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x4}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0xc044}, 0x0) 898.604437ms ago: executing program 5 (id=12443): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BTRFS_IOC_DEV_REPLACE(r0, 0x89e0, 0x0) 819.767174ms ago: executing program 6 (id=12444): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x7000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68) brk(0x200000ffc000) 800.550245ms ago: executing program 1 (id=12445): syz_mount_image$jfs(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', 0xc03, &(0x7f0000008040)=ANY=[], 0x2, 0x5fbf, &(0x7f0000002080)="$eJzs3VtvHGf9B/DfHrw+9N/U6kWVf8QhTTm0lCaNkzYtp6ZC4gIEVKpyn8i4VYQLKAkVrSzsKhL3SFyj8iK4BqHeIBWJl8AbiGT3hghEBo39PM54vPbaJN5Zez4fyZn97TPjfSZfj2fXc3gCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIjvf+/ti52IuP5+emI+4v+iF9GNmC3rs/HXiNX7ef5+RJyOzeZ4JiJOTUeUy2/+81TE5Yj49FTE+sbKYvn0wgH78cpb9/72w7d/tPbbL/7l7//+5Pd/qre/9cl3f/DH1Yj507/53X9WH8+6AwAAQFsURVF0Nj/mR5xJn++7TXcKABiLvP8vkvy8Wv0odT92aro/arVard6tGG61WkTEWnWZ8j2Dw/EAcMysxf2mu0CD5N9q/Yh4oulOABOt03QHOBLrGyuLnZRvp7o/OLvVns8F2ZH/Wmf7+o69pqPUzzEZ18/X3ejF03v0Z3ZMfZgkOf9uPf/rW+2DNN9R5z8ue+U/2Lr0qXVy/r16/jUnJ//u0PzbKuffP1T+PfkDAAAAAMAEy3//n2/4+O/0o6/Kgex3/PfsmPoAAAAAAAAAAI/bAcb/Kx9czfPXx//bZvw/AAAAmFjlZ/XSx6cePrfXvdjK5691Ip6szQ+0TLpYZq7pfgAAAAAAAAAAAABAm/S3zuG91omYiogn5+aKoii/qur1YT3q8sdd29cf2qzpX/IAALDl01O1a/k7ETMRcS3d629qbm6uKGZm54q5YnY6v58dTM8Us5XPtXlaPjc9OMAb4v6gKL/ZTGW5qlGfl0e1179f+VqDoneAjo1Hg4EDQERs7Y3W7ZFOmKJ4Kpp+l8PxYPs/eWz/HETTP6cAAADA0SuKouik23mfScf8u013CgAYi7z/rx8XUKvVarVaffLqqmK41WoREWvVZcr3DIbjB4BjZi3uN90FGiT/VutHxOmmOwFMtE7THeBIrG+sLHZSvp3q/iCN757PBdmR/1pnc7m8/LDpKPVzTMb183U3evH0Hv15Zkx9mCQ5/249/+tb7YM031HnPy575V+u53wD/Wlazr9Xz7/m5OTfHZp/W+X8+4fKvyd/AAAAAACYYPnv//OO/+ZVBgAAAAAAAIBjZ31jZTFf95qP/39uyHyu/zyZcv4d+bdSzr9bz792Qk6v8vjemw/z/2xjZfHj/7/yhTyd+PyneoPytac63V5/65yff+Zbmy7Fy7vmL+cppt6Jm7EcS3FxV/vUjvaFEe2XdrUPyvbZ3H4+FuPnsRw/2W6fHnFi1MyI9mJEe86/Z/tvpZx/v/JV5j+X2ju1aeneR91d2311Oux1rv74wZXdW9f43Y3e9rpVlet3roH+bP6fPDGIX95eunX+Vzfu3Ll1MdJkx7MLkSaPWc5/Kn3l/J9/bqs9/96vbq/3PhocOv9JcTf6e+b/XOVxub4vjLlvTcj5D9JXzj/vgYZv/8c5/723/xcb6A8AAAAAAAAAAAAAAADspyiKzUtEr0bEq+n6n6auzQQAxivv/4t8M4xErVar1Wr1yauriuHeqBYR8efqMuV7hl8P+2YAwCR7EBH/aLoTNEb+LZbv91dOv9R0Z4Cxuv3Bhz+9sby8dOv2/7J00Xv8PQIAAAAAAAAADiuP/3m2Mv7z5nlAtXGjd4z/+mac/WxjZfH9+X99/tiN/9kd9DbHOk8r9GxUx+fePULxudh//O/+iNebGtE+GNE+PaJ9ZkT70As9KnL+z6aMc/5n0ortN/5rzr8+HfGSjdpv/NfnG+hP03L+59JYzzn/r9bmq+Zf/OE4j//b3ZH/hTvv/eLC7Q8+fOnmezfeXXp36WeXLi+8fnHhyuXXXr7wzs3lpfRvgz0+Wjn/PPa180DbJeefM5d/u+T8v5xq+bdLzv8rqZZ/u+T88/s9+bdLzj9/9tnO/0Gz/WI8cv4vpNr23y45/6+lWv7tkvN/MdXyb5ec/9dTLf92yfm/lGr5t0vO/3yq5d8uOf8LqZZ/u+T88xEu+bdLzj+f2SD/dsn5L6Ra/u2S87+Uavm3S87/cqrl3y45/1dSLf92yfm/mupD5O/eXydAzv9Kqm3/7ZLzfy3V8m+XnP/rqZZ/u+T8v5Fq+bdLzv+bqZZ/u+T8v5Vq+bdLzv/bqZZ/u+T8vxMPLyaVf3vk/N9Ite2/XR7e/98DDzzwID9o+jcTAAAAAAAAAAAAAFA3jtOJm15HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC/7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKe3cXI1d53w/87Ju9NsTeJIbwYmBtDBhYvOsX/PL/18FASCm0DSGBvpEa116bTfxWr00AIbERNEUCqVxwQSslBYSqXKQKahM1SDSiUqU2vWmv2psqrdSoQlGonKg3jQquzpzneTwzOzuz6921Z875fBD+eWfOzDx75szsfsf6zgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQb8O9k3/Yl2VZ/n/tj5Esuzz/+6psX/7lzM5LvUIAAABgsT6s/fnttemEffO4UN02f3f9P3733Llz57LsT9Z96tV8BqNZtmZllhXnBcM/OdmwTfB8NtzXX/d1f4ebH+hw/mCH84c6nL+iw/krO5w/3OH8WTtgllXF6zG1K9tU++tIsUuzddlQ7bxNLS71fN/K/v74Wk5NX+0y54YOZ1PZ0Wwym5h1mb7af1n27ob8tu7P4m31193W+izLzv7s2YNxDX1hH2/KGm6spv6+++DubPTnP3v24JMjv7iu1ey4G2atNMs2b8zX+UKWnX+5KuvLVqZ9EtfZX7fO9S3WOdCwzr7a5fK/N6/z7DzXGb/v4bDOf2qzzvXhtKduzLJsJptzm2bPZ/3Z6qZbTft7uDgi8uvI78pPZIMLOk42zOM4yS/z4xsbj5PmYzLu/w1hnwzOsYb6u+ODr62Ytd8v9DjJv+tuOFbz634ov9Hh4fqXVhuO1XybZ2+a+xhoed+1OAbSsVx3DGzsdAz0rxioHQP959e8seEY2DrrMv1ZX+223r+p/TEwfvrYyfHpp5+5Y+rYgSOTRyaPb9+xbc/Wbbt27J4YPzx1dDL8ubBd2kNWZ/3pGNwYnmviMXhL07b1h+S5N4rHwetX77q+1VzIGoaX6HGwmDVk4Xj54s35gi7vz+Y4xvNtXti8+MdB+rlf9zgYrHsctHxObfE4GJzH4yDf5uzm+f3MHKz7v9UaWj0XLsUxMFJ3DCzm52H9Gi7k52F+m4/dOvdz4fqwrhdvW+jPw4FZx0D8tvrCYy8/Jf2+N7w77JfZx8U1+RmXrcjOTE+e2vLUgdOnT23NwrgoPll3XzUfL6vrvqds1vHSv+DjZd/nPtp1TYvTR8K+Gr69/X2Vb7NjrP19VXt2b70/G07dloWxxC72/mz10yzfnylLtNmf+TYv3LH43wVTLql7/hvq9Pw3MDRYPP8NpL0x1PD8N/uuGaitLMvO3jG/57+h8P/Ffv5b1yXPf/m+emxL+2Mg3+bF8YUeA4Ntn/9uDLMvrOfWkBiG63L/R7XzZ4rDtO6+7HjcDA4OheNmMN5i43GzfdZl8mvLb3vzxIUdN5tvbLyvGn5vKeFxk++rVyfaHzf5Nu9tXfxzx6r417rnjhWdjoGhgRX5eofSQVA8351bFY+BLdnB7ER2NDuULpPfy/ltjW2b3zGwIvx/sZ87ruqSYyDfV69ta38M5Nv87fal/d1pczglbVP3u1Pz6wtzZf5rBs9fX/NuW+rMn6/zMzvavzaUb/PTHQvNGe330+3hlMta7Kfmx89cx/ShrPN+WqpjOl/n0TvbvzaVb7Nu5zyPp31Zlr3z0lvF613F67t/ceafv9vwum+r15Tfeemtz1/9wx8uZP0AAFy4j2p/zqwoftes+xfr+fz7PwAAANATYu7vDzOR/wEAAKA0Yu4fCDOR/wEAAKA0Yu4fDDPZ1+nd8crhib6vv/rhc1l6N8BzQTw/vgzy0Mpiu9jxnglfj547Lz/9nreGHvzec/O77f4sy/73gWtbbv/Eyriuwsm4zoHG02e56oZ53f7jj5zfrv79E872F9cfv5/5vgwUu8rv/ts9tesdvbWY7z2Q1ebDMy8+X7v+PcXXcfv3/6PY7hvhTUv2He5ruPzmsJ5NYY6G95R5aNX5/ZDPeLnvvHvk7z/96Pnbi5fr27im9m2+tqW43vgeUa/8ZbF9/L7nWv9fv/St7+TbP3VT6/U/1996/e+H6/1xmP/zQXF6/T7/Xt36/yCsP95evNyWN3/Qcv1v/1Wx/dvhuHg9zOb13/1H133Y6v6Kt7NvsLhcvP2JP7uvdrl4ffH6m9c/PH5Pw/5ovv733iyuZ++T/z1Qv308Pd5O9Phg4/HdF+7fhh55lmXf+nrWsJ+zoeJy7zStP17fycHW67+9aZ0n33iidvnm7yf65iP3tvx+43r2/flIw/fzypqw//pX/UN+ve9fG47HcP4vZorra34v07fXND7fxO1fHyket/H6xpvW/0rT+mduyPdd5/Xf//Ni/W/ftbJh/fvWhuPp48XstP4jf7q24fJvfLZYz6mvjh0/MX1mKr7HwUjT43jl8KrVl13+sTVrw3Np89f7T5x+YvLU6MToRJaN9uBbBi73+t8M87+KMbP0t1D4l8HiuHv5weLn1i1DxdevhNMfD/dn/Pn4zT8eajhem+/3meFiLnb9t4V1zNf6TT/ZPa8N/3PH26/+68Nfav69IH4/J68Yrn1/r224snZe33vF+c3PV538+xWNj+sfrSvm98N+PRfemXnjlcXtNV9/fG+Sl79QPH7jb3Lx8lnT+4mMDDR+H4td/4/C7zE/uKrx+S8eH99/rundnEeyvnwJM+H5IZspzo9bxf398tkrW95efB+ebObqhSxzTtNPT48fnTp+5qnx05PTp8enn35m/7ETZ46f3l9779L9X+50+fOP79W1x/ehyZ07stqj/UQxltmlXv/JRw4e2jVx86HJwwfOHD79yMnJU0cOTk8fnDw0ffOBw4cnv9rp8lOH9m7dtmf7rm1jR6YO7d29Z8/2PWNTx0/kyygW1cHOia+MHT+1v3aR6b079my9884dE2PHThya3LtrYmLsTKfL1342jeWXfnLs1OTRA6enjk2OTU89M7l3656dO7d1fPfHYycPT4+OnzpzfPzM9OSp8eJ7GT1dOzn/2dfp8lTD9NrwfNekL/x2ft/tO9P74+be+tqcV1VsMtJ44k/De0F9Y3j77vl8HXP/UJiJf/8HAACA0oi5P3w+xfnX3eV/AAAAKI3wgX/hMyP9+z8AAACUUcz9w2EmFcn/+v/6/xfQ/091bf1//f9M/1//vwP9f/3/dvT/9f97ef36//r/dNZt/f+Y+1dlWSXzPwAAAFRBzP2rw0zkfwAAACiNmPsvCzOR/wEAAKA0Yu6/PMykIvlf/1//3+f/l6//35dlM/r/+v/dQv9f/78d/X/9/15ev/6//j+ddVv/P+b+j4WZVCT/AwAAQBXE3L8mzET+BwAAgNKIuX9tmIn8DwAAAKURc/9ImEmZ8v9dc5+l/1/1/v+A/n8J+/8+/7+g/98d9P/1/9vR/9f/7+X16//r/9NZt/X/Y+7/eJhJmfI/AAAAVFzM/Z8IM5H/AQAAoDRi7v9kmIn8DwAAAKURc/+6MJOK5H/9/6r3/33+f6b/v4z9/7il/r/+v/5/r/f/V4WT9f8b6f/r/+v/6//TXrf1/2PuvyLMpCL5HwAAAKog5v4rw0zkfwAAACiNmPs/FWYi/wMAAEBpxNx/VZhJRfK//r/+v/6//r/P/9f/X076/+Xo/8eT9f8b6f/r/+v/6//TXrf1/2PuvzrMpCL5HwAAAKog5v5rwkzkfwAAACiNmPuvDTOR/wEAAKA0Yu5fH2ZSkfyv/6//r/+v/6//r/+/nPT/9f/b0f/X/+/l9ev/6//TWbf1/2Puvy7MpCL5HwAAAKog5v7rw0zkfwAAACiNmPtvCDOR/wEAAKA0Yu4fDTOpSP7X/9f/1//X/9f/1/9fTvr/+v/t6P/r//fy+vX/9f/prNv6/zH3bwgzqUj+BwAAgCqIuX9jmIn8DwAAAKURc/+NYSbyPwAAAJRGzP2bwkwqkv/1//X/9f/L2v8f0P/X/+8K+v/6/+3o/+v/9/L69f/1/+ms2/r/MfffFGZSkfwPAAAAVRBz/81hJvI/AAAAlEbM/beEmcj/AAAAUBox928OM6lI/tf/1//X/y9r/9/n/+v/dwf9f/3/dvT/9f97ef36//r/dNZt/f+Y+28NM6lI/gcAAIAqiLn/tjAT+R8AAABKI+b+28NM5H8AAAAojZj7x8JMKpL/9f/1//X/9f/1//X/l5P+v/5/O/r/+v+9vH79f/1/Ouu2/n/M/XeEmVQk/wMAAEAVxNy/JcxE/gcAAIDSiLl/PMxE/gcAAIDSiLl/IsykIvlf/1//X/9f/1//X/9/Oen/6/+3o/+v/9/L69f/1/+ns27r/8fcvzXMpCL5HwAAAHrUdQvZOOb+bWEm8j8AAACURsz928NM5H8AAAAojZj7d4SZVCT/6//r/+v/6//r/+v/Lyf9f/3/dur7//kl9f+r0v+f6ydNr6y/oP+v/09n3db/j7n/zjCTiuR/AAAAqIKY+3eGmcj/AAAAUBox9+8KM5md///m4q0KAAAAWEox9+8OM+n5f/+fX6+qUv3/A/env+r/F/T/9f8z/X/9/2Wm/6//347P/69q/39pXOr16//r/9NZt/X/Y+7fE2bS8/kfAAAAiGLu/39hJvI/AAAAlEbM/f8/zET+BwAAgNKIuf+Xwkwqkv8r1f+vo/9f0P/X/8/0//X/l5n+v/5/O/r/+v+9vP7u7f9/e3WW6f/THbqt/x9z/94wk4rkfwAAAKiCmPs/HWYyd/4fXv5VAQAAAEsp5v67wkz8+z8AAACURsz9+8JMKpL/9f/1//X/9f/1//X/l5P+v/5/O4vr/4/q/y/Spe7P9/r6u7f/7/P/6R7d1v+Puf/uMJOK5H8AAACogpj77wkzkf8BAACgNGLuvzfMRP4HAACA0oi5/zNhJhXJ/xet/9+iUKz/r/+f6f/r/+v/6/8vkv5/lfv/Pv9/sS51f34J1p/f5fr/+v90sW7r/8fcf1+YSUXyPwAAAFRBzP2fDTOR/wEAAKA0Yu7/5TAT+R8AAABKI+b++8NMKpL/ff6//r/+v/6//r/+/3LS/9f/b0f/X/+/l9ev/6//T2fd1v+Puf9Xwkwqkv8BAACgCmLufyDMRP4HAACA0oi5/8EwE/kfAAAASiPm/l8NM6lI/tf/1//X/9f/1//X/19O+v/6/+3o/+v/9/L69f/1/+ms2/r/Mff/WphJRfI/AAAAlMLcrx/UxNz/62Em8j8AAACURsz9nwszkf8BAACgNGLufyjMpCL5X/9f/1//X/9f/1//fznp/+v/t6P/r//fy+vX/9f/p7Nu6//H3P/5MJOK5H8AAACogpj7Hw4zkf8BAACgNGLu/0KYifwPAAAAPeDsvLaKuf+LYSYVyf/6//r/+v/6/0vY/1+R6f8n+v+ran/q/+v/t9NL/f9W5+j/6//r/+v/01639f9j7n8kzKQi+R8AAACqIOb+R8NM5H8AAAAojZj7fyPMRP4HAACA0oi5/zfDTCqS//X/9f/1//X/ff6//v9y0v/X/2+nl/r/rej/6//r/+v/01639f9j7v+tMJOK5H8AAACogpj7fzvMRP4HAACA0oi5/3fCTOR/AAAAKI2Y+x8LM6lI/i/6/48e1P8v6P/r/+v/6/9H+v9LQ/9f/78d/X/9/15ev/6//j+ddVv/P+b+L4WZVCT/AwAAQBXE3P+7YSbyPwAAAJRGzP37w0zkfwAAACiNmPsfDzOpSP73+f/6//r/+v8L6f+vanG6/n9B/781/X/9/3b0/8vc/1+xJGu8dOuf6wlrMP1N/1//n866rf8fc/+BMJOK5H8AAACogpj7fy/MRP4HAACA0oi5/2CYifwPAAAApRFz/6Ewk4rkf/1//X/9f/3/Hvn8/6FsOfr/M/r/y60k/f/39P8L+v+N9P99/r/+v/4/7XVb/z/m/skwk4rkfwAAAOh183nX0Zj7D4eZyP8AAABQGjH3Hwkzkf8BAACgNGLufyLMpCL5vxv7/zfo/+v/6/+n69H/9/n/+v/t+fx//f9M//+CXer+fK+vX/9f/5/Ouq3/H3P/VJhJRfI/AAAAVEHM/V8OM5H/AQAAoDRi7v9KmIn8DwAAAD1n5Rynx9x/NMykIvm/G/v/mf6//r/+f7oe/X/9f/3/9vT/9f8z/f8Ldqn7872+/iXt/6/Q/6ecuq3/H3P/sTCTiuR/AAAAqIKY+4+Hmcj/AAAAUBox958IM5H/AQAAoDRi7j8ZZtKT+b9vzt7uXPT/9f+7rf9f37wsdf9/pf6//r/+/1LQ/9f/z/T/L9il7s/3+vp9/r/+P511W/8/5v7fDzPpyfwPAAAAtBJz/6kwE/kfAAAASiPm/ukwE/kfAAAASiPm/v9j7z539LirOI4/thI7kSC8R9wLiPvgNTdAL4npLfQamqmh995b6BB6773XUEKRgrR7zok3Xs/sPvjxzvzP5/PmsGTXO5GN0U+rr+YBccv0/j+926e6cvT/+v+l9f9t3/9/lf4/6f/1/8eh/9f/b/T/Wzvpfn7tz6//1/8zb2n9f+7+B8Ytfv4PAAAAw8jd/6C4xf4HAACAYeTuf3DcYv8DAADAMHL3PyRuabL/r2z/f98DH+n/9f+brfr/s/W1Q/X/3v9/5++r/l//fwxd+//8m1D/v0//v52T7ufX/vz6f/0/85bW/+fuf2jc0mT/AwAAQAe5+x8Wt9j/AAAAMIzc/Q+PW+x/AAAAGEbu/kfELU32v/f/6//X1/8P+v5//X/R/+v/j6Nr/5/0//v0/9s56X5+7c+v/9f/M29p/X/u/kfGLU32PwAAAHSQu//6uMX+BwAAgGHk7r8hbrH/AQAAYBi5+8/FLU32v/5f/6//1//r//X/u6T/1/9P0f8vt/+/Q/8/+/31//p/5i2t/z9342Zv9+9/m377HwAAADrI3f/ouMX+BwAAgGHk7n9M3GL/AwAAwDBy9z82bmmy//X/+n/9v/5f/6//3yX9v/5/iv5/uf2/9//r/+e+Xv/PUSyt/8/d/7i4pcn+BwAAgA5y9z8+brH/AQAAYBi5+58Qt9j/AAAAMIzc/U+MW5rsf/2//l//r//X/+v/d0n/r/+fspL+P36Ji3979P9D9//3v9fM11+y/z+10f/r/wlL6/9z9z8pbmmy/wEAAKCD3P1PjlvsfwAAABhG7v6nxC32PwAAAAwjd/+NcUuT/a//1//r//X/+n/9/y7p//X/U1bS/1+S/n/o/n/2+3v/v/6feUvr/3P3PzVuOTD8zh7z3xIAAABYktz9T4tbmvz8HwAAADrI3f/0uMX+BwAAgGHk7n9G3NJk/+v/5/v/6+8+/+vp/w9/fv2//l//r//X/6+g/7/5kE/U/x+J/r9R/3/txV+v/9f/M29p/X/u/mfGLU32PwAAAHSQu/9ZcYv9DwAAAMPI3f/suMX+BwAAgGHk7n9O3HKfzeaIGfuq6f+9/1//r//X/+v/d0n/v4L+/zD6/yPR/zfq/w+h/9f/M29p/X/u/ufGLX7+DwAAAMPI3f+8uMX+BwAAgGHk7n9+3GL/AwAAwDBy978gbmmy//X/6+n/r9L/j9D/3/OW8/fT/8c/1//r/y8H/b/+f6P/39pJ9/Nrf379v/6feUvr/3P33xS3NNn/AAAA0EHu/hfGLfY/AAAADCN3/4viFvsfAAAAhpG7/8VxS5P9r/9fT//v/f9D9P/e/7/g/v9R8ecx6f8vD/2//n/KZej/b7pO/7+1k+7nT+j5T1+u59f/6/+Zt7T+P3f/S+KWJvsfAAAAOsjd/9K4xf4HAACAYeTuPx+32P8AAAAwjNz9L4tbmux//b/+X/+v/9f/e///Lun/9f9TvP9f/7/m59f/6/+Zt7T+P3f/y+OWJvsfAAAAOsjd/4q4xf4HAACAYeTuf2XcYv8DAADAql3YgeXuf1Xc0mT/6//1//r/S/X/5/X/d6H/1/9vQ/+v/5+i/9f/r/n59f/6f+Ytrf/P3f/quKXJ/gcAAIAOcvffHLfY/wAAADCM3P2viVvsfwAAABhG7v7Xxi1N9r/+X/+v//f+f/2//n+X9P/6/yn6f/3/mp9f/6//Z97S+v/c/a+LW5rsfwAAAOggd//r4xb7HwAAAIaRu/8NcYv9DwAAAMPI3f/GuKXJ/tf/6//1//p//b/+f5f0//r/Kfp//f+an1//r/9n3tL6/9z9b4pbmux/AAAA6CB3/5vjFvsfAAAAhpG7/y1xi/0PAAAAw8jd/9a4pcn+1//r//X/+n/9v/5/l/T/+v8p+n/9/5qfX/+v/2fe0vr/3P1vi1ua7H8AAADoIHf/2+MW+x8AAACGkbv/HXGL/Q8AAADDyN3/zrilyf7X/+v/9f/6f/2//n+X9P/6/ynr6/+vPvCR/l//r//X/zNtaf1/7v53xS1N9j8AAAB0kLv/3XGL/Q8AAADDyN3/nrjF/gcAAIBh5O5/b9zSZP/r/zv3/6fObTb6/43+X/+v/98p/b/+f8r6+v+D9P/6f/2//p9pS+v/c/e/L25psv8BAACgg9z9749b7H8AAAAYRu7+D8Qt9j8AAAAMI3f/B+OWJvtf/9+5//f+f/3/wefU/+v/d0H/r/+fov/X/6/5+Zfc/5/W/7MQJ97/5yfGx7n7PxS3NNn/AAAA0EHu/g/HLfY/AAAADCN3/0fiFvsfAAAAhpG7/6NxS5P9r//X/+v/9f8X9v9nDv8jvkf/r//fhv5f/z9F/6//X/PzL7n/9/5/luLE+/+7fJy7/2NxS5P9DwAAAB3k7v943GL/AwAAwDBy938ibrH/AQAAYBi5+2+JW5rsf/2//l//r//3/n/9/y7p//X/U/T/q+v/r7rwA/2//l//z5yl9f+5+z8ZtzTZ/wAAALBy1x7lk3L3fypusf8BAABgGLn7Px232P8AAAAwjNz9n4lbmuz/bfr/s/r/i+j/D39+/b/+X/+v/19Y/3/Ntt9H/79P/39Qw/7/AP2//l//z5yl9f+5+z8btzTZ/wAAANBB7v7PxS32PwAAAAwjd//n4xb7HwAAAIaRu/8LcUuT/e/9//p//f+x+v8b9P/6f/3/8Sys/9+a/n/f7vr/e2969P9Xx3/Q/4/w/Pp//T/zltb/5+7/YtzSZP8DAABAB7n7b41b7H8AAAAYRu7+L8Ut9j8AAAAMI3f/l+OWJvtf/6//1/97/7/+X/+/S/r/4/b/Z471XOP0/97/v9H/r+759f/6f+Ytrf/P3f+VuKXJ/gcAAIAOcvd/NW6x/wEAAGAYufu/FrfY/wAAADCM3P1fj1ua7H/9v/5f/6//1//r/3dJ/+/9/1P0//r/NT+//l//z7yl9f+5+78RtzTZ/wAAANBB7v5vxi32PwAAAAwjd/+34hb7HwAAAIaRu//bcUuT/a//1//r//X/+v+F9P+nzun/t6D/1/9v9P9bO+l+fu3Pr//X/zNvaf1/7v7vxC1N9j8AAAB0kLv/u3GL/Q8AAADDyN3/vbjF/gcAAIBh5O7/ftzSZP/P9P/VwOn/p+n/N3v/+9H/H/z19f/6f+//1//r/6fp//X/a35+/b/+n3lL6/9z9/8gbrlz+J05/r8lAAAAsCS5+38YtzT5+T8AAAB0kLv/R3GL/Q8AAADDyN3/47ilyf73/n/9v/f/6//1//r/XdL/6/+n6P/1/2t+fv2//p95S+v/c/f/JG5psv8BAACgg9z9P41b7H8AAAAYRu7+n8Ut9j8AAAAMI3f/z+OWJvtf/z9q/3/b3fb/qf5f/6//n3t+/f9u6f/1/1P0//r/NT+//l//z7yl9f+5+38RtzTZ/wAAALB+p2c/I3f/L+MW+x8AAACGkbv/V3GL/Q8AAADDyN3/67ilyf7X/4/a/3v/v/5f/6//Xwb9v/5/iv5f/7/m59f/6/+Zt7T+P3f/b+KWJvsfAAAAOsjd/9u4xf4HAACAYeTu/13cYv8DAADAMHL3/z5uabL/9f+76P9v1f/r//fo//X/+v/19/+n4i8c/f8+/f9B+n/9v/5f/8+0pfX/ufv/ELc02f8AAADQQe7+P8Yt9j8AAAAMI3f/n+IW+x8AAACGkbv/z3FLk/0/Tv8fT7qI/t/7//X/+/T/+n/9//r7/6T/36f/P0j/r//X/+v/mba0/j93/1/ilib7HwAAADrI3f/XuMX+BwAAgGHk7r8tbrH/AQAAYBi5+/8WtzTZ/+P0/0H/r//X/+v/47/X/y+D/l//P0X/r/9f8/Pr//X/zFta/5+7/+9xS5P9DwAAAB3k7v9H3GL/AwAAwDBy9/8zbrH/AQAAYBi5+2+PWy7a/2eu4FNdOfp//f/u+v877rHZ6P/1//p//b/+X/9/afp//f+an1//r/9n3tL6/9v3/r/2ms2/9r7az/8BAABgRLn7/x232P8AAAAwjNz9/4lb7H8AAAAYRu7+/8YtTfa//l//7/3//1f/f93Unwf9v/5f/6//1/9P0//r/9f8/Pp//T/zltb/5+7/XwAAAP//RByXNg==") openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) 685.61235ms ago: executing program 3 (id=12446): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYBLOB="300000002c0007012bbd7000ffdbdf25067c0000080001800900000014000380100001"], 0x30}, 0x1, 0x0, 0x0, 0x10000004}, 0xc010) 641.667701ms ago: executing program 4 (id=12447): arch_prctl$ARCH_SHSTK_ENABLE(0x5003, 0x2) arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x2) 593.26588ms ago: executing program 5 (id=12448): setuid(0xee00) mq_open(&(0x7f0000001880)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xae\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\x1c`\xbd\xe1e\x80\x7f\xd2&l0\xc1b\xac\x8b\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL%Jw\x99y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3\x05\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xc8\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xc7\xa7\x82\xb9V}`\xb7\xfc@\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5m\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v>\x9b\n0\xb2 h\xad5\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\'/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f9\xce\x1eYV\xa2\xc4\x03PV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\x8d\x8b\x9e\xb1\\\x9b\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xd1\x06F\xef\xbd\xeb\xf0\'\f\f\x003\xecp\x18\x9e\x1d\xeaH\xdaQ%+\xf4\xae\xab0\b\x17W\xba\xaf4E\xe62\xefm\xdd+\xb2\x1b:\xc0cc\x97\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x97s\x03`\xba\xf1\xdb\x05\xe5C)\x8f\xbchyL1:\xc2\xea\x8a\xfc\tq\xfa\xec&\xc7\xde\xf4\xf2\xb9\xe1\xa1\x80)1\xbe@Bt\xb7\xce\xc9\xee\xa8v\t\xfa,\xa2\x9a\xa3\\\xfbM\xb5\xfd\xa9\xe3\x9f\xf7\x85\x87w\x1d]& 8\xb5\xba\xea\xad\xa9\xd4V\xf1\xe9\xaaT\xc8\xff\xaf\xef\x91\xca\x9c\x80\xbeYd]\xfb\x1a\x96?\xb6\xd7{X\xa1H\xeb\xce\xd7\xb7\xf7\x15\xd6\x88\x91\xef{\xf8K@\xb6ch\x1e\x16\xd5m@\xa8\x91\xa5\xc5@\xa7\x00\xab\xc5\xc8\xc8\x9c\xe3:\xac\x1eG\xa0e\'/\x15G\x8e\xe5\x16\xd5S ]\xf8\xa1\xa46\x9a\xf0d!\xc8\x81S\xbc\x18\xdf\xa0\xfek\xb0(\xf7\xba5\x8e\xe5A\xd5l\xfbp\xcb\xa8\xf0b\x91\xc4\xd3+)Sy\x81\xe3\r%C\x03enM\xf1\xdf\xe3b\xb7\x9b\f\x82\xb1z\xcf^\x06\xcd\xa2\x96\xe3\xd5\xbd@1\xbe\x02\xad\\\x89\xd0\xe0\xa8\x11\xb4B\\\x14\\\xed5\x9c\xd7n\x8d\xec\xb5\xcc\xf8q', 0x42, 0x0, 0x0) 502.351162ms ago: executing program 6 (id=12449): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') name_to_handle_at(r0, &(0x7f0000000300)='./mnt\x00', &(0x7f0000000340)=@xfs={0x1c, 0x81, {0x5, 0x1000, 0xc, 0xfffffffc}}, &(0x7f0000001500), 0x200) 349.567625ms ago: executing program 4 (id=12450): r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x4) 334.816117ms ago: executing program 6 (id=12451): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0xa, 0x0, &(0x7f0000000040)) 333.149625ms ago: executing program 3 (id=12452): setfsuid(0xee00) setresuid(0x0, 0x0, 0x0) 288.830193ms ago: executing program 5 (id=12453): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000100)={0x1000, 0x0, '\x00', {0x0, @bt={0x0, 0x5, 0x0, 0x0, 0x9, 0x9, 0xb, 0x7f, 0xbc, 0x0, 0x10001, 0x0, 0x0, 0x8, 0x14, 0x1b, {0x0, 0x6}, 0x7, 0x40}}}) 82.456754ms ago: executing program 6 (id=12454): syz_mount_image$nilfs2(&(0x7f0000000140), &(0x7f0000000f00)='./file1\x00', 0x208800, &(0x7f0000003100)=ANY=[], 0x2, 0xf11, &(0x7f0000001e80)="$eJzs3U9sHNX9APA3a6/txCZeAz8w8COk0IpAwQ5JpKa3IFCPiEvvoJDQCENRQw9E/Ak9ICohioQ4VRyouFAqpUitBKpUoZ7anvrn1hPqhUpVKgX10EZKXNl+b7374mHXY3t27f18pK/fvnmz8/2O13FmxrNvAzCyGqtfjx+fL0J499N3Hn35qeLXK8vuaq9xaPVrEXutEEKzo19k2/s8Lrh6+aVTG7VFOLr6NfXDY5faz50OIVwIh8JnoRU+Wlz68sP3Hjn88etTt7x1/plXdmj32/L9AACAvejiH5f+dt8//vDA3JWLB0+GyfbydHzeiv3peNx/JB4op+PlRujuFx3RaSJbbyxGI1tvLFtvPMszXpKvmW2nWbLeRI98Yx3LNtpPAAAA2I3SeW0rFI2Frn6jsbCwdt6/4vPZiWLhubNLZ84NqFAAAACgsn+/unrTrRBCCCGEqDWaQ1CDEEKIUYrl2UFfgQAAAABGTT5f2HUubO9MXe2ttfrLf+nhxsbPh21Q98+//Lsr/wev+Y0DAEB1e/VoMu1XOo5O8xjk8wiOZc/b7PF/I9vO+CbrLJtXsGt5MbwvU1n9+fd1WJXVv9nXcVDK6s/nwxxWZfXn83QOq7L6J2uuo6qy+qdqrqOqsvr31VxHVWX176+5jqrK6p+uuY6qyuqfqbmOqsrqv6HmOqoqq/9AzXVUVVb/brmttqz+Vs11VFVW/1zNdVRVVv+NNddRVVn9N9VcR1Vl9d9ccx2Dcmds0/fhYDbeef6cn9PtlnM8AAAAGHX/Nf+fEEIIcV2s3gcxBHUIsbejGIIaxFdF++99Q1CLEGLr8epArz4AAAAAwyC9LyC9AX05SuNjPcbH43uJVsen1ldI480ez5/oMT7ZYxwAAAAI4TdvnLnt7WL9ff5bnQ+vY96oa6HCPEb5RHebzb/Vec+2mn+3zFsGAADAaCm+89m1+x99/4W5KxcPnuw4+70Wz3fTPKDj8drAJ7Gf7guYyfpFOoc+2Z2nUbJefn3ghrLtPb7FHQUAAIARls7fW6FoLHScd7dCo7GwsH4+Ph+axZmzS6ePxH76fJbfzzYnV5Y/VHPdAAAAQP/Wz/c3Pv9Pn+M7HyaKhefOLp05t9afaS9vNjqvC8yuLy86rwu0suVHS5Yfi/30+Z3fm923unzh1PeXntrunQcAAIARce7F8888ubR0+gceeOCBB+0Hg/7NBAAAbLcvvnin+cNjM79de///+vx36f3/h2K/Fef2+1NcId0nkN4HcN379Z/ozjNbtt7z3eu1svXGYkxmdU91bGfFvux5c2X5Wt3bmSjJN53lm8ny5fMUjGfrp3wHsuX5/IRpvdlseT4P43iWo8jy3x0AAACg3OILzz6/eO7F8w+effbJp08/ffq5Y0dPfPvEiSMPfeuhxdX7+hc77+4HAAAAdqP1m34HXQkAAAAAAAAAAAAAAAAAAACMrjo+TmzQ+wgAAACj7l+vhhAuCCFE5VieHHwNQgghhBBC7JpY/Wz3+vM2Bn39AQAAABg9Vy+/dCqEqRDCSruBC8W25mtvrbV6RSRcu7yWN7UzD/51biXSapceHut6/v5trYZRdzX+3KW221+2/ed/c/m3/9+f/JvL/8Fr25t/Kj1orTW9f/9ll4xPVst77+LP5zvz3z7eZ/58/x+vlv9wlv/e0F/+5fez/E9Uy39fln9/n/mv2//nq+W/P+afj/3D9/Sbv/v1n4xt2o99feb/Zrb/T4V+82f73+ozYeaBmB8ARtFevQEgHSWk4+jp2E/7Gw83w1j2vM0e/zey7YxvufLu7abjoFtjPx0vzWR5k83WP51t74aKdebyuoZVWf3b9TrutLL6mzXXUVVZ/RM111FVWf2TNddRVVn9UzXXUVVZ/f2ehw5aWf275bpyWf3TNddRVVn9MzXXUVVZ/Zv9f3xQyuo/UHMdVZXVP1tzHVWV1V/xslrtyuqfq7mOqsrqv7HmOqoqq/+mmuuoqqz+m2uuY1DuiG3Z+XA6/5yNY6nfyvqTG3wv9+q1BQAAANht/jmy8//FKx0Dr0MIIYQQuzWmhv1YItmR7Y/v8PZF3fGf5TWDrkMIsXOxvFz3FQeGyc6+mxmAYeX3/2jz+o82r/9o8/rzVdI9/EXWT8Z6jI/3GG/2GJ/IxvOf18ke4zdl211O1zWjm3uM/1+P8QM9xm/tMT7fY/y2HuO39xi/o8c4AAAAo+GW2Do/BAAAgL3r5V988uav7n3i8tyViwdPhonr5p0/EvuT8W/rb8R+Pu990ox/8/9R7P8str+L7d+z9d1/AgAAADsvfU6Mv/8DAADA3pU+p9T5PwAAAOxdc7F1/g8AAAB7142xdf4PAAAAe1gxtfHi2KbrAnfHtt95/QCA4ff/sb0ztgdje1dsvxbbdBxwT2y/XlN9AMD2+el3f3zi7WJ9vv9j2fjVuDy117mwdqWgaHTP5L8vtvtj+40+68k/D6Df/MmBPvPsVP7ZLeYHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPaOxurX48fnixDe/fSdR38y8eafV5bd1V7j0OrXIvZaIYRm+3lpdL3/y7ji1csvnepsr8W2CEdDEYr28vDYpXam6RDChXAofBZa4aPFpS8/fO+Rwx+/PnXLW+efeWUHvwVd+wcAAAB70f8CAAD///o5H8E=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) 72.045884ms ago: executing program 3 (id=12455): syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000640)='./file1\x00', 0x1008000, &(0x7f0000000180)=ANY=[], 0x0, 0x5e9, &(0x7f0000000c80)="$eJzs3cFvHFcdB/DvbGxnHaTUSZM2oEpERaoQFsl6LZGUC1AKslCFKnHgbBEnsbJJK3uL3B4gIA4Vp/4JRcj/AOJYpBxoDxzg1LNRj0jcfdtqZmfXm2TrJLbrXbefjzT73ps38/b3fjM7mVkr2gBfWyuLmXmQIiuLb2yV7Z3t5c7O9vLdQT3J6SSNpJmkKFf/Pclnyf30l3xz0DFSPubTj5q3Pvng4/f7rXKsZjHT377Yb7+nM4xloR9rVR7VeO3Djzc6w5lDDwVHpTfw37Hdh/xcAgDTrEhOjVu/kJypb9jL54D+XXH/HvtEuz/pAAAAAOAYPLeb3Wzl7KTjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJOk/v3/ol4ag/rlFIPf/5+r16Wun2gPJh0AAAAAAAAAAByBb+9mN1s5O2j3iupv/i9XjQvV6zfyTjazlo1cyVZW0003G1lKsjAy0NzWare7sfQUe7bH7tk+nvkCAAAAAAAAwFfUH7Oy9/d/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYBkVyql9Uy4VBfSGNmSTNJHPldveT/wzqJ9mDSQcAAAAAx+C53exmK2cH7V5RPfO/UD33N/NO7qWb9XTTyVpuVN8F9J/6Gzvby52d7eW75fL4uD/5/zOFUY2Y/ncP49/5UrXFfG5mvVpzJb/JW+nkRhrVnqVLg3jGx/WHMqbiR7WnjOxGXZYz/0VdToeFKiOzw4y06tjKbJzbPxPPeHQefaelNIbf/Fz4EnJ+pi7L+bw+1Tlvj5x9L+yfieT8r/987Xbn3p3bNzcXp2dKB/RoJpZHMvHi1yoTrSoTF4ftlfw8v8piLufNbGQ9v81qulnL5bxe1Vbr87l8Xdg/Uz9+qPXmkyKZq49L/yr6bDG9XO17Nuv5Zd7KjeqItnIt19LOD/JqWg8d4Ytj4/59r+7e7fV6aTzbp/47360rs0l+VpfToczruZG8jl5zF6q+0TV7WTp/9NfGmW/VlfLseW3qro3nHvlXYpCJ5/fPxF+qE2ezc+/Oxu3Vt5/y/V6pyzIDPx1mYqZe2zt1JJM6kPJ8OT+M5eGzo+x7fmzfUtV3YdjXeKzv4rDvSZ/Uufoe7vGR2lXfi2P7+vtdGukbd78FwNQ7870zc/P/m//3/Ifzf5q/Pf9G87XT10+/NJfZf87+cKZ16pXGS8Xf8mF+t/f8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHNzmu+/dWe101jYOXBn8EtFhx1FRUTmeymyevM2kr0zAl+1q9+7bVzfffe/763dXb63dWrv3auv69aWlpWutqzfXO2v166SjBACO0t5N/6QjAQAAAAAAAAAAAAAAvshx/JfjSc8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4altZzMyDFFlqXWmV7Z3t5U65DOp7WzaTFGXlH0k+S+6nv2RhZLjii97n04+atz754OP398ZqVtv/q30Us3golsYjMR12vPbIeH890HDFMDOXk5yvS5i4zwMAAP//LwkFxQ==") setxattr$security_ima(&(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000280)=@ng={0x4, 0xc}, 0x2, 0x3) 0s ago: executing program 5 (id=12456): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x80044941, &(0x7f0000003d00)) kernel console output (not intermixed with test programs): FS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1188.919497][ T9152] netlink: 32 bytes leftover after parsing attributes in process `syz.6.10867'. [ 1188.944371][ T9153] ksmbd: Unknown IPC event: 1, ignore. [ 1189.044523][ T9154] loop1: detected capacity change from 0 to 2048 [ 1189.197021][ T9154] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1189.255009][ T9164] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 1189.291262][ T9167] loop3: detected capacity change from 0 to 512 [ 1189.309460][ T9167] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1189.363843][ T9154] EXT4-fs error (device loop1): ext4_map_blocks:791: inode #12: block 2: comm syz.1.10869: lblock 0 mapped to illegal pblock 2 (length 1) [ 1189.406390][ T9172] loop5: detected capacity change from 0 to 64 [ 1189.430991][ T9167] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 1189.451585][ T9167] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 1189.503935][ T9167] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1189.511323][ T9167] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 1189.522360][ T9167] EXT4-fs warning (device loop3): ext4_enable_quotas:7259: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1189.537251][ T9167] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 1189.555098][ T9167] EXT4-fs error (device loop3): ext4_validate_block_bitmap:440: comm syz.3.10872: bg 0: block 40: padding at end of block bitmap is not set [ 1189.569616][ T9167] loop3: lost filesystem error report for type 5 error -117 [ 1189.577835][ T9167] EXT4-fs (loop3): Remounting filesystem read-only [ 1189.585209][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 1189.585241][ C1] EXT4-fs (loop3): initial error at time 2000001047: ext4_validate_block_bitmap:440 [ 1189.585285][ C1] EXT4-fs (loop3): last error at time 2000001047: ext4_validate_block_bitmap:440 [ 1189.630933][ T9167] EXT4-fs (loop3): 1 truncate cleaned up [ 1189.640967][ T9167] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1189.697192][ T5816] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1189.876358][ T9143] loop2: detected capacity change from 0 to 32768 [ 1189.916266][ T9143] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.10864 (9143) [ 1190.041715][ T9143] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1190.095017][ T9143] BTRFS info (device loop2): using sha256 checksum algorithm [ 1190.110713][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1190.379486][ T9143] BTRFS info (device loop2): rebuilding free space tree [ 1190.473818][ T9143] BTRFS info (device loop2): enabling ssd optimizations [ 1190.510478][ T9224] netlink: 'syz.1.10882': attribute type 4 has an invalid length. [ 1190.532669][ T9143] BTRFS info (device loop2): using spread ssd allocation scheme [ 1190.540334][ T9143] BTRFS info (device loop2): turning on async discard [ 1190.608581][ T9232] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10884'. [ 1190.625783][ T9143] BTRFS info (device loop2): enabling free space tree [ 1190.706107][ T9143] BTRFS info (device loop2): force clearing of disk cache [ 1191.109141][ T5818] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1191.176574][ T9249] loop1: detected capacity change from 0 to 256 [ 1191.240952][ T9249] exfat: Deprecated parameter 'utf8' [ 1191.316849][ T9258] loop4: detected capacity change from 0 to 8 [ 1191.393652][ T9249] exFAT-fs (loop1): error, data size is invalid(34359738378) [ 1191.453764][ T9249] exFAT-fs (loop1): Filesystem has been set read-only [ 1192.454929][T30906] usb 4-1: new full-speed USB device number 23 using dummy_hcd [ 1192.681690][T30906] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1192.683741][ T9316] overlayfs: conflicting options: userxattr,redirect_dir=on [ 1192.721623][T30906] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1192.755602][T30906] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1192.787997][T30906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1192.831326][T30906] usb 4-1: config 0 descriptor?? [ 1192.855032][T30906] hub 4-1:0.0: USB hub found [ 1193.067669][T30906] hub 4-1:0.0: config failed, can't read hub descriptor (err -90) [ 1193.303177][T30906] usbhid 4-1:0.0: can't add hid device: -71 [ 1193.309231][T30906] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1193.387235][T30906] usb 4-1: USB disconnect, device number 23 [ 1193.604561][ T9311] loop1: detected capacity change from 0 to 32768 [ 1193.626778][ T9311] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.10904 (9311) [ 1193.696841][ T9311] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1193.725272][ T9311] BTRFS info (device loop1): using sha256 checksum algorithm [ 1193.923209][ T9311] BTRFS info (device loop1): enabling ssd optimizations [ 1193.943453][ T9311] BTRFS info (device loop1): turning on async discard [ 1193.950258][ T9311] BTRFS info (device loop1): enabling free space tree [ 1194.201523][ T9352] loop4: detected capacity change from 0 to 32768 [ 1194.299350][ T9352] XFS (loop4): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 1194.325995][ T5816] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1194.523173][ T9352] XFS (loop4): Ending clean mount [ 1194.719912][ T9359] loop5: detected capacity change from 0 to 32768 [ 1194.767885][ T9359] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.10917 (9359) [ 1194.793997][ T5828] XFS (loop4): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 1194.968146][ T9359] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1194.983400][ T9421] loop6: detected capacity change from 0 to 2048 [ 1194.988996][ T9426] netlink: 'syz.2.10931': attribute type 4 has an invalid length. [ 1195.007009][ T9421] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1195.040794][ T9359] BTRFS info (device loop5): using sha256 checksum algorithm [ 1195.063605][ T9426] netlink: 'syz.2.10931': attribute type 1 has an invalid length. [ 1195.071816][ T9429] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1195.086349][ T9426] netlink: 228 bytes leftover after parsing attributes in process `syz.2.10931'. [ 1195.287189][ T9359] BTRFS info (device loop5): enabling ssd optimizations [ 1195.294183][ T9359] BTRFS info (device loop5): turning on async discard [ 1195.341212][ T9359] BTRFS info (device loop5): enabling free space tree [ 1195.724582][ T5831] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1195.784547][ T9464] loop1: detected capacity change from 0 to 256 [ 1195.858070][ T9464] exfat: Deprecated parameter 'utf8' [ 1195.922456][ T9464] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x47dfe6af, utbl_chksum : 0xe619d30d) [ 1196.259584][ T9477] loop3: detected capacity change from 0 to 4096 [ 1196.310930][ T9477] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512). [ 1196.573973][ T9492] xt_CONNSECMARK: invalid mode: 66 [ 1196.781333][ T9500] syz_tun: entered promiscuous mode [ 1197.039627][ T9508] trusted_key: encrypted_key: keyword 'newdefault' not recognized [ 1197.279398][ T9521] program syz.1.10952 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1197.343108][ T9519] loop2: detected capacity change from 0 to 2048 [ 1197.452234][ T9519] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1197.512110][ T9534] netlink: 'syz.3.10954': attribute type 2 has an invalid length. [ 1197.581662][ T9472] loop6: detected capacity change from 0 to 32768 [ 1197.620446][ T9519] EXT4-fs error (device loop2): ext4_find_extent:939: inode #2: comm syz.2.10951: pblk 93 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(4) [ 1197.718729][ T9472] JBD2: Ignoring recovery information on journal [ 1197.865563][ T5818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1197.906783][ T9472] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 1197.988064][ T9555] loop1: detected capacity change from 0 to 1024 [ 1198.034663][ T9555] hfsplus: extend alloc file! (16384,256,150995124) [ 1198.098939][ T9555] hfsplus: failed to extend attributes file [ 1198.329781][ T9574] netlink: 244 bytes leftover after parsing attributes in process `syz.3.10965'. [ 1198.352342][T27665] ocfs2: Unmounting device (7,6) on (node local) [ 1198.470823][T30910] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 1198.560194][ T9588] team0: entered promiscuous mode [ 1198.565298][ T9588] netdevsim netdevsim1 : entered promiscuous mode [ 1198.592286][ T9582] loop6: detected capacity change from 0 to 1764 [ 1198.605248][ T9588] team0: left allmulticast mode [ 1198.615801][ T9588] netdevsim netdevsim1 : left allmulticast mode [ 1198.637781][ T9588] 8021q: adding VLAN 0 to HW filter on device team0 [ 1198.702897][T30910] usb 6-1: config 0 has an invalid interface number: 117 but max is 0 [ 1198.722185][T30910] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1198.777033][T30910] usb 6-1: config 0 has no interface number 0 [ 1198.802145][T30910] usb 6-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1198.846611][T30910] usb 6-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1198.906629][T30910] usb 6-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1198.941220][T30910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1198.984015][T30910] usb 6-1: Product: syz [ 1198.988199][T30910] usb 6-1: Manufacturer: syz [ 1198.992802][T30910] usb 6-1: SerialNumber: syz [ 1199.068269][T30910] usb 6-1: config 0 descriptor?? [ 1199.498710][ T9627] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1199.517885][T30978] usb 6-1: USB disconnect, device number 25 [ 1199.761733][ T9584] loop2: detected capacity change from 0 to 32768 [ 1199.882728][T30986] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 1200.079754][ T9663] loop1: detected capacity change from 0 to 128 [ 1200.101312][ T9663] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 1200.116999][T30986] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 161, setting to 64 [ 1200.165638][T30986] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1200.168213][ T9663] hpfs: filesystem error: improperly stopped [ 1200.180781][T30986] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1200.199129][ T9663] [ 1200.201585][ T9663] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 1200.229482][ T9663] hpfs: You really don't want any checks? You are crazy... [ 1200.266273][T30986] usb 5-1: Product: syz [ 1200.270476][T30986] usb 5-1: Manufacturer: syz [ 1200.275081][T30986] usb 5-1: SerialNumber: syz [ 1200.277297][ T9663] hpfs: hpfs_map_sector(): read error [ 1200.308977][ T9663] hpfs: code page support is disabled [ 1200.314476][ T9663] hpfs: hpfs_map_4sectors(): unaligned read [ 1200.343420][ T9670] xt_recent: Unsupported userspace flags (000000de) [ 1200.351957][T30986] usb 5-1: config 0 descriptor?? [ 1200.356976][ T9663] hpfs: hpfs_map_4sectors(): unaligned read [ 1200.367427][ T9663] hpfs: filesystem error: unable to find root dir [ 1200.373875][ T9642] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1200.381759][T30986] hub 5-1:0.0: bad descriptor, ignoring hub [ 1200.405554][ T9675] loop5: detected capacity change from 0 to 64 [ 1200.407938][T30986] hub 5-1:0.0: probe with driver hub failed with error -5 [ 1200.475791][ T9675] hfs: unable to locate alternate MDB [ 1200.486978][T30986] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input89 [ 1200.512023][ T9675] hfs: continuing without an alternate MDB [ 1200.976747][ T9651] loop3: detected capacity change from 0 to 32768 [ 1201.018936][ T9651] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.10983 (9651) [ 1201.136351][ T9651] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1201.155853][ T9651] BTRFS info (device loop3): using sha256 checksum algorithm [ 1201.278266][ T9651] BTRFS info (device loop3): enabling ssd optimizations [ 1201.292155][ T9651] BTRFS info (device loop3): turning on async discard [ 1201.299111][ T9651] BTRFS info (device loop3): enabling free space tree [ 1201.345535][T30978] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 1201.502856][T30986] usb 5-1: USB disconnect, device number 30 [ 1201.537945][T30978] usb 7-1: Using ep0 maxpacket: 32 [ 1201.555958][T30978] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1201.584580][T30978] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1201.636903][T30978] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1201.676846][T30978] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1201.680562][ T5823] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1201.709966][T30978] usb 7-1: config 0 descriptor?? [ 1201.733135][T30978] hub 7-1:0.0: USB hub found [ 1201.955947][T30978] hub 7-1:0.0: 27 ports detected [ 1201.970253][T30978] hub 7-1:0.0: insufficient power available to use all downstream ports [ 1202.173306][T30978] hub 7-1:0.0: hub_hub_status failed (err = -71) [ 1202.199663][T30978] hub 7-1:0.0: config failed, can't get hub status (err -71) [ 1202.268198][T30978] usbhid 7-1:0.0: can't add hid device: -71 [ 1202.274230][T30978] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1202.351022][T30978] usb 7-1: USB disconnect, device number 13 [ 1202.798062][ T9816] loop3: detected capacity change from 0 to 2048 [ 1202.852881][ T9816] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 1202.943057][ T9816] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1203.795185][ T9860] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 1203.805810][ T9864] netlink: 'syz.5.11034': attribute type 2 has an invalid length. [ 1203.829889][ T9814] loop2: detected capacity change from 0 to 32768 [ 1203.843873][ T9864] hmaÓË224): entered promiscuous mode [ 1203.884560][ T9814] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.11017 (9814) [ 1203.987236][ T9814] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1204.049233][ T9814] BTRFS info (device loop2): using sha256 checksum algorithm [ 1204.327486][ T9814] BTRFS info (device loop2): enabling ssd optimizations [ 1204.369836][ T9814] BTRFS info (device loop2): turning on async discard [ 1204.389950][ T9814] BTRFS info (device loop2): enabling free space tree [ 1204.739525][ T5818] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1204.995845][ T9936] loop4: detected capacity change from 0 to 128 [ 1205.043873][ T9936] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 1205.086888][ T9936] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1205.525301][ T9962] loop5: detected capacity change from 0 to 64 [ 1205.902555][ T9977] loop6: detected capacity change from 0 to 1024 [ 1205.982767][ T9977] hfsplus: failed to load extents file [ 1206.349745][T10008] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11071'. [ 1207.119169][T10035] loop5: detected capacity change from 0 to 2048 [ 1207.182228][T10035] hpfs: hpfs_map_sector(): read error [ 1207.281549][T10058] netlink: 'syz.4.11088': attribute type 12 has an invalid length. [ 1207.757333][T10077] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11094'. [ 1207.766405][T10077] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11094'. [ 1207.798358][T10083] netlink: 'syz.4.11098': attribute type 4 has an invalid length. [ 1207.832065][T10083] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.11098'. [ 1208.396349][T10102] loop2: detected capacity change from 0 to 4096 [ 1208.448367][T10102] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 1208.692746][T10102] ntfs3(loop2): ino=19, mi_enum_attr [ 1208.702132][T10102] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 1208.830761][T10102] ntfs3(loop2): failed to convert "c46c" to koi8-r [ 1208.857170][T10102] ntfs3(loop2): ino=20, mi_enum_attr [ 1209.801354][T10183] netlink: 'syz.6.11125': attribute type 1 has an invalid length. [ 1209.812958][T10184] openvswitch: netlink: Flow key attr not present in new flow. [ 1209.838251][T10183] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1211.052844][T10251] loop3: detected capacity change from 0 to 256 [ 1211.142194][T10254] loop1: detected capacity change from 0 to 1764 [ 1211.150408][T10251] FAT-fs (loop3): Directory bread(block 64) failed [ 1211.166048][T10251] FAT-fs (loop3): Directory bread(block 65) failed [ 1211.198611][T10251] FAT-fs (loop3): Directory bread(block 66) failed [ 1211.254536][T10251] FAT-fs (loop3): Directory bread(block 67) failed [ 1211.265360][T10251] FAT-fs (loop3): Directory bread(block 68) failed [ 1211.288952][T10251] FAT-fs (loop3): Directory bread(block 69) failed [ 1211.321150][T10251] FAT-fs (loop3): Directory bread(block 70) failed [ 1211.338639][T10251] FAT-fs (loop3): Directory bread(block 71) failed [ 1211.354236][T10251] FAT-fs (loop3): Directory bread(block 72) failed [ 1211.393110][T10251] FAT-fs (loop3): Directory bread(block 73) failed [ 1211.591542][T10278] netlink: 16 bytes leftover after parsing attributes in process `syz.6.11157'. [ 1211.636047][T10278] netlink: 12 bytes leftover after parsing attributes in process `syz.6.11157'. [ 1212.245380][T10275] loop1: detected capacity change from 0 to 32768 [ 1212.270544][T10275] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.11155 (10275) [ 1212.288923][T10242] loop4: detected capacity change from 0 to 32768 [ 1212.308365][T10275] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1212.320807][T10275] BTRFS info (device loop1): using sha256 checksum algorithm [ 1212.364626][T10242] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1212.394579][T10321] netlink: 'syz.5.11164': attribute type 2 has an invalid length. [ 1212.403325][T10321] netlink: 'syz.5.11164': attribute type 1 has an invalid length. [ 1212.502338][T10335] netlink: 12 bytes leftover after parsing attributes in process `syz.5.11167'. [ 1212.528512][T10242] XFS (loop4): Ending clean mount [ 1212.539410][T10275] BTRFS info (device loop1): enabling ssd optimizations [ 1212.557251][T10342] loop2: detected capacity change from 0 to 8 [ 1212.567376][T10275] BTRFS info (device loop1): turning on async discard [ 1212.586658][T10275] BTRFS info (device loop1): enabling free space tree [ 1212.601974][T10242] XFS (loop4): Quotacheck needed: Please wait. [ 1212.728306][T10242] XFS (loop4): Quotacheck: Done. [ 1212.845918][T10353] cgroup: noprefix used incorrectly [ 1212.940425][ T5816] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1212.987327][ T5828] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1213.292153][T10372] loop2: detected capacity change from 0 to 2048 [ 1213.336422][T10372] EXT4-fs: Ignoring removed oldalloc option [ 1213.420328][T10372] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c028, mo2=0002] [ 1213.474152][T10372] System zones: 0-7 [ 1213.546490][T10393] loop6: detected capacity change from 0 to 512 [ 1213.560594][T10393] EXT4-fs error (device loop6): ext4_xattr_inode_iget:441: inode #12: comm syz.6.11180: missing EA_INODE flag [ 1213.573468][T10372] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1213.613327][T10393] loop6: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117 [ 1213.614916][T10393] EXT4-fs error (device loop6): ext4_xattr_inode_iget:444: comm syz.6.11180: error while reading EA inode 12 err=-117 [ 1213.624228][ C0] EXT4-fs (loop6): error count since last fsck: 1 [ 1213.624262][ C0] EXT4-fs (loop6): initial error at time 2000001069: ext4_xattr_inode_iget:441: inode 12 [ 1213.624343][ C0] EXT4-fs (loop6): last error at time 2000001069: ext4_xattr_inode_iget:441: inode 12 [ 1213.715763][ T5818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1213.734912][T10393] loop6: lost filesystem error report for type 5 error -117 [ 1213.735337][T10393] EXT4-fs (loop6): 1 orphan inode deleted [ 1213.850898][T10393] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1214.139218][T10423] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11187'. [ 1214.243756][T27665] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1214.790557][T10464] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1214.839465][T10466] netlink: 'syz.5.11202': attribute type 9 has an invalid length. [ 1214.889741][T10466] netlink: 'syz.5.11202': attribute type 7 has an invalid length. [ 1214.925368][T10466] netlink: 'syz.5.11202': attribute type 8 has an invalid length. [ 1215.434647][T10499] netlink: 8 bytes leftover after parsing attributes in process `syz.6.11209'. [ 1215.752685][T10509] loop5: detected capacity change from 0 to 16 [ 1215.759970][T10509] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 1215.811253][T10515] netlink: 'syz.6.11215': attribute type 10 has an invalid length. [ 1216.167308][T10530] loop5: detected capacity change from 0 to 256 [ 1216.198533][T10530] exfat: Deprecated parameter 'utf8' [ 1216.268722][T10530] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 1216.804966][T10503] loop2: detected capacity change from 0 to 32768 [ 1216.897190][T10503] JBD2: Ignoring recovery information on journal [ 1216.919952][T10502] loop1: detected capacity change from 0 to 40427 [ 1216.954895][T10502] F2FS-fs (loop1): build fault injection rate: 174 [ 1216.961685][T10502] F2FS-fs (loop1): build fault injection type: 0x3bfe8c [ 1216.974907][T10502] F2FS-fs (loop1): invalid crc value [ 1217.005449][T30978] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 1217.077996][T10503] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 1217.203133][T30978] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1217.247864][T30978] usb 7-1: config 63 has an invalid interface number: 66 but max is 0 [ 1217.279987][T30978] usb 7-1: config 63 has an invalid descriptor of length 0, skipping remainder of the config [ 1217.321212][T30978] usb 7-1: config 63 has no interface number 0 [ 1217.323570][T10502] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1217.349293][T30978] usb 7-1: config 63 interface 66 has no altsetting 0 [ 1217.381286][T10502] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1217.386392][T30978] usb 7-1: New USB device found, idVendor=174f, idProduct=8acf, bcdDevice=39.f4 [ 1217.417588][T30978] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1217.462369][ T5818] ocfs2: Unmounting device (7,2) on (node local) [ 1217.467749][T30978] usb 7-1: Product: syz [ 1217.489204][T30978] usb 7-1: Manufacturer: syz [ 1217.523242][T30978] usb 7-1: SerialNumber: syz [ 1217.813712][T30978] uvcvideo 7-1:63.66: Found UVC 0.07 device syz (174f:8acf) [ 1217.853262][T10593] loop5: detected capacity change from 0 to 8 [ 1217.931751][T10593] SQUASHFS error: Unable to read directory block [2c0:35] [ 1217.984796][T30978] uvcvideo 7-1:63.66: Failed to query (GET_INFO) UVC control 6 on unit 1: -71 (exp. 1). [ 1217.990234][T10593] SQUASHFS error: Unable to read directory block [2c0:35] [ 1218.008332][T30978] uvcvideo 7-1:63.66: Failed to query (GET_INFO) UVC control 9 on unit 1: -71 (exp. 1). [ 1218.049088][T30978] uvcvideo 7-1:63.66: Failed to query (GET_INFO) UVC control 1 on unit 1: -71 (exp. 1). [ 1218.101983][T30978] uvcvideo 7-1:63.66: Failed to query (GET_INFO) UVC control 4 on unit 1: -71 (exp. 1). [ 1218.131759][T10553] loop4: detected capacity change from 0 to 32768 [ 1218.142214][T30978] uvcvideo 7-1:63.66: Failed to query (GET_INFO) UVC control 17 on unit 1: -71 (exp. 1). [ 1218.173883][T30978] uvcvideo 7-1:63.66: No streaming interface found for terminal 29. [ 1218.186691][T30978] uvcvideo 7-1:63.66: Entity type for entity Output 32773 was not initialized! [ 1218.222717][T30978] usb 7-1: USB disconnect, device number 14 [ 1218.249681][T10553] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.11226 (10553) [ 1218.301371][T10553] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1218.323855][T10553] BTRFS info (device loop4): using sha256 checksum algorithm [ 1218.508487][T10553] BTRFS info (device loop4): enabling ssd optimizations [ 1218.582175][T10553] BTRFS info (device loop4): turning on async discard [ 1218.607904][T10553] BTRFS info (device loop4): enabling free space tree [ 1218.619726][T10645] netlink: 36 bytes leftover after parsing attributes in process `syz.1.11234'. [ 1218.656979][T30906] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1218.851395][T30906] usb 4-1: Using ep0 maxpacket: 16 [ 1218.877981][T30906] usb 4-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1218.886326][T10654] netlink: 'syz.2.11243': attribute type 7 has an invalid length. [ 1218.915612][T30906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1218.923981][ T5828] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1218.953720][T30906] usb 4-1: Product: syz [ 1218.964489][T30906] usb 4-1: Manufacturer: syz [ 1218.975277][T30906] usb 4-1: SerialNumber: syz [ 1218.987878][T30906] usb 4-1: config 0 descriptor?? [ 1219.024755][T30906] visor 4-1:0.0: Sony Clie 3.5 converter detected [ 1219.255460][T30906] usb 4-1: clie_3_5_startup: get config number bad return length: 0 [ 1219.263633][T30906] visor 4-1:0.0: probe with driver visor failed with error -5 [ 1219.357189][T30949] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 1219.538485][T30978] usb 4-1: USB disconnect, device number 24 [ 1219.567448][T30949] usb 6-1: Using ep0 maxpacket: 8 [ 1219.591503][T30949] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 1219.629348][T30949] usb 6-1: config 0 has no interface number 0 [ 1219.659421][T30949] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1219.723263][T30949] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1219.781605][T30949] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1219.819937][T30949] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 1219.858828][T30949] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1219.878312][T10705] loop2: detected capacity change from 0 to 8 [ 1219.907424][T30949] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1219.923474][T10705] SQUASHFS error: Unable to read directory block [629:26] [ 1219.933776][T30949] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1219.964664][T30949] usb 6-1: config 0 descriptor?? [ 1219.971204][ T31] audit: type=1326 audit(2000001075.732:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10706 comm="syz.1.11256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4edb9c819 code=0x7ffc0000 [ 1219.999676][T30949] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1220.072919][ T31] audit: type=1326 audit(2000001075.770:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10706 comm="syz.1.11256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4edb9c819 code=0x7ffc0000 [ 1220.076354][T10717] i2c i2c-0: Invalid block write size 128 [ 1220.195744][ T31] audit: type=1326 audit(2000001075.770:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10706 comm="syz.1.11256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7fd4edb9c819 code=0x7ffc0000 [ 1220.289602][ T31] audit: type=1326 audit(2000001075.770:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10706 comm="syz.1.11256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4edb9c819 code=0x7ffc0000 [ 1220.324680][T10663] ldusb 6-1:0.55: Couldn't submit interrupt_in_urb -90 [ 1220.359652][T30906] usb 6-1: USB disconnect, device number 26 [ 1220.392672][T30906] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 1220.767129][T10698] loop6: detected capacity change from 0 to 32768 [ 1220.816917][T10698] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.11254 (10698) [ 1220.897877][T10698] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1220.953953][T10698] BTRFS info (device loop6): using sha256 checksum algorithm [ 1221.106485][T10771] netlink: 'syz.2.11269': attribute type 1 has an invalid length. [ 1221.114357][T10771] netlink: 'syz.2.11269': attribute type 3 has an invalid length. [ 1221.250306][T10698] BTRFS info (device loop6): enabling ssd optimizations [ 1221.288431][T10698] BTRFS info (device loop6): turning on async discard [ 1221.312093][T10698] BTRFS info (device loop6): enabling free space tree [ 1221.335380][T10786] bond2: entered promiscuous mode [ 1221.342176][T10786] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1221.590346][T10836] loop4: detected capacity change from 0 to 128 [ 1221.684434][T27665] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1222.193326][ T31] audit: type=1326 audit(2000001077.819:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10862 comm="syz.2.11283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69a1d9c819 code=0x7ffc0000 [ 1222.295809][ T31] audit: type=1326 audit(2000001077.819:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10862 comm="syz.2.11283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69a1d9c819 code=0x7ffc0000 [ 1222.435084][ T31] audit: type=1326 audit(2000001077.819:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10862 comm="syz.2.11283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69a1d9c819 code=0x7ffc0000 [ 1222.546702][ T31] audit: type=1326 audit(2000001077.847:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10862 comm="syz.2.11283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7f69a1d9c819 code=0x7ffc0000 [ 1222.662567][ T31] audit: type=1326 audit(2000001077.847:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10862 comm="syz.2.11283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69a1d9c819 code=0x7ffc0000 [ 1222.802239][ T31] audit: type=1326 audit(2000001077.847:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10862 comm="syz.2.11283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69a1d9c819 code=0x7ffc0000 [ 1223.067212][T10827] loop3: detected capacity change from 0 to 32768 [ 1223.274149][T10911] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11296'. [ 1223.299055][T10913] openvswitch: netlink: IP tunnel dst address not specified [ 1223.757007][T10936] loop1: detected capacity change from 0 to 16 [ 1223.780413][T10938] tipc: Can't bind to reserved service type 0 [ 1223.793127][T10936] erofs (device loop1): mounted with root inode @ nid 36. [ 1223.861517][T10936] erofs (device loop1): xattr_isize 12 of nid 86 is not supported yet [ 1224.726169][T10984] netlink: 10 bytes leftover after parsing attributes in process `syz.6.11320'. [ 1224.779191][T10921] loop4: detected capacity change from 0 to 32768 [ 1224.866715][T10921] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1225.076236][T10921] XFS (loop4): Ending clean mount [ 1225.292612][ T5828] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1225.632241][T10980] loop1: detected capacity change from 0 to 32768 [ 1226.049225][T11042] loop5: detected capacity change from 0 to 512 [ 1226.116600][T11042] EXT4-fs (loop5): external journal device major/minor numbers have changed [ 1226.156699][T11042] EXT4-fs (loop5): failed to open journal device unknown-block(8,3) -6 [ 1226.591173][ T31] kauditd_printk_skb: 3 callbacks suppressed [ 1226.591331][ T31] audit: type=1326 audit(2000001081.927:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11067 comm="syz.2.11340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69a1d9c819 code=0x7ffc0000 [ 1226.629728][T11075] loop5: detected capacity change from 0 to 512 [ 1226.637828][ T31] audit: type=1326 audit(2000001081.965:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11067 comm="syz.2.11340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69a1d9c819 code=0x7ffc0000 [ 1226.683521][T11075] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 1226.700594][T11075] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01c, mo2=0002] [ 1226.717760][ T31] audit: type=1326 audit(2000001081.965:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11067 comm="syz.2.11340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69a1d9c819 code=0x7ffc0000 [ 1226.746661][T11075] EXT4-fs (loop5): orphan cleanup on readonly fs [ 1226.746810][ T31] audit: type=1326 audit(2000001081.974:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11067 comm="syz.2.11340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f69a1d9c819 code=0x7ffc0000 [ 1226.753130][T11075] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #13: comm syz.5.11343: iget: bad i_size value: 12154761577498 [ 1226.775744][ T31] audit: type=1326 audit(2000001081.974:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11067 comm="syz.2.11340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69a1d9c819 code=0x7ffc0000 [ 1226.814153][ T31] audit: type=1326 audit(2000001082.030:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11067 comm="syz.2.11340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69a1d9c819 code=0x7ffc0000 [ 1226.837514][ T31] audit: type=1326 audit(2000001082.030:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11067 comm="syz.2.11340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f69a1d9c819 code=0x7ffc0000 [ 1226.860774][ T31] audit: type=1326 audit(2000001082.030:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11067 comm="syz.2.11340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f69a1d9c819 code=0x7ffc0000 [ 1226.888793][T11075] loop5: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 1226.895809][ C1] EXT4-fs (loop5): error count since last fsck: 1 [ 1226.911412][ C1] EXT4-fs (loop5): initial error at time 2000001082: ext4_orphan_get:1397: inode 13 [ 1226.920869][ C1] EXT4-fs (loop5): last error at time 2000001082: ext4_orphan_get:1397: inode 13 [ 1227.017313][T11090] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1227.033349][T11075] EXT4-fs error (device loop5): ext4_orphan_get:1400: comm syz.5.11343: couldn't read orphan inode 13 (err -117) [ 1227.127905][T11075] loop5: lost filesystem error report for type 5 error -117 [ 1227.143672][T11075] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1227.268174][T11075] EXT4-fs warning (device loop5): dx_probe:859: inode #2: comm syz.5.11343: dx entry: limit 65535 != root limit 120 [ 1227.334141][T11075] EXT4-fs warning (device loop5): dx_probe:933: inode #2: comm syz.5.11343: Corrupt directory, running e2fsck is recommended [ 1227.398899][T11102] overlayfs: unescaped trailing colons in lowerdir mount option. [ 1227.528548][T11108] i2c i2c-0: Invalid block write size 34 [ 1227.588892][T11111] netlink: zone id is out of range [ 1227.599126][ T5831] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1227.622606][T11111] netlink: zone id is out of range [ 1227.627770][T11111] netlink: zone id is out of range [ 1227.632898][T11111] netlink: zone id is out of range [ 1227.687154][T11111] netlink: zone id is out of range [ 1227.718731][T11111] netlink: zone id is out of range [ 1227.754903][T11111] netlink: zone id is out of range [ 1227.782833][T11111] netlink: zone id is out of range [ 1227.996832][T11135] team0: entered allmulticast mode [ 1228.031316][T11135] 8021q: adding VLAN 0 to HW filter on device team0 [ 1229.022990][T11190] loop3: detected capacity change from 0 to 164 [ 1229.151042][T11190] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 1229.575557][T11219] new mount options do not match the existing superblock, will be ignored [ 1229.577847][T11220] netlink: 'syz.6.11391': attribute type 10 has an invalid length. [ 1229.666585][T11224] netlink: 'syz.1.11392': attribute type 1 has an invalid length. [ 1229.764164][T11227] netlink: 68 bytes leftover after parsing attributes in process `syz.3.11393'. [ 1229.824008][T11227] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11393'. [ 1230.462292][T11258] net_ratelimit: 4 callbacks suppressed [ 1230.462323][T11258] openvswitch: netlink: Multiple metadata blocks provided [ 1230.524468][T11260] loop2: detected capacity change from 0 to 256 [ 1230.538756][T11198] loop5: detected capacity change from 0 to 40427 [ 1230.558767][T11198] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 1230.576052][T11198] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 1230.614998][T11198] F2FS-fs (loop5): invalid crc value [ 1230.913273][T11198] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1230.981098][T11198] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 1230.999289][T11198] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 1231.149197][T11198] F2FS-fs (loop5): inconsistent node block, node_type:2, nid:6, node_footer[nid:6,ino:6,ofs:0,cpver:1219692001,blkaddr:4610] [ 1231.403453][ T5831] syz-executor: attempt to access beyond end of device [ 1231.403453][ T5831] loop5: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 1231.439717][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 1231.439765][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1231.439789][ T5831] Call Trace: [ 1231.439801][ T5831] [ 1231.439817][ T5831] dump_stack_lvl+0x100/0x190 [ 1231.439887][ T5831] f2fs_handle_critical_error+0x5d7/0x970 [ 1231.439951][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.440000][ T5831] ? f2fs_build_fault_attr+0x53/0x280 [ 1231.440071][ T5831] f2fs_write_end_io+0xc3f/0xf30 [ 1231.440140][ T5831] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1231.440211][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.440271][ T5831] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1231.440334][ T5831] bio_endio+0x7a3/0x910 [ 1231.440394][ T5831] submit_bio_noacct+0x64c/0x2010 [ 1231.440452][ T5831] f2fs_submit_write_bio+0x133/0x350 [ 1231.440515][ T5831] __submit_merged_bio+0x331/0x7b0 [ 1231.440587][ T5831] __submit_merged_write_cond+0x3fe/0x510 [ 1231.440664][ T5831] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 1231.440743][ T5831] ? __pfx___might_resched+0x10/0x10 [ 1231.440787][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.440837][ T5831] ? folio_clear_dirty_for_io+0x178/0x820 [ 1231.440909][ T5831] f2fs_sync_node_pages+0x1620/0x19b0 [ 1231.440993][ T5831] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 1231.441060][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.441109][ T5831] ? __lock_acquire+0x4a5/0x2630 [ 1231.441222][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.441276][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.441327][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.441376][ T5831] ? up_write+0x290/0x4f0 [ 1231.441424][ T5831] block_operations+0x932/0xfc0 [ 1231.441484][ T5831] ? __pfx_block_operations+0x10/0x10 [ 1231.441594][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.441648][ T5831] ? ktime_get+0x200/0x300 [ 1231.441700][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.441752][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.441800][ T5831] ? rcu_is_watching+0x12/0xc0 [ 1231.441854][ T5831] f2fs_write_checkpoint+0x582/0x5550 [ 1231.441910][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.441959][ T5831] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1231.442020][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.442075][ T5831] ? __wait_for_common+0x1f3/0x4c0 [ 1231.442114][ T5831] ? __pfx_schedule_timeout+0x10/0x10 [ 1231.442179][ T5831] ? __pfx___wait_for_common+0x10/0x10 [ 1231.442216][ T5831] ? kasan_quarantine_put+0x104/0x240 [ 1231.442269][ T5831] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 1231.442316][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.442379][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.442427][ T5831] ? rcu_is_watching+0x12/0xc0 [ 1231.442473][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.442521][ T5831] ? kthread_stop+0x280/0x680 [ 1231.442590][ T5831] kill_f2fs_super+0x3e5/0x490 [ 1231.442636][ T5831] ? __pfx_kill_f2fs_super+0x10/0x10 [ 1231.442708][ T5831] ? lockdep_hardirqs_on+0x78/0x100 [ 1231.442746][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.442797][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.442864][ T5831] deactivate_locked_super+0xc1/0x1b0 [ 1231.442919][ T5831] deactivate_super+0xe7/0x110 [ 1231.442973][ T5831] cleanup_mnt+0x21f/0x450 [ 1231.443046][ T5831] task_work_run+0x150/0x240 [ 1231.443090][ T5831] ? __pfx_task_work_run+0x10/0x10 [ 1231.443133][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.443184][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.443243][ T5831] exit_to_user_mode_loop+0x100/0x4a0 [ 1231.443316][ T5831] do_syscall_64+0x706/0xf80 [ 1231.443353][ T5831] ? irqentry_exit+0x133/0x650 [ 1231.443397][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1231.443438][ T5831] RIP: 0033:0x7f5faf39da57 [ 1231.443470][ T5831] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 1231.443507][ T5831] RSP: 002b:00007ffe8657d7c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1231.443544][ T5831] RAX: 0000000000000000 RBX: 00007f5faf432048 RCX: 00007f5faf39da57 [ 1231.443570][ T5831] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe8657d880 [ 1231.443595][ T5831] RBP: 00007ffe8657d880 R08: 00007ffe8657e880 R09: 00000000ffffffff [ 1231.443621][ T5831] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe8657e910 [ 1231.443647][ T5831] R13: 00007f5faf432048 R14: 000000000011ea68 R15: 00007ffe8657e950 [ 1231.443703][ T5831] [ 1231.443719][ T5831] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 1231.877274][T11312] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11420'. [ 1231.961298][ T5831] CPU: 1 UID: 0 PID: 5831 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 1231.961348][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1231.961373][ T5831] Call Trace: [ 1231.961386][ T5831] [ 1231.961402][ T5831] dump_stack_lvl+0x100/0x190 [ 1231.961471][ T5831] f2fs_handle_critical_error+0x5d7/0x970 [ 1231.961535][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.961585][ T5831] ? f2fs_build_fault_attr+0x53/0x280 [ 1231.961646][ T5831] f2fs_write_end_io+0xc3f/0xf30 [ 1231.961714][ T5831] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1231.961784][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.961981][ T5831] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1231.962046][ T5831] bio_endio+0x7a3/0x910 [ 1231.962127][ T5831] submit_bio_noacct+0x64c/0x2010 [ 1231.962182][ T5831] f2fs_submit_write_bio+0x133/0x350 [ 1231.962244][ T5831] __submit_merged_bio+0x331/0x7b0 [ 1231.962314][ T5831] __submit_merged_write_cond+0x3fe/0x510 [ 1231.962390][ T5831] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 1231.962468][ T5831] ? __pfx___might_resched+0x10/0x10 [ 1231.962512][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.962561][ T5831] ? folio_clear_dirty_for_io+0x178/0x820 [ 1231.962630][ T5831] f2fs_sync_node_pages+0x1620/0x19b0 [ 1231.962710][ T5831] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 1231.962767][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.962815][ T5831] ? __lock_acquire+0x4a5/0x2630 [ 1231.962920][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.962973][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.963023][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.963080][ T5831] ? up_write+0x290/0x4f0 [ 1231.963128][ T5831] block_operations+0x932/0xfc0 [ 1231.963186][ T5831] ? __pfx_block_operations+0x10/0x10 [ 1231.963286][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.963338][ T5831] ? ktime_get+0x200/0x300 [ 1231.963390][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.963440][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.963489][ T5831] ? rcu_is_watching+0x12/0xc0 [ 1231.963542][ T5831] f2fs_write_checkpoint+0x582/0x5550 [ 1231.963598][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.963647][ T5831] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1231.963707][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.963756][ T5831] ? __wait_for_common+0x1f3/0x4c0 [ 1231.963793][ T5831] ? __pfx_schedule_timeout+0x10/0x10 [ 1231.963857][ T5831] ? __pfx___wait_for_common+0x10/0x10 [ 1231.963895][ T5831] ? kasan_quarantine_put+0x104/0x240 [ 1231.963946][ T5831] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 1231.963993][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.964053][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.964109][ T5831] ? rcu_is_watching+0x12/0xc0 [ 1231.964153][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.964202][ T5831] ? kthread_stop+0x280/0x680 [ 1231.964269][ T5831] kill_f2fs_super+0x3e5/0x490 [ 1231.964316][ T5831] ? __pfx_kill_f2fs_super+0x10/0x10 [ 1231.964384][ T5831] ? lockdep_hardirqs_on+0x78/0x100 [ 1231.964422][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.964472][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.964536][ T5831] deactivate_locked_super+0xc1/0x1b0 [ 1231.964591][ T5831] deactivate_super+0xe7/0x110 [ 1231.964644][ T5831] cleanup_mnt+0x21f/0x450 [ 1231.964706][ T5831] task_work_run+0x150/0x240 [ 1231.964750][ T5831] ? __pfx_task_work_run+0x10/0x10 [ 1231.964791][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.964842][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1231.964900][ T5831] exit_to_user_mode_loop+0x100/0x4a0 [ 1231.964971][ T5831] do_syscall_64+0x706/0xf80 [ 1231.965008][ T5831] ? irqentry_exit+0x133/0x650 [ 1231.965051][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1231.965100][ T5831] RIP: 0033:0x7f5faf39da57 [ 1231.965132][ T5831] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 1231.965172][ T5831] RSP: 002b:00007ffe8657d7c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1231.965209][ T5831] RAX: 0000000000000000 RBX: 00007f5faf432048 RCX: 00007f5faf39da57 [ 1231.965236][ T5831] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe8657d880 [ 1231.965262][ T5831] RBP: 00007ffe8657d880 R08: 00007ffe8657e880 R09: 00000000ffffffff [ 1231.965288][ T5831] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe8657e910 [ 1231.965314][ T5831] R13: 00007f5faf432048 R14: 000000000011ea68 R15: 00007ffe8657e950 [ 1231.965367][ T5831] [ 1231.965382][ T5831] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 1232.358455][T30910] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 1232.360654][ T5831] CPU: 1 UID: 0 PID: 5831 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 1232.360700][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1232.360724][ T5831] Call Trace: [ 1232.360737][ T5831] [ 1232.360751][ T5831] dump_stack_lvl+0x100/0x190 [ 1232.360817][ T5831] f2fs_handle_critical_error+0x5d7/0x970 [ 1232.360876][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.360924][ T5831] ? f2fs_build_fault_attr+0x53/0x280 [ 1232.360983][ T5831] f2fs_write_end_io+0xc3f/0xf30 [ 1232.361047][ T5831] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1232.361119][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.361175][ T5831] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1232.361235][ T5831] bio_endio+0x7a3/0x910 [ 1232.361290][ T5831] submit_bio_noacct+0x64c/0x2010 [ 1232.361343][ T5831] f2fs_submit_write_bio+0x133/0x350 [ 1232.361401][ T5831] __submit_merged_bio+0x331/0x7b0 [ 1232.361468][ T5831] __submit_merged_write_cond+0x3fe/0x510 [ 1232.361540][ T5831] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 1232.361613][ T5831] ? __pfx___might_resched+0x10/0x10 [ 1232.361655][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.361701][ T5831] ? folio_clear_dirty_for_io+0x178/0x820 [ 1232.361774][ T5831] f2fs_sync_node_pages+0x1620/0x19b0 [ 1232.361853][ T5831] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 1232.361909][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.361955][ T5831] ? __lock_acquire+0x4a5/0x2630 [ 1232.362056][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.362110][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.362162][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.362207][ T5831] ? up_write+0x290/0x4f0 [ 1232.362253][ T5831] block_operations+0x932/0xfc0 [ 1232.362309][ T5831] ? __pfx_block_operations+0x10/0x10 [ 1232.362407][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.362456][ T5831] ? ktime_get+0x200/0x300 [ 1232.362506][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.362554][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.362600][ T5831] ? rcu_is_watching+0x12/0xc0 [ 1232.362650][ T5831] f2fs_write_checkpoint+0x582/0x5550 [ 1232.362704][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.362749][ T5831] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1232.362807][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.362853][ T5831] ? __wait_for_common+0x1f3/0x4c0 [ 1232.362889][ T5831] ? __pfx_schedule_timeout+0x10/0x10 [ 1232.362950][ T5831] ? __pfx___wait_for_common+0x10/0x10 [ 1232.362985][ T5831] ? kasan_quarantine_put+0x104/0x240 [ 1232.363035][ T5831] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 1232.363082][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.363140][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.363187][ T5831] ? rcu_is_watching+0x12/0xc0 [ 1232.363228][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.363274][ T5831] ? kthread_stop+0x280/0x680 [ 1232.363338][ T5831] kill_f2fs_super+0x3e5/0x490 [ 1232.363383][ T5831] ? __pfx_kill_f2fs_super+0x10/0x10 [ 1232.363448][ T5831] ? lockdep_hardirqs_on+0x78/0x100 [ 1232.363485][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.363533][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.363594][ T5831] deactivate_locked_super+0xc1/0x1b0 [ 1232.363646][ T5831] deactivate_super+0xe7/0x110 [ 1232.363697][ T5831] cleanup_mnt+0x21f/0x450 [ 1232.363758][ T5831] task_work_run+0x150/0x240 [ 1232.363799][ T5831] ? __pfx_task_work_run+0x10/0x10 [ 1232.363839][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.363888][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.363944][ T5831] exit_to_user_mode_loop+0x100/0x4a0 [ 1232.364011][ T5831] do_syscall_64+0x706/0xf80 [ 1232.364046][ T5831] ? irqentry_exit+0x133/0x650 [ 1232.364092][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1232.364133][ T5831] RIP: 0033:0x7f5faf39da57 [ 1232.364164][ T5831] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 1232.364201][ T5831] RSP: 002b:00007ffe8657d7c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1232.364236][ T5831] RAX: 0000000000000000 RBX: 00007f5faf432048 RCX: 00007f5faf39da57 [ 1232.364261][ T5831] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe8657d880 [ 1232.364285][ T5831] RBP: 00007ffe8657d880 R08: 00007ffe8657e880 R09: 00000000ffffffff [ 1232.364310][ T5831] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe8657e910 [ 1232.364335][ T5831] R13: 00007f5faf432048 R14: 000000000011ea68 R15: 00007ffe8657e950 [ 1232.364386][ T5831] [ 1232.364576][ T5831] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 1232.493752][T11328] netlink: 'syz.3.11424': attribute type 1 has an invalid length. [ 1232.616373][ T5831] CPU: 1 UID: 0 PID: 5831 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 1232.616422][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1232.616445][ T5831] Call Trace: [ 1232.616459][ T5831] [ 1232.616473][ T5831] dump_stack_lvl+0x100/0x190 [ 1232.616540][ T5831] f2fs_handle_critical_error+0x5d7/0x970 [ 1232.616602][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.616648][ T5831] ? f2fs_build_fault_attr+0x53/0x280 [ 1232.616707][ T5831] f2fs_write_end_io+0xc3f/0xf30 [ 1232.616772][ T5831] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1232.616844][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.616901][ T5831] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 1232.616961][ T5831] bio_endio+0x7a3/0x910 [ 1232.617016][ T5831] submit_bio_noacct+0x64c/0x2010 [ 1232.617069][ T5831] f2fs_submit_write_bio+0x133/0x350 [ 1232.617127][ T5831] __submit_merged_bio+0x331/0x7b0 [ 1232.617193][ T5831] __submit_merged_write_cond+0x3fe/0x510 [ 1232.617265][ T5831] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 1232.617337][ T5831] ? __pfx___might_resched+0x10/0x10 [ 1232.617378][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.617424][ T5831] ? folio_clear_dirty_for_io+0x178/0x820 [ 1232.617490][ T5831] f2fs_sync_node_pages+0x1620/0x19b0 [ 1232.617566][ T5831] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 1232.617621][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.617667][ T5831] ? __lock_acquire+0x4a5/0x2630 [ 1232.617769][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.617823][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.617871][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.617916][ T5831] ? up_write+0x290/0x4f0 [ 1232.617962][ T5831] block_operations+0x932/0xfc0 [ 1232.618017][ T5831] ? __pfx_block_operations+0x10/0x10 [ 1232.618114][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.618163][ T5831] ? ktime_get+0x200/0x300 [ 1232.618212][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.618260][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.618306][ T5831] ? rcu_is_watching+0x12/0xc0 [ 1232.618356][ T5831] f2fs_write_checkpoint+0x582/0x5550 [ 1232.618409][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.618455][ T5831] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1232.618512][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.618558][ T5831] ? __wait_for_common+0x1f3/0x4c0 [ 1232.618594][ T5831] ? __pfx_schedule_timeout+0x10/0x10 [ 1232.618654][ T5831] ? __pfx___wait_for_common+0x10/0x10 [ 1232.618690][ T5831] ? kasan_quarantine_put+0x104/0x240 [ 1232.618739][ T5831] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 1232.618783][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.618847][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.618892][ T5831] ? rcu_is_watching+0x12/0xc0 [ 1232.618935][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.618980][ T5831] ? kthread_stop+0x280/0x680 [ 1232.619044][ T5831] kill_f2fs_super+0x3e5/0x490 [ 1232.619089][ T5831] ? __pfx_kill_f2fs_super+0x10/0x10 [ 1232.619153][ T5831] ? lockdep_hardirqs_on+0x78/0x100 [ 1232.619190][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.619236][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.619298][ T5831] deactivate_locked_super+0xc1/0x1b0 [ 1232.619350][ T5831] deactivate_super+0xe7/0x110 [ 1232.619401][ T5831] cleanup_mnt+0x21f/0x450 [ 1232.619461][ T5831] task_work_run+0x150/0x240 [ 1232.619502][ T5831] ? __pfx_task_work_run+0x10/0x10 [ 1232.619541][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.619590][ T5831] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1232.619645][ T5831] exit_to_user_mode_loop+0x100/0x4a0 [ 1232.619712][ T5831] do_syscall_64+0x706/0xf80 [ 1232.619747][ T5831] ? irqentry_exit+0x133/0x650 [ 1232.619794][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1232.619834][ T5831] RIP: 0033:0x7f5faf39da57 [ 1232.619864][ T5831] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 1232.619901][ T5831] RSP: 002b:00007ffe8657d7c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1232.619936][ T5831] RAX: 0000000000000000 RBX: 00007f5faf432048 RCX: 00007f5faf39da57 [ 1232.619961][ T5831] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe8657d880 [ 1232.619984][ T5831] RBP: 00007ffe8657d880 R08: 00007ffe8657e880 R09: 00000000ffffffff [ 1232.620009][ T5831] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe8657e910 [ 1232.620034][ T5831] R13: 00007f5faf432048 R14: 000000000011ea68 R15: 00007ffe8657e950 [ 1232.620084][ T5831] [ 1232.620099][ T5831] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 1232.719818][T30910] usb 7-1: Using ep0 maxpacket: 8 [ 1232.748132][T11328] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11424'. [ 1232.870556][T30910] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1233.458183][T30978] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1233.546012][T30910] usb 7-1: config 7 has an invalid interface number: 58 but max is 0 [ 1233.562452][T30910] usb 7-1: config 7 has no interface number 0 [ 1233.573718][T30910] usb 7-1: config 7 interface 58 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1233.606756][T30910] usb 7-1: config 7 interface 58 has no altsetting 0 [ 1233.620387][T30910] usb 7-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=48.0f [ 1233.628301][T30978] usb 2-1: Using ep0 maxpacket: 32 [ 1233.637101][T30978] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1233.638736][T30910] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1233.652348][T30978] usb 2-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=6a.32 [ 1233.681488][T30910] usb 7-1: Product: syz [ 1233.685672][T30910] usb 7-1: Manufacturer: syz [ 1233.686550][T30978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1233.690286][T30910] usb 7-1: SerialNumber: syz [ 1233.722844][T30978] usb 2-1: Product: syz [ 1233.745797][T30978] usb 2-1: Manufacturer: syz [ 1233.750458][T30978] usb 2-1: SerialNumber: syz [ 1233.790547][T30978] usb 2-1: config 0 descriptor?? [ 1233.901823][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 1233.908363][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 1234.054090][T30910] usb 7-1: USB disconnect, device number 15 [ 1234.109189][T30906] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 1234.274504][T30906] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1234.314666][T30906] usb 4-1: not running at top speed; connect to a high speed hub [ 1234.363960][T30978] ljca 2-1:0.0: bulk endpoints not found [ 1234.374066][T30906] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0014, bcdDevice= 0.40 [ 1234.375995][T30978] usb 2-1: USB disconnect, device number 25 [ 1234.433001][T30906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1234.503180][T30906] usb 4-1: Product: syz [ 1234.519022][T30906] usb 4-1: Manufacturer: syz [ 1234.523635][T30906] usb 4-1: SerialNumber: syz [ 1234.860672][T30906] usb 4-1: 1:1 : sample bitwidth 41 in over sample bytes 2 [ 1234.883666][T30906] usb 4-1: 1:1: All rates were zero [ 1234.888917][T30906] usb 4-1: 1:1 : invalid channels 0 [ 1234.910958][T30906] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1235.126632][T30906] usb 4-1: USB disconnect, device number 25 [ 1235.355941][T13905] udevd[13905]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1235.650433][T11468] loop5: detected capacity change from 0 to 64 [ 1235.699022][T11468] syz.5.11451: attempt to access beyond end of device [ 1235.699022][T11468] loop5: rw=0, sector=1024, nr_sectors = 2 limit=64 [ 1235.781516][T11468] Buffer I/O error on dev loop5, logical block 512, async page read [ 1235.861818][T11468] syz.5.11451: attempt to access beyond end of device [ 1235.861818][T11468] loop5: rw=0, sector=113152, nr_sectors = 2 limit=64 [ 1235.947070][T11468] Buffer I/O error on dev loop5, logical block 56576, async page read [ 1236.952452][T11522] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1238.006950][T11575] loop5: detected capacity change from 0 to 256 [ 1238.046799][T11575] FAT-fs (loop5): Directory bread(block 64) failed [ 1238.053791][T11575] FAT-fs (loop5): Directory bread(block 65) failed [ 1238.060389][T11575] FAT-fs (loop5): Directory bread(block 66) failed [ 1238.070414][T11575] FAT-fs (loop5): Directory bread(block 67) failed [ 1238.080594][T11575] FAT-fs (loop5): Directory bread(block 68) failed [ 1238.087643][T11575] FAT-fs (loop5): Directory bread(block 69) failed [ 1238.094546][T11575] FAT-fs (loop5): Directory bread(block 70) failed [ 1238.102476][T11575] FAT-fs (loop5): Directory bread(block 71) failed [ 1238.109906][T11575] FAT-fs (loop5): Directory bread(block 72) failed [ 1238.116962][T11575] FAT-fs (loop5): Directory bread(block 73) failed [ 1238.326555][T11589] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1238.570182][T11607] netlink: 212 bytes leftover after parsing attributes in process `syz.4.11492'. [ 1238.867202][T11616] xt_socket: unknown flags 0x48 [ 1239.578129][T11648] netlink: 'syz.2.11506': attribute type 1 has an invalid length. [ 1239.633620][T11648] netlink: 224 bytes leftover after parsing attributes in process `syz.2.11506'. [ 1239.885255][T11623] loop3: detected capacity change from 0 to 32768 [ 1239.936626][T11623] JBD2: Ignoring recovery information on journal [ 1239.950787][T11623] jbd2_journal_bmap: journal block not found at offset 32 on loop3-75 [ 1239.963425][T11623] JBD2: bad block at offset 32 [ 1239.978542][T11623] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1240.037510][T11623] OCFS2: ERROR (device loop3): ocfs2_claim_suballoc_bits: Chain allocator dinode 71 has 16777215 used bits but only 1024 total [ 1240.099316][T11623] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 1240.112770][T11623] OCFS2: File system is now read-only. [ 1240.119008][T11623] (syz.3.11498,11623,0):ocfs2_claim_suballoc_bits:2151 ERROR: status = -30 [ 1240.127951][T11623] (syz.3.11498,11623,0):__ocfs2_claim_clusters:2532 ERROR: status = -30 [ 1240.136927][T11623] (syz.3.11498,11623,0):__ocfs2_claim_clusters:2540 ERROR: status = -30 [ 1240.145441][T11623] (syz.3.11498,11623,0):ocfs2_block_group_alloc_contig:506 ERROR: status = -30 [ 1240.189911][T11623] (syz.3.11498,11623,1):ocfs2_block_group_alloc:780 ERROR: status = -30 [ 1240.245755][T11623] (syz.3.11498,11623,1):ocfs2_block_group_alloc:833 ERROR: status = -30 [ 1240.279825][T11628] loop4: detected capacity change from 0 to 32768 [ 1240.289645][T11623] (syz.3.11498,11623,0):ocfs2_reserve_suballoc_bits:908 ERROR: status = -30 [ 1240.303811][T11623] (syz.3.11498,11623,0):ocfs2_reserve_suballoc_bits:925 ERROR: status = -30 [ 1240.313068][T11623] (syz.3.11498,11623,0):ocfs2_reserve_new_metadata_blocks:1065 ERROR: status = -30 [ 1240.323035][T11623] (syz.3.11498,11623,0):ocfs2_reserve_new_metadata_blocks:1088 ERROR: status = -30 [ 1240.348786][T11628] jfs_lookup: iget failed on inum 4 [ 1240.379093][T11682] netlink: 'syz.5.11514': attribute type 5 has an invalid length. [ 1240.413397][T11623] (syz.3.11498,11623,0):ocfs2_expand_inline_dir:2867 ERROR: status = -30 [ 1240.461311][T11623] (syz.3.11498,11623,0):ocfs2_extend_dir:3231 ERROR: status = -30 [ 1240.472199][T11623] (syz.3.11498,11623,0):ocfs2_prepare_dir_for_insert:4349 ERROR: status = -30 [ 1240.515423][T11623] (syz.3.11498,11623,0):ocfs2_mknod:302 ERROR: status = -30 [ 1240.536986][T11623] (syz.3.11498,11623,0):ocfs2_mknod:506 ERROR: status = -30 [ 1240.544726][T11623] (syz.3.11498,11623,0):ocfs2_mkdir:662 ERROR: status = -30 [ 1240.879840][ T5823] ocfs2: Unmounting device (7,3) on (node local) [ 1241.041439][T11714] loop6: detected capacity change from 0 to 2048 [ 1241.127784][T11714] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1241.264848][T11725] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1241.364132][T11727] openvswitch: netlink: IPv6 tunnel dst address is zero [ 1241.656923][T11744] loop1: detected capacity change from 0 to 64 [ 1242.090984][T11761] x_tables: unsorted entry at hook 2 [ 1242.118961][T11701] loop2: detected capacity change from 0 to 32768 [ 1242.176044][T11701] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1242.227686][T11775] netlink: 'syz.6.11539': attribute type 7 has an invalid length. [ 1242.236286][T11775] netlink: 'syz.6.11539': attribute type 8 has an invalid length. [ 1242.380037][T11701] XFS (loop2): Ending clean mount [ 1242.625180][ T5818] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1243.169003][T11815] bond3: option arp_validate: invalid value (2048) [ 1243.223681][T11815] bond3 (unregistering): Released all slaves [ 1243.555440][T11901] netlink: 'syz.4.11556': attribute type 1 has an invalid length. [ 1243.618938][T11901] netlink: 220 bytes leftover after parsing attributes in process `syz.4.11556'. [ 1243.791815][T11911] x_tables: ip_tables: TCPMSS target: only valid for protocol 6 [ 1243.922450][T11914] loop5: detected capacity change from 0 to 1764 [ 1244.309642][T11938] netlink: zone id is out of range [ 1244.330331][T11938] netlink: del zone limit has 8 unknown bytes [ 1244.974544][T11971] ÿ1Ie5nè‹Ò: entered promiscuous mode [ 1245.392856][T11998] loop4: detected capacity change from 0 to 1764 [ 1245.458056][T11998] iso9660: Corrupted directory entry in block 0 of inode 1792 [ 1245.751581][T12025] netlink: 'syz.2.11598': attribute type 23 has an invalid length. [ 1245.981379][T30978] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 1246.162807][T30978] usb 2-1: Using ep0 maxpacket: 8 [ 1246.170220][T30978] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1246.196682][T30978] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 1246.221714][T30978] usb 2-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 1246.263975][T30978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1246.285746][T30978] usb 2-1: Product: syz [ 1246.289931][T30978] usb 2-1: Manufacturer: syz [ 1246.307072][T30978] usb 2-1: SerialNumber: syz [ 1246.324487][T30978] usb 2-1: config 0 descriptor?? [ 1246.425501][T12066] loop6: detected capacity change from 0 to 512 [ 1246.456412][T12066] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 1246.538549][T12066] EXT4-fs error (device loop6): ext4_iget_extra_inode:5041: inode #15: comm syz.6.11607: corrupted in-inode xattr: e_value out of bounds [ 1246.589343][T12066] loop6: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 1246.599427][T12066] EXT4-fs (loop6): Remounting filesystem read-only [ 1246.608634][ C0] EXT4-fs (loop6): error count since last fsck: 1 [ 1246.608669][ C0] EXT4-fs (loop6): initial error at time 2000001100: ext4_iget_extra_inode:5041: inode 15 [ 1246.608727][ C0] EXT4-fs (loop6): last error at time 2000001100: ext4_iget_extra_inode:5041: inode 15 [ 1246.669036][T30910] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1246.721946][T12066] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1246.824212][T30978] usb 2-1: USB disconnect, device number 26 [ 1246.857445][T30910] usb 4-1: Using ep0 maxpacket: 16 [ 1246.872791][T30910] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 1246.885207][T30910] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1246.893557][T30910] usb 4-1: Product: syz [ 1246.912434][T30910] usb 4-1: Manufacturer: syz [ 1246.917159][T30910] usb 4-1: SerialNumber: syz [ 1246.934177][T30910] usb 4-1: config 0 descriptor?? [ 1246.955975][T30910] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 1246.974748][T27665] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1247.389050][T30910] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71 [ 1247.495585][T30910] usb 4-1: USB disconnect, device number 26 [ 1247.606877][T12125] loop6: detected capacity change from 0 to 64 [ 1248.173466][T12159] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11633'. [ 1248.674071][T30949] usb 7-1: new full-speed USB device number 16 using dummy_hcd [ 1248.768947][T12196] loop3: detected capacity change from 0 to 512 [ 1248.806149][T12196] EXT4-fs error (device loop3): ext4_map_blocks:791: inode #11: block 10: comm syz.3.11643: lblock 0 mapped to illegal pblock 10 (length 1) [ 1248.874754][T12196] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 1248.876710][T30949] usb 7-1: New USB device found, idVendor=0c45, idProduct=6280, bcdDevice=d5.fc [ 1248.876883][T12196] EXT4-fs (loop3): Remounting filesystem read-only [ 1248.885919][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 1248.885951][ C0] EXT4-fs (loop3): initial error at time 2000001102: ext4_map_blocks:791: inode 11: block 10 [ 1248.886020][ C0] EXT4-fs (loop3): last error at time 2000001102: ext4_map_blocks:791: inode 11: block 10 [ 1248.895215][T30949] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1248.999699][T30949] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:6280 [ 1249.016731][T12196] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 1249.090825][T12196] EXT4-fs warning (device loop3): ext4_evict_inode:269: couldn't mark inode dirty (err -30) [ 1249.133866][T12196] EXT4-fs (loop3): 1 orphan inode deleted [ 1249.160116][T12196] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1249.231844][T12215] QAT: Device 7 not found [ 1249.400225][T12221] netlink: 56 bytes leftover after parsing attributes in process `syz.2.11650'. [ 1249.429166][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1249.456830][T12184] loop1: detected capacity change from 0 to 32768 [ 1249.457983][T30949] gspca_sn9c20x: Write register 1001 failed -71 [ 1249.482803][T30949] gspca_sn9c20x: Device initialization failed [ 1249.507562][T30949] gspca_sn9c20x 7-1:252.0: probe with driver gspca_sn9c20x failed with error -71 [ 1249.561406][T30949] usb 7-1: USB disconnect, device number 16 [ 1249.898696][T12251] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11656'. [ 1250.549430][T12288] loop4: detected capacity change from 0 to 512 [ 1250.693383][T12288] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1250.730518][T12288] ext4 filesystem being mounted at /2001/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1250.741492][T30906] usb 7-1: new full-speed USB device number 17 using dummy_hcd [ 1250.827658][T12288] EXT4-fs error (device loop4): ext4_xattr_block_list:766: inode #15: comm syz.4.11667: corrupted xattr block 13: invalid checksum [ 1250.942991][T30906] usb 7-1: config 0 has an invalid interface number: 20 but max is 0 [ 1250.960843][T30906] usb 7-1: config 0 has no interface number 0 [ 1250.977805][T30906] usb 7-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1251.042816][T30906] usb 7-1: config 0 interface 20 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1251.069734][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1251.084455][T30906] usb 7-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1251.134136][T30906] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1251.142170][T30906] usb 7-1: Product: syz [ 1251.168017][T30906] usb 7-1: Manufacturer: syz [ 1251.183536][T30906] usb 7-1: SerialNumber: syz [ 1251.201492][T30906] usb 7-1: config 0 descriptor?? [ 1251.248188][T12282] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 1251.261761][T30906] usb-storage 7-1:0.20: USB Mass Storage device detected [ 1251.327890][T30906] usb-storage 7-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1251.337872][T12328] loop1: detected capacity change from 0 to 16 [ 1251.451502][T12328] erofs (device loop1): dirblkbits 7 isn't supported [ 1251.498816][T30906] scsi host1: usb-storage 7-1:0.20 [ 1251.778971][T30910] usb 7-1: USB disconnect, device number 17 [ 1252.070505][T12302] loop2: detected capacity change from 0 to 32768 [ 1252.114566][T12363] tmpfs: Bad value for 'mpol' [ 1252.118034][T12302] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.11670 (12302) [ 1252.184263][T12302] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1252.223626][T12302] BTRFS info (device loop2): using sha256 checksum algorithm [ 1252.359341][T12302] BTRFS info (device loop2): enabling ssd optimizations [ 1252.467701][T12302] BTRFS info (device loop2): turning on async discard [ 1252.474888][T12302] BTRFS info (device loop2): enabling free space tree [ 1252.807730][ T5818] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1252.959174][T12414] netlink: 'syz.3.11694': attribute type 8 has an invalid length. [ 1253.721537][T12450] openvswitch: netlink: IPv4 tun info is not correct [ 1254.071306][T30949] usb 4-1: new low-speed USB device number 27 using dummy_hcd [ 1254.101091][T12473] loop6: detected capacity change from 0 to 1024 [ 1254.130029][T12408] loop1: detected capacity change from 0 to 32768 [ 1254.187617][T12408] (syz.1.11692,12408,1):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1254.239683][T30949] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1254.250872][T12408] (syz.1.11692,12408,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1254.277774][T12473] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1254.303613][T30949] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1254.368166][T30949] usb 4-1: string descriptor 0 read error: -22 [ 1254.390861][T12408] JBD2: Ignoring recovery information on journal [ 1254.397855][T30949] usb 4-1: New USB device found, idVendor=054c, idProduct=0095, bcdDevice=a5.6a [ 1254.411318][T12473] EXT4-fs error (device loop6): ext4_get_first_dir_block:3550: inode #11: comm syz.6.11711: directory missing '..' [ 1254.503689][T30949] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1254.553002][T12408] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1254.660998][T27665] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1254.781661][T30949] visor 4-1:1.0: Handspring Visor / Palm OS converter detected [ 1254.843079][T30949] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 1254.858014][T12510] loop5: detected capacity change from 0 to 512 [ 1254.906382][T30949] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 1254.938484][T12510] EXT4-fs warning (device loop5): dx_probe:843: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 1254.970257][T12510] EXT4-fs warning (device loop5): dx_probe:848: Enable large directory feature to access it [ 1254.984719][T12510] EXT4-fs warning (device loop5): dx_probe:933: inode #2: comm syz.5.11720: Corrupt directory, running e2fsck is recommended [ 1255.011186][T12510] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117 [ 1255.036814][T12510] EXT4-fs error (device loop5): ext4_iget_extra_inode:5041: inode #15: comm syz.5.11720: corrupted in-inode xattr: invalid ea_ino [ 1255.056044][T30949] usb 4-1: USB disconnect, device number 27 [ 1255.071298][T30949] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 1255.077571][T12510] loop5: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 1255.085739][ C0] EXT4-fs (loop5): error count since last fsck: 1 [ 1255.101360][ C0] EXT4-fs (loop5): initial error at time 2000001108: ext4_iget_extra_inode:5041: inode 15 [ 1255.111338][ C0] EXT4-fs (loop5): last error at time 2000001108: ext4_iget_extra_inode:5041: inode 15 [ 1255.126031][T30949] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 1255.147578][T12510] EXT4-fs error (device loop5): ext4_orphan_get:1400: comm syz.5.11720: couldn't read orphan inode 15 (err -117) [ 1255.171988][T30949] visor 4-1:1.0: device disconnected [ 1255.184337][T12510] loop5: lost filesystem error report for type 5 error -117 [ 1255.185989][ T5816] ocfs2: Unmounting device (7,1) on (node local) [ 1255.187782][T12510] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1255.342341][T12510] EXT4-fs error (device loop5): ext4_xattr_set_entry:1670: inode #2: comm syz.5.11720: corrupted xattr entries [ 1255.478256][ T5831] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1255.643286][T12553] sctp: [Deprecated]: syz.4.11726 (pid 12553) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1255.643286][T12553] Use struct sctp_sack_info instead [ 1255.984644][T12571] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11730'. [ 1256.021006][T12571] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11730'. [ 1256.098168][T12519] loop6: detected capacity change from 0 to 32768 [ 1256.316396][T12588] Unsupported ieee802154 address type: 0 [ 1256.340774][T12586] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11735'. [ 1256.389436][T12586] netlink: 16 bytes leftover after parsing attributes in process `syz.4.11735'. [ 1256.705862][T12604] loop3: detected capacity change from 0 to 2048 [ 1256.762076][T12604] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1257.431654][T12647] loop4: detected capacity change from 0 to 256 [ 1257.575859][T12655] loop2: detected capacity change from 0 to 512 [ 1257.643723][T12655] EXT4-fs error (device loop2): ext4_orphan_get:1423: comm syz.2.11756: bad orphan inode 13 [ 1257.694940][T12655] loop2: lost filesystem error report for type 5 error -117 [ 1257.695432][T12655] ext4_test_bit(bit=12, block=4) = 1 [ 1257.708052][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 1257.708084][ C1] EXT4-fs (loop2): initial error at time 2000001111: ext4_orphan_get:1423 [ 1257.708128][ C1] EXT4-fs (loop2): last error at time 2000001111: ext4_orphan_get:1423 [ 1257.732663][T12655] is_bad_inode(inode)=0 [ 1257.737125][T12655] NEXT_ORPHAN(inode)=0 [ 1257.741199][T12655] max_ino=32 [ 1257.744392][T12655] i_nlink=1 [ 1257.750338][T12655] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1257.879121][T12655] EXT4-fs warning (device loop2): dx_probe:812: inode #2: comm syz.2.11756: Hash code is SIPHASH, but hash not in dirent [ 1257.949555][T12655] EXT4-fs warning (device loop2): dx_probe:933: inode #2: comm syz.2.11756: Corrupt directory, running e2fsck is recommended [ 1258.029462][T12655] EXT4-fs warning (device loop2): dx_probe:812: inode #2: comm syz.2.11756: Hash code is SIPHASH, but hash not in dirent [ 1258.076969][T12655] EXT4-fs warning (device loop2): dx_probe:933: inode #2: comm syz.2.11756: Corrupt directory, running e2fsck is recommended [ 1258.118286][T12655] EXT4-fs error (device loop2): ext4_find_dest_de:2049: inode #2: block 13: comm syz.2.11756: bad entry in directory: directory entry overrun - offset=24, inode=0, rec_len=131076, size=1024 fake=0 [ 1258.382875][T12695] loop5: detected capacity change from 0 to 512 [ 1258.392695][ T5818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1258.421257][T12695] EXT4-fs: Ignoring removed nobh option [ 1258.500257][T12695] EXT4-fs error (device loop5): ext4_do_update_inode:5604: inode #3: comm syz.5.11768: corrupted inode contents [ 1258.588739][T12695] loop5: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 1258.590889][ C0] EXT4-fs (loop5): error count since last fsck: 1 [ 1258.606429][ C0] EXT4-fs (loop5): initial error at time 2000001111: ext4_do_update_inode:5604: inode 3 [ 1258.616226][ C0] EXT4-fs (loop5): last error at time 2000001111: ext4_do_update_inode:5604: inode 3 [ 1258.626935][T12695] EXT4-fs (loop5): Remounting filesystem read-only [ 1258.634211][T12695] Quota error (device loop5): write_blk: dquota write failed [ 1258.642777][T12695] Quota error (device loop5): qtree_write_dquot: Error -30 occurred while creating quota [ 1258.642913][T12695] EXT4-fs (loop5): 1 truncate cleaned up [ 1258.645865][T12695] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1258.672066][T12695] ext4 filesystem being mounted at /1998/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1258.689635][T12695] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1259.498745][T12757] ip6gre2: entered promiscuous mode [ 1259.548605][T12765] loop2: detected capacity change from 0 to 16 [ 1259.602045][T12765] erofs (device loop2): mounted with root inode @ nid 36. [ 1259.665417][T12765] erofs (device loop2): not enough plain data on disk @ la 1024 of nid 36 [ 1259.715929][T12765] erofs (device loop2): read error -117 @ 0 of nid 36 [ 1260.310897][T12809] mac80211_hwsim hwsim22 : renamed from wlan1 (while UP) [ 1260.389479][T12816] netlink: 'syz.3.11804': attribute type 5 has an invalid length. [ 1261.012406][T12844] loop2: detected capacity change from 0 to 512 [ 1261.069479][T12844] EXT4-fs (loop2): 1 truncate cleaned up [ 1261.115283][T12844] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1261.245923][T12844] EXT4-fs error (device loop2): ext4_validate_block_bitmap:440: comm syz.2.11812: bg 0: block 465: padding at end of block bitmap is not set [ 1261.337163][T12844] EXT4-fs error (device loop2) in ext4_setattr:6030: error 28 [ 1261.366329][T12863] netlink: 148 bytes leftover after parsing attributes in process `syz.6.11818'. [ 1261.458269][ T5818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1261.626405][T12813] loop5: detected capacity change from 0 to 32768 [ 1262.320420][T12933] Device name not specified. [ 1262.320420][T12933] [ 1262.541760][T12946] netlink: 20 bytes leftover after parsing attributes in process `syz.4.11838'. [ 1262.568075][T12946] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11838'. [ 1263.008946][T12969] netlink: 'syz.6.11846': attribute type 1 has an invalid length. [ 1263.110913][T12969] netlink: 'syz.6.11846': attribute type 1 has an invalid length. [ 1263.172672][T12969] netlink: 9172 bytes leftover after parsing attributes in process `syz.6.11846'. [ 1263.511929][T12927] loop5: detected capacity change from 0 to 32768 [ 1263.567048][T12927] (syz.5.11829,12927,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1263.658290][T12927] (syz.5.11829,12927,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1263.739420][T12927] JBD2: Ignoring recovery information on journal [ 1263.985608][T12927] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 1264.126792][T30949] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1264.201050][T30986] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 1264.301627][T30949] usb 4-1: config 0 has an invalid interface number: 237 but max is 0 [ 1264.323473][T30949] usb 4-1: config 0 has no interface number 0 [ 1264.331429][ T5831] ocfs2: Unmounting device (7,5) on (node local) [ 1264.340579][T30949] usb 4-1: config 0 interface 237 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 1264.366696][T30949] usb 4-1: config 0 interface 237 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1264.366898][T30986] usb 2-1: New USB device found, idVendor=0497, idProduct=c001, bcdDevice=67.7a [ 1264.386787][T30949] usb 4-1: config 0 interface 237 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 1264.398213][T30949] usb 4-1: config 0 interface 237 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1264.417494][T30986] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1264.437449][T30986] usb 2-1: Product: syz [ 1264.441628][T30986] usb 2-1: Manufacturer: syz [ 1264.446241][T30986] usb 2-1: SerialNumber: syz [ 1264.480016][T30949] usb 4-1: New USB device found, idVendor=045e, idProduct=84bd, bcdDevice=89.b6 [ 1264.504157][T30949] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1264.517614][T30986] gspca_main: spca501-2.14.0 probing 0497:c001 [ 1264.535134][T30949] usb 4-1: Product: syz [ 1264.539431][T30949] usb 4-1: Manufacturer: syz [ 1264.550904][T30949] usb 4-1: SerialNumber: syz [ 1264.582605][T30949] usb 4-1: config 0 descriptor?? [ 1264.603110][T12993] loop2: detected capacity change from 0 to 32768 [ 1264.637775][T30949] xpad 4-1:0.237: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1264.684020][T30949] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.237/input/input91 [ 1264.963197][T30949] usb 4-1: USB disconnect, device number 28 [ 1264.987704][T30986] gspca_spca501: reg write: error -71 [ 1265.025266][T30986] spca501 2-1:68.0: Reg write failed for 0x02,0xa048,0x00 [ 1265.033021][T30986] spca501 2-1:68.0: probe with driver spca501 failed with error -22 [ 1265.090662][T30986] usb 2-1: USB disconnect, device number 27 [ 1265.377077][T30910] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 1265.549254][T30910] usb 6-1: Using ep0 maxpacket: 32 [ 1265.569072][T13107] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1265.595497][T30910] usb 6-1: config 0 has an invalid interface number: 119 but max is 0 [ 1265.623896][T30910] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1265.643668][T30910] usb 6-1: config 0 has no interface number 0 [ 1265.664790][T30910] usb 6-1: config 0 interface 119 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1265.711500][T30910] usb 6-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73 [ 1265.729414][T30910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1265.748573][T30910] usb 6-1: Product: syz [ 1265.786173][T30910] usb 6-1: Manufacturer: syz [ 1265.790791][T30910] usb 6-1: SerialNumber: syz [ 1265.826912][T30910] usb 6-1: config 0 descriptor?? [ 1265.858016][T30910] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.119/input/input92 [ 1266.194700][T30910] usb 6-1: USB disconnect, device number 27 [ 1266.408446][T13154] netlink: 156 bytes leftover after parsing attributes in process `syz.6.11886'. [ 1266.444930][T13154] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 1266.652015][T13111] loop4: detected capacity change from 0 to 32768 [ 1266.702896][T13111] (syz.4.11878,13111,1):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1266.754505][T13111] (syz.4.11878,13111,1):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1266.808867][T13111] JBD2: Ignoring recovery information on journal [ 1266.860463][T13168] loop6: detected capacity change from 0 to 1764 [ 1266.908239][T13111] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 1267.014419][T13112] loop2: detected capacity change from 0 to 40427 [ 1267.041307][T13112] F2FS-fs (loop2): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288) [ 1267.081154][T13112] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1267.120208][T13112] F2FS-fs (loop2): Image doesn't support compression [ 1267.157010][T13112] F2FS-fs (loop2): build fault injection rate: 690 [ 1267.166594][T13112] F2FS-fs (loop2): build fault injection type: 0x35f7 [ 1267.184550][T13112] F2FS-fs (loop2): invalid crc value [ 1267.433080][T13197] dvmrp0: entered allmulticast mode [ 1267.539679][ T5828] ocfs2: Unmounting device (7,4) on (node local) [ 1267.580868][T13112] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1267.593254][ T31] audit: type=1326 audit(2000001120.304:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13204 comm="syz.5.11900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5faf39c819 code=0x7ff00000 [ 1267.640778][T13112] F2FS-fs (loop2): Start checkpoint disabled! [ 1267.654894][T13112] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 1267.677048][ T31] audit: type=1326 audit(2000001120.304:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13204 comm="syz.5.11900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5faf39c819 code=0x7ff00000 [ 1267.710913][T13112] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1267.721655][T13112] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 1267.758658][ T31] audit: type=1326 audit(2000001120.304:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13204 comm="syz.5.11900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5faf39c819 code=0x7ff00000 [ 1267.843115][ T31] audit: type=1326 audit(2000001120.304:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13204 comm="syz.5.11900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5faf39c819 code=0x7ff00000 [ 1267.894609][ T31] audit: type=1326 audit(2000001120.304:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13204 comm="syz.5.11900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5faf39c819 code=0x7ff00000 [ 1267.952164][ T31] audit: type=1326 audit(2000001120.304:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13204 comm="syz.5.11900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5faf39c819 code=0x7ff00000 [ 1268.009507][ T31] audit: type=1326 audit(2000001120.304:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13204 comm="syz.5.11900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5faf39c819 code=0x7ff00000 [ 1268.092255][ T31] audit: type=1326 audit(2000001120.304:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13204 comm="syz.5.11900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5faf39c819 code=0x7ff00000 [ 1268.137317][ T31] audit: type=1326 audit(2000001120.304:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13204 comm="syz.5.11900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5faf39c819 code=0x7ff00000 [ 1268.208630][T13192] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 1268.249177][ T31] audit: type=1326 audit(2000001120.304:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13204 comm="syz.5.11900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5faf39c819 code=0x7ff00000 [ 1268.280472][T13230] loop6: detected capacity change from 0 to 764 [ 1268.346097][T13230] Symlink component flag not implemented [ 1268.363329][T13230] Symlink component flag not implemented (122) [ 1268.701394][T13255] loop4: detected capacity change from 0 to 512 [ 1268.761996][T13255] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1268.812753][T13255] ext4 filesystem being mounted at /2048/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1269.077169][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1269.222566][T13284] netlink: 'syz.4.11918': attribute type 10 has an invalid length. [ 1269.280809][T13284] netlink: 40 bytes leftover after parsing attributes in process `syz.4.11918'. [ 1269.332020][T13284] virt_wifi0: entered promiscuous mode [ 1269.373375][T13284] virt_wifi0: entered allmulticast mode [ 1269.405743][T13284] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 1269.955920][T13319] loop6: detected capacity change from 0 to 4096 [ 1269.988219][T13319] ntfs3(loop6): Different NTFS sector size (4096) and media sector size (512). [ 1270.009665][T13327] loop5: detected capacity change from 0 to 16 [ 1270.056260][T13319] ntfs3(loop6): ino=3, ntfs_set_state failed, -22. [ 1270.069724][T13327] erofs (device loop5): mounted with root inode @ nid 36. [ 1270.099561][T13319] ntfs3(loop6): Failed to initialize $Extend/$Reparse. [ 1270.142275][T13327] erofs (device loop5): readahead error at folio 2 @ nid 89 [ 1270.149588][T13327] erofs (device loop5): readahead error at folio 1 @ nid 89 [ 1270.219275][T13327] erofs (device loop5): readahead error at folio 0 @ nid 89 [ 1270.226603][T13327] erofs (device loop5): read error -117 @ 0 of nid 89 [ 1270.509310][ T103] ntfs3(loop6): ino=3, ntfs3_write_inode failed, -22. [ 1270.552742][T27665] ntfs3(loop6): ino=3, ntfs_set_state failed, -22. [ 1270.586871][T27665] ntfs3(loop6): Mark volume as dirty due to NTFS errors [ 1270.623133][T27665] ntfs3(loop6): ino=3, ntfs_set_state failed, -22. [ 1270.658966][ T103] ntfs3(loop6): ino=3, ntfs3_write_inode failed, -22. [ 1270.707994][T13351] ip6gre1: entered promiscuous mode [ 1270.727321][T13351] ip6gre1: entered allmulticast mode [ 1271.070433][T13312] loop4: detected capacity change from 0 to 32768 [ 1271.094402][T13312] (syz.4.11926,13312,1):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1271.125999][T13312] (syz.4.11926,13312,1):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1271.213159][T13312] JBD2: Ignoring recovery information on journal [ 1271.416853][T13312] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 1271.688011][T13410] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11954'. [ 1271.989361][T13417] random: crng reseeded on system resumption [ 1272.005263][ T5828] ocfs2: Unmounting device (7,4) on (node local) [ 1272.413293][T13428] loop3: detected capacity change from 0 to 4096 [ 1272.433570][T13428] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512). [ 1272.896788][T13403] loop2: detected capacity change from 0 to 32768 [ 1273.875664][T13442] loop1: detected capacity change from 0 to 32768 [ 1273.983323][T13442] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1274.051793][T13482] loop5: detected capacity change from 0 to 32768 [ 1274.064733][T13482] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.11969 (13482) [ 1274.106157][T13482] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1274.139230][T13442] XFS (loop1): Ending clean mount [ 1274.152536][T13482] BTRFS info (device loop5): using crc32c checksum algorithm [ 1274.361737][T13482] BTRFS info (device loop5): setting nodatasum [ 1274.385251][ T5816] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1274.419837][T13482] BTRFS info (device loop5): setting nodatacow [ 1274.454954][T13482] BTRFS info (device loop5): turning on async discard [ 1274.507206][T13482] BTRFS info (device loop5): enabling free space tree [ 1274.541143][T13482] BTRFS info (device loop5): enabling auto defrag [ 1274.577199][T13482] BTRFS info (device loop5): max_inline set to 0 [ 1274.822254][T13569] netlink: 'syz.1.11984': attribute type 10 has an invalid length. [ 1274.893007][T13569] dummy0: left allmulticast mode [ 1274.925864][T13569] dummy0: entered promiscuous mode [ 1274.967961][T13569] team0: Port device dummy0 added [ 1274.974854][T13491] loop2: detected capacity change from 0 to 40427 [ 1275.010714][T13491] F2FS-fs: heap/no_heap options were deprecated [ 1275.049989][ T5831] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1275.067244][T13491] F2FS-fs (loop2): build fault injection rate: 16 [ 1275.103673][T13576] loop3: detected capacity change from 0 to 256 [ 1275.116564][T13491] F2FS-fs (loop2): build fault injection type: 0x3bfe8c [ 1275.170186][T13491] F2FS-fs (loop2): invalid crc value [ 1275.209567][T13491] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_build_segment_manager+0x362f/0x9fe0 [ 1275.273312][T13584] 8021q: VLANs not supported on lo [ 1275.350900][ C0] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of bio_endio+0x7a3/0x910 [ 1275.680461][T13597] loop3: detected capacity change from 0 to 1024 [ 1275.690567][T13597] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 1275.723338][T13491] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 1275.734080][T13597] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 1275.790563][T13597] EXT4-fs error (device loop3): ext4_get_journal_inode:5890: inode #32: comm syz.3.11994: iget: special inode unallocated [ 1275.822305][T13491] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1275.876832][T13597] loop3: lost file I/O error report for ino 32 type 5 pos 0x0 len 0x0 error -117 [ 1275.877497][T13597] EXT4-fs (loop3): Remounting filesystem read-only [ 1275.880805][T13611] netlink: 'syz.1.11997': attribute type 1 has an invalid length. [ 1275.886704][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 1275.907409][ C1] EXT4-fs (loop3): initial error at time 2000001128: ext4_get_journal_inode:5890: inode 32 [ 1275.917471][ C1] EXT4-fs (loop3): last error at time 2000001128: ext4_get_journal_inode:5890: inode 32 [ 1275.919628][T13610] loop6: detected capacity change from 0 to 1024 [ 1275.940291][T13597] EXT4-fs (loop3): no journal found [ 1275.945854][T13597] EXT4-fs (loop3): can't get journal size [ 1275.952882][T13597] EXT4-fs (loop3): filesystem is read-only [ 1275.992018][T13597] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1276.064549][T13610] hfsplus: failed to load extents file [ 1276.108003][T13491] F2FS-fs (loop2): inject dquot initialize in f2fs_dquot_initialize of f2fs_create+0x1a8/0x6a0 [ 1276.504159][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1276.746272][T13646] loop1: detected capacity change from 0 to 512 [ 1276.762946][T13646] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 1277.620217][T13694] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1277.685513][T13696] loop5: detected capacity change from 0 to 1764 [ 1277.746214][T13696] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 1278.119638][ T31] kauditd_printk_skb: 69 callbacks suppressed [ 1278.119665][ T31] audit: type=1326 audit(2000001130.158:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13720 comm="syz.1.12030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4edb9c819 code=0x7ffc0000 [ 1278.242315][ T31] audit: type=1326 audit(2000001130.158:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13720 comm="syz.1.12030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4edb9c819 code=0x7ffc0000 [ 1278.359835][ T31] audit: type=1326 audit(2000001130.168:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13720 comm="syz.1.12030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fd4edb9c819 code=0x7ffc0000 [ 1278.426528][ T31] audit: type=1326 audit(2000001130.168:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13720 comm="syz.1.12030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4edb9c819 code=0x7ffc0000 [ 1278.479734][T13741] openvswitch: netlink: Unexpected mask (mask=201040, allowed=10048) [ 1278.530125][ T31] audit: type=1326 audit(2000001130.168:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13720 comm="syz.1.12030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4edb9c819 code=0x7ffc0000 [ 1278.555585][T13747] netlink: 'syz.6.12037': attribute type 21 has an invalid length. [ 1278.587230][T13747] netlink: 132 bytes leftover after parsing attributes in process `syz.6.12037'. [ 1278.792694][T13760] loop5: detected capacity change from 0 to 256 [ 1278.872659][T13760] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x1561949b, utbl_chksum : 0xe619d30d) [ 1279.297783][T13789] bridge2: entered promiscuous mode [ 1279.429835][T13797] loop1: detected capacity change from 0 to 128 [ 1281.816704][T13933] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12096'. [ 1282.015964][T13932] loop2: detected capacity change from 0 to 4096 [ 1282.035110][T13946] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12101'. [ 1282.057230][T13932] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 1282.066317][T13946] openvswitch: netlink: Missing key (keys=200040, expected=100) [ 1282.165261][T13932] ntfs3(loop2): ino=19, mi_enum_attr [ 1282.186741][T13932] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 1282.295511][T13959] loop3: detected capacity change from 0 to 512 [ 1282.357388][T13959] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 1282.391405][T13959] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1282.419180][T13959] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:516: comm syz.3.12105: Block bitmap for bg 0 marked uninitialized [ 1282.443262][T13959] loop3: lost filesystem error report for type 5 error -117 [ 1282.452536][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 1282.466323][ C0] EXT4-fs (loop3): initial error at time 2000001134: ext4_read_block_bitmap_nowait:516 [ 1282.476002][ C0] EXT4-fs (loop3): last error at time 2000001134: ext4_read_block_bitmap_nowait:516 [ 1282.538247][T13959] EXT4-fs (loop3): Remounting filesystem read-only [ 1282.545053][T13959] EXT4-fs (loop3): 1 orphan inode deleted [ 1282.582962][T13959] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1282.904516][ T5823] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1283.826843][T13976] loop2: detected capacity change from 0 to 32768 [ 1283.900560][T14042] netlink: 'syz.5.12132': attribute type 1 has an invalid length. [ 1283.900996][T13976] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.12110 (13976) [ 1283.930214][T14042] netlink: 'syz.5.12132': attribute type 2 has an invalid length. [ 1283.965177][T13976] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 1283.982287][T13976] BTRFS info (device loop2): using blake2b checksum algorithm [ 1284.142721][T13976] BTRFS info (device loop2): enabling ssd optimizations [ 1284.181524][T13976] BTRFS info (device loop2): turning on async discard [ 1284.215859][T13976] BTRFS info (device loop2): enabling free space tree [ 1284.615653][ T103] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 20001 - 0 [ 1284.633642][ T5818] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 1284.997815][T14127] netlink: 36 bytes leftover after parsing attributes in process `syz.4.12147'. [ 1285.060547][T14127] netlink: 16 bytes leftover after parsing attributes in process `syz.4.12147'. [ 1285.402914][T14148] netlink: 132 bytes leftover after parsing attributes in process `syz.2.12153'. [ 1285.555463][T14157] binder: 14154:14157 ioctl c0306201 2000000001c0 returned -14 [ 1285.759979][T14167] loop2: detected capacity change from 0 to 8 [ 1285.855192][T14167] SQUASHFS error: Failed to read block 0x2d7: -5 [ 1285.890092][T14167] SQUASHFS error: Unable to read metadata cache entry [2d5] [ 1285.938157][ T31] audit: type=1326 audit(2000001137.476:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14174 comm="syz.5.12163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5faf39c819 code=0x7ffc0000 [ 1286.011078][ T31] audit: type=1326 audit(2000001137.514:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14174 comm="syz.5.12163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7f5faf39c819 code=0x7ffc0000 [ 1286.061729][ T31] audit: type=1326 audit(2000001137.514:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14174 comm="syz.5.12163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5faf39c819 code=0x7ffc0000 [ 1286.170188][T14185] netlink: 'syz.6.12165': attribute type 1 has an invalid length. [ 1286.178883][ T31] audit: type=1326 audit(2000001137.514:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14174 comm="syz.5.12163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5faf39c819 code=0x7ffc0000 [ 1286.201613][T14185] netlink: 96 bytes leftover after parsing attributes in process `syz.6.12165'. [ 1286.232492][T14185] netlink: 658 bytes leftover after parsing attributes in process `syz.6.12165'. [ 1286.248606][T14192] loop3: detected capacity change from 0 to 256 [ 1286.269985][T14185] netlink: 1 bytes leftover after parsing attributes in process `syz.6.12165'. [ 1286.422478][T14192] FAT-fs (loop3): Directory bread(block 64) failed [ 1286.470551][T14192] FAT-fs (loop3): Directory bread(block 65) failed [ 1286.524057][T14192] FAT-fs (loop3): Directory bread(block 66) failed [ 1286.530615][T14192] FAT-fs (loop3): Directory bread(block 67) failed [ 1286.589907][T14192] FAT-fs (loop3): Directory bread(block 68) failed [ 1286.596462][T14192] FAT-fs (loop3): Directory bread(block 69) failed [ 1286.624963][T14206] loop6: detected capacity change from 0 to 512 [ 1286.665555][T14192] FAT-fs (loop3): Directory bread(block 70) failed [ 1286.672746][T14206] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended [ 1286.710434][T14192] FAT-fs (loop3): Directory bread(block 71) failed [ 1286.732882][T14192] FAT-fs (loop3): Directory bread(block 72) failed [ 1286.747257][T14206] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 1286.783466][T14192] FAT-fs (loop3): Directory bread(block 73) failed [ 1286.835472][T14206] EXT4-fs (loop6): warning: mounting unchecked fs, running e2fsck is recommended [ 1286.870192][T14219] loop4: detected capacity change from 0 to 256 [ 1286.883497][T14206] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 1286.898338][T14206] System zones: 0-2, 18-18, 34-35 [ 1286.935998][T14206] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1286.950775][T14219] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1561949b, utbl_chksum : 0xe619d30d) [ 1286.964874][T14206] fscrypt (loop6, inode 12): Error -61 getting encryption context [ 1287.061226][T27665] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1287.085905][T14230] cgroup: Name too long [ 1287.598992][T14261] loop5: detected capacity change from 0 to 64 [ 1288.366366][T14299] bridge1: entered promiscuous mode [ 1288.866081][T14270] loop3: detected capacity change from 0 to 32768 [ 1288.875869][T14270] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.12189 (14270) [ 1288.912532][T14332] netlink: 'syz.1.12206': attribute type 32 has an invalid length. [ 1288.968531][T14270] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1288.995012][T14270] BTRFS info (device loop3): using sha256 checksum algorithm [ 1289.217473][T14270] BTRFS info (device loop3): rebuilding free space tree [ 1289.307011][T14270] BTRFS info (device loop3): enabling ssd optimizations [ 1289.339958][T14270] BTRFS info (device loop3): using spread ssd allocation scheme [ 1289.383414][T14270] BTRFS info (device loop3): turning on async discard [ 1289.417656][T14270] BTRFS info (device loop3): enabling free space tree [ 1289.446349][T14270] BTRFS info (device loop3): force clearing of disk cache [ 1289.817985][ T5823] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1290.255479][T14412] loop1: detected capacity change from 0 to 4096 [ 1290.326941][T14412] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1290.480704][T14412] Quota error (device loop1): do_check_range: Getting block 256 out of range 1-5 [ 1290.510476][T14412] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 1290.533899][T14412] EXT4-fs error (device loop1): ext4_acquire_dquot:7026: comm syz.1.12224: Failed to acquire dquot type 1 [ 1290.916855][ T5816] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1291.027457][T14446] autofs4:pid:14446:validate_dev_ioctl: invalid path supplied for cmd(0xc018937a) [ 1291.680823][T14408] loop2: detected capacity change from 0 to 32768 [ 1291.736273][T14408] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1291.934830][T14408] XFS (loop2): Ending clean mount [ 1292.041020][T14540] netlink: 20 bytes leftover after parsing attributes in process `syz.3.12247'. [ 1292.220082][ T5818] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1292.557505][T14562] loop4: detected capacity change from 0 to 2048 [ 1292.622383][T14562] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 1292.679564][T14562] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1293.170805][T14590] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12263'. [ 1293.645334][T14567] loop3: detected capacity change from 0 to 32768 [ 1293.720034][T14567] JBD2: Ignoring recovery information on journal [ 1293.732334][T14567] jbd2_journal_bmap: journal block not found at offset 32 on loop3-75 [ 1293.765830][T14579] loop6: detected capacity change from 0 to 32768 [ 1293.776529][T14567] JBD2: bad block at offset 32 [ 1293.802321][T14567] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1293.820040][T14546] loop1: detected capacity change from 0 to 32768 [ 1293.843021][T14579] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1293.887440][T14599] bond3: Removing last ns target with arp_interval on [ 1293.967154][T14567] ocfs2: Unmounting device (7,3) on (node local) [ 1293.976388][T14579] XFS (loop6): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x50. [ 1293.981600][T14546] XFS (loop1): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 1294.107490][T14579] XFS (loop6): Ending clean mount [ 1294.118998][T14666] ALSA: mixer_oss: invalid OSS volume '' [ 1294.298883][T14546] XFS (loop1): Ending clean mount [ 1294.479339][T27665] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1294.540949][T14679] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1294.722487][ T5816] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 1294.972388][T14731] comedi comedi0: dac02: I/O port conflict (0x9,8) [ 1295.985106][T14769] loop1: detected capacity change from 0 to 4096 [ 1296.069542][T14769] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 1296.184341][T14769] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 1296.219873][T14769] ntfs3(loop1): ino=19, mi_enum_attr [ 1296.610422][T14749] loop4: detected capacity change from 0 to 32768 [ 1296.612311][T14761] loop6: detected capacity change from 0 to 32768 [ 1296.691044][T14749] [ 1296.691044][T14749] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1296.691044][T14749] [ 1296.716602][T14761] ERROR: (device loop6): dbAllocNext: Corrupt dmap page [ 1296.716602][T14761] [ 1296.766824][T14761] ERROR: (device loop6): remounting filesystem as read-only [ 1296.788059][T14749] ERROR: (device loop4): xtTruncate_pmap: xt_getpage: xtree page corrupt [ 1296.788059][T14749] [ 1296.815032][T14761] ialloc: diAlloc returned -5! [ 1296.861380][T14749] ERROR: (device loop4): txAbort: [ 1296.861380][T14749] [ 1297.008711][T14773] loop2: detected capacity change from 0 to 32768 [ 1297.071150][T14773] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.12292 (14773) [ 1297.114007][ T5828] ERROR: (device loop4): xtTruncate: xt_getpage: xtree page corrupt [ 1297.114007][ T5828] [ 1297.155733][T18218] ERROR: (device loop4): diWrite: ixpxd invalid [ 1297.155733][T18218] [ 1297.210007][T18218] ERROR: (device loop4): txAbort: [ 1297.210007][T18218] [ 1297.217349][T18218] jfs_write_inode: jfs_commit_inode failed! [ 1297.225045][T14773] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1297.261511][T14773] BTRFS info (device loop2): using sha256 checksum algorithm [ 1297.273088][ T5828] [ 1297.273088][ T5828] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1297.273088][ T5828] [ 1297.295882][T14818] netlink: 16 bytes leftover after parsing attributes in process `syz.1.12306'. [ 1297.321504][ T5828] [ 1297.321504][ T5828] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1297.321504][ T5828] [ 1297.589117][T14773] BTRFS info (device loop2): enabling ssd optimizations [ 1297.600481][T14773] BTRFS info (device loop2): turning on async discard [ 1297.607701][T14773] BTRFS info (device loop2): enabling free space tree [ 1297.704612][T14848] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1297.780024][T14773] BTRFS info (device loop2): resizing devid 73709551615 [ 1297.819756][T14773] BTRFS info (device loop2): resizer unable to find device 73709551615 [ 1298.065239][ T5818] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1298.738586][T30978] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 1298.910950][T30978] usb 7-1: Using ep0 maxpacket: 8 [ 1298.924709][T30978] usb 7-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb [ 1298.941971][T30978] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1298.960981][T30978] usb 7-1: Product: syz [ 1298.965864][T30978] usb 7-1: Manufacturer: syz [ 1298.970479][T30978] usb 7-1: SerialNumber: syz [ 1299.081550][T14909] loop5: detected capacity change from 0 to 256 [ 1299.153958][T14909] vfat: Deprecated parameter 'posix' [ 1299.201338][T14909] FAT-fs: "posix" option is obsolete, not supported now [ 1299.281057][T14915] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1299.453409][T30978] mxuport 7-1:254.0: mxuport_recv_ctrl_urb - usb_control_msg failed (-71) [ 1299.487036][T30978] mxuport 7-1:254.0: probe with driver mxuport failed with error -5 [ 1299.527511][T30978] usb 7-1: USB disconnect, device number 18 [ 1299.547065][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 1299.553409][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 1299.695454][T14934] loop2: detected capacity change from 0 to 512 [ 1299.746332][T14934] EXT4-fs: Ignoring removed bh option [ 1299.943546][T14891] loop4: detected capacity change from 0 to 32768 [ 1299.959104][T14934] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1299.989342][T14934] EXT4-fs error (device loop2): ext4_map_blocks:791: inode #11: block 1: comm syz.2.12334: lblock 0 mapped to illegal pblock 1 (length 1) [ 1300.073889][T14934] loop2: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 1300.076791][T14891] jfs_lookup: dtSearch returned -5 [ 1300.086602][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 1300.086637][ C1] EXT4-fs (loop2): initial error at time 2000001150: ext4_map_blocks:791: inode 11: block 1 [ 1300.086705][ C1] EXT4-fs (loop2): last error at time 2000001150: ext4_map_blocks:791: inode 11: block 1 [ 1300.119383][T14934] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 1300.158613][T14934] EXT4-fs error (device loop2): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.2.12334: EA inode 11 ref wraparound: ref_count=0 ref_change=-1 [ 1300.204788][T14934] loop2: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 1300.208883][T14934] EXT4-fs warning (device loop2): ext4_xattr_inode_dec_ref_all:1230: inode #11: comm syz.2.12334: ea_inode dec ref err=-117 [ 1300.287875][T14934] EXT4-fs (loop2): 1 orphan inode deleted [ 1300.324054][T14934] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1300.612734][T14967] loop5: detected capacity change from 0 to 1764 [ 1300.664883][ T5818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1300.812857][T14967] iso9660: Corrupted directory entry in block 14 of inode 1920 [ 1300.879995][T14983] netlink: 'syz.6.12348': attribute type 1 has an invalid length. [ 1300.923042][T14983] netlink: 224 bytes leftover after parsing attributes in process `syz.6.12348'. [ 1301.049378][T14990] loop4: detected capacity change from 0 to 1764 [ 1301.315536][T14986] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 1301.441735][T30986] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 1301.519668][T15026] xt_l2tp: v2 doesn't support IP mode [ 1301.661805][T30986] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1301.680908][T30986] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1301.716707][T30986] usb 6-1: Product: syz [ 1301.723182][T15033] netlink: 2056 bytes leftover after parsing attributes in process `syz.6.12358'. [ 1301.730447][T30986] usb 6-1: Manufacturer: syz [ 1301.757964][T30986] usb 6-1: SerialNumber: syz [ 1301.789203][T30986] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1301.811564][T30978] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1301.836893][T15031] loop3: detected capacity change from 0 to 4096 [ 1301.860942][T15031] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 1301.907190][T15031] ntfs3(loop3): ino=3, mi_enum_attr [ 1301.960915][T15037] loop2: detected capacity change from 0 to 4096 [ 1301.997673][T15037] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 1302.111882][T15031] ntfs3(loop3): ino=5, "/" indx_read_ra [ 1302.145626][T15031] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 1302.163513][T15037] ntfs3(loop2): ino=19, mi_enum_attr [ 1302.352619][T15037] ntfs3(loop2): failed to convert "c46c" to iso8859-6 [ 1302.393232][T30906] usb 6-1: USB disconnect, device number 28 [ 1302.416945][T15037] ntfs3(loop2): ino=20, mi_enum_attr [ 1302.473638][T15037] ntfs3(loop2): failed to convert "0030" to iso8859-6 [ 1302.531402][T15037] ntfs3(loop2): failed to convert "0031" to iso8859-6 [ 1302.585278][T15037] ntfs3(loop2): failed to convert "0032" to iso8859-6 [ 1302.589711][T15097] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1302.824083][T15109] loop6: detected capacity change from 0 to 16 [ 1302.888482][T15109] erofs (device loop6): mounted with root inode @ nid 36. [ 1302.902076][T15114] loop4: detected capacity change from 0 to 256 [ 1302.973733][T30978] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 1302.994844][T30978] ath9k_htc: Failed to initialize the device [ 1303.017328][T30906] usb 6-1: ath9k_htc: USB layer deinitialized [ 1303.180949][T15114] FAT-fs (loop4): Directory bread(block 64) failed [ 1303.199300][T15114] FAT-fs (loop4): Directory bread(block 65) failed [ 1303.245985][T15114] FAT-fs (loop4): Directory bread(block 66) failed [ 1303.272927][T15114] FAT-fs (loop4): Directory bread(block 67) failed [ 1303.279030][T15144] loop3: detected capacity change from 0 to 16 [ 1303.312137][T15114] FAT-fs (loop4): Directory bread(block 68) failed [ 1303.320331][T15144] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 1303.330232][T15114] FAT-fs (loop4): Directory bread(block 69) failed [ 1303.378318][T15114] FAT-fs (loop4): Directory bread(block 70) failed [ 1303.383796][T15144] cramfs: Error -3 while decompressing! [ 1303.385978][T15114] FAT-fs (loop4): Directory bread(block 71) failed [ 1303.420252][ T6087] udevd[6087]: incorrect cramfs checksum on /dev/loop3 [ 1303.447128][T15114] FAT-fs (loop4): Directory bread(block 72) failed [ 1303.452054][T15144] cramfs: ffffffff9b2bf648(27)->ffff88804e201000(4096) [ 1303.463846][T15144] cramfs: Error -3 while decompressing! [ 1303.476610][T15114] FAT-fs (loop4): Directory bread(block 73) failed [ 1303.505370][T15144] cramfs: ffffffff9b2bf648(27)->ffff88804e201000(4096) [ 1303.512455][ T31] audit: type=1800 audit(2000001153.918:274): pid=15144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.12388" name="file2" dev="loop3" ino=348 res=0 errno=0 [ 1303.534557][T13905] udevd[13905]: incorrect cramfs checksum on /dev/loop3 [ 1303.669272][T13905] udevd[13905]: incorrect cramfs checksum on /dev/loop3 [ 1303.711251][T15150] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512). [ 1303.739432][T15150] ntfs3(loop5): ino=3, mi_enum_attr [ 1303.765046][ T31] audit: type=1800 audit(2000001154.152:275): pid=15114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.12369" name="file2" dev="loop4" ino=1048706 res=0 errno=0 [ 1304.049555][T15150] ntfs3(loop5): ino=5, "/" indx_read_ra [ 1304.089261][T15150] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 1304.154227][T15180] vti0: entered promiscuous mode [ 1304.195326][T15180] vti0: entered allmulticast mode [ 1304.462597][T15198] netlink: 'syz.3.12392': attribute type 1 has an invalid length. [ 1305.113321][T15241] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1305.151429][ T169] bond0: (slave bond_slave_0): link status definitely down, disabling slave [ 1305.216633][ T169] bond0: (slave bond_slave_1): link status definitely down, disabling slave [ 1305.266499][ T169] bond0: now running without any active interface! [ 1305.349955][T15252] usb usb8: usbfs: process 15252 (syz.4.12409) did not claim interface 0 before use [ 1305.638874][T15265] netlink: 32 bytes leftover after parsing attributes in process `syz.3.12413'. [ 1305.669663][T15265] netlink: 32 bytes leftover after parsing attributes in process `syz.3.12413'. [ 1305.777555][T15272] netlink: 45 bytes leftover after parsing attributes in process `syz.1.12415'. [ 1305.827349][ T31] audit: type=1400 audit(2000001156.089:276): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=15275 comm="syz.2.12417" [ 1306.074088][T15227] set_capacity_and_notify: 1 callbacks suppressed [ 1306.074116][T15227] loop6: detected capacity change from 0 to 32768 [ 1306.122528][T15290] netdevsim netdevsim2: Firmware load for '..' refused, path contains '..' component [ 1306.506279][T15309] loop2: detected capacity change from 0 to 2048 [ 1306.587800][T15317] netlink: 'syz.4.12430': attribute type 11 has an invalid length. [ 1306.634102][T15317] netlink: 224 bytes leftover after parsing attributes in process `syz.4.12430'. [ 1307.061945][ T31] audit: type=1400 audit(2000001157.240:277): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A273A02 pid=15345 comm="syz.5.12436" [ 1307.234009][T30910] usb 3-1: new full-speed USB device number 30 using dummy_hcd [ 1307.457177][T30910] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1307.503899][T30910] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89 [ 1307.565269][T30910] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 10 [ 1307.584718][T15372] netlink: 'syz.3.12446': attribute type 1 has an invalid length. [ 1307.621704][T30910] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 65535, setting to 64 [ 1307.644084][T30910] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 1307.677961][T30910] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 1307.700066][T30910] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1307.744394][T30910] usb 3-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 1307.802808][T30910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1307.834020][T30910] usb 3-1: Product: syz [ 1307.838208][T30910] usb 3-1: Manufacturer: syz [ 1307.864324][T30910] usb 3-1: SerialNumber: syz [ 1307.906531][T30910] usb 3-1: config 0 descriptor?? [ 1307.915736][T15339] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1307.929611][T30910] ati_remote 3-1:0.0: Initializing ati_remote hardware failed. [ 1307.956750][T30910] ati_remote 3-1:0.0: probe with driver ati_remote failed with error -5 [ 1307.970311][T15393] sctp: [Deprecated]: syz.4.12450 (pid 15393) Use of int in max_burst socket option. [ 1307.970311][T15393] Use struct sctp_assoc_value instead [ 1308.112782][T15398] loop3: detected capacity change from 0 to 1024 [ 1308.179079][T15398] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI [ 1308.191182][T15398] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 1308.199604][T15398] CPU: 1 UID: 0 PID: 15398 Comm: syz.3.12455 Not tainted syzkaller #0 PREEMPT(full) [ 1308.209074][T15398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1308.219128][T15398] RIP: 0010:__hfsplus_setxattr+0x2437/0x2ab0 [ 1308.225146][T15398] Code: 30 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 6a 02 00 00 48 8b 5b 30 b8 ff ff 37 00 48 c1 e0 2a 48 8d 7b 08 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 34 02 00 00 48 8b 5b 08 be 08 00 00 00 4c 89 5c [ 1308.244763][T15398] RSP: 0018:ffffc900061bf480 EFLAGS: 00010212 [ 1308.250845][T15398] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc900069a1000 [ 1308.258820][T15398] RDX: 0000000000000001 RSI: ffffffff82f7efa9 RDI: 0000000000000008 [ 1308.266795][T15398] RBP: ffff888040424000 R08: 0000000000000005 R09: 0000000000000000 [ 1308.274769][T15398] R10: 0000000000000000 R11: ffff88802a5de000 R12: ffff88807bffc800 [ 1308.282745][T15398] R13: 0000000000000000 R14: 0000000000000000 R15: ffffc900061bf560 [ 1308.290719][T15398] FS: 00007f97918166c0(0000) GS:ffff88812442c000(0000) knlGS:0000000000000000 [ 1308.299665][T15398] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1308.306260][T15398] CR2: 00007f9fd0f456b8 CR3: 0000000091442000 CR4: 0000000000350ef0 [ 1308.314234][T15398] Call Trace: [ 1308.317506][T15398] [ 1308.320440][T15398] ? is_bpf_text_address+0x94/0x1a0 [ 1308.325663][T15398] ? __pfx___hfsplus_setxattr+0x10/0x10 [ 1308.331242][T15398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1308.336894][T15398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1308.342554][T15398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1308.348213][T15398] ? stack_trace_save+0x8e/0xc0 [ 1308.353128][T15398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1308.358779][T15398] hfsplus_setxattr+0x11a/0x2c0 [ 1308.363651][T15398] ? __pfx_hfsplus_security_setxattr+0x10/0x10 [ 1308.369813][T15398] __vfs_setxattr+0x175/0x1e0 [ 1308.374524][T15398] ? __pfx___vfs_setxattr+0x10/0x10 [ 1308.379750][T15398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1308.385399][T15398] ? crypto_mod_put+0x82/0x180 [ 1308.390197][T15398] __vfs_setxattr_noperm+0x127/0x660 [ 1308.395519][T15398] __vfs_setxattr_locked+0x127/0x2b0 [ 1308.400843][T15398] vfs_setxattr+0x14a/0x390 [ 1308.405379][T15398] ? __pfx_vfs_setxattr+0x10/0x10 [ 1308.410432][T15398] ? mnt_get_write_access+0x52/0x2f0 [ 1308.415733][T15398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1308.421384][T15398] ? mnt_get_write_access+0x52/0x2f0 [ 1308.426689][T15398] do_setxattr+0x145/0x180 [ 1308.431136][T15398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1308.436792][T15398] filename_setxattr+0x167/0x1d0 [ 1308.441762][T15398] ? __pfx_filename_setxattr+0x10/0x10 [ 1308.447255][T15398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1308.452904][T15398] ? do_getname+0x191/0x390 [ 1308.457424][T15398] path_setxattrat+0x1ff/0x3b0 [ 1308.462222][T15398] ? __pfx_path_setxattrat+0x10/0x10 [ 1308.467547][T15398] ? do_sys_openat2+0x1b4/0x1e0 [ 1308.472408][T15398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1308.478084][T15398] ? __x64_sys_openat+0x12d/0x210 [ 1308.483120][T15398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1308.488771][T15398] ? xfd_validate_state+0x129/0x190 [ 1308.494007][T15398] __x64_sys_setxattr+0xc6/0x140 [ 1308.498951][T15398] ? do_syscall_64+0x90/0xf80 [ 1308.503635][T15398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1308.509284][T15398] ? lockdep_hardirqs_on+0x78/0x100 [ 1308.514490][T15398] do_syscall_64+0x10b/0xf80 [ 1308.519089][T15398] ? irqentry_exit+0x133/0x650 [ 1308.523861][T15398] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1308.529765][T15398] RIP: 0033:0x7f979099c819 [ 1308.534185][T15398] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1308.553800][T15398] RSP: 002b:00007f9791816028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 1308.562223][T15398] RAX: ffffffffffffffda RBX: 00007f9790c15fa0 RCX: 00007f979099c819 [ 1308.570198][T15398] RDX: 0000200000000280 RSI: 00002000000000c0 RDI: 0000200000000040 [ 1308.578176][T15398] RBP: 00007f9790a32c91 R08: 0000000000000003 R09: 0000000000000000 [ 1308.586149][T15398] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 1308.594120][T15398] R13: 00007f9790c16038 R14: 00007f9790c15fa0 R15: 00007ffc62d4d3d8 [ 1308.602106][T15398] [ 1308.605116][T15398] Modules linked in: [ 1308.609823][T15398] ---[ end trace 0000000000000000 ]--- [ 1308.638098][T15399] loop6: detected capacity change from 0 to 4096 [ 1308.653365][T30978] usb 3-1: USB disconnect, device number 30 [ 1308.703625][T15398] RIP: 0010:__hfsplus_setxattr+0x2437/0x2ab0 [ 1308.716664][T15398] Code: 30 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 6a 02 00 00 48 8b 5b 30 b8 ff ff 37 00 48 c1 e0 2a 48 8d 7b 08 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 34 02 00 00 48 8b 5b 08 be 08 00 00 00 4c 89 5c [ 1308.745924][T15366] loop1: detected capacity change from 0 to 32768 [ 1308.759921][T15398] RSP: 0018:ffffc900061bf480 EFLAGS: 00010212 [ 1308.767809][T15416] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1308.780131][T15398] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc900069a1000 [ 1308.806256][T15399] NILFS error (device loop6): nilfs_find_entry: dir 2 size 2147487744 exceeds block count 1 [ 1308.848422][T15399] Remounting filesystem read-only [ 1308.885281][T15398] RDX: 0000000000000001 RSI: ffffffff82f7efa9 RDI: 0000000000000008 [ 1308.912724][T15398] RBP: ffff888040424000 R08: 0000000000000005 R09: 0000000000000000 [ 1308.920867][T15398] R10: 0000000000000000 R11: ffff88802a5de000 R12: ffff88807bffc800 [ 1308.921180][T27665] NILFS (loop6): disposed unprocessed dirty file(s) when detaching log writer [ 1308.929971][T15398] R13: 0000000000000000 R14: 0000000000000000 R15: ffffc900061bf560 [ 1308.949170][T15398] FS: 00007f97918166c0(0000) GS:ffff88812442c000(0000) knlGS:0000000000000000 [ 1308.968359][T15398] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1308.975039][T15398] CR2: 00007fe56c18f000 CR3: 0000000091442000 CR4: 0000000000350ef0 [ 1308.983546][T15398] Kernel panic - not syncing: Fatal exception [ 1308.989909][T15398] Kernel Offset: disabled [ 1308.994228][T15398] Rebooting in 86400 seconds..