last executing test programs: 35.242325433s ago: executing program 2 (id=541): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000380)={0x1, 0x0, [{0x1fc, 0x0, 0x400}]}) 34.743455537s ago: executing program 2 (id=547): syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f00000000c0)='./file0\x00', 0x4490, &(0x7f0000002cc0)=ANY=[], 0xfd, 0x2b2, &(0x7f0000000440)="$eJzs3U9rE08cx/HPbLbN/trS39pWBOmpWvAk/XMRL4L0GXjxJGoToRgqaAX1VD2LD8B7noIPwKMn8Sz01pMPoJ4i8yfNZrubNMGwbXy/oGFj5jv7ncxsZiYSVgD+Wfd3jtrbx/bPSDXVJN2VIkmJFEu6qmvJ6/2DvYNWszGoopqLsH9GPtKcKbO731R4MSvJ/WNqn8VaOFMQf13yU4er81VngaqZoutV7pOgHq5O+9ngr9UpcFh1AhUzJzrRGy1WnQcAoFrGz+9RmOcXJNlVYRRJ62Ha9/N/d5VwySfQk6oTmLCvQ17PzP9ul9Uxtn//dy/19nuus2PNhKD29vE4uczKj6xaXwLDdpUul+i/Z3ut5u3dF61GpA+6F8z0iq24x4Yful1HbeP2tPb4/dmq18Ja95z7y6N2clrbaNzGKpqxbdjK5p8pslx8xu0xzzic+Wa+m0cm1Wc1Ttd/ccfYbnI9leZ6yue/UV6ja+WsXKmSVl5xJ7kezhAMbGVNuTSyZkOdfR2YluQZ90Ut5aJ86zbLW+eilgujtoZEreSjeqO5PHLSzCfz0Kzpl75oJ7P+j+y7va7zXJm2jCsZRsbA9sSuZOqmmDB3HK4WlozGbRHG8FFPdUeLr96+e/6k1Wq+nNoDeyWOHGVH60VIfkIH3UFwUfKZ2gP7Jldy9u68M3495R8dfC0/PXqdPmIgg2Ba2HWX8fu/zH5lwy3W7EPav06vZ2M7wyrP1LhZsjdYco9z+R1cyd7AuK8e5ov/t0Jle67fHc8XcXuuG7ekm+c5o5eGPC+e0/eyPkKQ2dEPPeb7fwAAAAAAAAAAAAAAAAAAgMtmhB8GzA0uk5T+YKbqNgIAAAAAAAAAAAAAAAAAAAAAcNkV3P+3Pun7/+b13f/3gfwz7v8LTNyfAAAA///AXngC") r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file2\x00', 0x1c4042, 0x40) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x6200, 0x0) sendfile(r0, r1, 0x0, 0x20fffe82) 34.103726195s ago: executing program 2 (id=552): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000800)={@multicast, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x2, 0x0, 0x0, 0x11, 0x0, @multicast2, @multicast1}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x3, 0x7fffffff}}}}}}, 0x0) 33.906066048s ago: executing program 2 (id=555): syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000140)='./file2\x00', 0x0, &(0x7f00000003c0)=ANY=[], 0x1, 0x1f3, &(0x7f0000001880)="$eJzslc+q00AUxr+ZxKT3Ij6AGxde8LowbXJB3Fy4d+PKheCfiwvBYtNSTa20XdiCaJ/AvTsXPoaiWxf6BlIF0U3dqOuRyUwmQ0mrMS0Knh90+k3m5MyZM5MzIAjiv+Xjhx8z8X3/cw3AcezA18+/OLkNt+zf174+fH3p4tGTm8/f+LNgq8inEL8/vwvg1aGDd+ZdIWynO/r/KrjR18BxVusjMARa3wLHda1jMNzQ+o6l+9I+CNrdJA5u95OWFA3ZhLKJ2t2EuYvxzacMLSs+Zo0Px5O7zSSJBxsUv8rf/JBj38SHmj1+ASrahpW/EByh1ntguGJs/Sw3KiXW+k+6+fqdlev3UHHZnwDkT9oFNrzqFJnw5FTLbbKFFgwBbF17H52o7ifb87KvO0iFU/p1rtIiT8XmP4AKAu7aHAq/4CT4q85PdfH2pRZ8pfGLA7V/JtRHql9u0oMlQ15JPzrzpj6JZwxnrPqpSsnT9Kqpj3r368Px5Fy31+zEnfheFO2db2wDiOppIVLtsvLnA1tpfdrO/RfeSRKPeXjQHI0GoWpNP1JtUcXlcDGfcuyexjHZl9XUW/D7zdIs/cmvgz1WvV27XConBEEQ/wCnwNKanNblTOjbxAwIEV3+y3ESBEEQBEEQBEEQBPHn/AwAAP//W8NQxQ==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000580)=""/174, 0xff56) 33.527837402s ago: executing program 2 (id=557): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x12, 0x5, 0x4, 0x2, 0x4, 0xffffffffffffffff, 0x1}, 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r1, &(0x7f00000000c0), &(0x7f0000000100)=@tcp6=r0, 0x1}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) 33.095881484s ago: executing program 2 (id=560): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r0}, &(0x7f0000000540), &(0x7f0000000580)=r1}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000440)={r0, &(0x7f0000000280), &(0x7f0000000340)=""/121}, 0x20) 32.469183999s ago: executing program 32 (id=560): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r0}, &(0x7f0000000540), &(0x7f0000000580)=r1}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000440)={r0, &(0x7f0000000280), &(0x7f0000000340)=""/121}, 0x20) 5.055896641s ago: executing program 1 (id=713): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x4, 0x6, &(0x7f0000000000)=""/6, 0x41100}, 0x94) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x0, 0x3ff}, 0x94) 4.823811859s ago: executing program 1 (id=716): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1000000, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) 3.746603s ago: executing program 1 (id=726): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000001, 0x4c032, 0xffffffffffffffff, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 3.667461984s ago: executing program 4 (id=727): syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, &(0x7f0000000100)=ANY=[], 0x45, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=") r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f0000000200)=@abs={0x1, 0x0, 0x4e22}, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 3.666897834s ago: executing program 0 (id=728): openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0) r0 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 3.361758235s ago: executing program 4 (id=729): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000002c0)='blkio.throttle.write_iops_device\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[], 0x6a) 3.15769206s ago: executing program 0 (id=730): ioctl$SIOCAX25CTLCON(0xffffffffffffffff, 0x89e8, &(0x7f0000000080)={@default, @bcast, @null, 0x63, 0x4, 0x0, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}) syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x73, 0x40, 0x8, "", [{{0x9, 0x4, 0x0, 0x7, 0x2, 0x2, 0x6, 0x0, 0x40, {{0x5}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x3, 0xff, 0x4, 0x7}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x10, 0x1, 0x1, 0xff}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xd, 0x6, 0x2}}}}}]}}]}}, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x3, 0x12) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8) 3.047526548s ago: executing program 1 (id=731): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) getsockopt$TIPC_NODE_RECVQ_DEPTH(r0, 0x10f, 0x83, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 3.047037978s ago: executing program 4 (id=732): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xcc, 0xc}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f00000021c0)={r2, 0x0, 0x0}, 0x10) 2.811332107s ago: executing program 4 (id=734): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) geteuid() 1.938533094s ago: executing program 1 (id=735): syz_mount_image$jfs(&(0x7f00000001c0), &(0x7f0000005d40)='./file0\x00', 0x4000, &(0x7f0000001e40)=ANY=[@ANYBLOB="71756f74612c646973636172642c646973636172642c696f636861727365743d6b6f69382d72752c646973636172642c00f4193eb3ba2a0d5ff2cd7374288ff89ec513a53e007345decb720900f8312da2463eb0edf52fad1a00ebd41c14b3ce75d0cffefd379624b16f7260c835713b263352e03b5cb8fa0c042bd1225ed4ded2b62e12fea4d7e61b738e40781e58d5fff112364ac140f419e5dafecd283b3fab6b142ddbc893b35a81fe9265591ef35fa2928e095fee4c10b22e4212378de59bca0307cc644b9620b63f0000007bbbd422d87856b71348b8f45398b9660b6b3e8ee8a8c32f3234cb46e2cd827ec25c1ca4d046bc004f8df7b1ee690a5e50510700d80c7fa65fa724d0e1b4369f1b64fe249a0312010000004ac983de925f52d735b03fea941b1e948ad8d19cfda5b799325fd69d14fcf6cdde7700a63150eb3699e5314e0827750e244150ec19f3f3f1d8be542c084b5e40bfaa8ad206d2a33b0ddbd7f8e07dc7d17174a4549ffaf5976949cb69658c42ec7cd9fe8ad82852cefb04646edb3a41eb514eb6a772b3ee9f21e25822b54ec33e592d5c040946721101d53aff21f90351c95aa0f73f1853d6afcbf9448b220e988466066fa5c09e6198fc4520d199b93bdedee87c4043815aa05668a06f8da96680ccc1a139ade90f5c79af46208f9762f54e7c29088d9de69bd2d51c6b9c42209ddc3880051303b855853407d959a5777dce25201c5ea1faa084c36e3e349915ebec53435eb2910c59394ee84ba3baf9c440ae5833c23f46b0eaac543ce0c80ba0603213e53ea59755070b18bc10b9224aa082d96700e63d51c5bffa4f712c2d7fafb9cf506c06e1ddad4fc19038407786fedb9afdfb11a5f182676dd84c919f71d5eee2f3b740b68ee7f6518eb9d8baa26f1c3871f863b134ee942eb3af92d19e70d8268839cd7b4637f0627299f99b1873ca165e410f8bd421e1a4859fd9bd6bb34d25c07e1a52b9668a530b10b8585d797124a6975a71aedbe557a17b06bbfe547aa553c3d08b8921a4b0d938c03687bd48a9a387b4c066c056f457fba5738775b900a1e82a89aae1494b05c4bb0fc8ed1a93688bf850a4f7b0942eda1f16ecf043efa6b8c1f9e0fba31f4a58ed0031180fb1b8a00e4a86826b030000002dd1272a3d1609bed545b86ca7a6bf569ed35d0000ca23b0de742f6008fdf20928370d88f8c04bc3b97b9a9e0062e8fc5fd2337d85a66bd20730f3153db2459fb34c134c06c19364e9645e83040dd16ee08f18f0ba69ac9ca3e25e15442b07000000d30d38a64613b535fa808a9b3bae00bc371271d45db200a5cbf433e2f6dd03b7c7fcc040781e5151c9badb787e7e1e2f39d60998919aa8dbd156f31a5b7fa5f9e5ec01e8c799edc322703c7fc4a81ab9bc02dd96714ee9d7e75d28d040ff3566404fd6db547a4b553197c1f316d20ea54f9459cd81351a510d101e90eabe6dc6c6ac3ffa189c073a5fb3fc382df620bf5af9e638819c77a051e6875866a849f6f578c068c0e4c7cfbc15033997efa853c96297b3201dd30ea40dc94d010a0c33da9f63a10b8f813dc789b80be3bb3f00ee58b30d5c03a6ddbf418ac1b3d4a13839e4b273c4f914bed13f8806295495d41609478798396aeec06e8d342efd8ac6b422f6c23a011b1400000000000000bc2a02094e19a1ee8bb3c3c0c088ae8efaf68c85001faf7cf5426fb7c5c367ed93eb25c48a293549d15b91b59f1b574b3f6171f8e56a402ec56bdf51d90312b3ca5398f4050000007504be21456ec953bf06f12fff20c31e7c8b55fee5c49aa939830b09995ff149258118f9aae29206f9731288b56b10de51525665fdb4e289b1c177df97af3085f82045fbd012f1dde94ffecd90b7b63d8197d9c24a6fe5915ac7d7240847f6d0bf9099ee117c83e363f2ad36a4a9f4faa5734afe9770c38c565cae87a408d0acbb2db7db9174acab60a344814ee643fa82ba41706d2360269ed276e13dd83abbc258f07b0d58ab0b65200b18b7f9f871bcb43fec5a2e3789ecd0c1069d2da80b93c86dff8933e70c2108346003ddf6b60379eee63b66e7341cdd8f87ed9f11894c9ae040976321d87405b492f419ebfa77eb367ca6e360b808451102f54893d7d1695c24bcc184b1e7d19940a2b6931ade8638dd2b85a86dc511dbb97f5035d07ca024076e8581db332b1c5f135fe6b2e9d2c18c9d5d5a524d3d5b2657e4b28f1a09696bd5b076a1471c8b2ab2ca3ba57843af1d03590f4e8985e1c463c781bb03ad7ec816ea70bbe06411aae001e0ca72ee7e828ad14bb7a092d883ad000554bf7f00000000000075cc01f8a2e1802192f09e77bc488b3bd3f08a9ce88ba2e2bcc23cf5d7372b339ce1f5003db0ad70fa6e93aa908a2ced81f5514e23e2f94ff03c1c02f5a9195f4735563efd0a1fc7dafcfb3dae043fe0c172ec3a12747d7abf4382bf7453c13df994641017a0f461add956ef8f834b762af30408af6a61f317fd3c7b0816236a768601b7c6606ba52ff126eb13d33c915c5da99d118db488da3f3d7783a608282a93fcbe0910f0389c3ef91de7c84e23daa6554c42b2b3e9f70a9f790f29011a0b5101b23bfeba6e52877ed8a188958e39375dd203d434bef4dc82cc8a21fc40c6e6e6a2475f70bf1503beb9555036e63bdc937f8a4d61b21d06a9d3239d1df6f2e9ef16dee590b15ac028c6d873bb2965374b733d8e11ba763ab157ed91dd871b098c0543dcbba4cf67db8c83c84369dc67735fa4faa0fdcf34b1c6a862ccae9fe4fa28746504643b57f02623a2ef34ea90f2e7f7dd771f8f75217c799d978a3533fcfab6c6f5391b626d61b400f08172fc675e2a062d06c31b85452804f7b125c291f60a02a5d62271e96fe70d64bae36e28b42e197259169ebee8f64355544fb4d8b83c1c8fad02cd1a2e56a6f6e82ec7719a48a1bea803546b8af7a89faf7cef94d8ada45fc0a98a79ba90c95262f0110725c6bf7c81237534dcd6a8a113bd8ac48b7db5526ab762cec103674742476cd6b92b8c7abcfb1f8e08f0a05c1b209187049f3206bd545e8c20f8db6d8a7cdd0c9ecbb9011b611a013cd581521dfcb028d59d5c69d286fb93e4c498b3aaff7e0cdcf1f41fec65ebdbe4c2bf453140251cdd94c32b87c4634d6500000000000000000000000000000000816e6c33f92dca3e03c400"/2303], 0xff, 0x5e9b, &(0x7f000000bc00)="$eJzs3U9vHGcdB/Df/vH6T2kbVagKEQc3hdJSmv8JlH9NOXCAA0ioZxK5bhVIASUB0SoirnJAXICXAJdeOPQt8AL6GhAvgEg2px4og8Z+nmQ8XmcdEu/s+vl8JGfmN8+O95l8PZ5dz8w+AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADED77/k7O9iLjym7TgWMTnYhDRj1iu69WoZy7nxw8j4nhsN8fzETFYjKjX3/7n2YgLEfHJMxGbW7fX6sXnDtiPi2du3fjsh9/7x+//dPf4z97+6Uft9h9//vzHf7gTcexHr3/82Z0ns+0AAABQiqqqql56m38ivb/vd90pAGAq8vG/SvJytVqtVj/R+o/92eqPutC6qRrvTrOIiI3mOvVrBqfjAWDObMSnXXeBDsm/aMOIeKrrTgAzrdd1BzgUm1u313op317zeLC6057/Trkr/43e/fs79ptO0r7GZFo/X3djEM/t05/lKfVhluT8++38r+y0j9LjDjv/adkv/9HOrU/FyfkP2vm37Mr/zxExt/n3x+Zfqpz/8FHy3xjM8f4vfwAAAAAAjr789/9jHZ//XXz8TTmQh53/XZ1SHwAAAAAAAADgSXvc8f/uM/4fAAAAzKz6vXrtL888WLbfZ7HVy9/qRTzdejxQmNXGhwMCAAAAAAAAAAAAANMxjFhJ1/UvRMTTKytVVdVfTe36UT3u+vOu9O2HknX9Sx4AAHZ88kzrXv5exFJEvJU+629hZWWlqpaWV6qVankxv54dLS5Vy433tXlaL1scHeAF8XBU1d9sqbFe06T3y5Pa29+vfq5RNThAx6ajw8ABICJ2jkabjkhHTFU9G12/ymE+2P+PHvs/B9H1zykAAABw+Kqqqnrp47xPpHP+/a47BQBMRT7+t88LqNVqtVqtPnp1UzXenWYRERvNderXDIbjB4A5sxGfdt0FOiT/og0j4njXnQBmWq/rDnAoNrdur/VSvr3m8WB1pz1fC7Ir/43e9np5/XHTSdrXmEzr5+tuDOK5ffrz/JT6MEty/v12/ld22vMQ/4ed/7Tsl3+9ncc66E/Xcv6Ddv4tRyf//tj8S5XzHz5S/gP5AwAAAADADMt//z/m/G/eZAAAAAAAAACYO5tbt9fyfa/5/P8Xxzyu15xz/+eRkfPvHTh/9/8eJTn/fjv/1gU5g8b8vTcf5P/vrdtrH9361xfydObzXxiM6ude6PUHw3TNT7XwTlyL67EeZ/Y8frir/eye9oVd7ecmtJ/f0z6q25dz+6lYi1/G9Xj7fvvihAujlia0VxPac/4D+3+Rcv7Dxled/0pq77WmtXsf9vfs983puOe5/Lf/vLR375q+uzG4v21N9fad7KA/2/8nT43i1zfXb5z67dVbt26cjTTZtfRcpMkTlvNfSF85/5df3GnPv/eb++u9D0ePnP+suBvDffN/sTFfb+8rU+5bF3L+o/SV889HoPH7/zznv//+/2oH/QEAAAAAAAAAAAAAAICHqapq+xbRyxFxKd3/09W9mQDAdOXjf5Xk5Wq1Wq1Wq49e3VSN90aziIi/N9epXzP8btw3AwBm2X8j4p9dd4LOyL9g+fP+6umXuu4MMFU33//g51evX1+/cbPrngAAAAAAAAAA/688/udqY/zn7euAWuNG7xr/9c1YndvxP/ujwfZY52mDXoiHj/99Mh4+/vdwwvMtTGgfTWhfnNC+NKF97I0eDTn/F1LGOf8TacNKGv/15Q7607Wc/8k01nPO/yutxzXzr/46z/n3d+V/+tZ7vzp98/0PXrv23tV3199d/8XZM5cunL944fzFi6ffuXZ9/czOvx32+HDl/PPY164DLUvOP2cu/7Lk/L+cavmXJef/UqrlX5acf369J/+y5Pzzex/5lyXn/0qq5V+WnP9XUy3/suT8X021/MuS8/9aquVflpz/a6mWf1ly/qdSLf+y5PxPp1r+Zcn55zNc8i9Lzj9f2SD/suT8z6Va/mXJ+Z9PtfzLkvO/kGr5lyXnfzHV8i9Lzv9SquVflpz/11Mt/7Lk/L+RavmXJef/eqrlX5ac/zdTLf+y5Py/lWr5lyXn/+1Uy78sOf/vpFr+Zcn5fzfV8i9Lzv+NVMu/LA8+/9+MGTNm8kzXv5kAAAAAAAAAAAAAgLZpXE7c9TYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA/duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFvXuLkbO87wf+7sleGxL8D2figG1OBhZ21ydwiMEkIX9KeqAkpE1Lahx7bZz4VO+ak1DZFNoSBalI7QW9aJpEaRSprUBVpKYSjZAaqb1rrhpxE7USF76AykFJ1VSBrd6Z53k8Mzs7sz6MPfM+nw/CP+/MOzPPvPPO7H7X+s4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjdZ/YuZPhoqiKP+v/bGmKC4u/76q2Fl+Ob/tQq8QAAAAOFvv1f7820vSCTuXcaGGbf7l2n/73sLCwkLxxXdPvP9nCwvpjHVFMbKyKGrnRf/6i58vNG4TPF+MDw03fD3cdO7Fi25+pMvyRrucP9bl/BVdzl/Z5fzxLucv2gGLrKr/PqZ2ZTfU/rqmvkuLy4qx2nk3tLnU80Mrh4fj73JqhmqXWRjbVxwoDhYzxdSiywzV/iuK19eXt/VAEW9ruOG21hZFcfKnz+6JaxgK+/iGounGahofu3fuK9a9+9Nn93xn7u2r282uu2HRSoti44ZynS8UxalfVxVDxcq0T+I6hxvWubbNOkea1jlUu1z599Z1nlzmOuP9Hg/r/FGHda4Npz11fVEU88WS27R6vhguVrfcatrf4/UjoryO8qH8UDF6WsfJ+mUcJ+Vl3rq++ThpPSbj/l8f9snoEmtofDje+cqKRfv9TI+T8l73w7FaXvdD5Y2Ojzf+arXpWC23efbGpY+Bto9dm2MgHcsNx8CGbsfA8IqR2jEwfGrNG5qOgelFlxkuhmq3deLGzsfA5Nyho5OzTz9z+4FDu/fP7J85PD21bcvmrVs2b906ue/AwZmp+p+nt0sHyOpiOB2DG8JrTTwGb27ZtvGQXPjmuXsejPfJ86C875+9qVzQxcPFEsd4uc0LG8/+eZC+7zc8D0YbngdtX1PbPA9Gl/E8KLc5uXF53zNHG/5vt4ZevRauaTgGLuT3w/I2H71l6dfCtWFdL956ut8PRxYdA/FuDYXnXnlK+nlv/K6wXxYfF9eUZ1y0ojg+O3Psjqd2z80dmy7COC8ubXisWo+X1Q33qVh0vAyf9vGy829+edM1bU5fE/bV+G2dH6tymy0TnR+r2qt7+/3ZdOqmIoxz7Hzvz3bfzcr9mbJEh/1ZbvPC7Wf/s2DKJQ2vf2PdXv9Gxkbrr38jaW+MNb3+LX5oRmorK4qTty/v9W8s/H++X/8u65PXv3JfPXpH52Og3ObFydM9BkY7vv5dH+ZQWM8tITGMN+T+92vnz9cP04bHsutxMzo6Fo6b0XiLzcfN5kWXKa+tvO2NU2d23Gy8vvmxavq5pYLHTbmv/nyq83FTbvPG9Nm/dqyKf2147VjR7RgYG1lRrncsHQT117uFVfEYuKPYUxwpDhZ702XKR7m8rYlNyzsGVoT/z/drx1V9cgyU++qVTZ2PgXKbH24+tz87bQynpG0afnZq/f3CUpn/mtFT19e628515i/X+cktnX83VG7z9pbTzRmd99Nt4ZSL2uyn1ufPUsf03uL87KerwjoPbu38u6lym8u2LfN42lkUxZvTb9Z+3xV+v/v3x//9e02/9233O+U3p998cPLhH5/O+gEAOHPv1/6cX1H/WbPhX6yX8+//AAAAwECIuX84zET+BwAAgMqIuX8kzET+BwAAgMqIuX80zCST/P/4Xdtffe+5Ir0b4EIQz4+74aF76tvFjvd8+Hrdwinl6R//9tirX31uebc9XBTFLx/8cNvtH78nrqvuaFznR5tPX+Sq65Z1+489cmq7xvdPOLm9fv3x/iz3MIhd5dcnN9Wud93T07X5xoNFbT48/+Lz9euvfx23P7G5vv1fhjct2blvqOnyG8N6bghzXXhPmYd2ntoP5YyXe3Xttf986edO3V683NCGD9bu5it/UL/e+B5RL19a3z7e76XW/09f++6r5fZP3dh+/c8Nt1//iXC9b4X5ix317Rv3+Vcb1v9HYf3x9uLl7vjWD9qu/7Ur69u/Fo6Lb4TZuv77/vQj77V7vOLt7Ly7frl4+1P/vaV2uXh98fpb1z/+3HTT/mi9/jferV/Pjid+NtK4fTw93k702N3Nx/dQeHybeuRFUXz3j4um/Vx8rH65f2xZf7y+o3e3X/9tLes8OnRd7fKn7s+apvv19b/e1Pb+xvXs/Ls1Tffn5fvD/nt38ofl9Z54OByP4fz//VH9+lrfy/S1+5tfb+L231hTf97G65tsWf/LLeufv67cd93X/8C79fW/du/KpvXv/FQ4nh6oz27r3/9XlzRd/pvfqT8ex56cOHxk9viBvQ17tfF5vHJ81eqLLv7ABy8Jr6WtX+86Mvf4zLF1U+umimLdAL5lYK/X/60w/6s+5s/9LdT9+Gf14+6lT9e/b9388/rXL4fTHwuPZ/z++PW/GGs6Xlsf9/l76/Ns139rWMdyXfm1/7xuWRue+MLrx//hD99u/bkg3p+jl4/X7t8r66+onTf0Rv381terbv7j8ubn9U9Gp2rz+2G/LoR3Zt5wRf32Wq8/vjfJS5+pP3/jT3Lx8kXL+4msGWm+H2e7/p+En2N+cFXz6188Pr7/XPO7ORdriqFyCfPh9aGYr58ft4r7+6WTV7S9vfg+PMX81aezzCXNPj07efDA4eNPTc7NzM5Nzj79zK5DR44fnttVe+/SXV/qdvlTz+/Vtef33pltW4ras/1IffTYhV7/0Uf27L1z6qa9M/t2H98398jRmWP798zO7pnZO3vT7n37Zp7sdvkDe3dMb9q++c5NE/sP7N1x1/btm7dPHDh8pFxGfVFdbJv68sThY7tqF5ndsWX79NatW6YmDh3ZO7PjzqmpiePdLl/73jRRXvqJiWMzB3fPHTg0MzF74JmZHdPbt23b1PXdHw8d3Te7bvLY8cOTx2dnjk3W78u6udrJ5fe+bpcnD7NHwutdi6Hw0/nnb9uW3h+39O2vLHlV9U2afzwt3gnvBRW/v3X7Oub+sTCTTPI/AAAA5CDm/vDG/6fOkP8BAACgMmLuXxlmIv8DAABAZcTcPx5mkkn+1//X/9f/1//X/9f/7yX9f/3/TvT/9f8Hef36//r/dNdv/f+Y+1cVRZb5HwAAAHIQc//qMBP5HwAAACoj5v6LwkzkfwAAAKiMmPsvDjPJI/+Ptf5V/1//X/+/sf8ft9X/L/T/9f/PkP6//n8n+v/6/4O8/j7s/6/S/6ff9Fv/P+b+D4SZ5JH/AQAAIAsx938wzET+BwAAgMqIuf+SMBP5HwAAACoj5v41YSaZ5H+f/6//r//v8//1//uh/39RegWuQP+/aRfr/+v/d6L/r/8/yOvvw/6/z/+n7/Rb/z/m/v8XZpJJ/gcAAIAcxNz/oTAT+R8AAAAqI+b+S8NM5H8AAACojJj7LwszyST/6//r/+v/6//r//dD/9/n/58p/X/9/0L//4xd6P78oK9f/1//n+76rf8fc//lYSaZ5H8AAADIQcz9V4SZyP8AAABQGTH3XxlmIv8DAABAZcTcf1WYSSb5X/9f/1//X/9f/1//v5f0//X/O9H/1/8f5PXr/+v/012/9f9j7r86zCST/A8AAAA5iLn/mjAT+R8AAAAqI+b+D4eZyP8AAABQGTH3rw0zyST/6//r/+v/6//r/+v/99Jg9f+HlzxH/79O/7+Z/r/+v/6//j+d9Vv/P+b+j4SZZJL/AQAAIAcx918bZiL/AwAAQGXE3H9dmIn8DwAAAJURc/+6MJNM8r/+v/6//r/+v/6//n8vDVb/f2n6/3X6/830//X/9f/1/+ms3/r/MfevDzPJJP8DAABADmLu3xBmIv8DAABAZcTcf32YifwPAAAAlRFz/w1hJpnkf/1//X/9f/1//X/9/17S/9f/70T/X/9/kNev/7+8/v+KbldEpfVb/z/m/hvDTDLJ/wAAAJCDmPtvCjNpyP9DPfvXBAAAAOB8iLn/5jAT//4PAAAAlRFz/8Ywk0zyv/6//r/+v/6//r/+fy/p/y/q/7/1P4X+f6T/r/8/yOvX//f5/3TXb/3/mPtvCTPJJP8DAABADmLuvzXMRP4HAACAyoi5/7YwE/kfAAAAKiPm/okwk0zyv/6//r/+v/6//r/+fy9Vtf+fXkd9/r/+v/6//r/+v/4/S+q3/n/M/beHmWSS/wEAACAHMfffEWYi/wMAAEBlxNw/GWYi/wMAAEBlxNw/FWaSSf7X/9f/1//X/9f/1//vpar2/8/i8//1/xvo/+v/D/L69f/1/+mu3/r/MfdPh5lkkv8BAAAgBzH3bwozkf8BAACgMmLu3xxmIv8DAABAZcTcvyXMJJP8r/+v/6//r/+v/6//30v6//r/nVS//3+k+Q0A9P/PqQu9fv1//X+aDbc5rd/6/zH3bw0zyST/AwAAQA5i7t8WZiL/AwAAQGXE3H9nmIn8DwAAAJURc/9dYSaZ5H/9f/1//X/9f/1//f9e0v/X/++k+v1/n//fSxd6/fr/+v9012/9/5j7t4eZZJL/AQAAIAcx9380zET+BwAAgMqIuf/uMBP5HwAAAAZKu88hjGLu/1iYSSb5X/+/6v3/hZX6//r/+v+d16//31v6//r/nej/6/8P8vr1//X/6a7f+v8x9+8IM8kk/wMAAEAOYu6/J8xE/gcAAIDKiLn/3jAT+R8AAAAqI+b+nWEmmeR//f+q9/99/r/+v/5/t/Xr//eW/r/+fyf6/4PZ/w8/tuj/n5/+//hSl2/s/5fHkP4//ajf+v8x998XZpJJ/gcAAIAcxNz/8TAT+R8AAAAqI+b+T4SZyP8AAABQGTH3fzLMJJP8r/+v/6//r/+v/6//30v6//r/nej/D2b/P9L/9/n/+v9002/9/5j77w8zyST/AwAAQA5i7v9UmIn8DwAAAJURc///DzOR/wEAAKAyYu5/IMwkk/yv/6//r/+v/6//r//fS/r/+v+d6P/r/w/y+vX/9f/prt/6/zH3/0qYSSb5HwAAAHIQc/+DYSbyPwAAAFRGzP2fDjOR/wEAAKAyYu7/1TCTTPK//v/56f8Pp+vX/9f/1//X/9f/P5f0/weo/z/U+uzT/9f/H+z16//r/9Ndv/X/Y+7/tTCTTPI/AAAA5CDm/l8PM5H/AQAAoDJi7v+NMBP5HwAAACoj5v6Hwkwyyf/6/z7/X/9f/1//X/+/l/T/9f870f/X/x/k9ev/6//TXb/1/2Pu/80wk0zyPwAAAOQg5v6Hw0zkfwAAAKiMmPs/E2Yi/wMAAEBlxNz/2TCTTPK//r/+v/6//r/+v/5/L+n/D2z/f2Wh/9+V/r/+v/6//j+d9Vv/P+b+R8JMMsn/AAAAkIOY+z8XZiL/AwAAQGXE3P9bYSbyPwAAAFRGzP2/HWaSSf7X/9f/1//X/9f/1//vJf3/xf3/8jXsQvb/VyxnQ5//vyz6//r/+v/6/3TWb/3/mPs/H2aSSf4HAACAHMTc/zthJvI/AAAAVEbM/b8bZiL/AwAAQGXE3P9omEkm+V//X/9f/1//X/9f/7+X9P8H9vP/9f+XQf9f/1//X/+fzvqt/x9z/xfCTDLJ/wAAAJCDmPt/L8xE/gcAAIDKiLl/V5iJ/A8AAACVEXP/Y2EmmeR//X/9f/1//X/9f/3/XtL/1//vRP9f/3+Q16//r/9Pd/3W/4+5f3eYSSb5HwAAAHIQc/8Xw0zkfwAAAKiMmPv3hJnI/wAAAFAZMffvDTPJJP/r/+v/6//r/+v/6//3kv6//n8n+v/6/4O8fv1//X+667f+f8z9M2EmmeR/AAAAyEHM/fvCTOR/AAAAqIyY+/eHmcj/AAAAUBkx9z8eZpJJ/tf/1//X/9f/1//X/+8l/X/9/070//X/B3n9+v/6/3TXb/3/mPsPhJlkkv8BAAAgBzH3fynMRP4HAACAyoi5/8thJvI/AAAAVEbM/QfDTDLJ//r/+v/6//r/+v/6/72k/6//34n+v/7/IK9f/1//n+76rf8fc/+hMJNM8j8AAADkIOb+w2Em8j8AAABURsz9R8JM5H8AAACojJj7j4aZZJL/9f/1//X/9f/1//X/e0n/X/+/E/1//f9BXr/+v/4/3fVb/z/m/t8PM8kk/wMAAEAOYu4/FmYi/wMAAEBlxNw/G2Yi/wMAAEBlxNw/F2aSSf7X/9f/1//X/9f/1//vJf1//f9O9P/1/wd5/fr/+v9012/9/5j7j4eZZJL/AQAAIAcx9z8RZiL/AwAAQGXE3P9kmIn8DwAAwP+xd5e7np1VHMf/pRkgIQ3XwhVwCVwDr7gFpLgWd5fi7u7u7u4uheIaSsJZax06svecU3b/z37W5/NmBWYy88AkTX+ZfLOZRu7+e8ctTfa//l//r/8/7f9vvNfJf3+k/v+k89P/6//1/2ei/9f/H/T/53bsfn7v79f/6/9ZN1r/n7v/PnFLk/0PAAAAHeTuv2/cYv8DAADANHL33y9usf8BAABgGrn7r49bmux//b/+X//v+//6f/3/lvT/+v8l+n/9/57fr//X/7NutP4/d//945Ym+x8AAAA6yN3/gLjF/gcAAIBp5O5/YNxi/wMAAMA0cvc/KG5psv/1//p//b/+X/+v/9+S/l//v0T/r//f8/v1//p/1o3W/+fuf3Dc0mT/AwAAQAe5+x8St9j/AAAAMI3c/Q+NW+x/AAAAmEbu/ofFLU32v/5f/6//1//r//X/W9L/6/+X6P/1/3t+v/5f/8+60fr/3P0Pj1ua7H8AAADoIHf/I+IW+x8AAACmkbv/kXGL/Q8AAADTyN3/qLilyf7X/+v/9f/6f/2//n9L+n/9/xL9v/5/z+/X/+v/Wbd5/3+PG/57r7b/z91/Q9zSZP8DAABAB7n7Hx232P8AAAAwjdz9j4lb7H8AAACYRu7+x8YtTfa//l//f9r/33LN1P3/9Zf+een/b/1O/b/+fwv6f/3/Ev3/qP3/1f0/of/X/+v/WbN5/7/S+1/8n3P3Py5uabL/AQAAoIPc/Y+PW+x/AAAAmEbu/ifELfY/AAAATCN3/xPjlib7X/+v//f9f/2//l//vyX9v/5/if5/1P7f9/9va/9/96t4v/6fDkbr/3P3PyluabL/AQAAoIPc/U+OW+x/AAAAmEbu/qfELfY/AAAATCN3/1Pjlib7X/+v/9f/6//1//r/Len/9f9L9P/6/z2/3/f/9f+sG63/z93/tLilyf4HAACADnL3Pz1usf8BAABgGrn7nxG32P8AAAAwjdz9z4xbmux//b/+X/+v/79N/f+1+n/9/zL9v/5/if5f/7/n9+v/9f+sG63/z93/rLilyf4HAACADnL3Pztusf8BAABgGrn7nxO32P8AAAAwjdz9z41bmux//b/+X/+v//f9f/3/lvT/0/X/1+j/T+n/9f/6f/0/y0br/3P3Py9uabL/AQAAoIPc/c+PW+x/AAAAmEbu/hfELfY/AAAATCN3/41xS5P9r//X/+v/9f/6f/3/lvT/0/X/vv//P/T/+n/9v/6fZaP1/7n7Xxi3rA2/Cys/DgAAAAwjd/+L4pYmf/8PAAAAHeTuf3HcYv8DAADANHL3vyRuabL/9f/6f/2//l//r//fkv5f/79E/3/5/v/OV/j99P9jvV//r/9n3Wj9f+7+l8YtTfY/AAAAdJC7/2Vxi/0PAAAA08jd//K4xf4HAACAaeTuf0Xc0mT/X6n/v/kuJz+u/786+v/Lv1//r//X/+v/9f/6/yX6f9//3/P79f/6f9aN1v/n7n9l3NJk/wMAAEAHuftfFbfY/wAAADCN3P2vjlvsfwAAAJhG7v7XxC1N9r/v/+v/9f/6f/2//n9L+n/9/xL9v/5/z+/X/+v/WTda/5+7/7VxS5P9DwAAAB3k7n9d3GL/AwAAwDRy978+brH/AQAAYBq5+98QtzTZ//p//f/R+/876P+T/j/+XPX/+v8z0P/r/w/6/3M7dj+/9/fr//X/rBut/8/d/8a4pcn+BwAAgA5y978pbrH/AQAAYBq5+98ct9j/AAAAMI3c/W+JW5rsf/2//v/o/b/v/xf9f/y56v/1/2eg/9f/H/T/53bsfn7v79f/6/9ZN1r/n7v/rXFLk/0PAAAAHeTuf1vcYv8DAADANHL3vz1usf8BAABgGrn73xG3NNn/+n/9v/5f/6//1/9vSf+v/1+i/9f/7/n9+n/9P+tG6/9z978zbmmy/wEAAKCD3P3vilvsfwAAAJhG7v53xy32PwAAAEwjd/974pYm+1//v/f+/543xQv0//p//b/+f0j6f/3/Ev2//n/P79f/6/9ZN1r/n7v/vXFLk/0PAAAAHeTuf1/cYv8DAADANHL3vz9usf8BAABgGrn7PxC3NNn/Pfr/C5f8tHn6f9//1//r//X/Y9P/6/+X6P/1/3t+v/5f/8+60fr/3P0fjFua7H8AAADoIHf/h+IW+x8AAACmkbv/w3GL/Q8AAADTyN3/kbilyf7v0f9fqkH/n/+zbt/+/5a76v/1/0X/r/8/6P/1/yv0//r/Pb9f/6//Z91o/X/u/o/GLU32PwAAAHSQu/9jcYv9DwAAANPI3f/xuMX+BwAAgGnk7v9E3HC36473pNuV/n/a/t/3//X/+n/9/xD0//r/Jfp//f+e36//1/+zbrT+P3f/J+MWf/8PAAAA08jd/6m4xf4HAACAaeTu/3TcYv8DAADANHL3fyZuabL/9f/6f/2//l//r//fkv5f/79E/6//3/P79f/6f9aN1v/n7v9s3NJk/wMAAEAHufs/F7fY/wAAADCN3P2fj1vsfwAAAJhG7v4vxC1N9r/+X/+v//+/9f8XLv719f/6f/2//l//v0z/r//f8/v1//p/1o3W/+fu/2Lc0mT/AwAAQAe5+78Ut9j/AAAAMI3c/V+OW+x/AAAAmEbu/q/ELU32v/5f/6//9/1//b/+f0v6f/3/Ev2//n/P79f/6/9ZN1r/n7v/q3FLk/0PAAAAHeTu/1rcYv8DAADANHL3fz1usf8BAABgGrn7vxG3NNn/M/f/Sz9N/39C/6//P+j/9f8b0//r/5fo//X/e37/mfr/y/xLpf6fDkbr/3P3fzNuabL/AQAAoIPc/d+KW+x/AAAAmEbu/m/HLfY/AAAATCN3/3filib7f+b+f4n+/4T+X/9/0P/r/zem/9f/L9H/6//3/H7f/9f/s260/j93/3fjlib7HwAAADrI3f+9uMX+BwAAgGnk7v9+3GL/AwAAwDRy9/8gbmmy//X/+n/9v/5f/6//35L+X/+/RP+v/9/z+/X/+n/Wjdb/5+7/YdzSZP8DAABAB7n7fxS32P8AAAAwjdz9P45b7H8AAACYRu7+n8QtTfa//l//r/8fqv+/48W/jv5f/6//X6b/1/8f9P/ndux+fu/v1//r/1k3Wv+fu/+ncUuT/Q8AAAAd5O7/Wdxi/wMAAMA0cvf/PG6x/wEAAGAauft/Ebc02f/6f/2//v/c/f+1B9//v9V79P/6/8vR/+v/l+j/9f97fr/+X//PutH6/9z9v4xbmux/AAAA6CB3/6/iFvsfAAAAppG7/9dxi/0PAAAA08jd/5u4pcn+1//r//X/Q33/X/+v/9f/n5H+X/9/0P+f27H7+b2/X/+v/2fdaP1/7v6b4pYm+x8AAAA6yN3/27jF/gcAAIBp5O7/Xdxi/wMAAMA0cvffHLc02f/6f/3/lP3/nfT/+n/9/yj0//r/Jfp//f+e36//1/+zbrT+P3f/7+OWJvsfAAAAOsjd/4e4xf4HAACAaeTu/2PcYv8DAADANHL3/yluabL/9f/6/yn7f9//1//vrf+/9vQfwPr/s9H/6/8PM/T/153+/vr//bxf/6//Z91o/X/u/j/HLU32PwAAAHSQu/8vcYv9DwAAANPI3f/XuMX+BwAAgGnk7v9b3DLV/v/3FVs2/b/+X/+v/9f/D9D/+/7/uen/9f+HGfr/w+nvr//fz/v1//p/1o3W/+fu/3vcMtX+BwAAgN5y9/8jbrH/AQAAYBq5+/8Zt9j/AAAAMI3c/f+KW5rsf/2//l//r//X/+v/t6T/1/8v0f/r//f8fv2//p91o/X/ufv/EwAA//9cXC6B") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x60843, 0x15) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000080)={0xfc6, 0xfffffffffffffff7, 0x6976}) syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a5a438, &(0x7f0000006900)=ANY=[@ANYRES32=0x0, @ANYRESHEX=0x0, @ANYRES8, @ANYRESHEX, @ANYRESHEX, @ANYBLOB="0d9435a8af712ba22db08aad61bf52901d77aded910bc7949acdf1a626f568d38938f8ec34f72c1e0b3e6540dc1e44beac32958b12631708d0a5635580b2f9fef13a977211e5d519ab9531321cfb53a9b413ea91f290924482d4007a70a19759dd63f9fc81f2c63fe27bce5e7dddf01fa5c3f09ef226ee04045b0cf0661e3d5a67446c4d93db12c2ac7a15f0265fd7eade1a72cbd696413a03174375c955f8c82a9774c2c8ac5046d59c86dbd5165e6e447586", @ANYBLOB="4c07f18b4a72a428cdf1fcc6a889d51c7d395bfc15396c272d41b4a79dba0739c1c7461ae19481932aa4c03054c8b2442a4c1e4311032bebb0cb70495acfcf1f08735df868c705", @ANYBLOB="37b57cfa7d0121345c29b6064f49a0f95b88671b8e9149556e5ff3c7012f7856b6557bae1d1d61efea623114a0b4b52f68387d2040dd08c5aa753b596ede3f3d637f96752310a389efcd8cf335ca9dbbbc10bda7a16342968c9ab4fd1ac65da604cd9b42d6d0dc0e895e0b2f42822d1b342f88a8d607008d20b22b776a70a07a2c53fc32be094c857279c58542b176bfbcc6c7e9808da687b44a8b21d23cc2f80050f8fd457f5a5595226d2008bcded226ab2e75d00ab5592daa23e809e04c2b370af460ae93b7efc32bf174830779058ad75290b9abb59be5f8859001e651c1d404a5f28eaf3781f2288249ae7b385a9c40929cae3fa5a6f142cd057ebdbc000000e34db2d14a6458499de0819d89f570a72fee0dd8cf744e0daf8f31b1d8edda87296ca7632e1e6e23", @ANYRES16, @ANYRES32, @ANYBLOB="ac2d5b5b8945d57e7869648ebe10b8d2719763b4bf3f6667bf8f722606d2b3593f26218e9a5fba2e7d4166787da71737b380045fb0a682e2915271f214c0112961b73c4638e7ba68deb34826d7682ace7549c83bf52bd9142b6c5adebf82155270d33204c09c07ed4ca2fc932af48646c9624e3e3544d68f61a2b073fb85332599b299a4f441a8e2f74c57aa38b5b596238280c1693bba97ff258679ab84485970b60f81093dda6501baba18a7790ca3e6fcfa12898b9fff3faf613d71f9d64dbd5c2edad8e774fb0da39e532d92164e2d34aff7cae32f3cd7aa9aace000f136323e4808d0c66c0828942def38deb2e1d847555fe0d5ba8084babb3169f9f06246ecd5327758448c9c7e4591da12ff1b084e757d05af4f0f0444ecfcc0c4d2067a98d49fe52412218380bb75e21cd23724e0390b116b9a1c1e3350b3e6f17c5bd1f1adb4ce1d03d5b30eb0690340708f06dfca5c9d74a7c140cabddd0f37d8bcf15e578dde85d7c28ccb1c9633ceeb54bb278d5a097220ca53a2ea4781aca2b70189199938afba9a700a610225311fe8316794ca0ae139a50dbd34d572d6165eaaa94844620045e615d51f5e19c29aadad3539490961135851f15bbfd0604f3926877583d85c45a04c6f155ad6e1966d2004ab6ab51f9beb82dbcdcaaab886564cbf81b581da397eba4fc8fe430ef93ed613cd588e399669b9f4b63481163e6c2b74112538192be9551ca400bc2b947a535fccbc567a68a3ab94554385bb1f2a0e2146310113102a9ffbcbbf44d30e076d363d6201faecf8bbbbc9d7fcd38195860bbc85ee3f5f9b2c990164abc3a7674ab2a631147d708585f52694a46b681cbc623b53a272f21f2aa5597beec8094954541316cc45ec9751fef12369e7272b7bdcb527bac4a19e0bba1b68ef98e3563705e9ca40bb914cece2fd75c2375b81a06dadcdb1c54a175855e30c3d9ca58ca873e43d703b1471526fb3dfe12e140b81df3afae6104e5ffa4e8585b456a7199c75c5abc7afeca743fce310df09062f20b9a99fac5d019338d98606805f4faad9cc81ebf03b7239a340c973828b676af4e594d796689f9823730c5ead8dba256925869ab0d7196a99b75a15f9927852d7813aa5a4cb76764749e882d59c094c5ebd1911153150e8d53aa8abbf360a4045b63e0e296d03158de8aa02b5aeb459dcdc6b9d5aa8c0e455e7cb6a5d9b26ee5420e41d89590a0c04ca8701a6a386716a32e04102f281f66317a21940c0cf83e128f4f83bdf6770170d74d43f3b1f4c0bb5e8c69254e0bfd15c6d02596bf3b547e5b9b8e84390455a9c4b00b633c661616aca4a4158868be21633f343155996eaff00c2c347fea03c6f06e7adcd83cf320e3a446d07dba202e5960632560da8a3b60efe5a814a5cb2a4ff0842fff23897b583b381e5030e506caef8dc97bef9532111e3eb3621870ec39fe2351d3814a02d2f9e38aac1f0897f32ddbffdc6e0acdea95ff7f67865daae1130f68f00985682ecefc43fb6f8521514923b5cf3560be0739aeb4eb00b389d39ebb9b974e054120fcd48c0d6bc09441c2c19f41bdfceed01a3b686921500fae88795f216794d21dd3a98f2fdb5a1590e0cbdc5cd9593b164e255131c21f22ed7e7ed4ec83db91f8bf5f327d7222be1e470a7c0d0a657c73ad606f2ef0c59d3c118c601d23d67ee16ce3658c9153b8131f06c1e4f83c49dbe6dbc3478b1313b9221bc4c5eadebfd16cd07afde509f2e926fcfd5f8feabe836f4080ea5e65c1e4d859f16ac45ad8c804eb9ecce363faf19c1409d8192a644823578ccfd5b643478eb948223676d375f811fffa874f7c2a281104a28baf4da2716ae870abb3e0f05e63466176356728a700fe39ebb62bdbff139fdbf21520022984dc6d3eed1d81b94f28a07cc238ccb64d65e87534c0111bb76212368c6e8e9a536e758fa2f16a2cab9d31984055488b27bcff12bcc5a0fe21a0e44edfb87c681060e6944ff89dce4a9c7122c53acc27913a5fbf15c9ada971df88f0df3f82eb563f63c640ad6e39a1f5c1aad83c364957ec6d645f4243d1fb4ecef275d4c0ca0284064cde0c282d793f290bab5a4dec15f3e2adcc9d455d2e28bd040d6e0f651ac6f20f55d1303d2aaef2104b393afc849e9cd7743ca20a6f092cbf42a67446892493128d38bb0d0f507ffe3fd718ec48eff58df729728bc01ee180d676dfa22c81da0e4e3fda94f4f94195bc82e1f941d8a290ca0d416373d420eba196470e4f25940506061c601f12b3656d6d6b3a47e50d5235b7fd0f82bb0835aee3470b69bf7e59616ece447d9af36c396f687214ff7d7e27961f461c780b4c563aeb47fa9f335cbdade8a06711ba79b6fe8778ac1bc06bb59131c17409c1d1d0cc746aec8c3b1348f9585945192d8e32002c676753ab246a92702fc8e3a3ce89b84661b1b10dcd73fddacd311ca663d483b87a59225f60627eecf409d6188236b198633d47c5f1c0ba0bb4321aac88a6061d5e97883914cd74284ab937b9579ccee6ab5bb39f6274a04e3e7a8c3d033e340357bc15c5f6daa047b1cee448ac380bbde4bf806b0891a04b9e408609b040b7d3a02d2a76d4013756d79244792c543fe2327a3c371852bed5ab54de987bc4699b32ad1c08f7fff7a23069e72bddc9a590b2c707bac3957d46b657a4e17f1914db58fb6436bdd58b86df491016a2b9ebe0c35a859b216f17f4828c8dee30a38ed1fc36347af978999d0c404313cf99c9281c45194abd79475a80ea1486840aad72b1c0c4f17fe35a150fcb574fa9fcc09a7fc5dcd34e15d4bf1bccfa8bf423d2437e2eb0d3ca9324fbfc7e256b862c50ebc8db3fb69f69003d37807af8ddccf2d929ad9d06ebbb7e538d93bb0b7bc828e1639e0b5e89c22badca307ad28183c3083e87c917feb4c882397d397ea2e7ff0e05ebb252940302cdc0f0f7efe40685f7c3e8923e3795d70d69c70d9a071e401cee771f29dcb5316471768464c4659f2c76d11713ab44f4c944a4819deb1248b02457403e9630aaf4a180e9e55bb4d291e9a2bc85a1ed17f906d54935c7e5e8b707ead56284fda0208bd88ab5c3259bd5329c0d26653eb07b6856ad799fd6fa8d2111da3970ff8509bc2ef3a8813d04f36001526b70757646ed4bf25a256751b8ec714f2e62dea19e82aacec389195532bf7f335afae4351adb93c846e22f1f2a3e0d620d81688bd5530e389f2284b3c997d4abab7c30aac1b141425cd9aa315dc5a5e8b04fd503d79896b1494d8be48048c7392fc92c325b76bde4496c49da34c9ff95969bec8f95c356239d5336907957383b12c512fff6d797097a26a5aee9251bae940ef1a19b3f746396300d3baeb476b023f740ed7c1da92fdbf1834c3a882a6079885b933333d0e194cc1f25a06c3a2d370936886cb385d9861d6762c7416a1db5275228b6499cdef9767fb998d43251b963bc4477b2c051b70a0317de5f6ec3158914145bd036ff194df9722d2a3d2ac2397891b573a34ad16236cdc7ca77bc15f0fdbc3cae923d61633a42bab450a80cf3ee6580e792b1617d74fa189d450a64ca12d8c797698208ea61010b6072885b762af598159621f838ebacc00ea11f5924b39b2bbbc5c7d667871ce32e9aa75893a9fa13a2ffe66b360e266446259a8745addb4e186139d86d4e8d48537ac35029b0d87c03e8c1a9b9a422594496feda8bc5502777428fe737198ed896c2128a4f7d552f2eea8fef6e68feaf3cbfd549e622eea7bc988bb16fc49b7ab241426f2e40edcca07d4f947ccb1d3b8c2e9cb14a0c04495dbb75bd9c935f36bfe398455b0e5f927d5726e617c69ca81fe36c3e6ea510c5fe4735161c992f9ebf66727e5a7ded590061d4da3b86b996846a6bb102e47d33465d88a68644c8a76a770d5e0318e6c301e7c7f5575bf15a9589b32cfaa41ee15972488497195a2cb49a6b6f937a8e311e34d311dfd4fe222d3abc095b0b24a1b7193eb3353def0cc1511c8fce9b0a7867ae2fed4db93009646dc91a3745387cbe61b37f749b40d5d38970856b7ab8b6e1e0b81c078c68cb55c57854b8b5863b7a4c87f42e6d6dca2de0326b1b26970168c99f59816877448e7f72626f5354fdb5e033cd6b42e9476665efae66287e656590d1f80b3a09557a57d7de4bade6a122d40a92db1d347463b74151d44a02dbe067259c633b8c84425e77a736fca99f06d0fd66e35365511ec017537f4c212e7f2e23369958c3a7b92feffad9edb12139f1f690f9512725c0a1a164e78b4130c91fd3961df91c1a11783c24b03bcf305fd0e14e6510f4d58cf73326e94f2bc1b1ab295297bee7a98b77afe483a7d66e780d5e111b4202285f580ce571ecc0985501faa0e9f2f5b9848d770d8d8ad7b90a951f83279073e45a0c7abcf89cd6200f7fc320e46ea3de2addee3a984432501063f9928d0897d93dde20fe8fbe4dabc1ac34b0efdb3d7c7b4d49571ea64252d7209ff6d0ae5b95ef35d8160c5976f7ed9c4b69db81a73f6d00fd254c417696d6af694f3688826cc04db8019f2419fa99e47dc436fd76890b5291cd2724717a1e604e6cb5e214235664e8c7148c2bd87996c05bcfe1f29200f40a0d766df3ddc6faef82fb34d385f90b8f0e4bb7ba519e7986735c169cb3546d62fb70fbd49eec4edd70397d2fcbfdb9cd87331fce3c9786b7090501b904c8f925a1dbfa151a18e6c145ebb74da7100de60a627100d6c04ce789a7d4e88692cb090fd9ff2006e5ddb870f5b2aa502081eb7a26744de9a0d29a66ef18eb097e1d396561078e3f9258046a3a3e9b5878964d71b526755084f385d9777b2ab503f9d77c09a46004b5005f69eedee80edd87dd17f2292eba00f71dedb010b7b003a8400f6b44d63559a10bc0052c678ac8ed9658aff4f858778ebb60cbaf53d82248a260c7255f943711e8ac31a4b7a4694dcdace3be25ea43bdc9dfd52d369292d8d7581a6979d1b8ad543baeb9296907e0926025f4c3597e98e2eacd048a5dedd0e9dabc3268ed35a91c6180908af07a95bf374573c7b4f611eb30bbb5f1721a6550f483dcaed51d84fdaa5c6a52d7c4d04ca4edfd2884483c2d5aaebf6f06c6fff8bff813923ac8c6edd0eadefab938442ff09b1b3ff926c963d67a01cccbd86cb69bb5e5a4adca82110f87d3ee7800b14412b48cd94feacbaa9c1921e816d0287ad1198b94fd6de314912b79938a0d00ef5968ca4cb506afa1496ce4886c8c44955a92c9d2395f108a357e240511cc7e6548ac4174e5b52cc1f03ea8fa8268a7283e9cd25518cc71114869537891b64337222f04c111407bc2c8777f1132e1b294ec533610fd1ae3b4aa7e20c315d87aeed3a19151677e04173fbd55e88669f515dea19c8b99f8d7e829734f615a9b95e278fec62cf2d1a37d535ef71996530c62e65bb6fde625447e9122cfd947d7032c7580bfa5286bdde0bd9c4f0c63cbceddc302e1daef7f27bf289f72456802560e4477b27520b45f3a39e787824f169b3fa0ec7fba1c37f4499d43a9cdca7595f3e9ab74223c34819b260130d8a7613653101cc9a6e236ac01965356c90814c632ed421a62654a457ccc66040026451610b94898d13292cf2096fc1744b8fe67cebbcee0a3830be987694e593d732f05e3c6503a71173dc9870c3eca017318b628dd651232ea1c424a98b394188c8b8dbf30d69f1976219fd5b1975f8deebabeca970581f011f428c164bb35e0d6be187a5a2887d6bb0889c41c5c24d0b173f05db5d3a9e50318b448b3c8c", @ANYRESDEC, @ANYRESHEX, @ANYRES8], 0xb, 0x0, &(0x7f0000000000)) 1.779569521s ago: executing program 4 (id=737): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x13, r0, 0x7ca8e000) writev(r1, &(0x7f0000000080)=[{0x0}], 0x1) 1.563880957s ago: executing program 3 (id=738): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="12000000080000000400000002"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r1, &(0x7f0000000040)}, 0x20) 1.563518867s ago: executing program 4 (id=739): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) syz_usb_ep_write(r0, 0x81, 0x8, &(0x7f0000000080)="00012c615bc20000") syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r0) 1.437376778s ago: executing program 0 (id=740): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000001c0)={0x1, 0x0, [{0x40000107, 0xec000000, 0x9}]}) 1.340710804s ago: executing program 3 (id=741): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000140)={0x50, r0, 0x1, 0x0, 0x3, {{}, {@void, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x7, 0x31}}}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'tunl0\x00'}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}]]}, 0x50}}, 0x0) 1.167808724s ago: executing program 3 (id=742): capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x7}) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000009000000dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359caa1af3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae2acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259621818c3c75da31290bce645451b851111dd98ac4d8da9317c2c082020e0b2d634086785f3fe41a3053645cc413790faf7e229c782845b5bb774f7f154263178151ea93ff2cac4b181332c9c9a1c7d85616c8100000000000000d8300d19d585000000fc005774b56a7142047326f940e95b8489e1c5650f5c61299a295f39c88456391cffdef93e29f10f4a11f0cfbfc0ff976b20fef6033495b9b94777db9bb9b678ffc1130000009faa798226a080c01e47151268a02dc1a557cfdcf76305fbf6643df66b1b4d2d5e7bf698fc5a18d984ecb91e6683a5f522d536e2f3c43b89823659d1945258fc668950e5aacfffffffffffffff7f7a266c90e64efc8d8f730867202a9ee94e6a00"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000}, 0x6d) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r1, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000001a00), 0x0, 0xfeffffff, 0x10, 0x8, 0x0, 0x0}}, 0x10) 1.111654803s ago: executing program 0 (id=743): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x4, 0x80000) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4020aeb2, &(0x7f0000000000)={0x1, r2, 0x400}) 992.314633ms ago: executing program 3 (id=744): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x68}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}}, 0x0) 707.671871ms ago: executing program 3 (id=745): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$FIONREAD(r2, 0x541b, 0x0) 707.24975ms ago: executing program 0 (id=746): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0xffffffffffffffff, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x1715}, [@IFLA_MASTER={0x8, 0xa, r2}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x2}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x24004844}, 0x8000002) 355.20119ms ago: executing program 3 (id=747): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x800) recvmmsg$unix(r1, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) 160.809003ms ago: executing program 0 (id=748): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x845c5000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) acct(0xfffffffffffffffe) 0s ago: executing program 1 (id=749): bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x13, 0x8, 0x0, 0x0, 0x57, 0xc6, &(0x7f00000001c0)=""/198, 0x40f00, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x90, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xd99, &(0x7f0000006900)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/azCM7LCy4i7+wN4w6P7/yn0PS3r03D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r9X/V8/ov9Jg1ubVy/3jv0D/aik2nei0/tr/cB3aqv/L/lMsvrXks9Vb+yu9C+fFGpT36cyj/cI/l39f+01sr/y+5/PKyzZ3ttfz1GleNzfWI+43LfQDjfuPir6H95d5+fbd/ix213crlwygbln4m+zUs/X92U5Zb1oN59dw6Tlfuvx37O+i3/uW+3+V34JGw/Krm903/n8Otrv/P8vlb0P8n7DsfOv5nMIzssLKyMtCuT0a135W9YtCv/6C3IQdd/qBf/zqx/8/4fyn2/xnjsf/PGI/9f8Z47F8rxmP/n/H1jP1/xvjJsNzYP+h0TfwrNfFTNfGv1sRP18Tj/7cYn62Jn6mJz9TEH66JP1oTP1sT/0ZN/LGa+OM18bma+H739ZyOavthlMV+I33/YXSU4z/dvv9TNXFgeMV+neP3+5s1cWB4lfM8fL9hBFWd79gR97eX/bhv5vSdnL6f0492rILshm/l9Ns5/U5Ov5vTczmdz+lCTvUNOdx+869TZ25WG+f5HQvxXs8njdcDxPvEnO+xPvH4XL/ns57ssZydKn+Ll4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI3G2uPi4nSV0tu33rr4n6kf/Hh1ykwrx+za43geW0opNVNKVR4fD8u7PrGefvbJtUud0ipdWHss4+nZu615j6zOn2bT7TSZnvv45M2XPnhm+b0TN05cfGPuzs60HgAAAEbDFwEAAP//ManlwQ==") r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40786e88, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2401}) kernel console output (not intermixed with test programs): 9][ T5815] xr_serial 4-1:150.204: xr_serial converter detected [ 80.787296][ T5832] usb 3-1: Using ep0 maxpacket: 16 [ 80.810375][ T5832] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 80.814616][ T5859] syz.0.13[5859]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 80.830282][ T5832] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.870287][ T5832] usb 3-1: config 0 descriptor?? [ 80.916751][ T5832] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 81.345323][ T5815] xr_serial ttyUSB0: Failed to set reg 0x0d: -71 [ 81.374146][ T5815] xr_serial: probe of ttyUSB0 failed with error -71 [ 81.404567][ T5815] usb 4-1: USB disconnect, device number 2 [ 81.421525][ T5859] loop0: detected capacity change from 0 to 32768 [ 81.430656][ T5815] xr_serial 4-1:150.204: device disconnected [ 81.435428][ T5859] ======================================================= [ 81.435428][ T5859] WARNING: The mand mount option has been deprecated and [ 81.435428][ T5859] and is ignored by this kernel. Remove the mand [ 81.435428][ T5859] option from the mount to silence this warning. [ 81.435428][ T5859] ======================================================= [ 81.585327][ T5859] JBD2: Ignoring recovery information on journal [ 81.594892][ T5859] jbd2_journal_bmap: journal block not found at offset 32 on loop0-75 [ 81.604810][ T5859] JBD2: bad block at offset 32 [ 81.625695][ T5859] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 81.694704][ T5859] capability: warning: `syz.0.13' uses deprecated v2 capabilities in a way that may be insecure [ 81.706157][ T5832] gspca_sonixj: reg_r err -71 [ 81.718464][ T5832] sonixj: probe of 3-1:0.0 failed with error -71 [ 81.752837][ T5832] usb 3-1: USB disconnect, device number 2 [ 81.898703][ T5775] ocfs2: Unmounting device (7,0) on (node local) [ 82.244775][ T5873] veth0: entered promiscuous mode [ 82.251848][ T51] Bluetooth: hci3: command tx timeout [ 82.251859][ T5787] Bluetooth: hci0: command tx timeout [ 82.272407][ T5873] veth0: left promiscuous mode [ 82.326942][ T51] Bluetooth: hci2: command tx timeout [ 82.326973][ T5787] Bluetooth: hci1: command tx timeout [ 82.548749][ T5878] loop2: detected capacity change from 0 to 128 [ 82.772060][ T5885] warning: `syz.3.22' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 82.783196][ T5878] FAT-fs (loop2): error, corrupted directory (invalid i_start) [ 82.814293][ T5878] FAT-fs (loop2): Filesystem has been set read-only [ 83.167259][ T5893] process 'syz.0.33' launched './file1' with NULL argv: empty string added [ 83.900494][ T5891] loop3: detected capacity change from 0 to 32768 [ 84.068942][ T5891] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.24 (5891) [ 84.193101][ T5896] loop2: detected capacity change from 0 to 32768 [ 84.204907][ T5908] loop0: detected capacity change from 0 to 8192 [ 84.383301][ T5896] XFS (loop2): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 84.602604][ T5896] XFS (loop2): Ending clean mount [ 84.916217][ C0] sched: RT throttling activated [ 85.106556][ T5896] syz.2.25 (5896) used greatest stack depth: 20712 bytes left [ 85.209743][ T5906] loop1: detected capacity change from 0 to 131072 [ 85.231633][ T5891] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 85.252737][ T5891] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 85.281800][ T5906] F2FS-fs (loop1): Found nat_bits in checkpoint [ 85.282584][ T5891] BTRFS info (device loop3): setting nodatasum [ 85.334965][ T5891] BTRFS info (device loop3): force zlib compression, level 3 [ 85.352435][ T5777] XFS (loop2): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 85.356536][ T5906] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 85.399808][ T5891] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 85.448672][ T5891] BTRFS info (device loop3): use lzo compression, level 0 [ 85.463065][ T5891] BTRFS info (device loop3): turning on flush-on-commit [ 85.486363][ T5891] BTRFS info (device loop3): enabling auto defrag [ 85.527840][ T5891] BTRFS info (device loop3): max_inline at 4096 [ 85.534273][ T5891] BTRFS info (device loop3): using free space tree [ 85.808038][ T5891] BTRFS info (device loop3): enabling ssd optimizations [ 86.058497][ T5776] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 86.260697][ T5919] loop0: detected capacity change from 0 to 32768 [ 86.381540][ T5919] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 86.649330][ T5919] XFS (loop0): Ending clean mount [ 86.816481][ T5775] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 87.141927][ T1528] cfg80211: failed to load regulatory.db [ 87.304601][ T5957] loop0: detected capacity change from 0 to 128 [ 87.401628][ T5957] FAT-fs (loop0): error, corrupted directory (invalid i_start) [ 87.435464][ T5957] FAT-fs (loop0): Filesystem has been set read-only [ 87.521486][ T5959] netlink: 12 bytes leftover after parsing attributes in process `syz.1.32'. [ 87.543073][ T5959] netlink: 20 bytes leftover after parsing attributes in process `syz.1.32'. [ 87.628831][ T5952] loop3: detected capacity change from 0 to 32768 [ 87.669906][ T5952] (syz.3.36,5952,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 87.685170][ T5952] (syz.3.36,5952,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 87.762231][ T5952] JBD2: Ignoring recovery information on journal [ 87.850213][ T5966] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 87.882572][ T5968] capability: warning: `syz.0.39' uses 32-bit capabilities (legacy support in use) [ 87.910495][ T5968] program syz.0.39 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 87.936507][ T5952] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 88.339088][ T5978] loop1: detected capacity change from 0 to 2048 [ 88.345979][ T5776] ocfs2: Unmounting device (7,3) on (node local) [ 88.450348][ T5981] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 88.640297][ T5983] netlink: 8 bytes leftover after parsing attributes in process `syz.2.45'. [ 88.931819][ T5989] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 89.140232][ T5995] loop1: detected capacity change from 0 to 128 [ 89.161916][ T5995] EXT4-fs: Ignoring removed nomblk_io_submit option [ 89.264692][ T5995] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 89.355884][ T5995] ext4 filesystem being mounted at /13/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.504229][ T5774] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 89.806393][ T1196] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 89.929645][ T6012] loop1: detected capacity change from 0 to 4096 [ 89.950202][ T6012] ntfs: (device loop1): parse_options(): The disable_sparse option requires a boolean argument. [ 90.006769][ T1196] usb 1-1: Using ep0 maxpacket: 8 [ 90.018947][ T1196] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 90.019166][ T6015] macsec1: entered promiscuous mode [ 90.042893][ T1196] usb 1-1: config 0 has no interface number 0 [ 90.049432][ T6015] macvlan1: entered promiscuous mode [ 90.062726][ T1196] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 90.083577][ T6015] macvlan1: left promiscuous mode [ 90.109402][ T1196] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 90.137641][ T1196] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.178559][ T1196] usb 1-1: config 0 descriptor?? [ 90.230920][ T1196] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 90.326071][ T6019] netlink: 'syz.3.58': attribute type 39 has an invalid length. [ 90.487657][ T6017] loop1: detected capacity change from 0 to 8192 [ 90.540165][ T6017] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 90.563149][ T6017] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 90.594570][ T6017] REISERFS (device loop1): using ordered data mode [ 90.602140][ T6017] reiserfs: using flush barriers [ 90.621880][ T6017] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 90.640519][ T6017] REISERFS (device loop1): checking transaction log (loop1) [ 90.675873][ T6017] REISERFS (device loop1): Using r5 hash to sort names [ 90.709104][ T6017] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 90.819230][ T27] audit: type=1800 audit(1776087645.565:2): pid=6017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.57" name="file1" dev="loop1" ino=2 res=0 errno=0 [ 91.470303][ T5832] usb 1-1: USB disconnect, device number 2 [ 91.603043][ T6026] loop2: detected capacity change from 0 to 32768 [ 91.618356][ T6038] loop1: detected capacity change from 0 to 8192 [ 91.637141][ T6026] (syz.2.61,6026,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 91.638633][ T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 91.664058][ T6026] (syz.2.61,6026,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 91.685695][ T6038] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 91.752017][ T6026] JBD2: Ignoring recovery information on journal [ 91.828251][ T6041] netlink: 20 bytes leftover after parsing attributes in process `syz.1.66'. [ 91.861779][ T6026] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 91.924297][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.960813][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.981053][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 92.029089][ T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 92.068299][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.111664][ T9] usb 4-1: config 0 descriptor?? [ 92.358431][ T5777] ocfs2: Unmounting device (7,2) on (node local) [ 92.569522][ T9] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x4 [ 92.599771][ T9] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 92.671149][ T9] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 93.044085][ T5815] usb 4-1: USB disconnect, device number 3 [ 93.243353][ T6049] loop0: detected capacity change from 0 to 32768 [ 93.266547][ T6049] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz.0.69 (6049) [ 93.319584][ T6049] BTRFS info (device loop0): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 93.361320][ T6049] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 93.386723][ T6049] BTRFS info (device loop0): enabling disk space caching [ 93.410514][ T6062] loop2: detected capacity change from 0 to 128 [ 93.423582][ T6049] BTRFS info (device loop0): force clearing of disk cache [ 93.441842][ T6049] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 93.462980][ T6049] BTRFS info (device loop0): use zstd compression, level 3 [ 93.481593][ T6049] BTRFS info (device loop0): disk space caching is enabled [ 93.488255][ T6062] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 93.542779][ T6062] ext4 filesystem being mounted at /19/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 93.623544][ T6049] BTRFS info (device loop0): enabling ssd optimizations [ 93.661039][ T6049] BTRFS info (device loop0): auto enabling async discard [ 93.673300][ T6054] loop1: detected capacity change from 0 to 32768 [ 93.703220][ T6049] BTRFS info (device loop0): rebuilding free space tree [ 93.756173][ T6054] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 93.870036][ T6049] BTRFS info (device loop0): disabling free space tree [ 93.928187][ T6049] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 93.942238][ T6054] XFS (loop1): Ending clean mount [ 93.961907][ T6049] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 94.005746][ T6054] XFS (loop1): Quotacheck needed: Please wait. [ 94.128436][ T6054] XFS (loop1): Quotacheck: Done. [ 94.293517][ T5777] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 94.308860][ T5774] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 94.317499][ T5775] BTRFS info (device loop0): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 94.915015][ T6104] program syz.1.80 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 95.146158][ T6111] loop0: detected capacity change from 0 to 512 [ 95.209840][ T6111] EXT4-fs (loop0): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 95.360311][ T6111] EXT4-fs error (device loop0): ext4_quota_enable:7140: comm syz.0.86: Bad quota inum: 2, type: 1 [ 95.405665][ T6111] EXT4-fs warning (device loop0): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-117, ino=2). Please run e2fsck to fix. [ 95.516858][ T6122] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 95.562820][ T6122] EXT4-fs error (device loop0): ext4_quota_enable:7140: comm syz.0.86: Bad quota inum: 2, type: 1 [ 95.585702][ T6122] EXT4-fs warning (device loop0): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-117, ino=2). Please run e2fsck to fix. [ 95.678507][ T5775] EXT4-fs (loop0): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 95.714327][ T6110] loop2: detected capacity change from 0 to 40427 [ 95.745720][ T6110] F2FS-fs (loop2): invalid crc value [ 95.757442][ T6110] F2FS-fs (loop2): Found nat_bits in checkpoint [ 95.871548][ T6110] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 95.923544][ T6126] f2fs_ckpt-7:2: attempt to access beyond end of device [ 95.923544][ T6126] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 95.951538][ T6126] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 96.926965][ T6148] block nbd0: server does not support multiple connections per device. [ 96.947451][ T6148] block nbd0: shutting down sockets [ 97.748218][ T6176] loop2: detected capacity change from 0 to 128 [ 97.869691][ T6176] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 97.914739][ T6176] ext4 filesystem being mounted at /27/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 98.357032][ T5777] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 98.785840][ T6172] loop3: detected capacity change from 0 to 40427 [ 98.842763][ T6172] F2FS-fs (loop3): Image doesn't support compression [ 98.880284][ T6172] F2FS-fs (loop3): invalid crc value [ 98.890381][ T6172] F2FS-fs (loop3): Found nat_bits in checkpoint [ 99.044168][ T6172] F2FS-fs (loop3): Start checkpoint disabled! [ 99.079812][ T6172] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 99.226302][ T1196] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 99.365752][ T59] kworker/u4:4: attempt to access beyond end of device [ 99.365752][ T59] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 99.388168][ T59] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 99.416423][ T1196] usb 2-1: Using ep0 maxpacket: 8 [ 99.425443][ T1196] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 99.434757][ T59] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 99.457514][ T1196] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 99.494171][ T1196] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 99.534908][ T1196] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 99.566464][ T1196] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 99.586345][ T1196] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.590640][ T6187] loop2: detected capacity change from 0 to 40427 [ 99.612887][ T6187] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 99.644832][ T6187] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 99.724655][ T6187] F2FS-fs (loop2): Found nat_bits in checkpoint [ 99.801215][ T6198] loop0: detected capacity change from 0 to 2048 [ 99.818477][ T1196] usb 2-1: GET_CAPABILITIES returned 0 [ 99.824372][ T1196] usbtmc 2-1:16.0: can't read capabilities [ 99.885789][ T6202] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 99.963969][ T6187] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 100.006972][ T6202] NILFS (loop0): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 100.010451][ T6187] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 100.031720][ T6202] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=4) [ 100.047020][ T1196] usb 2-1: USB disconnect, device number 2 [ 100.054507][ T6202] Remounting filesystem read-only [ 100.074565][ T3478] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 100.108040][ T3478] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 100.115480][ T3478] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 100.166335][ T3478] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 100.175282][ T3478] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 100.217215][ T3478] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 100.224030][ T3478] NILFS (loop0): discard dirty block: blocknr=42, size=1024 [ 100.265226][ T3478] NILFS (loop0): discard dirty block: blocknr=43, size=1024 [ 100.292291][ T3478] NILFS (loop0): discard dirty block: blocknr=44, size=1024 [ 100.301681][ T3478] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 100.316321][ T3478] NILFS (loop0): discard dirty page: offset=65536, ino=3 [ 100.331286][ T3478] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 100.356700][ T3478] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 100.376371][ T3478] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 100.384218][ T3478] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 100.395633][ T3478] NILFS (loop0): discard dirty page: offset=196608, ino=3 [ 100.409111][ T3478] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 100.423729][ T3478] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 100.437812][ T3478] NILFS (loop0): discard dirty block: blocknr=49, size=1024 [ 100.445347][ T3478] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 100.466389][ T3478] NILFS (loop0): discard dirty page: offset=0, ino=18 [ 100.483464][ T3478] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 100.496242][ T3478] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 100.505287][ T3478] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 100.536335][ T3478] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 100.547530][ T3478] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 100.579672][ T3478] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 100.596289][ T3478] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 100.605367][ T3478] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 100.626275][ T3478] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 100.635463][ T6198] NILFS (loop0): mounting fs with errors [ 100.690030][ T6198] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=2) [ 100.723422][ T6198] Remounting filesystem read-only [ 100.854845][ T5775] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 100.870070][ T5775] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 100.917544][ T5775] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 100.925101][ T5775] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 100.951328][ T5775] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 100.963731][ T6217] netlink: 4 bytes leftover after parsing attributes in process `syz.1.127'. [ 100.976742][ T5775] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 100.996165][ T5775] NILFS (loop0): discard dirty page: offset=0, ino=5 [ 101.004437][ T5775] NILFS (loop0): discard dirty block: blocknr=41, size=1024 [ 101.026356][ T5775] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 101.047088][ T5775] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 101.073210][ T5775] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 101.091365][ T5775] NILFS (loop0): discard dirty page: offset=0, ino=4 [ 101.106593][ T5775] NILFS (loop0): discard dirty block: blocknr=40, size=1024 [ 101.124314][ T5775] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 101.146324][ T5832] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 101.146339][ T5775] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 101.193646][ T5775] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 101.332651][ T6223] netlink: 'syz.2.121': attribute type 39 has an invalid length. [ 101.347491][ T5832] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 101.363012][ T5832] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 101.383449][ T5832] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 101.393533][ T5832] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 101.420617][ T5832] usb 4-1: SerialNumber: syz [ 101.619937][ T6231] loop1: detected capacity change from 0 to 2048 [ 101.675136][ T5832] usb 4-1: 0:2 : does not exist [ 101.691216][ T6231] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 101.726596][ T5832] usb 4-1: USB disconnect, device number 4 [ 101.770745][ T27] audit: type=1800 audit(1776087656.515:3): pid=6231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.132" name="file3" dev="loop1" ino=1347 res=0 errno=0 [ 101.914099][ T5768] udevd[5768]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 102.231124][ T6243] loop1: detected capacity change from 0 to 1024 [ 102.692696][ T6255] loop2: detected capacity change from 0 to 4096 [ 102.728152][ T6255] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 102.830023][ T6255] ntfs3: loop2: Failed to initialize $Extend/$Reparse. [ 102.958992][ T6264] ntfs3: loop2: ino=5, "/" directory corrupted [ 103.149363][ T5777] ntfs3: loop2: ino=1a, ntfs_sync_fs failed, -22. [ 103.309477][ T6272] loop0: detected capacity change from 0 to 128 [ 103.320303][ T6274] Bluetooth: MGMT ver 1.22 [ 103.936995][ T6289] loop2: detected capacity change from 0 to 2048 [ 103.984456][ T6289] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 104.226771][ T6300] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 104.236006][ T6300] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 104.246038][ T6300] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 104.255676][ T6300] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 104.268950][ T6300] Zero length message leads to an empty skb [ 104.436891][ T5832] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 104.650104][ T6313] binder: Binderfs stats mode cannot be changed during a remount [ 104.657996][ T5832] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 104.672808][ T5832] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.682762][ T5832] usb 2-1: Product: syz [ 104.694013][ T5832] usb 2-1: Manufacturer: syz [ 104.699862][ T5832] usb 2-1: SerialNumber: syz [ 104.762027][ T5813] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 104.920552][ T5832] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 104.943236][ T5832] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 104.966826][ T5813] usb 4-1: Using ep0 maxpacket: 16 [ 104.971638][ T5832] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 104.995091][ T5832] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 104.995147][ T5813] usb 4-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 105.019720][ T5813] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.019849][ T5832] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 105.028695][ T5813] usb 4-1: Product: syz [ 105.061726][ T5813] usb 4-1: Manufacturer: syz [ 105.063555][ T5832] lan78xx: probe of 2-1:1.0 failed with error -71 [ 105.069198][ T5813] usb 4-1: SerialNumber: syz [ 105.107375][ T5832] usb 2-1: USB disconnect, device number 3 [ 105.215357][ T6320] loop0: detected capacity change from 0 to 512 [ 105.302494][ T5813] usb 4-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 105.351507][ T5813] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 105.364571][ T5813] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 105.384082][ T5813] usb 4-1: media controller created [ 105.436954][ T5813] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 105.488999][ T6324] loop0: detected capacity change from 0 to 512 [ 105.527093][ T5813] zl10353_read_register: readreg error (reg=127, ret==-71) [ 105.576011][ T6324] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.598850][ T6324] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.612605][ T5813] dvb_usb_gl861: probe of 4-1:157.0 failed with error -5 [ 105.628796][ T5813] usb 4-1: USB disconnect, device number 5 [ 105.746632][ T6324] EXT4-fs error (device loop0): ext4_xattr_block_get:597: inode #15: comm syz.0.175: corrupted xattr block 33: invalid ea_ino [ 105.829486][ T1098] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 105.860552][ T1098] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 29 with error 28 [ 105.884388][ T1098] EXT4-fs (loop0): This should not happen!! Data will be lost [ 105.884388][ T1098] [ 105.896079][ T1098] EXT4-fs (loop0): Total free blocks count 0 [ 105.902759][ T1098] EXT4-fs (loop0): Free/Dirty block details [ 105.911005][ T1098] EXT4-fs (loop0): free_blocks=65280 [ 105.916875][ T1098] EXT4-fs (loop0): dirty_blocks=29 [ 105.922294][ T1098] EXT4-fs (loop0): Block reservation details [ 105.929805][ T1098] EXT4-fs (loop0): i_reserved_data_blocks=29 [ 105.952274][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.961617][ T5832] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 106.147289][ T6340] netlink: 'syz.2.181': attribute type 9 has an invalid length. [ 106.162262][ T6340] bond_slave_0: entered promiscuous mode [ 106.168569][ T6340] bond_slave_1: entered promiscuous mode [ 106.169756][ T5832] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 106.193580][ T5832] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 106.206373][ T5832] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 106.218123][ T6340] macvlan2: entered promiscuous mode [ 106.223489][ T6340] bond0: entered promiscuous mode [ 106.236138][ T5832] usb 2-1: config 220 has no interface number 2 [ 106.263212][ T5832] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 106.273024][ T6340] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 106.293329][ T5832] usb 2-1: config 220 interface 0 has no altsetting 0 [ 106.313653][ T5832] usb 2-1: config 220 interface 76 has no altsetting 0 [ 106.331305][ T5832] usb 2-1: config 220 interface 1 has no altsetting 0 [ 106.376385][ T5832] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 106.385596][ T5832] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.418862][ T5832] usb 2-1: Product: syz [ 106.437444][ T5832] usb 2-1: Manufacturer: syz [ 106.444198][ T5832] usb 2-1: SerialNumber: syz [ 106.498515][ T6348] loop3: detected capacity change from 0 to 7 [ 106.522637][ C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 106.532274][ C0] Buffer I/O error on dev loop3, logical block 0, async page read [ 106.543467][ C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 106.552762][ C0] Buffer I/O error on dev loop3, logical block 0, async page read [ 106.562345][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 106.571671][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 106.583499][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 106.592731][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 106.640333][ C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 106.649991][ C0] Buffer I/O error on dev loop3, logical block 0, async page read [ 106.667310][ C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 106.676580][ C0] Buffer I/O error on dev loop3, logical block 0, async page read [ 106.692981][ T5832] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 106.703940][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 106.713350][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 106.721297][ T6348] ldm_validate_partition_table(): Disk read failed. [ 106.729160][ T5832] usb 2-1: No valid video chain found. [ 106.744810][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 106.754170][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 106.762965][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 106.772414][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 106.781481][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 106.790712][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 106.805107][ T6348] Dev loop3: unable to read RDB block 0 [ 106.805393][ T5832] usb 2-1: selecting invalid altsetting 0 [ 106.834820][ T5832] usb 2-1: selecting invalid altsetting 0 [ 106.841012][ T5832] usbtest: probe of 2-1:220.1 failed with error -22 [ 106.851862][ T5832] usb 2-1: USB disconnect, device number 4 [ 106.865966][ T6348] loop3: unable to read partition table [ 106.873709][ T6348] loop3: partition table beyond EOD, truncated [ 106.884551][ T6348] loop_reread_partitions: partition scan of loop3 (·∙ГхбЩЙ№Н╛Cъj╠ЦувP=├╜?у}XЛ║╨ Ьы▄%ї╓РШ╚╡4FLQk▌К5) failed (rc=-5) [ 107.481542][ T6369] loop1: detected capacity change from 0 to 2048 [ 107.526532][ T6369] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 107.666292][ T5813] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 107.729560][ T6357] loop3: detected capacity change from 0 to 32768 [ 107.775734][ T6357] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.186 (6357) [ 107.819039][ T6357] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 107.858433][ T6357] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 107.882795][ T5813] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 107.895608][ T5813] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 107.911931][ T6357] BTRFS info (device loop3): force clearing of disk cache [ 107.919904][ T6357] BTRFS info (device loop3): metadata ratio 0 [ 107.927802][ T6357] BTRFS info (device loop3): enabling ssd optimizations [ 107.935661][ T6357] BTRFS info (device loop3): using spread ssd allocation scheme [ 107.946381][ T5813] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 107.966807][ T5813] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.974884][ T5813] usb 3-1: Product: syz [ 107.979304][ T6357] BTRFS info (device loop3): using free space tree [ 107.988320][ T5813] usb 3-1: Manufacturer: syz [ 107.993064][ T5813] usb 3-1: SerialNumber: syz [ 108.025269][ T5813] usb 3-1: config 0 descriptor?? [ 108.044447][ T6366] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 108.053365][ T6366] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 108.084031][ T6357] BTRFS info (device loop3): auto enabling async discard [ 108.106652][ T6357] BTRFS info (device loop3): rebuilding free space tree [ 108.250034][ T27] audit: type=1800 audit(1776087662.995:4): pid=6357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.186" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 108.336816][ T6366] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 108.344244][ T6366] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 108.406084][ T5776] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 108.654473][ T6373] loop0: detected capacity change from 0 to 32768 [ 108.665785][ T5768] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 10 /dev/loop3 scanned by udevd (5768) [ 108.689951][ T6395] netlink: 52 bytes leftover after parsing attributes in process `syz.3.198'. [ 108.722332][ T6373] JBD2: Ignoring recovery information on journal [ 108.789389][ T5813] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 108.984483][ T6373] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 109.006446][ T5813] dm9601 3-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 109.066506][ T5813] usb 3-1: USB disconnect, device number 3 [ 109.244148][ T6373] syz.0.195 (6373) used greatest stack depth: 18768 bytes left [ 109.424178][ T5775] ocfs2: Unmounting device (7,0) on (node local) [ 109.510314][ T6377] loop1: detected capacity change from 0 to 40427 [ 109.563355][ T6377] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 109.611421][ T6377] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 109.634612][ T6377] F2FS-fs (loop1): invalid crc value [ 109.689733][ T6377] F2FS-fs (loop1): Found nat_bits in checkpoint [ 109.872874][ T6377] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 109.926358][ T6377] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 110.059800][ T6403] loop3: detected capacity change from 0 to 32768 [ 110.095595][ T6403] (syz.3.200,6403,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 110.138452][ T6403] (syz.3.200,6403,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 110.165455][ T5774] syz-executor: attempt to access beyond end of device [ 110.165455][ T5774] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 110.169217][ T6403] JBD2: Ignoring recovery information on journal [ 110.219989][ T5774] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 110.299410][ T6403] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 110.740442][ T5776] ocfs2: Unmounting device (7,3) on (node local) [ 111.952676][ T6436] loop1: detected capacity change from 0 to 32768 [ 111.963994][ T6436] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.212 (6436) [ 111.985240][ T6436] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 111.996029][ T6436] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 112.005808][ T6436] BTRFS info (device loop1): using free space tree [ 112.036440][ T8] kernel read not supported for file /dsp (pid: 8 comm: kworker/0:0) [ 112.064965][ T6436] BTRFS info (device loop1): enabling ssd optimizations [ 112.091673][ T6436] BTRFS info (device loop1): auto enabling async discard [ 112.281850][ T5774] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 112.615224][ T6466] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input5 [ 113.118769][ T6483] netlink: 'syz.2.224': attribute type 2 has an invalid length. [ 113.147518][ T6483] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.224'. [ 113.686522][ T5813] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 113.775158][ T6502] loop0: detected capacity change from 0 to 4096 [ 113.824521][ T6502] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.844608][ T5815] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 113.888565][ T5813] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 113.899900][ T27] audit: type=1800 audit(1776087668.645:5): pid=6502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.233" name="file0" dev="loop0" ino=13 res=0 errno=0 [ 113.920381][ T5813] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 113.930745][ T5813] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 113.940225][ T5813] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.951080][ T5813] usb 3-1: config 0 descriptor?? [ 113.968908][ T5813] hub 3-1:0.0: USB hub found [ 114.007853][ T6492] loop1: detected capacity change from 0 to 40427 [ 114.032482][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.044449][ T6492] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x7ffff [ 114.057787][ T6492] F2FS-fs (loop1): invalid crc value [ 114.078654][ T5815] usb 4-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 114.115248][ T5815] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.141120][ T6492] F2FS-fs (loop1): Found nat_bits in checkpoint [ 114.147800][ T5815] usb 4-1: Product: syz [ 114.153270][ T5815] usb 4-1: Manufacturer: syz [ 114.184715][ T5813] hub 3-1:0.0: 1 port detected [ 114.206346][ T5815] usb 4-1: SerialNumber: syz [ 114.217455][ T5815] usb 4-1: config 0 descriptor?? [ 114.288452][ T6492] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 114.304205][ T6509] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.234'. [ 114.393375][ T5774] syz-executor: attempt to access beyond end of device [ 114.393375][ T5774] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 114.396507][ T5813] hub 3-1:0.0: hub_hub_status failed (err = -71) [ 114.417662][ T5774] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 114.422195][ T5813] hub 3-1:0.0: config failed, can't get hub status (err -71) [ 114.449223][ T5813] usbhid 3-1:0.0: can't add hid device: -71 [ 114.466400][ T5813] usbhid: probe of 3-1:0.0 failed with error -71 [ 114.507942][ T5813] usb 3-1: USB disconnect, device number 4 [ 114.559689][ T6512] tun0: tun_chr_ioctl cmd 1074025677 [ 114.576756][ T6512] tun0: linktype set to 774 [ 115.083414][ T5815] usb 4-1: f81604_write: reg: 105 data: 0 failed: -EPROTO [ 115.106375][ T5815] f81604 4-1:0.0: Setting termination of CH#1 failed: -EPROTO [ 115.124289][ T5815] f81604: probe of 4-1:0.0 failed with error -71 [ 115.146476][ T5815] usb 4-1: USB disconnect, device number 6 [ 115.646388][ T5764] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 115.656289][ T6517] loop0: detected capacity change from 0 to 40427 [ 115.690887][ T6517] F2FS-fs (loop0): invalid crc value [ 115.710456][ T6517] F2FS-fs (loop0): Found nat_bits in checkpoint [ 115.815438][ T6517] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 115.856767][ T5764] usb 2-1: Using ep0 maxpacket: 16 [ 115.867114][ T6542] netlink: 16 bytes leftover after parsing attributes in process `syz.3.246'. [ 115.916352][ T5764] usb 2-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 115.940140][ T5764] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.976350][ T5764] usb 2-1: Product: syz [ 115.986737][ T5764] usb 2-1: Manufacturer: syz [ 115.997766][ T5764] usb 2-1: SerialNumber: syz [ 116.031859][ T5775] syz-executor: attempt to access beyond end of device [ 116.031859][ T5775] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 116.070461][ T5775] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 116.268017][ T5764] usb 2-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 116.319412][ T5764] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 116.356643][ T5764] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 116.376409][ T5764] usb 2-1: media controller created [ 116.461676][ T6556] netlink: 36 bytes leftover after parsing attributes in process `syz.3.253'. [ 116.468250][ T5764] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 116.486614][ T6556] netlink: 32 bytes leftover after parsing attributes in process `syz.3.253'. [ 116.508270][ T6556] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 116.546762][ T5764] zl10353_read_register: readreg error (reg=127, ret==-71) [ 116.640822][ T5764] dvb_usb_gl861: probe of 2-1:157.0 failed with error -5 [ 116.716465][ T5764] usb 2-1: USB disconnect, device number 5 [ 117.110583][ T6570] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.119656][ T6570] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.132806][ T6570] bridge0: entered allmulticast mode [ 117.192217][ T6571] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.264932][ T6573] loop0: detected capacity change from 0 to 128 [ 117.749866][ T6564] loop2: detected capacity change from 0 to 32768 [ 117.757639][ T6584] netlink: 12 bytes leftover after parsing attributes in process `syz.3.265'. [ 117.885452][ T6580] loop1: detected capacity change from 0 to 8192 [ 117.909571][ T6580] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 117.919806][ T6564] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 117.927569][ T6580] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 117.951786][ T6580] REISERFS (device loop1): using ordered data mode [ 117.960311][ T6580] reiserfs: using flush barriers [ 117.973978][ T6580] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 117.992258][ T6580] REISERFS (device loop1): checking transaction log (loop1) [ 118.013616][ T6580] REISERFS (device loop1): Using r5 hash to sort names [ 118.032185][ T6580] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 118.070902][ T6564] (syz.2.257,6564,1):ocfs2_double_lock:1190 ERROR: status = -2 [ 118.084382][ T6564] (syz.2.257,6564,1):ocfs2_rename:1299 ERROR: status = -2 [ 118.106400][ T6564] (syz.2.257,6564,1):ocfs2_rename:1690 ERROR: status = -2 [ 118.228869][ T1196] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 118.450398][ T1196] usb 4-1: Using ep0 maxpacket: 32 [ 118.518343][ T1196] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 118.532870][ T1196] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.570467][ T1196] usb 4-1: Product: syz [ 118.607308][ T1196] usb 4-1: Manufacturer: syz [ 118.612090][ T1196] usb 4-1: SerialNumber: syz [ 118.617964][ T5777] ocfs2: Unmounting device (7,2) on (node local) [ 118.697661][ T1196] usb 4-1: config 0 descriptor?? [ 118.785169][ T1196] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 119.613454][ T1196] gspca_ov534_9: reg_w failed -71 [ 119.639392][ T6615] loop0: detected capacity change from 0 to 128 [ 119.677756][ T6615] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 120.006349][ T1196] gspca_ov534_9: Unknown sensor 0000 [ 120.006446][ T1196] ov534_9: probe of 4-1:0.0 failed with error -22 [ 120.047902][ T1196] usb 4-1: USB disconnect, device number 7 [ 120.376567][ T5815] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 120.579865][ T5815] usb 2-1: Using ep0 maxpacket: 32 [ 120.603487][ T5815] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 120.620698][ T5815] usb 2-1: config 0 has no interface number 0 [ 120.661500][ T5815] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 120.676323][ T5815] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.694791][ T5815] usb 2-1: Product: syz [ 120.697361][ T6625] loop2: detected capacity change from 0 to 32768 [ 120.706926][ T5815] usb 2-1: Manufacturer: syz [ 120.735063][ T5815] usb 2-1: SerialNumber: syz [ 120.742458][ T6625] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 10 [ 120.766885][ T5815] usb 2-1: config 0 descriptor?? [ 120.801500][ T5815] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 120.929016][ T5768] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 10 [ 121.017100][ T5815] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 121.049491][ T5815] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 121.250746][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - status message too short [ 121.456776][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 121.467132][ T5832] usb 2-1: USB disconnect, device number 6 [ 121.517193][ T5832] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 121.585159][ T5832] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 121.637320][ T5832] quatech2 2-1:0.51: device disconnected [ 121.696045][ T6635] loop0: detected capacity change from 0 to 32768 [ 121.721771][ T6635] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.287 (6635) [ 121.760089][ T6635] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 121.770930][ T6635] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 121.784636][ T6635] BTRFS info (device loop0): using free space tree [ 121.870968][ T6635] BTRFS info (device loop0): enabling ssd optimizations [ 121.896315][ T6635] BTRFS info (device loop0): auto enabling async discard [ 122.174806][ T5775] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 122.716716][ T6676] tun0: tun_chr_ioctl cmd 1074025677 [ 122.722248][ T6676] tun0: linktype set to 774 [ 122.808995][ T6680] loop0: detected capacity change from 0 to 256 [ 122.959018][ T6680] FAT-fs (loop0): Directory bread(block 64) failed [ 122.965660][ T6680] FAT-fs (loop0): Directory bread(block 65) failed [ 123.002365][ T6680] FAT-fs (loop0): Directory bread(block 66) failed [ 123.031638][ T6680] FAT-fs (loop0): Directory bread(block 67) failed [ 123.056467][ T6680] FAT-fs (loop0): Directory bread(block 68) failed [ 123.075868][ T6680] FAT-fs (loop0): Directory bread(block 69) failed [ 123.104095][ T6680] FAT-fs (loop0): Directory bread(block 70) failed [ 123.146279][ T6680] FAT-fs (loop0): Directory bread(block 71) failed [ 123.153121][ T6680] FAT-fs (loop0): Directory bread(block 72) failed [ 123.187862][ T6680] FAT-fs (loop0): Directory bread(block 73) failed [ 123.235578][ T6688] loop2: detected capacity change from 0 to 128 [ 123.425912][ T6672] loop1: detected capacity change from 0 to 32768 [ 123.479444][ T6672] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 10 [ 123.730573][ T5768] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 10 [ 124.364968][ T6690] loop3: detected capacity change from 0 to 32768 [ 124.392783][ T6690] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.305 (6690) [ 124.434882][ T6690] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 124.453037][ T6690] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 124.464373][ T6690] BTRFS info (device loop3): using free space tree [ 124.661186][ T6690] BTRFS info (device loop3): enabling ssd optimizations [ 124.696144][ T6690] BTRFS info (device loop3): auto enabling async discard [ 125.053640][ T5776] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 125.712904][ T6710] loop0: detected capacity change from 0 to 40427 [ 125.803165][ T6710] F2FS-fs (loop0): invalid crc value [ 125.850776][ T6710] F2FS-fs (loop0): Found nat_bits in checkpoint [ 126.061793][ T6710] F2FS-fs (loop0): Start checkpoint disabled! [ 126.118026][ T6710] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 126.181623][ T27] audit: type=1800 audit(1776087680.935:6): pid=6710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.313" name="file1" dev="loop0" ino=10 res=0 errno=0 [ 126.266308][ T27] audit: type=1804 audit(1776087680.965:7): pid=6710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.313" name="/newroot/91/file1/file1" dev="loop0" ino=10 res=1 errno=0 [ 126.508168][ T3478] kworker/u4:11: attempt to access beyond end of device [ 126.508168][ T3478] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 126.536294][ T3478] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 126.553714][ T3478] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 126.774049][ T6752] loop1: detected capacity change from 0 to 32768 [ 126.878739][ T6752] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 127.063149][ T6752] XFS (loop1): Ending clean mount [ 127.286932][ T5774] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 127.296092][ T6784] program syz.3.335 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 127.727583][ T5832] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 127.946342][ T5832] usb 3-1: Using ep0 maxpacket: 16 [ 127.966323][ T5832] usb 3-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 127.975874][ T5832] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.993564][ T5832] usb 3-1: Product: syz [ 127.999253][ T5832] usb 3-1: Manufacturer: syz [ 128.004552][ T5832] usb 3-1: SerialNumber: syz [ 128.273913][ T5832] usb 3-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 128.310364][ T5832] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 128.341670][ T5832] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 128.366370][ T5832] usb 3-1: media controller created [ 128.434887][ T5832] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 128.527647][ T5832] zl10353_read_register: readreg error (reg=127, ret==-71) [ 128.529465][ T6810] program syz.3.345 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 128.660041][ T5832] dvb_usb_gl861: probe of 3-1:157.0 failed with error -5 [ 128.710878][ T5832] usb 3-1: USB disconnect, device number 5 [ 128.768331][ T6815] loop1: detected capacity change from 0 to 256 [ 128.898834][ T6816] loop3: detected capacity change from 0 to 4096 [ 128.907515][ T6816] ntfs: (device loop3): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 128.924504][ T6815] FAT-fs (loop1): Directory bread(block 64) failed [ 128.951017][ T6815] FAT-fs (loop1): Directory bread(block 65) failed [ 128.983687][ T6815] FAT-fs (loop1): Directory bread(block 66) failed [ 128.996585][ T6815] FAT-fs (loop1): Directory bread(block 67) failed [ 129.003740][ T6815] FAT-fs (loop1): Directory bread(block 68) failed [ 129.011067][ T6815] FAT-fs (loop1): Directory bread(block 69) failed [ 129.018763][ T6815] FAT-fs (loop1): Directory bread(block 70) failed [ 129.038712][ T6815] FAT-fs (loop1): Directory bread(block 71) failed [ 129.045674][ T6815] FAT-fs (loop1): Directory bread(block 72) failed [ 129.056291][ T6815] FAT-fs (loop1): Directory bread(block 73) failed [ 129.072840][ T6816] ntfs: volume version 3.1. [ 129.155123][ T27] audit: type=1800 audit(1776087683.905:8): pid=6815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.349" name="bus" dev="loop1" ino=1048613 res=0 errno=0 [ 129.176026][ C0] vkms_vblank_simulate: vblank timer overrun [ 129.232921][ T6815] syz.1.349: attempt to access beyond end of device [ 129.232921][ T6815] loop1: rw=2049, sector=1224, nr_sectors = 76 limit=256 [ 129.239511][ T6816] ntfs: (device loop3): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set cp1255. You might want to try to use the mount option nls=utf8. [ 129.273299][ T6816] ntfs: (device loop3): ntfs_filldir(): Skipping unrepresentable inode 0x4. [ 129.479252][ T6823] loop2: detected capacity change from 0 to 2048 [ 129.528451][ T6823] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 129.579181][ T6823] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 129.765987][ T6829] Falling back ldisc for ttyS3. [ 130.303577][ T6847] team0: entered allmulticast mode [ 130.309039][ T6847] team_slave_0: entered allmulticast mode [ 130.315075][ T6847] team_slave_1: entered allmulticast mode [ 130.479545][ T5813] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 130.686442][ T5813] usb 3-1: Using ep0 maxpacket: 32 [ 130.705875][ T5813] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 130.753781][ T5813] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 130.777680][ T5813] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 130.796378][ T5813] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.817744][ T6861] netlink: 8 bytes leftover after parsing attributes in process `syz.1.370'. [ 130.844931][ T5813] usb 3-1: config 0 descriptor?? [ 130.861952][ T5813] hub 3-1:0.0: USB hub found [ 130.953558][ T6865] loop3: detected capacity change from 0 to 256 [ 131.068745][ T5813] hub 3-1:0.0: config failed, can't read hub descriptor (err -90) [ 131.312046][ T5813] usbhid 3-1:0.0: can't add hid device: -71 [ 131.318593][ T6873] syz.3.376 uses obsolete (PF_INET,SOCK_PACKET) [ 131.341778][ T5813] usbhid: probe of 3-1:0.0 failed with error -71 [ 131.400837][ T5813] usb 3-1: USB disconnect, device number 6 [ 131.967000][ T1196] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 132.204077][ T1196] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 132.237975][ T1196] usb 4-1: config 0 has no interface number 0 [ 132.259956][ T1196] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 132.273237][ T1196] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.301780][ T1196] usb 4-1: Product: syz [ 132.306114][ T1196] usb 4-1: Manufacturer: syz [ 132.321213][ T1196] usb 4-1: SerialNumber: syz [ 132.346792][ T1196] usb 4-1: config 0 descriptor?? [ 132.505077][ T6909] loop0: detected capacity change from 0 to 256 [ 132.552478][ T6909] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x204dac4c, utbl_chksum : 0xe619d30d) [ 132.594240][ T1196] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 132.624576][ T1196] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 132.665781][ T1196] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 132.687461][ T1196] usb 4-1: media controller created [ 132.763706][ T1196] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 132.888526][ T1196] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 132.965203][ T6918] loop1: detected capacity change from 0 to 512 [ 132.978504][ T1196] usb 4-1: USB disconnect, device number 8 [ 133.073891][ T6918] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 133.199724][ T6905] loop2: detected capacity change from 0 to 32768 [ 133.201699][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.213825][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.231304][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.275278][ T6905] (syz.2.391,6905,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 133.311655][ T6905] (syz.2.391,6905,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 133.487941][ T6905] JBD2: Ignoring recovery information on journal [ 133.603465][ T6905] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 133.623788][ T6928] loop0: detected capacity change from 0 to 256 [ 134.088157][ T6905] syz.2.391 (6905) used greatest stack depth: 18352 bytes left [ 134.104726][ T6939] loop0: detected capacity change from 0 to 1764 [ 134.132173][ T5777] ocfs2: Unmounting device (7,2) on (node local) [ 134.236314][ T23] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 134.446742][ T23] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 134.472363][ T23] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 134.484619][ T6942] loop2: detected capacity change from 0 to 512 [ 134.493799][ T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 134.526375][ T23] usb 4-1: config 0 interface 0 has no altsetting 0 [ 134.554165][ T6942] EXT4-fs (loop2): orphan cleanup on readonly fs [ 134.557433][ T23] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 134.580418][ T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 134.589072][ T6942] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 134.601829][ T23] usb 4-1: config 0 interface 0 has no altsetting 0 [ 134.610238][ T23] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 134.619481][ T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 134.630977][ T23] usb 4-1: config 0 interface 0 has no altsetting 0 [ 134.639116][ T23] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 134.648816][ T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 134.653330][ T6942] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, [ 134.660590][ T23] usb 4-1: config 0 interface 0 has no altsetting 0 [ 134.661975][ T23] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 134.669366][ T6942] block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 134.676135][ T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 134.676342][ T23] usb 4-1: config 0 interface 0 has no altsetting 0 [ 134.677706][ T23] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 134.721505][ T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 134.733345][ T6942] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.407: attempt to clear invalid blocks 2 len 1 [ 134.750671][ T6942] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.407: invalid indirect mapped block 1819239214 (level 0) [ 134.778902][ T23] usb 4-1: config 0 interface 0 has no altsetting 0 [ 134.778931][ T6942] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.407: invalid indirect mapped block 1819239214 (level 1) [ 134.786909][ T23] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 134.809266][ T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 134.820405][ T23] usb 4-1: config 0 interface 0 has no altsetting 0 [ 134.828407][ T23] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 134.837291][ T6942] EXT4-fs (loop2): 1 truncate cleaned up [ 134.837432][ T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 134.854010][ T23] usb 4-1: config 0 interface 0 has no altsetting 0 [ 134.861224][ T6942] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 134.878209][ T23] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 134.887670][ T23] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 134.896157][ T23] usb 4-1: Product: syz [ 134.900613][ T23] usb 4-1: Manufacturer: syz [ 134.905253][ T23] usb 4-1: SerialNumber: syz [ 134.912823][ T23] usb 4-1: config 0 descriptor?? [ 134.918540][ T6942] EXT4-fs (loop2): shut down requested (2) [ 134.979958][ T23] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 135.036526][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.279379][ C1] usb 4-1: yurex_control_callback - control failed: -71 [ 135.296532][ T23] usb 4-1: USB disconnect, device number 9 [ 135.311156][ T23] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 135.363344][ T6952] loop0: detected capacity change from 0 to 2048 [ 135.406998][ T6952] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 135.604671][ T6944] loop1: detected capacity change from 0 to 40427 [ 135.666394][ T6944] F2FS-fs (loop1): invalid crc value [ 135.686341][ T6944] F2FS-fs (loop1): Found nat_bits in checkpoint [ 135.896429][ T6944] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 135.985493][ T6955] f2fs_ckpt-7:1: attempt to access beyond end of device [ 135.985493][ T6955] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 136.005312][ T6955] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 136.144345][ T6966] batadv_slave_1: entered allmulticast mode [ 136.157945][ T6966] batadv_slave_1: left allmulticast mode [ 136.212783][ T6969] loop3: detected capacity change from 0 to 256 [ 136.322661][ T6969] FAT-fs (loop3): Directory bread(block 64) failed [ 136.346687][ T6969] FAT-fs (loop3): Directory bread(block 65) failed [ 136.372699][ T6969] FAT-fs (loop3): Directory bread(block 66) failed [ 136.396927][ T6969] FAT-fs (loop3): Directory bread(block 67) failed [ 136.436389][ T6969] FAT-fs (loop3): Directory bread(block 68) failed [ 136.465808][ T6969] FAT-fs (loop3): Directory bread(block 69) failed [ 136.477252][ T6969] FAT-fs (loop3): Directory bread(block 70) failed [ 136.501012][ T6969] FAT-fs (loop3): Directory bread(block 71) failed [ 136.536057][ T6969] FAT-fs (loop3): Directory bread(block 72) failed [ 136.572074][ T6969] FAT-fs (loop3): Directory bread(block 73) failed [ 137.407254][ T6984] binder: 6983:6984 ioctl c018620c 200000000280 returned -1 [ 137.422320][ T6986] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 137.441810][ T6978] loop2: detected capacity change from 0 to 32768 [ 137.506443][ T6978] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 137.678597][ T6978] XFS (loop2): Ending clean mount [ 137.721009][ T6978] XFS (loop2): Quotacheck needed: Please wait. [ 137.797898][ T7000] Driver unsupported XDP return value 0 on prog (id 19) dev N/A, expect packet loss! [ 137.819723][ T6978] XFS (loop2): Quotacheck: Done. [ 138.178673][ T5777] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 138.262394][ T7006] loop0: detected capacity change from 0 to 4096 [ 138.329238][ T7009] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 138.421826][ T6994] loop3: detected capacity change from 0 to 32768 [ 138.464286][ T7006] NILFS error (device loop0): nilfs_dotdot: directory #12 missing '.' [ 138.529614][ T6994] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 138.587958][ T7006] Remounting filesystem read-only [ 138.712188][ T5775] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 138.728907][ T5775] NILFS (loop0): discard dirty page: offset=0, ino=12 [ 138.771116][ T5775] NILFS (loop0): discard dirty block: blocknr=13, size=4096 [ 138.793535][ T5775] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 138.809945][ T6994] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 138.826625][ T5775] NILFS (loop0): discard dirty block: blocknr=14, size=4096 [ 138.834398][ T5775] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 138.868679][ T6994] XFS (loop3): Starting recovery (logdev: internal) [ 138.876513][ T5775] NILFS (loop0): discard dirty block: blocknr=23, size=4096 [ 138.877161][ T23] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 138.884111][ T5775] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 138.884135][ T5775] NILFS (loop0): discard dirty block: blocknr=24, size=4096 [ 138.884157][ T5775] NILFS (loop0): discard dirty page: offset=8192, ino=6 [ 138.933250][ T6994] XFS (loop3): Ending recovery (logdev: internal) [ 138.948777][ T5775] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [ 138.965243][ T5775] NILFS (loop0): discard dirty page: offset=0, ino=13 [ 138.981272][ T5775] NILFS (loop0): discard dirty block: blocknr=0, size=4096 [ 138.992804][ T5775] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 139.021260][ T5775] NILFS (loop0): discard dirty block: blocknr=28, size=4096 [ 139.041904][ T5775] NILFS (loop0): discard dirty page: offset=4096, ino=3 [ 139.082624][ T6994] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x44b/0x650, xfs_bnobt block 0x8 [ 139.096352][ T23] usb 3-1: Using ep0 maxpacket: 8 [ 139.101714][ T6994] XFS (loop3): Unmount and run xfs_repair [ 139.107748][ T5775] NILFS (loop0): discard dirty block: blocknr=29, size=4096 [ 139.127796][ T23] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 139.144860][ T5775] NILFS (loop0): discard dirty page: offset=663552, ino=3 [ 139.152571][ T23] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 139.169844][ T5775] NILFS (loop0): discard dirty block: blocknr=34, size=4096 [ 139.179818][ T23] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 139.212861][ T23] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 139.249455][ T5776] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 139.256731][ T23] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 139.286502][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.523978][ T7022] loop1: detected capacity change from 0 to 32768 [ 139.538641][ T23] usb 3-1: GET_CAPABILITIES returned 0 [ 139.563667][ T23] usbtmc 3-1:16.0: can't read capabilities [ 139.575696][ T7022] (syz.1.433,7022,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 139.598592][ T7022] (syz.1.433,7022,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 139.672734][ T7022] JBD2: Ignoring recovery information on journal [ 139.751189][ T23] usb 3-1: USB disconnect, device number 7 [ 139.778933][ T7022] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 140.196130][ T7035] loop0: detected capacity change from 0 to 4096 [ 140.211694][ T7035] ntfs: (device loop0): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 140.299246][ T5774] ocfs2: Unmounting device (7,1) on (node local) [ 140.356008][ T7035] ntfs: volume version 3.1. [ 140.559015][ T7035] ntfs: (device loop0): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set cp1255. You might want to try to use the mount option nls=utf8. [ 140.596882][ T7035] ntfs: (device loop0): ntfs_filldir(): Skipping unrepresentable inode 0x4. [ 140.690380][ T7037] loop3: detected capacity change from 0 to 32768 [ 140.747077][ T7037] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.437 (7037) [ 140.806217][ T7037] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 140.839255][ T7037] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 140.875466][ T7037] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 140.916268][ T7037] BTRFS info (device loop3): use zstd compression, level 3 [ 140.923612][ T7037] BTRFS info (device loop3): using free space tree [ 140.930448][ T7045] loop1: detected capacity change from 0 to 256 [ 140.993153][ T7045] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 141.181223][ T7037] BTRFS info (device loop3): enabling ssd optimizations [ 141.241097][ T7037] BTRFS info (device loop3): auto enabling async discard [ 141.518126][ T5776] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 141.535184][ T7044] loop0: detected capacity change from 0 to 32768 [ 141.692859][ T7044] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 142.031774][ T7082] loop2: detected capacity change from 0 to 1024 [ 142.082291][ T7082] EXT4-fs: Ignoring removed nomblk_io_submit option [ 142.121356][ T7044] XFS (loop0): Ending clean mount [ 142.131408][ T7082] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 142.188854][ T7044] XFS (loop0): Quotacheck needed: Please wait. [ 142.209181][ T7082] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 142.234756][ T7082] System zones: 0-1, 3-36 [ 142.287892][ T7082] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.351664][ T7044] XFS (loop0): Quotacheck: Done. [ 142.642785][ T5775] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 142.710991][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.304612][ T7108] netlink: 20 bytes leftover after parsing attributes in process `syz.1.458'. [ 143.667761][ T7120] loop9: detected capacity change from 0 to 7 [ 143.683482][ T7120] Dev loop9: unable to read RDB block 7 [ 143.693692][ T7120] loop9: unable to read partition table [ 143.710167][ T7120] loop9: partition table beyond EOD, truncated [ 143.713398][ T7114] loop0: detected capacity change from 0 to 4096 [ 143.723224][ T7120] loop_reread_partitions: partition scan of loop9 (■швлx№        ) failed (rc=-5) [ 143.788186][ T7114] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 144.338567][ T7128] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (65535) [ 144.387112][ T7128] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023 [ 144.456789][ T7110] loop2: detected capacity change from 0 to 32768 [ 144.486525][ T7110] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.459 (7110) [ 144.545996][ T7110] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 144.577276][ T7110] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 144.606633][ T7110] BTRFS warning (device loop2): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 144.641917][ T7110] BTRFS info (device loop2): trying to use backup root at mount time [ 144.667614][ T7110] BTRFS info (device loop2): turning on flush-on-commit [ 144.695337][ T7110] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8) [ 144.752545][ T7110] BTRFS info (device loop2): use lzo compression, level 0 [ 144.770841][ T7110] BTRFS info (device loop2): setting nodatasum [ 144.816349][ T7110] BTRFS info (device loop2): use no compression [ 144.843588][ T7110] BTRFS info (device loop2): max_inline at 0 [ 144.856278][ T7110] BTRFS info (device loop2): using free space tree [ 145.076663][ T992] BTRFS warning (device loop2): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xcee3a718 level 0 [ 145.156653][ T7110] BTRFS warning (device loop2): couldn't read tree root [ 145.163836][ T7110] BTRFS warning (device loop2): try to load backup roots slot 1 [ 145.219263][ T3478] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0xe06dfc66 level 0 [ 145.261913][ T7110] BTRFS warning (device loop2): couldn't read tree root [ 145.275800][ T7110] BTRFS warning (device loop2): try to load backup roots slot 2 [ 145.284825][ T3445] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 145.300292][ T7151] loop0: detected capacity change from 0 to 1024 [ 145.325145][ T7151] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 145.340385][ T7110] BTRFS warning (device loop2): couldn't read tree root [ 145.368167][ T7151] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 145.381076][ T7110] BTRFS warning (device loop2): try to load backup roots slot 3 [ 145.398843][ T7151] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 145.438004][ T7151] EXT4-fs error (device loop0): ext4_get_journal_inode:5820: inode #5: comm syz.0.471: unexpected bad inode w/o EXT4_IGET_BAD [ 145.456637][ T7151] EXT4-fs (loop0): no journal found [ 145.463053][ T7151] EXT4-fs (loop0): can't get journal size [ 145.468969][ T7110] BTRFS info (device loop2): enabling ssd optimizations [ 145.475945][ T7110] BTRFS info (device loop2): auto enabling async discard [ 145.510998][ T7151] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 145.524411][ T7110] BTRFS info (device loop2): rebuilding free space tree [ 145.539681][ T7126] loop3: detected capacity change from 0 to 40427 [ 145.561796][ T7126] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 145.569010][ T7126] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 145.578327][ T7126] F2FS-fs (loop3): heap/no_heap options were deprecated [ 145.590020][ T7126] F2FS-fs (loop3): invalid crc value [ 145.600369][ T7110] BTRFS info (device loop2): checking UUID tree [ 145.642530][ T7126] F2FS-fs (loop3): Found nat_bits in checkpoint [ 145.758467][ T7126] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 145.765591][ T7126] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 145.775372][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.912747][ T27] audit: type=1800 audit(1776087700.665:9): pid=7126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.467" name="file1" dev="loop3" ino=10 res=0 errno=0 [ 145.993580][ T7126] syz.3.467: attempt to access beyond end of device [ 145.993580][ T7126] loop3: rw=34817, sector=77824, nr_sectors = 8 limit=40427 [ 146.117490][ T5776] syz-executor: attempt to access beyond end of device [ 146.117490][ T5776] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 146.196367][ T5776] F2FS-fs (loop3): Remounting filesystem read-only [ 146.230992][ T5777] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 146.458385][ T7150] loop1: detected capacity change from 0 to 32768 [ 146.519539][ T7150] (syz.1.472,7150,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 146.566994][ T7150] (syz.1.472,7150,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 146.650987][ T7165] loop0: detected capacity change from 0 to 4096 [ 146.778429][ T7165] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.807524][ T7150] JBD2: Ignoring recovery information on journal [ 146.873505][ T7150] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 147.051655][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.240381][ T7174] loop2: detected capacity change from 0 to 512 [ 147.345347][ T7174] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.370079][ T7174] ext4 filesystem being mounted at /111/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.375779][ T27] audit: type=1800 audit(1776087702.125:10): pid=7150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.472" name="file1" dev="loop1" ino=16979 res=0 errno=0 [ 147.501596][ T7182] loop3: detected capacity change from 0 to 1024 [ 147.510470][ T7177] loop0: detected capacity change from 0 to 4096 [ 147.518240][ T7174] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 147.531444][ T7174] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 147.541487][ T7182] EXT4-fs: Ignoring removed nomblk_io_submit option [ 147.571739][ T7177] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 147.583933][ T5774] ocfs2: Unmounting device (7,1) on (node local) [ 147.593921][ T7182] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 147.639313][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.701545][ T7182] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 147.703262][ T7177] ntfs3: loop0: Failed to initialize $Extend/$Reparse. [ 147.716404][ T7182] System zones: 0-1, 3-36 [ 147.823484][ T7182] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.001812][ T7186] ntfs3: loop0: ino=5, "/" directory corrupted [ 148.096568][ T5775] ntfs3: loop0: ino=1a, ntfs_sync_fs failed, -22. [ 148.106002][ T5776] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.296756][ T7193] netlink: 16 bytes leftover after parsing attributes in process `syz.0.482'. [ 148.515342][ T7195] loop0: detected capacity change from 0 to 1024 [ 148.589982][ T7195] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 148.676467][ T7195] ext4 filesystem being mounted at /141/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.801722][ T7195] EXT4-fs error (device loop0): ext4_free_blocks:6694: comm syz.0.485: Freeing blocks not in datazone - block = 0, count = 16 [ 148.838922][ T7195] EXT4-fs (loop0): Remounting filesystem read-only [ 148.988915][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 149.011241][ T7189] loop1: detected capacity change from 0 to 32768 [ 149.166730][ T7189] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 149.310734][ T7189] XFS (loop1): Ending clean mount [ 149.354817][ T5813] XFS (loop1): Corruption warning: Metadata has LSN (2:16) ahead of current LSN (1:112). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 149.412129][ T5813] XFS (loop1): Metadata CRC error detected at xfs_inobt_read_verify+0x42/0xd0, xfs_finobt block 0x20 [ 149.466857][ T5813] XFS (loop1): Unmount and run xfs_repair [ 149.496575][ T5813] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 149.521403][ T5813] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 149.536583][ T5813] 00000010: 00 00 00 00 00 00 00 20 00 00 00 02 00 00 00 10 ....... ........ [ 149.562073][ T5813] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 149.563582][ T7222] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 149.581390][ T5813] 00000030: 00 00 00 00 ca b4 20 ce 00 00 11 40 00 00 40 37 ...... ....@..@7 [ 149.602813][ T7222] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 149.607998][ T5813] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 149.631693][ T5813] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 149.652126][ T5813] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 149.672401][ T5813] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 149.686061][ T7207] loop2: detected capacity change from 0 to 32768 [ 149.696560][ T7189] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x20 len 8 error 74 [ 149.716675][ T7189] XFS (loop1): Failed to initialize disk quotas. [ 149.764472][ T7207] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 149.808688][ T5774] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 149.948185][ T7207] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 150.032517][ T7207] XFS (loop2): Starting recovery (logdev: internal) [ 150.116484][ T7207] XFS (loop2): Ending recovery (logdev: internal) [ 150.566396][ T5813] XFS (loop2): Metadata corruption detected at xfs_inobt_verify+0xc5/0x230, xfs_finobt block 0x8 [ 150.598467][ T5813] XFS (loop2): Unmount and run xfs_repair [ 150.625332][ T5813] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 150.667619][ T5813] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff AB3B............ [ 150.732373][ T5813] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10 ................ [ 150.770745][ T5813] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 150.815967][ T5813] 00000030: 00 00 00 00 c8 fc 31 e4 00 00 04 4e 00 00 00 02 ......1....N.... [ 150.828906][ T1196] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 150.869751][ T5813] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 150.907513][ T5813] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 150.925323][ T5813] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 150.942913][ T5813] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 150.952479][ T7242] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x8 len 8 error 117 [ 151.003832][ T27] audit: type=1800 audit(1776087705.765:11): pid=7207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.488" name="file1" dev="loop2" ino=4422 res=0 errno=0 [ 151.023789][ C0] vkms_vblank_simulate: vblank timer overrun [ 151.036940][ T1196] usb 4-1: Using ep0 maxpacket: 32 [ 151.076364][ T1196] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 151.136352][ T1196] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.173995][ T1196] usb 4-1: config 0 descriptor?? [ 151.187923][ T5777] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 151.444149][ T1196] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 151.470714][ T7238] loop0: detected capacity change from 0 to 131072 [ 151.472839][ T1196] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 151.481659][ T7238] F2FS-fs (loop0): Invalid log sectorsize (67108873) [ 151.494667][ T7238] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 151.504084][ T7238] F2FS-fs (loop0): invalid crc value [ 151.553525][ T7238] F2FS-fs (loop0): Found nat_bits in checkpoint [ 151.559599][ T1196] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 151.617620][ T1196] usb 4-1: media controller created [ 151.639291][ T7238] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 151.646952][ T7238] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 151.705420][ T7238] F2FS-fs (loop0): sanity_check_inode: inode (ino=4, mode=1773) should not have inline_dentry, run fsck to fix [ 151.754828][ T1196] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 151.853912][ T1196] az6027: usb out operation failed. (-71) [ 151.885502][ T1196] az6027: usb out operation failed. (-71) [ 151.894053][ T1196] stb0899_attach: Driver disabled by Kconfig [ 151.902121][ T1196] az6027: no front-end attached [ 151.902121][ T1196] [ 151.912152][ T1196] az6027: usb out operation failed. (-71) [ 151.919497][ T1196] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 151.956600][ T1196] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input7 [ 152.022113][ T1196] dvb-usb: schedule remote query interval to 400 msecs. [ 152.030885][ T1196] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 152.085088][ T1196] usb 4-1: USB disconnect, device number 10 [ 152.206043][ T1196] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 152.461918][ T7264] loop3: detected capacity change from 0 to 1024 [ 152.613668][ T7262] loop2: detected capacity change from 0 to 4096 [ 152.654030][ T7264] syz.3.504: attempt to access beyond end of device [ 152.654030][ T7264] loop3: rw=0, sector=393220, nr_sectors = 2 limit=1024 [ 152.663273][ T7262] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 153.600448][ T7279] loop1: detected capacity change from 0 to 256 [ 154.168455][ T7269] loop0: detected capacity change from 0 to 40427 [ 154.197176][ T7291] netlink: 16 bytes leftover after parsing attributes in process `syz.1.518'. [ 154.208807][ T7269] F2FS-fs (loop0): build fault injection attr: rate: 14, type: 0x7ffff [ 154.219447][ T7269] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0xe4 [ 154.258239][ T7269] F2FS-fs (loop0): invalid crc value [ 154.293298][ T7287] loop3: detected capacity change from 0 to 8192 [ 154.294169][ T7269] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x68b/0x9b0 [ 154.577266][ T7269] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 154.683955][ T7269] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_page of f2fs_new_node_page+0x13a/0x910 [ 154.725901][ T7295] loop1: detected capacity change from 0 to 4096 [ 154.760117][ T7299] F2FS-fs (loop0): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x127/0xb50 [ 155.085433][ T5815] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 155.197695][ T7289] loop2: detected capacity change from 0 to 32768 [ 155.290776][ T5815] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 155.316439][ T5815] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.334458][ T5815] usb 4-1: config 0 descriptor?? [ 155.375073][ T5815] cp210x 4-1:0.0: cp210x converter detected [ 155.493196][ T7304] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input8 [ 155.788707][ T5815] usb 4-1: cp210x converter now attached to ttyUSB0 [ 155.981297][ T5815] usb 4-1: USB disconnect, device number 11 [ 156.000432][ T5815] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 156.072136][ T5815] cp210x 4-1:0.0: device disconnected [ 156.124208][ T7314] loop1: detected capacity change from 0 to 4096 [ 156.135518][ T7314] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512). [ 156.971217][ T7331] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 157.107362][ T7333] loop0: detected capacity change from 0 to 512 [ 157.145545][ T7335] netlink: 16 bytes leftover after parsing attributes in process `syz.2.536'. [ 157.157359][ T7333] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 157.170504][ T7333] ext4 filesystem being mounted at /153/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 157.233264][ T7333] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 157.318391][ T7333] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. [ 157.432485][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.558490][ T7325] loop3: detected capacity change from 0 to 32768 [ 157.603178][ T7325] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 157.802962][ T7325] XFS (loop3): Ending clean mount [ 157.825097][ T7325] XFS (loop3): Quotacheck needed: Please wait. [ 157.937769][ T7325] XFS (loop3): Quotacheck: Done. [ 158.090726][ T5776] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 158.234544][ T7368] loop2: detected capacity change from 0 to 64 [ 158.290238][ T7370] loop0: detected capacity change from 0 to 256 [ 158.458056][ T27] audit: type=1800 audit(1776087713.215:12): pid=7368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.547" name="file2" dev="loop2" ino=21 res=0 errno=0 [ 159.073489][ T7390] loop2: detected capacity change from 0 to 16 [ 159.121860][ T7390] erofs: (device loop2): mounted with root inode @ nid 36. [ 159.178864][ T7390] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 159.396778][ T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 159.635687][ T9] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 159.656269][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.679909][ T9] usb 4-1: Product: syz [ 159.684426][ T9] usb 4-1: Manufacturer: syz [ 159.710472][ T9] usb 4-1: SerialNumber: syz [ 159.815592][ T7386] loop1: detected capacity change from 0 to 32768 [ 159.839610][ T3478] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.919854][ T7386] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 159.978018][ T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 160.005242][ T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 160.038954][ T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 160.063513][ T3478] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.074725][ T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 160.095559][ T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 160.157062][ T9] lan78xx: probe of 4-1:1.0 failed with error -71 [ 160.178175][ T7386] XFS (loop1): Ending clean mount [ 160.195283][ T9] usb 4-1: USB disconnect, device number 12 [ 160.233887][ T7386] XFS (loop1): Quotacheck needed: Please wait. [ 160.301702][ T3478] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.304854][ T7386] XFS (loop1): Quotacheck: Done. [ 160.453512][ T3478] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.574018][ T5774] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 161.404436][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 161.420209][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 161.430431][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 161.471772][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 161.482449][ T51] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 161.490005][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 161.973961][ T7435] loop1: detected capacity change from 0 to 764 [ 162.375671][ T7415] loop0: detected capacity change from 0 to 32768 [ 162.442198][ T7415] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 162.619931][ T7415] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 162.704137][ T7415] XFS (loop0): Starting recovery (logdev: internal) [ 162.775382][ T7415] XFS (loop0): Ending recovery (logdev: internal) [ 163.002679][ T7421] chnl_net:caif_netlink_parms(): no params data found [ 163.065520][ T7415] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x44b/0x650, xfs_bnobt block 0x8 [ 163.098858][ T7444] loop1: detected capacity change from 0 to 32768 [ 163.108931][ T7415] XFS (loop0): Unmount and run xfs_repair [ 163.196611][ T7444] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 163.256367][ T7444] XFS (loop1): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 163.363641][ T5775] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 163.551537][ T7444] XFS (loop1): Ending clean mount [ 163.627131][ T51] Bluetooth: hci3: command tx timeout [ 163.635265][ T7444] XFS (loop1): Quotacheck needed: Please wait. [ 163.748682][ T7444] XFS (loop1): Quotacheck: Done. [ 163.885383][ T7421] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.919709][ T7421] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.964725][ T7421] bridge_slave_0: entered allmulticast mode [ 164.007399][ T7421] bridge_slave_0: entered promiscuous mode [ 164.022745][ T5774] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 164.044593][ T7421] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.061769][ T7421] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.086535][ T7421] bridge_slave_1: entered allmulticast mode [ 164.108446][ T7421] bridge_slave_1: entered promiscuous mode [ 164.353610][ T7481] loop0: detected capacity change from 0 to 4096 [ 164.382303][ T3478] hsr_slave_0: left promiscuous mode [ 164.424631][ T3478] hsr_slave_1: left promiscuous mode [ 164.482988][ T3478] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 164.526339][ T3478] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 164.561637][ T3478] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 164.580119][ T3478] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 164.600435][ T3478] bridge_slave_1: left allmulticast mode [ 164.616330][ T3478] bridge_slave_1: left promiscuous mode [ 164.634542][ T3478] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.718226][ T3478] bridge_slave_0: left allmulticast mode [ 164.739231][ T3478] bridge_slave_0: left promiscuous mode [ 164.745789][ T7491] loop1: detected capacity change from 0 to 64 [ 164.764781][ T3478] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.859293][ T27] audit: type=1800 audit(1776087719.625:13): pid=7491 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.576" name="file1" dev="loop1" ino=21 res=0 errno=0 [ 164.900840][ T3478] bond0: left promiscuous mode [ 164.915055][ T3478] bond_slave_0: left promiscuous mode [ 164.921919][ T3478] bond_slave_1: left promiscuous mode [ 164.934733][ T3478] veth1_macvtap: left promiscuous mode [ 164.937869][ T7491] syz.1.576: attempt to access beyond end of device [ 164.937869][ T7491] loop1: rw=34817, sector=57, nr_sectors = 8 limit=64 [ 164.941177][ T3478] veth0_macvtap: left promiscuous mode [ 164.965152][ T3478] veth1_vlan: left promiscuous mode [ 164.972191][ T3478] veth0_vlan: left promiscuous mode [ 165.686542][ T51] Bluetooth: hci3: command tx timeout [ 165.891992][ T7499] loop0: detected capacity change from 0 to 32768 [ 165.911273][ T7499] XFS: attr2 mount option is deprecated. [ 166.020243][ T7499] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 166.163603][ T7499] XFS (loop0): Ending clean mount [ 166.222509][ T7499] XFS (loop0): Quotacheck needed: Please wait. [ 166.363997][ T7503] loop1: detected capacity change from 0 to 32768 [ 166.390737][ T7499] XFS (loop0): Quotacheck: Done. [ 166.441157][ T7503] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 166.609543][ T5775] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 166.820509][ T7503] XFS (loop1): Ending clean mount [ 166.905769][ T7503] XFS (loop1): Quotacheck needed: Please wait. [ 166.979345][ T3478] team0 (unregistering): Port device team_slave_1 removed [ 167.023151][ T7503] XFS (loop1): Quotacheck: Done. [ 167.159283][ T3478] team0 (unregistering): Port device team_slave_0 removed [ 167.277983][ T3478] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 167.448059][ T3478] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 167.619116][ T5774] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 167.767619][ T51] Bluetooth: hci3: command tx timeout [ 168.092585][ T3478] bond0 (unregistering): Released all slaves [ 168.228858][ T7421] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.317091][ T7421] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.450939][ T7421] team0: Port device team_slave_0 added [ 168.475835][ T7421] team0: Port device team_slave_1 added [ 168.604487][ T7421] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.622971][ T7421] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.683605][ T7421] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.705169][ T7535] netlink: 'syz.3.589': attribute type 3 has an invalid length. [ 168.714417][ T7535] netlink: 'syz.3.589': attribute type 3 has an invalid length. [ 168.742919][ T7535] netlink: 'syz.3.589': attribute type 3 has an invalid length. [ 168.787199][ T7535] netlink: 'syz.3.589': attribute type 3 has an invalid length. [ 168.804353][ T7535] netlink: 'syz.3.589': attribute type 3 has an invalid length. [ 168.843833][ T7535] netlink: 'syz.3.589': attribute type 3 has an invalid length. [ 168.852198][ T7535] netlink: 'syz.3.589': attribute type 3 has an invalid length. [ 168.887049][ T7535] netlink: 'syz.3.589': attribute type 3 has an invalid length. [ 168.917070][ T7535] netlink: 'syz.3.589': attribute type 3 has an invalid length. [ 168.925091][ T7535] netlink: 'syz.3.589': attribute type 3 has an invalid length. [ 168.962103][ T7421] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.990006][ T7421] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.047596][ T7421] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.245971][ T7421] hsr_slave_0: entered promiscuous mode [ 169.264792][ T7421] hsr_slave_1: entered promiscuous mode [ 169.444583][ T7552] loop3: detected capacity change from 0 to 256 [ 169.846471][ T51] Bluetooth: hci3: command tx timeout [ 169.928633][ T7421] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 169.966800][ T7421] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 169.989777][ T7421] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 170.038212][ T7421] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 170.441198][ T7421] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.458160][ T7571] netlink: 4 bytes leftover after parsing attributes in process `syz.1.596'. [ 170.524393][ T7421] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.563351][ T3478] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.570828][ T3478] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.610045][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.617438][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.692823][ T7578] ALSA: mixer_oss: invalid OSS volume '' [ 170.823492][ T7582] loop3: detected capacity change from 0 to 512 [ 170.872823][ T7582] EXT4-fs error (device loop3): ext4_orphan_get:1404: inode #15: comm syz.3.599: inode has both inline data and extents flags [ 170.997207][ T7582] EXT4-fs error (device loop3): ext4_orphan_get:1409: comm syz.3.599: couldn't read orphan inode 15 (err -117) [ 171.058816][ T7582] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000400000000 r/w without journal. Quota mode: writeback. [ 171.200751][ T7582] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 171.307205][ T5815] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 171.323070][ T7421] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 171.373921][ T5776] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000400000000. [ 171.550049][ T5815] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 171.576274][ T5815] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.613065][ T5815] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 171.639761][ T5815] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.675573][ T5815] usb 2-1: config 0 descriptor?? [ 171.700096][ T5815] hub 2-1:0.0: USB hub found [ 171.946448][ T5815] hub 2-1:0.0: 1 port detected [ 172.290395][ T7421] veth0_vlan: entered promiscuous mode [ 172.321693][ T7421] veth1_vlan: entered promiscuous mode [ 172.352423][ T5815] usb 2-1: USB disconnect, device number 7 [ 172.416273][ T9] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 172.470405][ T7421] veth0_macvtap: entered promiscuous mode [ 172.509809][ T7421] veth1_macvtap: entered promiscuous mode [ 172.514033][ T7631] loop0: detected capacity change from 0 to 64 [ 172.539619][ T7421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.551861][ T7421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.564044][ T7421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.580944][ T7421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.592137][ T7421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.610348][ T7421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.635959][ T7421] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 172.667541][ T9] usb 4-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 172.683612][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.696613][ T7421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.710561][ T9] usb 4-1: Product: syz [ 172.714805][ T9] usb 4-1: Manufacturer: syz [ 172.721554][ T9] usb 4-1: SerialNumber: syz [ 172.726700][ T7421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.738423][ T7421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.752482][ T9] usb 4-1: config 0 descriptor?? [ 172.759156][ T7421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.781404][ T7421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.792588][ T7421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.808406][ T7421] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 172.844166][ T7421] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.863158][ T7421] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.873566][ T7421] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.908399][ T7421] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.005600][ T9] usb 4-1: ignoring: probably an ADSL modem [ 173.109085][ T7637] loop0: detected capacity change from 0 to 512 [ 173.122739][ T7637] EXT4-fs: Ignoring removed mblk_io_submit option [ 173.149570][ T7637] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 173.162346][ T3445] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 173.174380][ T3445] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 173.193283][ T7637] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e028, mo2=0002] [ 173.207610][ T7637] EXT4-fs (loop0): orphan cleanup on readonly fs [ 173.258373][ T1084] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 173.285748][ T7637] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.617: bg 0: block 361: padding at end of block bitmap is not set [ 173.307517][ T1084] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 173.323407][ T7637] EXT4-fs (loop0): Remounting filesystem read-only [ 173.373904][ T7637] EXT4-fs (loop0): 1 truncate cleaned up [ 173.385474][ T7637] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 173.417925][ T9] cxacru 4-1:0.0: usbatm_usb_probe: bind failed: -19! [ 173.499976][ T7637] tipc: Started in network mode [ 173.505301][ T7637] tipc: Node identity remount-, cluster identity 4711 [ 173.617799][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 173.653151][ T5764] usb 4-1: USB disconnect, device number 13 [ 173.915154][ T7657] program syz.1.613 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 174.910394][ T7679] loop4: detected capacity change from 0 to 32768 [ 175.636860][ T7705] netlink: 20 bytes leftover after parsing attributes in process `syz.3.628'. [ 175.689149][ T7705] netlink: 20 bytes leftover after parsing attributes in process `syz.3.628'. [ 176.601447][ T7722] loop4: detected capacity change from 0 to 256 [ 176.734505][ T7722] FAT-fs (loop4): Directory bread(block 64) failed [ 176.771399][ T7722] FAT-fs (loop4): Directory bread(block 65) failed [ 176.790310][ T7703] loop0: detected capacity change from 0 to 40427 [ 176.816398][ T7722] FAT-fs (loop4): Directory bread(block 66) failed [ 176.823253][ T7722] FAT-fs (loop4): Directory bread(block 67) failed [ 176.856409][ T7722] FAT-fs (loop4): Directory bread(block 68) failed [ 176.863240][ T7722] FAT-fs (loop4): Directory bread(block 69) failed [ 176.898888][ T7703] F2FS-fs (loop0): invalid crc value [ 176.904638][ T7722] FAT-fs (loop4): Directory bread(block 70) failed [ 176.937684][ T7722] FAT-fs (loop4): Directory bread(block 71) failed [ 176.967936][ T7722] FAT-fs (loop4): Directory bread(block 72) failed [ 176.986881][ T7703] F2FS-fs (loop0): Found nat_bits in checkpoint [ 176.997935][ T7722] FAT-fs (loop4): Directory bread(block 73) failed [ 177.246066][ T7703] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 177.539028][ T5775] syz-executor: attempt to access beyond end of device [ 177.539028][ T5775] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 177.586936][ T5775] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 177.653937][ T7712] loop3: detected capacity change from 0 to 32768 [ 177.700269][ T7712] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 177.713334][ T7712] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 177.876800][ T8] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 177.957336][ T7712] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 177.996014][ T5764] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 178.022866][ T5764] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 178.086883][ T8] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 178.120919][ T8] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 178.163113][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 178.204314][ T8] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 178.248569][ T5764] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 225ms [ 178.257236][ T8] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 178.294210][ T5764] gfs2: fsid=syz:syz.0: jid=0: Done [ 178.298305][ T8] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 178.309244][ T7712] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 178.407646][ T8] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 178.415823][ T8] usb 2-1: Product: syz [ 178.446086][ T8] usb 2-1: Manufacturer: syz [ 178.477897][ T8] cdc_wdm 2-1:1.0: skipping garbage [ 178.505517][ T8] cdc_wdm 2-1:1.0: skipping garbage [ 178.543482][ T8] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 178.560079][ T8] cdc_wdm 2-1:1.0: Unknown control protocol [ 179.052266][ C0] cdc_wdm 2-1:1.0: Unexpected error -71 [ 179.052594][ T23] usb 2-1: USB disconnect, device number 8 [ 179.061021][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 179.072141][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 179.078266][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 179.087354][ C0] vkms_vblank_simulate: vblank timer overrun [ 179.187318][ T7774] loop4: detected capacity change from 0 to 256 [ 179.469351][ T7779] loop4: detected capacity change from 0 to 64 [ 179.520788][ T7779] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing [ 179.781047][ T7767] loop0: detected capacity change from 0 to 32768 [ 179.826574][ T7767] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.642 (7767) [ 179.881505][ T7767] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 179.893765][ T7767] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 179.921550][ T7767] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 179.935029][ T7767] BTRFS info (device loop0): use zstd compression, level 3 [ 179.942853][ T7767] BTRFS info (device loop0): using free space tree [ 180.110904][ T7806] netlink: 16 bytes leftover after parsing attributes in process `syz.4.650'. [ 180.210243][ T7767] BTRFS info (device loop0): enabling ssd optimizations [ 180.238423][ T7767] BTRFS info (device loop0): auto enabling async discard [ 180.422141][ T7816] netlink: 332 bytes leftover after parsing attributes in process `syz.4.652'. [ 180.492150][ T7815] loop3: detected capacity change from 0 to 2048 [ 180.520153][ T5775] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 180.583684][ T7815] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 180.917440][ T5768] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 9 /dev/loop0 scanned by udevd (5768) [ 181.280108][ T7837] program syz.0.661 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 182.807815][ T7863] loop3: detected capacity change from 0 to 32768 [ 182.825261][ T5764] kernel write not supported for file /sequencer (pid: 5764 comm: kworker/1:3) [ 182.836888][ T7863] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz.3.671 (7863) [ 182.863966][ T7863] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 182.875110][ T7863] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 182.886765][ T7863] BTRFS info (device loop3): enabling disk space caching [ 182.896743][ T7863] BTRFS info (device loop3): force clearing of disk cache [ 182.905058][ T7863] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 182.916761][ T7863] BTRFS info (device loop3): use zstd compression, level 3 [ 182.925385][ T7863] BTRFS info (device loop3): disk space caching is enabled [ 183.022825][ T7863] BTRFS info (device loop3): enabling ssd optimizations [ 183.031118][ T7863] BTRFS info (device loop3): auto enabling async discard [ 183.051453][ T7863] BTRFS info (device loop3): rebuilding free space tree [ 183.086758][ T7863] BTRFS info (device loop3): disabling free space tree [ 183.097040][ T7863] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 183.118584][ T7863] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 183.424072][ T5776] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 183.887953][ T7908] loop4: detected capacity change from 0 to 4096 [ 183.966991][ T7913] pim6reg: entered allmulticast mode [ 184.036414][ T7913] pim6reg: left allmulticast mode [ 184.469338][ T7919] loop4: detected capacity change from 0 to 128 [ 184.555291][ T7919] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 184.606349][ T7919] hpfs: filesystem error: improperly stopped [ 184.626523][ T7919] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 184.648612][ T7919] hpfs: You really don't want any checks? You are crazy... [ 184.686265][ T7919] hpfs: Code page index out of array [ 184.706368][ T7919] hpfs: code page support is disabled [ 184.749195][ T7919] hpfs: hpfs_map_4sectors(): unaligned read [ 184.755919][ T7919] hpfs: hpfs_map_4sectors(): unaligned read [ 184.764312][ T7900] loop1: detected capacity change from 0 to 40427 [ 184.786250][ T7919] hpfs: filesystem error: unable to find root dir [ 184.793324][ T7900] F2FS-fs (loop1): Invalid log_blocksize (64), supports only 12 [ 184.822502][ T7900] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 184.911234][ T7900] F2FS-fs (loop1): invalid crc value [ 185.133816][ T51] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 185.144832][ T51] CPU: 1 PID: 51 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 185.152375][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 185.162605][ T51] Workqueue: hci3 hci_rx_work [ 185.167551][ T51] Call Trace: [ 185.170882][ T51] [ 185.174278][ T51] dump_stack_lvl+0x18c/0x250 [ 185.179113][ T51] ? show_regs_print_info+0x20/0x20 [ 185.184391][ T51] ? load_image+0x420/0x420 [ 185.189238][ T51] sysfs_create_dir_ns+0x26e/0x2a0 [ 185.195322][ T51] ? sysfs_warn_dup+0xa0/0xa0 [ 185.200136][ T51] ? do_raw_spin_unlock+0x121/0x230 [ 185.205839][ T51] kobject_add_internal+0x61c/0xcc0 [ 185.211194][ T51] kobject_add+0x164/0x240 [ 185.215989][ T51] ? __rwlock_init+0x150/0x150 [ 185.220890][ T51] ? kobject_init+0x1e0/0x1e0 [ 185.226031][ T51] ? _raw_spin_unlock+0x28/0x40 [ 185.230955][ T51] ? get_device_parent+0x366/0x390 [ 185.236210][ T51] device_add+0x408/0xc20 [ 185.240753][ T51] hci_conn_add_sysfs+0xd5/0x1e0 [ 185.245808][ T51] le_conn_complete_evt+0xf5d/0x1540 [ 185.251393][ T51] ? hci_event_packet+0x4cb/0x1270 [ 185.256953][ T51] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 185.263361][ T51] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 185.269029][ T51] ? skb_pull_data+0xfb/0x200 [ 185.273847][ T51] hci_le_enh_conn_complete_evt+0x189/0x460 [ 185.279779][ T51] ? hci_le_remote_conn_param_req_evt+0xce0/0xce0 [ 185.286329][ T51] ? hci_remote_host_features_evt+0x150/0x150 [ 185.292561][ T51] hci_event_packet+0x7ba/0x1270 [ 185.297731][ T51] ? bis_list+0x290/0x290 [ 185.302203][ T51] ? lockdep_hardirqs_on+0x98/0x150 [ 185.307470][ T51] ? hci_send_to_monitor+0xd7/0x4f0 [ 185.312809][ T51] hci_rx_work+0x43a/0xd60 [ 185.317275][ T51] ? process_scheduled_works+0x96f/0x15d0 [ 185.323042][ T51] process_scheduled_works+0xa5d/0x15d0 [ 185.328766][ T51] ? worker_attach_to_pool+0x380/0x380 [ 185.334360][ T51] ? assign_work+0x3d2/0x5d0 [ 185.338990][ T51] worker_thread+0xa55/0xfc0 [ 185.343653][ T51] kthread+0x2fa/0x390 [ 185.347740][ T51] ? pr_cont_work+0x560/0x560 [ 185.352460][ T51] ? kthread_blkcg+0xd0/0xd0 [ 185.357193][ T51] ret_from_fork+0x48/0x80 [ 185.361678][ T51] ? kthread_blkcg+0xd0/0xd0 [ 185.366395][ T51] ret_from_fork_asm+0x11/0x20 [ 185.371252][ T51] [ 185.376950][ T51] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 185.446379][ T51] Bluetooth: hci3: failed to register connection device [ 185.466565][ T7900] F2FS-fs (loop1): Start checkpoint disabled! [ 185.494072][ T7900] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 185.532728][ T7900] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 185.785825][ T7900] syz.1.682: attempt to access beyond end of device [ 185.785825][ T7900] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 185.854635][ T7900] syz.1.682: attempt to access beyond end of device [ 185.854635][ T7900] loop1: rw=2049, sector=45120, nr_sectors = 8 limit=40427 [ 185.901851][ T7942] syz.1.682: attempt to access beyond end of device [ 185.901851][ T7942] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 185.920309][ T7942] syz.1.682: attempt to access beyond end of device [ 185.920309][ T7942] loop1: rw=2049, sector=45120, nr_sectors = 8 limit=40427 [ 186.112303][ T3478] kworker/u4:11: attempt to access beyond end of device [ 186.112303][ T3478] loop1: rw=2049, sector=45128, nr_sectors = 8 limit=40427 [ 186.138169][ T3478] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 186.665024][ T7963] loop4: detected capacity change from 0 to 128 [ 186.725982][ T7963] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 186.777002][ T7963] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 186.855612][ T7963] overlayfs: upper fs needs to support d_type. [ 186.902641][ T7963] overlayfs: upper fs does not support tmpfile. [ 187.036561][ T7968] input: syz1 as /devices/virtual/input/input9 [ 187.111092][ T7948] loop0: detected capacity change from 0 to 40427 [ 187.145884][ T7948] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 187.196339][ T7948] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 187.250948][ T7948] F2FS-fs (loop0): invalid crc value [ 187.327071][ T7948] F2FS-fs (loop0): Found nat_bits in checkpoint [ 187.354106][ T7978] loop3: detected capacity change from 0 to 512 [ 187.396454][ T7980] loop1: detected capacity change from 0 to 64 [ 187.622546][ T7948] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 187.673344][ T7948] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 187.783373][ T27] audit: type=1326 audit(1776087742.535:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7982 comm="syz.3.711" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9d8979c819 code=0x0 [ 187.805369][ C0] vkms_vblank_simulate: vblank timer overrun [ 188.166033][ T7994] netlink: 60 bytes leftover after parsing attributes in process `syz.4.717'. [ 189.336397][ T8020] loop4: detected capacity change from 0 to 2048 [ 189.369355][ T8020] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 189.443381][ T9] kernel write not supported for file /sequencer (pid: 9 comm: kworker/0:1) [ 190.131559][ T8] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 190.350279][ T8] usb 1-1: config 1 interface 0 altsetting 7 bulk endpoint 0x82 has invalid maxpacket 16 [ 190.376672][ T8] usb 1-1: config 1 interface 0 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 32 [ 190.402851][ T8] usb 1-1: config 1 interface 0 has no altsetting 0 [ 190.416999][ T8] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 190.427356][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.435638][ T8] usb 1-1: Product: syz [ 190.456594][ T8] usb 1-1: Manufacturer: syz [ 190.466664][ T8] usb 1-1: SerialNumber: syz [ 190.481912][ T8033] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 190.494548][ T8033] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 190.741265][ T51] Bluetooth: hci2: Unknown advertising packet type: 0x30 [ 190.741353][ T51] Bluetooth: hci2: adv larger than maximum supported [ 190.750041][ T51] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 190.757122][ T51] Bluetooth: hci2: Malformed LE Event: 0x0d [ 190.777959][ T8] cdc_ether: probe of 1-1:1.0 failed with error -71 [ 190.802577][ T8] usb 1-1: USB disconnect, device number 3 [ 191.151242][ T8062] netlink: 8 bytes leftover after parsing attributes in process `syz.3.736'. [ 191.196283][ T8062] erspan0: entered promiscuous mode [ 191.676513][ T5764] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 191.905508][ T5764] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 191.935087][ T5764] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 191.961755][ T5764] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 191.997722][ T5764] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 192.010664][ T5764] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 192.014247][ T8058] loop1: detected capacity change from 0 to 32768 [ 192.050352][ T5764] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 192.071724][ T5764] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 192.121624][ T5764] usb 5-1: Product: syz [ 192.133314][ T5764] usb 5-1: Manufacturer: syz [ 192.152278][ T5764] cdc_wdm 5-1:1.0: skipping garbage [ 192.174302][ T5764] cdc_wdm 5-1:1.0: skipping garbage [ 192.175074][ T8058] ERROR: (device loop1): dbAdjCtl: the maximum free buddy is not the old root [ 192.175074][ T8058] [ 192.189825][ T5764] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 192.235983][ T5764] cdc_wdm 5-1:1.0: Unknown control protocol [ 192.237421][ T8058] ERROR: (device loop1): remounting filesystem as read-only [ 192.339527][ T8093] netlink: 4 bytes leftover after parsing attributes in process `syz.0.746'. [ 192.399501][ T8093] bridge0: entered promiscuous mode [ 192.435563][ T8093] macvtap1: entered promiscuous mode [ 192.442547][ T8093] macvtap1: entered allmulticast mode [ 192.453682][ T8093] bridge0: entered allmulticast mode [ 192.478984][ T8093] bridge0: port 3(macvtap1) entered blocking state [ 192.498854][ T8093] bridge0: port 3(macvtap1) entered disabled state [ 192.524511][ T8093] bridge0: left allmulticast mode [ 192.532682][ T8093] bridge0: left promiscuous mode [ 192.688161][ C0] cdc_wdm 5-1:1.0: Unexpected error -71 [ 192.693979][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 192.700626][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 192.707614][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 192.714282][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 192.723191][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 192.729855][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 192.736681][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 192.743507][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 192.749891][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 192.756540][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 192.762998][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 192.769662][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 192.776206][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 192.782946][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 192.789389][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 192.796041][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 192.802380][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 192.809026][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 192.817276][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 192.823986][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 192.831227][ T9] usb 5-1: USB disconnect, device number 2 [ 192.837215][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 192.870450][ T112] BUG: Bad page state in process jfsCommit pfn:2665b [ 192.898981][ T112] page:ffffea00009996c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1c pfn:0x2665b [ 192.930077][ T112] flags: 0xfff0800000820d(locked|referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff) [ 192.954826][ T112] page_type: 0xffffffff() [ 192.978719][ T112] raw: 00fff0800000820d dead000000000100 dead000000000122 0000000000000000 [ 192.997985][ T112] raw: 000000000000001c ffff88807a9d43e0 00000000ffffffff 0000000000000000 [ 193.016516][ T112] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 193.048634][ T112] page_owner tracks the page as allocated [ 193.077455][ T112] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 8058, tgid 8057 (syz.1.735), ts 192067720683, free_ts 191818154026 [ 193.143767][ T112] post_alloc_hook+0x1c1/0x200 [ 193.156093][ T112] get_page_from_freelist+0x1951/0x19e0 [ 193.172206][ T112] __alloc_pages+0x1f0/0x460 [ 193.183238][ T112] folio_alloc+0x1e/0x30 [ 193.192644][ T112] filemap_alloc_folio+0xdf/0x490 [ 193.203490][ T112] do_read_cache_folio+0x364/0x7d0 [ 193.214950][ T112] do_read_cache_page+0x32/0x250 [ 193.226300][ T112] __get_metapage+0x31a/0xfa0 [ 193.237271][ T112] diRead+0x6d3/0xb90 [ 193.246067][ T112] jfs_iget+0x90/0x440 [ 193.255026][ T112] jfs_fill_super+0x712/0xad0 [ 193.266044][ T112] mount_bdev+0x221/0x2d0 [ 193.275468][ T112] legacy_get_tree+0xea/0x180 [ 193.287831][ T112] vfs_get_tree+0x8c/0x280 [ 193.297073][ T112] do_new_mount+0x24b/0xa40 [ 193.306273][ T112] __se_sys_mount+0x2e7/0x3d0 [ 193.317197][ T112] page last free stack trace: [ 193.332048][ T112] free_unref_page_prepare+0x7b2/0x8c0 [ 193.346403][ T112] free_unref_page_list+0xbe/0x860 [ 193.356249][ T112] release_pages+0x1f7a/0x2200 [ 193.366334][ T112] tlb_flush_mmu+0x379/0x510 [ 193.371018][ T112] tlb_finish_mmu+0xf9/0x220 [ 193.386073][ T112] exit_mmap+0x428/0xb90 [ 193.396258][ T112] __mmput+0x118/0x3c0 [ 193.400429][ T112] exit_mm+0x1f2/0x2c0 [ 193.426261][ T112] do_exit+0x8dd/0x2460 [ 193.436601][ T112] do_group_exit+0x21b/0x2d0 [ 193.449580][ T112] __x64_sys_exit_group+0x3f/0x40 [ 193.455932][ T112] do_syscall_64+0x55/0xa0 [ 193.463697][ T112] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 193.475749][ T112] Modules linked in: [ 193.487512][ T112] CPU: 0 PID: 112 Comm: jfsCommit Not tainted syzkaller #0 [ 193.494897][ T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 193.505273][ T112] Call Trace: [ 193.508627][ T112] [ 193.511683][ T112] dump_stack_lvl+0x18c/0x250 [ 193.516716][ T112] ? show_regs_print_info+0x20/0x20 [ 193.522064][ T112] ? swiotlb_print_info+0x70/0x70 [ 193.527150][ T112] ? dump_page+0xba3/0x14a0 [ 193.532062][ T112] bad_page+0x14b/0x170 [ 193.536276][ T112] free_unref_page_prepare+0x85f/0x8c0 [ 193.541896][ T112] free_unref_page+0x32/0x2e0 [ 193.546621][ T112] ? __folio_put+0xef/0x210 [ 193.551173][ T112] txUnlock+0x27e/0xcb0 [ 193.555542][ T112] ? lockdep_hardirqs_on+0x98/0x150 [ 193.560988][ T112] jfs_lazycommit+0x56e/0xa70 [ 193.565849][ T112] ? txFreelock+0x5a0/0x5a0 [ 193.570493][ T112] ? do_task_dead+0xd0/0xd0 [ 193.575223][ T112] ? __kthread_parkme+0x7a/0x1c0 [ 193.580575][ T112] kthread+0x2fa/0x390 [ 193.584748][ T112] ? txFreelock+0x5a0/0x5a0 [ 193.589304][ T112] ? kthread_blkcg+0xd0/0xd0 [ 193.593993][ T112] ret_from_fork+0x48/0x80 [ 193.598568][ T112] ? kthread_blkcg+0xd0/0xd0 [ 193.603200][ T112] ret_from_fork_asm+0x11/0x20 [ 193.608060][ T112] [ 193.611327][ C0] vkms_vblank_simulate: vblank timer overrun [ 193.653625][ T112] Disabling lock debugging due to kernel taint [ 193.660236][ T112] page:ffffea00009996c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1c pfn:0x2665b [ 193.672348][ T112] flags: 0xfff0800000820d(locked|referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff) [ 193.684179][ T112] page_type: 0xffffffff() [ 193.688916][ T112] raw: 00fff0800000820d dead000000000100 dead000000000122 0000000000000000 [ 193.697962][ T112] raw: 000000000000001c ffff88807a9d43e0 00000000ffffffff 0000000000000000 [ 193.707209][ T112] page dumped because: VM_BUG_ON_FOLIO(((unsigned int) folio_ref_count(folio) + 127u <= 127u)) [ 193.718151][ T112] page_owner tracks the page as allocated [ 193.728633][ T112] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 8058, tgid 8057 (syz.1.735), ts 192067720683, free_ts 191818154026 [ 193.751997][ T112] post_alloc_hook+0x1c1/0x200 [ 193.765102][ T112] get_page_from_freelist+0x1951/0x19e0 [ 193.771409][ T112] __alloc_pages+0x1f0/0x460 [ 193.776048][ T112] folio_alloc+0x1e/0x30 [ 193.781603][ T112] filemap_alloc_folio+0xdf/0x490 [ 193.786813][ T112] do_read_cache_folio+0x364/0x7d0 [ 193.792147][ T112] do_read_cache_page+0x32/0x250 [ 193.797516][ T112] __get_metapage+0x31a/0xfa0 [ 193.802231][ T112] diRead+0x6d3/0xb90 [ 193.806483][ T112] jfs_iget+0x90/0x440 [ 193.810596][ T112] jfs_fill_super+0x712/0xad0 [ 193.815487][ T112] mount_bdev+0x221/0x2d0 [ 193.820017][ T112] legacy_get_tree+0xea/0x180 [ 193.824752][ T112] vfs_get_tree+0x8c/0x280 [ 193.829453][ T112] do_new_mount+0x24b/0xa40 [ 193.834179][ T112] __se_sys_mount+0x2e7/0x3d0 [ 193.839583][ T112] page last free stack trace: [ 193.845488][ T112] free_unref_page_prepare+0x7b2/0x8c0 [ 193.852227][ T112] free_unref_page_list+0xbe/0x860 [ 193.858461][ T112] release_pages+0x1f7a/0x2200 [ 193.863388][ T112] tlb_flush_mmu+0x379/0x510 [ 193.868892][ T112] tlb_finish_mmu+0xf9/0x220 [ 193.873542][ T112] exit_mmap+0x428/0xb90 [ 193.879044][ T112] __mmput+0x118/0x3c0 [ 193.883296][ T112] exit_mm+0x1f2/0x2c0 [ 193.888080][ T112] do_exit+0x8dd/0x2460 [ 193.892383][ T112] do_group_exit+0x21b/0x2d0 [ 193.897985][ T112] __x64_sys_exit_group+0x3f/0x40 [ 193.903078][ T112] do_syscall_64+0x55/0xa0 [ 193.908532][ T112] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 193.914771][ T112] ------------[ cut here ]------------ [ 193.920611][ T112] kernel BUG at include/linux/mm.h:1458! [ 193.929929][ T112] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 193.936154][ T112] CPU: 1 PID: 112 Comm: jfsCommit Tainted: G B syzkaller #0 [ 193.945106][ T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 193.955558][ T112] RIP: 0010:put_metapage+0x253/0x340 [ 193.960895][ T112] Code: 38 c1 0f 8c 32 ff ff ff 4c 89 ef e8 b7 78 d9 fe e9 25 ff ff ff e8 2d 41 81 fe 48 8b 3c 24 48 c7 c6 80 09 04 8b e8 dd aa c1 fe <0f> 0b 4c 8b 2c 24 4c 89 ee 48 81 e6 ff 0f 00 00 31 ff e8 46 45 81 [ 193.981062][ T112] RSP: 0018:ffffc90002cf7cc0 EFLAGS: 00010246 [ 193.987168][ T112] RAX: a80410d97fd8c400 RBX: ffff88807a9d43e0 RCX: a80410d97fd8c400 [ 193.995169][ T112] RDX: 0000000000000000 RSI: ffffffff8b1c8e40 RDI: ffffffff8b1c8e00 [ 194.003260][ T112] RBP: 000000000000007f R08: ffffffff8e8b14ef R09: 1ffffffff1d1629d [ 194.011456][ T112] R10: dffffc0000000000 R11: fffffbfff1d1629e R12: ffff88807a9d4408 [ 194.019544][ T112] R13: ffffea00009996f4 R14: 1ffff1100f53a881 R15: 1ffff1100f53a88e [ 194.027725][ T112] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 194.036790][ T112] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.043524][ T112] CR2: 00007f7f0a390286 CR3: 000000000cf32000 CR4: 00000000003506e0 [ 194.051534][ T112] Call Trace: [ 194.054817][ T112] [ 194.057770][ T112] txUnlock+0x427/0xcb0 [ 194.061951][ T112] jfs_lazycommit+0x56e/0xa70 [ 194.066653][ T112] ? txFreelock+0x5a0/0x5a0 [ 194.071646][ T112] ? do_task_dead+0xd0/0xd0 [ 194.076201][ T112] ? __kthread_parkme+0x7a/0x1c0 [ 194.081633][ T112] kthread+0x2fa/0x390 [ 194.085936][ T112] ? txFreelock+0x5a0/0x5a0 [ 194.090564][ T112] ? kthread_blkcg+0xd0/0xd0 [ 194.095304][ T112] ret_from_fork+0x48/0x80 [ 194.099939][ T112] ? kthread_blkcg+0xd0/0xd0 [ 194.104587][ T112] ret_from_fork_asm+0x11/0x20 [ 194.109785][ T112] [ 194.112855][ T112] Modules linked in: [ 194.120629][ T112] ---[ end trace 0000000000000000 ]--- [ 194.127080][ T112] RIP: 0010:put_metapage+0x253/0x340 [ 194.132427][ T112] Code: 38 c1 0f 8c 32 ff ff ff 4c 89 ef e8 b7 78 d9 fe e9 25 ff ff ff e8 2d 41 81 fe 48 8b 3c 24 48 c7 c6 80 09 04 8b e8 dd aa c1 fe <0f> 0b 4c 8b 2c 24 4c 89 ee 48 81 e6 ff 0f 00 00 31 ff e8 46 45 81 [ 194.155013][ T112] RSP: 0018:ffffc90002cf7cc0 EFLAGS: 00010246 [ 194.161602][ T112] RAX: a80410d97fd8c400 RBX: ffff88807a9d43e0 RCX: a80410d97fd8c400 [ 194.174134][ T112] RDX: 0000000000000000 RSI: ffffffff8b1c8e40 RDI: ffffffff8b1c8e00 [ 194.182358][ T112] RBP: 000000000000007f R08: ffffffff8e8b14ef R09: 1ffffffff1d1629d [ 194.191950][ T112] R10: dffffc0000000000 R11: fffffbfff1d1629e R12: ffff88807a9d4408 [ 194.200130][ T112] R13: ffffea00009996f4 R14: 1ffff1100f53a881 R15: 1ffff1100f53a88e [ 194.208354][ T112] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 194.217404][ T112] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.224131][ T112] CR2: 00007f7f0a390286 CR3: 00000000602c7000 CR4: 00000000003506e0 [ 194.232682][ T112] Kernel panic - not syncing: Fatal exception [ 194.239323][ T112] Kernel Offset: disabled [ 194.243763][ T112] Rebooting in 86400 seconds..