last executing test programs: 20.69222538s ago: executing program 1 (id=9603): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xca) setsockopt$ax25_int(r0, 0x101, 0x2, &(0x7f0000000000)=0x6, 0x4) 20.407624925s ago: executing program 1 (id=9614): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x50, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0xfffd}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x50}}, 0x0) 20.253725168s ago: executing program 1 (id=9608): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) 20.079904101s ago: executing program 1 (id=9611): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x800002, &(0x7f0000000000)={[{@noblock_validity}, {@dioread_nolock}, {@errors_remount}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x22}, 0x84, 0x464, &(0x7f0000000ac0)="$eJzs3EtvG0UcAPD/bpq+S0Ipjz6AQEFEPJImLdADFxBIvSAhwaEcQ5pWpWmDmiDRKqIpQuWI+gmAIxKfgBNcEHACcYU7QqpQLgQOaNHau6lx7GAncZ3g30/aeGZ31jt/7449O2MngJ41lP9JIvZGxM8RMRARffUFhqoPS4vzk38uzk8mkWWv/57ku8Ufi/OTZdGkeNxTZIbTiPTDJA43OO7slasXJqanpy4X+dG5i++Mzl65+sz5ixPnps5NXRo/efLE8bHnnxt/dkPi3JfX9dD7M0cOnnrz5quTp2++9d0XeX33Fttr46gaXPcxh2Jo+TWp9/i6n31z2VeTTrZ1sSK0JW/r+enqr7T/geiL2ydvIF75oKuVAzoqy7Jsx4q1yz2AhQz4H0ui2zUAuqP8oM/vf8vlDnY/uu7Wi9UboDzupWKpbtkWaVGmv+7+diMNRcTphb8+yZdoOA4BALCxvsr7P0836v+lcV9NubuKuaHBiLg7IvZHxD0RcSAi7o2olL0/Ih5o8/hDdfmV/Z8fd60psBbl/b8Xirmtf/f/yt5fDPYVuX2V+PuTs+enp44Vr8lw9O/I82OrHOPrl3/6uNm22v5fviz1x2TZFyzq8du2ugG6MxNzE+uJudat65UxwGsr40+WZwKSiDgYEYfW8Pw7I+L8k58fabZ9RfyL83Xxr2ID5pmyzyKeqJ7/haiLv5SsPj85ujOmp46NllfFSt//cOO1ZsdfV/wbID//uxte/8vxDya187Wz7R/jxi8fNb2n+e/4G1//25M3Kuntxbr3JubmLo9FbE8WVq4fv71vmS/L5/EPH23c/vdH/P1psd/hiMgv4gcj4qGIeLio+yMR8WhEHF0l/m9feuzttcffWXn8Z9o6/+0n+i5882Wz47d2/k9UUsPFmlbe/1qt4HpeOwAAANgq0sp34JN0ZDmdpiMj1e/wH4jd6fTM7NxTZ2fevXSm+l35wehPy5GugZrx0LFibLjMj9flj1fGjbMsy3ZV8iOTM9OdmlMHWrOnSfvP/drX7doBHdfWPFqzX7QBW5Lfa0Lv0v6hd2n/0Lu0f+hdjdr/tYilVXe63rHqAHeQz3/oXdo/9C7tH3qX9g89aT2/618tsf9Ua4XLf0DYoWpsgUTf5qhG24lIN0U11pZIN0c1qokdEdFq4Wt3rKV0+Y0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/wTAAD//7YA6Ok=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) 19.573330351s ago: executing program 1 (id=9618): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)={0xc8, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa, 0x0, 0x108}, [@CTA_EXPECT_MASTER={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}}}]}, @CTA_EXPECT_MASK={0x3c, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @remote}}}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @local}}}]}]}, 0xc8}}, 0x0) 19.054890761s ago: executing program 1 (id=9623): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x2200003, 0x0, 0x0, 0x3, 0x80000001}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x16, 0x4, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4c}, [@call={0x85, 0x0, 0x0, 0xb2}]}, &(0x7f00000004c0)='GPL\x00'}, 0x90) 18.451279353s ago: executing program 32 (id=9623): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x2200003, 0x0, 0x0, 0x3, 0x80000001}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x16, 0x4, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4c}, [@call={0x85, 0x0, 0x0, 0xb2}]}, &(0x7f00000004c0)='GPL\x00'}, 0x90) 2.978517563s ago: executing program 2 (id=9744): r0 = socket(0x10, 0x2, 0x0) sendto$inet6(r0, &(0x7f0000000000)="7800000018002507b9199b02ffff48000203be04020406050a02040c5c000900580006050a0000000d0085a168d0bf46d32345653600648d270005000a00070849935ade4a460c89b6ec0cff3959547f509058ad86c902007a00004a32000407160012000a0000000000e000e21800003b6ed538f6523250", 0x78, 0x2251197285d36a80, 0x0, 0x0) 2.775845386s ago: executing program 4 (id=9746): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000140)={0x5, 0x9, 0x1, {0xa, @pix_mp={0x4, 0x7fff, 0x34565348, 0x7, 0xb, [{0x8, 0x8b3}, {0x2a7, 0x8}, {0x2, 0x3}, {0x13235815, 0xa3d}, {0x5}, {0x1, 0xff}, {0x1, 0xa}, {0x7ff, 0xa}], 0x2, 0x3, 0x1, 0x2}}, 0x1}) 2.775237176s ago: executing program 2 (id=9747): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) ustat(0x3, &(0x7f0000000000)) 2.505578751s ago: executing program 2 (id=9750): r0 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x11e, 0x42, 0x0, &(0x7f0000000040)) 2.404367034s ago: executing program 4 (id=9751): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000a00)=@newtaction={0x18, 0x76, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [{0x4}]}, 0x18}}, 0x0) 2.289420426s ago: executing program 2 (id=9752): r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$KDGETMODE(r0, 0x4b3b, &(0x7f0000000000)) 2.120338309s ago: executing program 4 (id=9755): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x14, 0x41, 0x107, 0xfffffffc, 0x25dfdbfd, {0x1, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) 2.119671889s ago: executing program 2 (id=9756): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x9, &(0x7f0000000000)={[{@barrier}, {@jqfmt_vfsv0}, {@abort}, {}, {@noquota}, {@usrjquota, 0x2e}], [], 0x2e}, 0x6, 0x48d, &(0x7f0000000980)="$eJzs3EtvG1UbAOB3xnV6/5qv3wV6AQIFEXFJmrRAF2xAIHWDhARIZRnStCpNG9QEiVYVTREqS9RfACyR+AWsYIOAFYgtSGyQEFKFuqGwGjT2TOpcHGzHjil+HsntOTNnfM47M8c+MyfjAAbWSP5PErErIr4fithTzy4vMFL/79bNy9O/37w8nUSWvfRrUiv3283L02XRcrudRWY0jUjfTeLAGvXOX7x0dmp2duZCkR9fOPfG+PzFS4+fOTd1eub0zPnJY8eOHpl46snJJ7oS5+68rfvfnju47/ir11+YPnH9ta8+yZfvKtY3xlE33PJ7b2+yfCRGlu/LBg9F/JRlWct1/N3tbkgnW/rYENpSiYj8cFXz/h97ohK3D96eeP6dvjYO6Kksy7Ktq5ZWysRiBvyDJdF0VbqpDQE2WflFn1//lq9NHH703Y1n6hdAedy3ild9zZZIizLVFde33TQSEScW//ggf8Wa9yEAALrrs3z889ha4780/t9Q7l9Rnxsajoh/R8TeiPhPRPw3Iv4XUSt7V0Tc3Wb9Iyvyq8c/3zabXumKfPz3dDG3dXv8N1SLvzBcKXK7a/FXk1NnZmcOF/tkNKpb8/zEOnV8/tx37y9lti1f1zj+y195/eVYsC79ZcuKG3QnpxamuhB6zY2rS4GuGP8mSzMBSUTsi4j9Hbx/vs/OPPLxwWbr/zr+dXRhnin7KOLh+vFfjBXxl5L15yfHt8XszOHx8qxY7etvrr3YrP4Nxd8FN65G7Fh1/kdj/MNJ43ztfPt1XPvhvabXNJ2e/0PJy7X0ULHsramFhQsTEUPJ4urlk7e3LfNl+Tz+0UNrxZ/W3uPDYrsDEZGfxPdExL0RcV/R9vsj4oGIOLRO/F8+++DrncffW3n8J9s6/u0nKme/+LRZ/a0d/6O11GixpJXPv1YbuJF9BwAAAHeKtPY38Ek6tpRO07GxiFdq93Z3pLNz8wuPnpp78/zJ+t/KD0c1Le90pQ33QyeKe8NlfnJF/kjtvnGWZdn2Wn5sem62V3PqQGt2Nun/uZ8r/W4d0HNtzaM1e6INuCO11f9XPy0E3ME8rw2Dq9X+X+1xO4DN5/sfBtda/f9KxK0+NAXYZL7/YXDp/zC49H8YXPo/DKSNPNe/XmLv8Y43zzZUe/n7Kh1u/mNP9sZ6iUqnm29t42cOepCIdM1V1YjoS3vaSqS9qyI/+drbKj+QrRa+0umJ3XZi2cfEUD8+mwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrhzwAAAP//dNfhIw==") symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') 1.944387813s ago: executing program 4 (id=9759): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000340)="d80000001c0081044e81f782db44b904021d080201000000070000a1180002000000000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d6c3665564b6a424675d7225bbd67f6f94007134cf6ee08000a0e408e8d8ef075c11503c6bbace8017cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) 1.745770337s ago: executing program 4 (id=9760): r0 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x11e, 0x42, 0x0, &(0x7f0000000040)) 1.690517757s ago: executing program 4 (id=9761): syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000001c0)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c6865617274626561743d6e6f6e652c6c6f63616c666c6f636b732c696e6f646536342c6a6f75726e616c5f6173796e635f636f6d6d69742c6e6f61636c2c6e6f61636c2c6572726f72733d636f6e74696e75652c00edc97523793b5022d016bb24c65ba594abbd38fd9c301bfa101e61d574eb5cc84215aa20846b6f33df6281eaedb4b4afaaacd321e4df0d16b4f5a8a992efe2554b52ec9c980e5544cd4b8df3e1ba594d07e0bfe3471c164430a36b7ebddc35caf2959224d8330f1807117fc520d8ff5660c5691afd66a8e397bb802ed69df198008fb799cc37"], 0x1, 0x470e, &(0x7f0000008f40)="$eJzs222IHGcBB/BnNqe5pMn1XtImafqySQQPLceln6r1QzyrNpo2L9pWU+Xcu1wvp3u7592uFgxSgyAKghIEFV+oCqVfakEM9EstQsEXpFUoFUXrF5FCFfxg0AZ6srszuZ3Zvc7mNmlp+/tBOzfPzPPMs/e/eebl2RRitVMLK8WFlWKpUqzO3r9yS/Fz1XJ9cS4UXiWv9fHpzZXISfavnSPv+8BH7rklhD8c+9qHVldXV0PDcOjqQNvP5/99erZ9mShk6jTa7d5ayx/rj7z087e80h55ToQQdnT0q2FTCOFjvwhhcwhhJC4bjZdbQgjbQghRCOHR3/zrx4P9dKHN2XtfeO7YmcP7zkw9/tgzF+aPrrtjFMJ3y7tvnl98cf+m255/x2U6PAAAvKIPHj9y99HJA+HJKAydG+i8X98ZL5P74zvf9qm7Hh5Y275Kbza9iqECAABAxtrz/3D0cpf5umRmLZkSfOKBE3c/Fa1t92D7+nboriO3v3/yQDz/G3VsvzUu+ud7NzXnULPzvtn535FM/e7zv2vHefirz/6y8taN9z/pX3Lc4RAVJlLrhcLERAjHplrru6KthXJ1pfbO+6v1ysmNH/eNIp1/dvZ+bUK/1/xHM9Xz5v93f+LzP9sy0M8nGAvZv9rGerHzT5ku0vmvP5b/5EtRT/mPZerl5X/H09vP/2pzP58ge0QuRTr/1om4r32HYmsAaOT/zYH8/Hdk2s/L//tT5x49sYHv/zTGmeGo0dfB1Ajwcly+zleYyEjn3woiNXTGv8j1zv//ZfK/JtN+Xv53Vv/xu7/1cf1fb/wfn+qnzTePdP6tIIqpPdbO/5FC/vl/bab9vPx/e+rPz36yr2t1Z/6N/o+7/vcknX98IU4Pns3fZK/j/85M+3n57xq776GFDfT7w1vifg5FYaztW6fnGpewobX56uYjTWPz0gYO8iaQzr/1W0udOkOtRfP8H84f/3dl2s/L/6E9X3/P6b6+/9t9/J80/vcknf+WZtml5P9SJv/dmfbz8v/h6b//5b7LPP431g/Kvyfp/Ld2bF97/1Po6fnvukz9vPc/+0afeuSvfTz/J/1Ljpu8/0neQ4xHrfc/dJfO/6p19+v1+r8nUy/v/P/Wf55/en8/43802PEGwK1f79L5b2sVdnkA7DX/6zPt5+X/hXu+/PE/beD5r3nHN5jk3/b8v7lVftT435N0/ttbhal/DPVg8//N63/Umft/M/nfkGk/L/8LhyYGvnKZr/+N/o93eZVNp3T+Q+vu18j/9z1c/2/M1MvL/4t7f/rizX3d/4cwacDfsHT+V6+7X/P8H8zP/6ZMvbz8v/ONXz/xYB/9f3sfdcnm37rWp06n+N681+f/Yqb9vPx/NH7+7P4r8Px3q+t/T9L5t2bNLyX/7PP/3kz7efl/78gPlgeuwPufO+QPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwIaPxcjhEhYnUeqEwMRHCWLy+K2yNZkonp2fK1dnPrISwIy4vhtFovlydKZWnFyrVk3PTpXK5OhvCNfH2HWEwWilXa9OLpaVrL7a1JTo1V1quzcyVaiGEnXH59WF70tbMQm2xtNTcN6lzVVT6bL1aK03UV+aWw+6L5duS8vnlan3puottXV2oLi+dKlWmTy4sv3tycnIy7LnY55Fo7oHaXKXW6m1ra6NOUnc4avswzc03tB3v09X6cqVUbpbf2FanXJ0tldvq3NR2vNpyvTJbqs1Nl6vzyfGKbXXbPltz895423gYSX2+pG7WwXh5+6HjHz1++EDH9mKUzrtSX5yb3N79bwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAN64nb3vXt0MIA621QgjhYPJDFP+XcvbeF547dubwvjNTjz/2zIX5o932AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPg/O3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdi5n5cowjgOwO+MbRZIKV2EPAaGiOhNwoJ+EUnlGtmxS+egTgkZFAWGER0LgiCoW1QQdAoq/4Kog8dO1aUOHQwiqBidSdld2HKh13aeB4Z3htF3vjCwO/N+3n0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYP87uWOzK2ku7Ni9t3f0hdObnNoYQRpPl/c97O0JPCOHrl5nToUFb6Knp/83k3Hj9VZPfe/vHH14fTdZef/G/xXW7Q5IOrTremaTp0NDa+29XdwafTQ8mIaSxCyGKhbEnZyohhI7YhRDFz4/zF7PP9w2xCyGK/g93u7L7X4ldCFFs3f2pr5I/49EOOv/qr89XLwyu/u5v9gjewiM669Dbk1fepW5q6b3M3/+TfPM+WA6zJ468fx67CKKZnZs6GrsGAADg3zrXJP8PW5b3719OQk93fe7/rSb/763pv3H+v+Le9htjMy2FENvqxiaz4+F9rfTZ/k4NXL39umK8p6zk/+Um/y83+X+5yf/LTf5fbvJ/Mq/k/6X0+OaexRexiyAa+T8AAJTPoeMTU9Xhkezlf9OPzvq8vi9vq3me/uDW9MCjVeNG8sP/2+FjEwcODo/k971+QHBl/Yd06ez3fL5HbVuYrJl30Wz9h96nC/PXGvx0rfqH8zeK+orrWv8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/szrEJg2AQgNH/kioTZI1kikCaRME9nMHSARzF2hmcw8oFtBDRxtJG3mvu4IPjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALi+T/4r/q936iLdpojUZ/V335/rUi5jaKp2vG89Du4+TvoXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABmduBABgAAAECYv3Ue7QcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgpwAAAP//6bfLTA==") quotactl$Q_GETNEXTQUOTA(0xffffffff80000901, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) 1.678535787s ago: executing program 3 (id=9762): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='oom_score\x00') lseek(r0, 0x5, 0x0) 1.338036144s ago: executing program 3 (id=9765): munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000002, 0x9132, 0xffffffffffffffff, 0x9aa9b000) 1.336931255s ago: executing program 2 (id=9766): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000a00)=ANY=[@ANYBLOB="120100007856bb40da0b53813de2010203010902"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000d80)={0x44, &(0x7f0000000b40)={0x0, 0xb, 0x4, "92102ef7"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.094129509s ago: executing program 0 (id=9767): syz_mount_image$vfat(&(0x7f0000000540), &(0x7f0000000040)='./file1\x00', 0xa18c14, &(0x7f0000000240)={[{@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'iso8859-9'}}, {@shortname_winnt}, {@fat=@codepage={'codepage', 0x3d, '1251'}}, {@numtail}, {@fat=@tz_utc}, {@utf8no}, {@numtail}, {@shortname_lower}, {@shortname_mixed}, {@shortname_winnt}, {@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'cp775'}}]}, 0x81, 0x29b, &(0x7f0000000580)="$eJzs3c9qK1UYAPBv0iRNVEgWrkRwQBeuwr33CW6QChezUrLQjV5sC5KEQgMB/2Dsyr3gynfwHXwAN76BC5eCO7sQR5KZSdI0bY3EVOrvt5kvc74v509OWyjMyUevjgbHZ+PTiy9+jkYjicrTeBqXSbSjEqWvAgB4SC6zLH7LcnflVqMeEVmreFXZw/AAgH/BNn//AYCH4b33P3in2+sdvZumjYjR15N+Evk1b++exicxjJN4FK34IyJbyOOXnvWOopqm5T8DJs3oR4w+/LF43f01Yl7/OFrRXq+vF1npXLwxmk76s55n11q8kER0syRPeRKteDkiq0XxJvnl7We9oyfp9fro1+PN178rxv/nSXSiFT99HGcxjOP5Wyzrv3ycpm9l3/7+eT6DfkQynfQP53lL2cFePhAAAAAAAAAAAAAAAAAAAAAAAP4XOulCe/X8nPI0wE5nc/uN5wMVJ/xMV87XeZSmaXmMz6Rfi7y+Gq9Uo3p/MwcAAAAAAAAAAAAAAAAAAID/jvGnnw2eD4cn51eCH7JZ0Lw1Zz2ortwpH+u/u2pzMPg+YvuqvxPEQTG0YXKti6Rs2kFfh9skNzd1GpWb1rA6jHzw32w/sNd2NcFbg3J3DZ4ncUdyY/MmWdl15TY8HydbbMhsw9Id3FhV39Hc6y/+0/LmxoWazbi2WMyrVY3ZJ7lyp7bjn5Q1yc5/9wAAAAAAAAAAAAAAAAAAAFctH/qNX641XtzLkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg75bf/78Ior1+Zz2YFsXzO5Xbkw/Pxxu6be95mgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxwfwUAAP//5OlVhQ==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) 1.093494419s ago: executing program 3 (id=9768): unshare(0x22020400) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) 897.678503ms ago: executing program 3 (id=9769): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='task\x00') getdents(r0, &(0x7f0000000080)=""/48, 0x30) 818.157034ms ago: executing program 0 (id=9770): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f00000000c0)="1c0000001d005f0214fffffffffffff8070000000d00000000000600", 0x1c) 732.605106ms ago: executing program 3 (id=9771): r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 532.44082ms ago: executing program 0 (id=9772): unshare(0x2040400) fchmod(0xffffffffffffffff, 0x42) 500.039041ms ago: executing program 3 (id=9773): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) read$dsp(r0, &(0x7f00000002c0)=""/4096, 0x1000) 387.521472ms ago: executing program 0 (id=9774): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)=',:::\x00', 0x0) 87.652458ms ago: executing program 0 (id=9775): r0 = io_uring_setup(0x108e, &(0x7f0000000100)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x19, 0x0, 0x0) 0s ago: executing program 0 (id=9776): r0 = syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000280)={0x7, @sliced={0xc, [0xf, 0x280, 0x6, 0x7, 0xf6b8, 0x1a46, 0x200, 0xffff, 0x4b96, 0x8, 0x9, 0xe4, 0x7, 0x3, 0x0, 0x47af, 0xf3, 0x9, 0x8, 0x8d33, 0x400, 0x8000, 0x2, 0xa42, 0x6, 0x21, 0x4, 0x101, 0x5, 0x7, 0x6, 0x3, 0x4, 0x0, 0x4, 0xbc7e, 0x2, 0x52, 0x7354, 0x4, 0x3, 0x7, 0x1, 0x4, 0x10, 0x100, 0x1, 0xf34e], 0xba}}) kernel console output (not intermixed with test programs): 019708][ T966] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1118.057586][ T966] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1118.084383][ T966] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1118.084819][ T1317] hfsplus: b-tree write err: -5, ino 4 [ 1118.097708][ T966] usb 3-1: config 1 has no interface number 1 [ 1118.106006][ T966] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1118.129160][ T966] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1118.148042][ T966] usb 3-1: New USB device strings: Mfr=20, Product=2, SerialNumber=3 [ 1118.156451][ T966] usb 3-1: Product: syz [ 1118.160988][ T966] usb 3-1: Manufacturer: syz [ 1118.189112][ T966] usb 3-1: SerialNumber: syz [ 1118.401542][T24626] netlink: 104 bytes leftover after parsing attributes in process `syz.3.8186'. [ 1118.479931][ T966] usb 3-1: USB disconnect, device number 10 [ 1118.672621][ T6792] udevd[6792]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1119.226393][T24645] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1119.602260][T24655] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8200'. [ 1120.017159][T24638] loop3: detected capacity change from 0 to 32768 [ 1120.090346][T24638] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1120.467327][ T6134] ocfs2: Unmounting device (7,3) on (node local) [ 1120.696110][ T6491] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 1120.911988][ T6491] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1120.946712][ T6491] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1120.977094][ T6491] usb 2-1: config 0 descriptor?? [ 1121.085995][T24701] netlink: 'syz.0.8222': attribute type 32 has an invalid length. [ 1121.303246][T24709] loop2: detected capacity change from 0 to 16 [ 1121.321564][T24709] erofs: (device loop2): mounted with root inode @ nid 36. [ 1121.346262][T24709] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 1121.368099][T24709] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 1121.457284][ T6491] [drm:udl_init] *ERROR* Selecting channel failed [ 1121.504240][ T6491] [drm] Initialized udl 0.0.1 20120220 for 2-1:0.0 on minor 2 [ 1121.523972][ T6491] [drm] Initialized udl on minor 2 [ 1121.535547][ T6491] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1121.579874][ T6491] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 1121.610238][ T966] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1121.621526][ T6491] usb 2-1: USB disconnect, device number 20 [ 1121.648939][ T966] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 1121.819017][T24717] loop2: detected capacity change from 0 to 4096 [ 1121.883837][T24717] ntfs: volume version 3.1. [ 1122.020278][T24727] loop0: detected capacity change from 0 to 512 [ 1122.111404][T24727] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1122.124528][T24727] ext4 filesystem being mounted at /2011/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1122.157247][T24727] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.8235: corrupted xattr block 19: invalid ea_ino [ 1122.208091][T24734] Cannot find del_set index 4 as target [ 1122.403802][T24740] netlink: 'syz.3.8240': attribute type 3 has an invalid length. [ 1122.415121][ T6130] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1122.557373][T24744] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8242'. [ 1123.151303][T24760] loop1: detected capacity change from 0 to 4096 [ 1123.189898][T24760] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512). [ 1123.244548][T24760] ntfs3: loop1: MFT: r=18, expect seq=1 instead of 0! [ 1123.277539][T24760] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1123.297755][T24760] ntfs3: loop1: Failed to initialize $Extend/$ObjId. [ 1123.481762][T24774] libceph: resolve '+ælc' (ret=-3): failed [ 1123.888949][T24791] sp0: Synchronizing with TNC [ 1124.486096][T24813] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8274'. [ 1124.665391][T24822] loop3: detected capacity change from 0 to 256 [ 1125.189395][T24838] loop1: detected capacity change from 0 to 764 [ 1125.243718][T24842] loop2: detected capacity change from 0 to 128 [ 1125.263948][T24842] VFS: Found a Xenix FS (block size = 1024) on device loop2 [ 1125.366969][T24836] loop0: detected capacity change from 0 to 4096 [ 1125.379911][ T6133] sysv_free_block: flc_count > flc_size [ 1125.414967][T24836] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 1125.432274][ T6133] sysv_free_block: flc_count > flc_size [ 1125.438939][ T6133] sysv_free_block: flc_count > flc_size [ 1125.458418][ T6133] sysv_free_block: flc_count > flc_size [ 1125.465780][ T6133] sysv_free_block: flc_count > flc_size [ 1125.472897][ T6133] sysv_free_block: flc_count > flc_size [ 1125.501583][ T6133] sysv_free_block: flc_count > flc_size [ 1125.517309][ T6133] sysv_free_block: flc_count > flc_size [ 1125.540247][ T6133] sysv_free_block: flc_count > flc_size [ 1125.561616][ T6133] sysv_free_block: flc_count > flc_size [ 1125.575876][ T6133] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 1125.912400][ T28] audit: type=1326 audit(1757993215.929:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24855 comm="syz.0.8294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1125.998770][ T28] audit: type=1326 audit(1757993215.929:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24855 comm="syz.0.8294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1126.087044][ T28] audit: type=1326 audit(1757993215.929:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24855 comm="syz.0.8294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=155 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1126.135174][ T28] audit: type=1326 audit(1757993215.929:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24855 comm="syz.0.8294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1126.227835][ T28] audit: type=1326 audit(1757993215.929:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24855 comm="syz.0.8294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1126.683667][T24849] loop1: detected capacity change from 0 to 32768 [ 1126.800537][T24849] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1127.027728][T24868] loop3: detected capacity change from 0 to 32768 [ 1127.050293][ T6126] ocfs2: Unmounting device (7,1) on (node local) [ 1127.089048][T12336] usb 1-1: new high-speed USB device number 125 using dummy_hcd [ 1127.189264][T24880] loop1: detected capacity change from 0 to 1024 [ 1127.304815][T12336] usb 1-1: Using ep0 maxpacket: 32 [ 1127.335727][T12336] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1127.366548][T12336] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1127.400475][T12336] usb 1-1: config 0 descriptor?? [ 1127.429588][T12336] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 1127.699887][T24870] loop2: detected capacity change from 0 to 40427 [ 1127.755733][T24870] F2FS-fs (loop2): invalid crc value [ 1127.849458][T12336] gspca_vc032x: reg_w err -71 [ 1127.865380][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1127.886061][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1127.900291][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1127.925043][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1127.930434][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1127.944410][T24893] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8310'. [ 1127.955036][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1127.960380][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1128.003008][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1128.024610][T24870] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1128.025752][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1128.072430][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1128.077795][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1128.093815][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1128.099170][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1128.114163][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1128.139042][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1128.144757][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1128.185479][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1128.204700][T12336] gspca_vc032x: I2c Bus Busy Wait 00 [ 1128.210077][T12336] gspca_vc032x: Unknown sensor... [ 1128.245130][T12336] vc032x: probe of 1-1:0.0 failed with error -22 [ 1128.264097][T12336] usb 1-1: USB disconnect, device number 125 [ 1128.906372][ T6183] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 1128.943389][ T28] audit: type=1326 audit(1757993218.773:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24917 comm="syz.1.8322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cd4d8eba9 code=0x7ffc0000 [ 1129.009440][ T28] audit: type=1326 audit(1757993218.792:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24917 comm="syz.1.8322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cd4d8eba9 code=0x7ffc0000 [ 1129.074735][ T28] audit: type=1326 audit(1757993218.792:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24917 comm="syz.1.8322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3cd4d90ac7 code=0x7ffc0000 [ 1129.115549][ T28] audit: type=1326 audit(1757993218.801:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24917 comm="syz.1.8322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f3cd4d90a3c code=0x7ffc0000 [ 1129.160339][ T28] audit: type=1326 audit(1757993218.801:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24917 comm="syz.1.8322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f3cd4d90974 code=0x7ffc0000 [ 1129.195070][ T6183] usb 3-1: Using ep0 maxpacket: 16 [ 1129.202419][ T6183] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 1129.216659][ T6183] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1129.241878][ T6183] usb 3-1: config 0 descriptor?? [ 1129.262305][ T6183] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 1129.486772][ T6183] usb 3-1: Detected FT232A [ 1129.495058][ T6183] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1129.593115][T24932] loop1: detected capacity change from 0 to 4096 [ 1129.617188][T24932] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512). [ 1129.737030][ T6491] usb 3-1: USB disconnect, device number 11 [ 1129.743609][T24935] ipt_ECN: cannot use operation on non-tcp rule [ 1129.765133][ T6491] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1129.826273][ T6491] ftdi_sio 3-1:0.0: device disconnected [ 1129.939606][T24937] netlink: 'syz.3.8331': attribute type 1 has an invalid length. [ 1129.954352][T24937] netlink: 146340 bytes leftover after parsing attributes in process `syz.3.8331'. [ 1129.994271][T24920] loop0: detected capacity change from 0 to 40427 [ 1130.015330][T24920] F2FS-fs (loop0): heap/no_heap options were deprecated [ 1130.048583][T24920] F2FS-fs (loop0): invalid crc value [ 1130.078631][T24920] F2FS-fs (loop0): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [ 1130.129031][T24920] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1130.311425][T24920] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1130.362532][T24948] loop1: detected capacity change from 0 to 128 [ 1130.444791][T24948] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1130.577757][T24948] ext4 filesystem being mounted at /1906/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1130.760688][ T6126] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1132.030278][T25002] loop0: detected capacity change from 0 to 4096 [ 1132.060076][T25002] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 1132.150513][T25010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8365'. [ 1132.167525][T25010] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8365'. [ 1132.167852][T25002] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 1132.364491][T25014] loop1: detected capacity change from 0 to 256 [ 1132.405895][T25014] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1132.427933][T25017] loop2: detected capacity change from 0 to 128 [ 1132.427938][ T28] kauditd_printk_skb: 9 callbacks suppressed [ 1132.427953][ T28] audit: type=1800 audit(1757993222.019:59): pid=25002 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.8361" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 1132.468684][T25017] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1132.480817][T25014] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 1132.497928][T25014] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 1132.557192][T25017] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 1132.852785][T25023] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8371'. [ 1133.565331][T25052] netlink: 'syz.3.8385': attribute type 21 has an invalid length. [ 1133.583992][T25052] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8385'. [ 1133.584333][T25055] devtmpfs: Cannot enable quota on remount [ 1134.080607][ T966] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 1134.206939][T25073] IPv6: NLM_F_CREATE should be specified when creating new route [ 1134.286296][ T966] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 1134.306907][ T966] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1134.339011][ T966] usb 4-1: config 0 descriptor?? [ 1134.808750][ T966] usb 4-1: Cannot set MAC address [ 1134.814046][ T966] MOSCHIP usb-ethernet driver: probe of 4-1:0.0 failed with error -71 [ 1134.857850][ T966] usb 4-1: USB disconnect, device number 6 [ 1135.360711][T25115] kAFS: unparsable volume name [ 1135.523163][ T28] audit: type=1326 audit(1757993224.919:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25119 comm="syz.3.8420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f807d18eba9 code=0x7ffc0000 [ 1135.604392][ T28] audit: type=1326 audit(1757993224.919:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25119 comm="syz.3.8420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f807d18eba9 code=0x7ffc0000 [ 1135.668621][ T28] audit: type=1326 audit(1757993224.956:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25119 comm="syz.3.8420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f807d18eba9 code=0x7ffc0000 [ 1135.756424][ T28] audit: type=1326 audit(1757993224.956:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25119 comm="syz.3.8420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f807d18eba9 code=0x7ffc0000 [ 1135.819817][T25131] netlink: 'syz.1.8423': attribute type 3 has an invalid length. [ 1135.994641][T25135] loop3: detected capacity change from 0 to 256 [ 1136.181304][T25143] syz.0.8430: attempt to access beyond end of device [ 1136.181304][T25143] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1136.200611][T25143] syz.0.8430: attempt to access beyond end of device [ 1136.200611][T25143] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 1136.226530][T25143] Mount JFS Failure: -5 [ 1136.240282][T25143] jfs_mount failed w/return code = -5 [ 1136.657918][T25159] netlink: 2384 bytes leftover after parsing attributes in process `syz.3.8438'. [ 1136.837848][T25162] loop1: detected capacity change from 0 to 4096 [ 1136.885928][T25162] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 1136.958987][T25171] loop0: detected capacity change from 0 to 64 [ 1137.159363][T25162] ntfs3: loop1: failed to convert "c46c" to cp861 [ 1137.314818][T25178] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8449'. [ 1137.516338][T25184] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8452'. [ 1137.556328][T25187] netlink: 168 bytes leftover after parsing attributes in process `syz.1.8450'. [ 1137.580456][T25185] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8453'. [ 1137.833222][T25193] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8456'. [ 1137.854951][T25197] netlink: 'syz.3.8457': attribute type 8 has an invalid length. [ 1139.201463][T25245] openvswitch: netlink: Flow actions attr not present in new flow. [ 1139.301121][T25249] netlink: 'syz.1.8484': attribute type 8 has an invalid length. [ 1139.324792][T25249] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.8484'. [ 1139.391130][T25247] loop0: detected capacity change from 0 to 4096 [ 1139.426988][T25247] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 1139.576203][T25257] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.8488'. [ 1139.603341][T25257] openvswitch: netlink: IP tunnel attribute has 3064 unknown bytes. [ 1139.620964][T25247] ntfs3: loop0: failed to convert "c46c" to cp861 [ 1140.099364][T25275] netlink: 'syz.1.8497': attribute type 64 has an invalid length. [ 1140.129209][T25275] netlink: 'syz.1.8497': attribute type 4 has an invalid length. [ 1140.161831][T25275] netlink: 152 bytes leftover after parsing attributes in process `syz.1.8497'. [ 1140.221085][T25277] netlink: 44 bytes leftover after parsing attributes in process `syz.2.8498'. [ 1140.368062][T25281] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1140.626504][T25263] loop3: detected capacity change from 0 to 32768 [ 1140.632235][T25285] loop2: detected capacity change from 0 to 4096 [ 1140.650261][T25289] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 1140.665954][T25285] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 1140.890468][T25285] ntfs3: loop2: failed to convert "c46c" to cp861 [ 1141.125660][ T28] audit: type=1326 audit(1757993230.166:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25297 comm="syz.1.8510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cd4d8eba9 code=0x7ffc0000 [ 1141.186574][ T28] audit: type=1326 audit(1757993230.166:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25297 comm="syz.1.8510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cd4d8eba9 code=0x7ffc0000 [ 1141.208950][ C1] vkms_vblank_simulate: vblank timer overrun [ 1141.286103][ T28] audit: type=1326 audit(1757993230.176:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25297 comm="syz.1.8510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=67 compat=0 ip=0x7f3cd4d8eba9 code=0x7ffc0000 [ 1141.348587][ T28] audit: type=1326 audit(1757993230.176:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25297 comm="syz.1.8510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cd4d8eba9 code=0x7ffc0000 [ 1141.378230][ T28] audit: type=1326 audit(1757993230.176:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25297 comm="syz.1.8510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cd4d8eba9 code=0x7ffc0000 [ 1141.536474][T25312] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: invalid value (0) [ 1141.596150][T25312] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: allowed values 1 - 65535 [ 1141.814432][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 1141.820973][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 1141.986197][T25323] loop2: detected capacity change from 0 to 1024 [ 1142.116195][T25331] netlink: 'syz.0.8524': attribute type 1 has an invalid length. [ 1142.160071][ T1317] hfsplus: b-tree write err: -5, ino 4 [ 1143.025361][T25362] loop0: detected capacity change from 0 to 256 [ 1143.096683][T25341] loop3: detected capacity change from 0 to 32768 [ 1143.193475][T25364] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8540'. [ 1143.237099][T25364] ip6tnl2: entered allmulticast mode [ 1143.594484][T25370] loop2: detected capacity change from 0 to 4096 [ 1143.815973][T25380] netlink: 160 bytes leftover after parsing attributes in process `syz.0.8548'. [ 1144.061272][T25385] loop0: detected capacity change from 0 to 128 [ 1144.077094][T25388] loop3: detected capacity change from 0 to 128 [ 1144.102374][T25388] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1144.130753][T25388] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1144.156728][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.175643][T25385] FAT-fs (loop0): Filesystem has been set read-only [ 1144.182657][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.193334][T25388] EXT4-fs (loop3): Test dummy encryption mode enabled [ 1144.215669][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.225052][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.236042][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.248210][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.259558][T25388] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1144.280302][T25388] ext4 filesystem being mounted at /2185/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1144.280712][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.299512][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.312285][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.369881][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.378821][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.388212][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.396691][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.405428][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.414014][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.425084][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.435510][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.447882][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.525410][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.538962][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.556208][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.565084][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.576748][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.584507][ T6134] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1144.585408][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.603174][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.611875][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.631518][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.641147][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.663124][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.706074][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.728983][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.739310][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.759381][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.792051][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.810967][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.840019][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.860778][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.891789][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.931302][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.944304][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.963715][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.972332][T25385] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 1144.994196][T25407] netlink: 'syz.3.8561': attribute type 2 has an invalid length. [ 1145.003596][ T28] audit: type=1800 audit(1757993233.786:69): pid=25385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.8552" name="file1" dev="loop0" ino=1048645 res=0 errno=0 [ 1145.156720][T25414] loop1: detected capacity change from 0 to 8 [ 1145.311240][T25416] ieee802154 phy0 wpan0: encryption failed: -22 [ 1145.603587][T25429] loop3: detected capacity change from 0 to 128 [ 1145.882434][T25437] loop2: detected capacity change from 0 to 256 [ 1145.928469][T25437] exfat: Deprecated parameter 'utf8' [ 1145.933878][T25437] exfat: Deprecated parameter 'namecase' [ 1145.980916][T25437] exfat: Bad value for 'namecase' [ 1146.411405][T25458] syz.1.8584 uses obsolete (PF_INET,SOCK_PACKET) [ 1146.468388][ T28] audit: type=1326 audit(1757993235.161:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25460 comm="syz.0.8586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1146.562827][ T28] audit: type=1326 audit(1757993235.161:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25460 comm="syz.0.8586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1146.638132][ T28] audit: type=1326 audit(1757993235.189:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25460 comm="syz.0.8586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1146.725342][ T28] audit: type=1326 audit(1757993235.189:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25460 comm="syz.0.8586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1146.769149][ T28] audit: type=1326 audit(1757993235.189:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25460 comm="syz.0.8586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=216 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1146.856864][ T28] audit: type=1326 audit(1757993235.189:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25460 comm="syz.0.8586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1146.933968][ T28] audit: type=1326 audit(1757993235.189:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25460 comm="syz.0.8586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1147.024114][ T28] audit: type=1326 audit(1757993235.189:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25460 comm="syz.0.8586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1147.068154][T25481] loop2: detected capacity change from 0 to 1024 [ 1147.143276][T25481] syz.2.8595: attempt to access beyond end of device [ 1147.143276][T25481] loop2: rw=0, sector=201326592, nr_sectors = 2 limit=1024 [ 1147.162664][T25481] Buffer I/O error on dev loop2, logical block 100663296, async page read [ 1147.163096][T25485] overlayfs: empty lowerdir [ 1147.171814][T25481] syz.2.8595: attempt to access beyond end of device [ 1147.171814][T25481] loop2: rw=0, sector=201326592, nr_sectors = 2 limit=1024 [ 1147.262263][T25481] Buffer I/O error on dev loop2, logical block 100663296, async page read [ 1147.919850][T25512] loop0: detected capacity change from 0 to 128 [ 1148.684528][T25538] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8623'. [ 1148.693557][T25538] netlink: 10 bytes leftover after parsing attributes in process `syz.3.8623'. [ 1148.754547][T25544] comedi comedi2: dt2814: I/O port conflict (0xc,2) [ 1149.101081][T25556] openvswitch: netlink: Geneve opt len 3 is not a multiple of 4. [ 1149.166010][T25552] loop3: detected capacity change from 0 to 4096 [ 1149.188287][T25552] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 1149.254902][ T28] audit: type=1326 audit(1757993237.771:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25560 comm="syz.2.8635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1149.277272][ C1] vkms_vblank_simulate: vblank timer overrun [ 1149.313201][ T28] audit: type=1326 audit(1757993237.771:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25560 comm="syz.2.8635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1149.364267][ T28] audit: type=1326 audit(1757993237.771:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25560 comm="syz.2.8635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=332 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1149.386547][ C1] vkms_vblank_simulate: vblank timer overrun [ 1149.486779][T25552] ntfs3: loop3: failed to convert "c46c" to cp852 [ 1149.994477][T25580] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8644'. [ 1150.018719][T25580] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 1150.026539][ T966] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 1150.238551][ T966] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 1150.259637][ T966] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1150.287468][ T966] usb 3-1: Product: syz [ 1150.291761][ T966] usb 3-1: Manufacturer: syz [ 1150.311211][ T966] usb 3-1: SerialNumber: syz [ 1150.314650][T25587] netlink: 'syz.0.8648': attribute type 6 has an invalid length. [ 1150.325960][T25587] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.8648'. [ 1150.330417][ T966] r8152-cfgselector 3-1: config 0 descriptor?? [ 1150.491195][T25590] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8649'. [ 1150.525936][T25592] netlink: 'syz.0.8650': attribute type 4 has an invalid length. [ 1150.804109][ T966] r8152-cfgselector 3-1: Unknown version 0x0000 [ 1150.841623][ T966] r8152-cfgselector 3-1: USB disconnect, device number 12 [ 1150.937967][T25600] loop0: detected capacity change from 0 to 1024 [ 1150.951081][T25600] EXT4-fs: Ignoring removed bh option [ 1150.982744][T25600] EXT4-fs: inline encryption not supported [ 1151.008570][T25600] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1151.117919][T25600] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 2: comm syz.0.8654: lblock 2 mapped to illegal pblock 2 (length 1) [ 1151.191900][T25600] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 48: comm syz.0.8654: lblock 0 mapped to illegal pblock 48 (length 1) [ 1151.242339][T25600] EXT4-fs error (device loop0): ext4_acquire_dquot:6940: comm syz.0.8654: Failed to acquire dquot type 0 [ 1151.259244][T25600] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 1151.269359][T25600] EXT4-fs error (device loop0): ext4_evict_inode:252: inode #11: comm syz.0.8654: mark_inode_dirty error [ 1151.313859][T25600] EXT4-fs warning (device loop0): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 1151.324246][T25600] EXT4-fs (loop0): 1 orphan inode deleted [ 1151.357781][ T42] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:2: lblock 1 mapped to illegal pblock 1 (length 1) [ 1151.383149][T25600] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1151.412058][ T42] EXT4-fs error (device loop0): ext4_release_dquot:6976: comm kworker/u4:2: Failed to release dquot type 0 [ 1151.430042][T25600] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1151.440215][T25600] EXT4-fs error (device loop0): __ext4_get_inode_loc:4483: comm syz.0.8654: Invalid inode table block 1 in block_group 0 [ 1151.453406][T25600] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 1151.463963][T25600] EXT4-fs error (device loop0): ext4_quota_off:7224: inode #3: comm syz.0.8654: mark_inode_dirty error [ 1151.874173][T25628] netlink: 'syz.1.8667': attribute type 10 has an invalid length. [ 1151.975251][T25632] netlink: 'syz.2.8669': attribute type 4 has an invalid length. [ 1152.168761][T25641] netlink: 'syz.3.8673': attribute type 10 has an invalid length. [ 1152.228223][T25641] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1152.246984][T25641] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 1152.832418][ T6183] usb 1-1: new high-speed USB device number 126 using dummy_hcd [ 1153.046129][ T6183] usb 1-1: Using ep0 maxpacket: 16 [ 1153.058257][ T6183] usb 1-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=ff.76 [ 1153.068552][ T6183] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1153.077018][ T6183] usb 1-1: Product: syz [ 1153.092257][ T6183] usb 1-1: Manufacturer: syz [ 1153.096931][ T6183] usb 1-1: SerialNumber: syz [ 1153.121639][ T6183] usb 1-1: config 0 descriptor?? [ 1153.352644][ T6183] usb 1-1: ignoring: not an USB2CAN converter [ 1153.559902][T25686] XFS (nullb0): Invalid superblock magic number [ 1153.623350][ T6183] usb 1-1: USB disconnect, device number 126 [ 1153.775725][T25698] overlayfs: unescaped trailing colons in lowerdir mount option. [ 1154.022284][T25706] genirq: Flags mismatch irq 4. 00000000 (pcl816) vs. 00000000 (ttyS0) [ 1154.226710][T25711] loop3: detected capacity change from 0 to 512 [ 1154.281566][T25711] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1154.318517][T25711] ext4 filesystem being mounted at /2219/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1154.470317][ T6134] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1154.499575][ T966] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 1154.704608][ T966] usb 3-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64 [ 1154.724295][ T966] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1154.725135][T12336] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 1154.740462][ T966] usb 3-1: Product: syz [ 1154.745200][ T966] usb 3-1: Manufacturer: syz [ 1154.754737][ T966] usb 3-1: SerialNumber: syz [ 1154.792119][ T966] usb 3-1: config 0 descriptor?? [ 1154.822791][ T966] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state. [ 1154.827732][T25732] overlayfs: missing 'lowerdir' [ 1154.841719][ T966] pctv452e: pctv452e_power_ctrl: 1 [ 1154.841719][ T966] [ 1154.849739][ T966] usb 3-1: selecting invalid altsetting 3 [ 1154.856511][ T966] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22 [ 1154.856511][ T966] [ 1154.903472][ T966] dvb-usb: bulk message failed: -22 (5/0) [ 1154.940620][ T966] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 1154.961953][T12336] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1154.971889][ T966] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19) [ 1155.023738][T12336] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1155.047979][T12336] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1155.071253][T12336] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1155.098310][T12336] usb 2-1: Product: syz [ 1155.109600][T12336] usb 2-1: Manufacturer: syz [ 1155.114279][T12336] usb 2-1: SerialNumber: syz [ 1155.130918][ T966] usb 3-1: USB disconnect, device number 13 [ 1155.132924][T12336] usb 2-1: config 0 descriptor?? [ 1155.166090][T12336] usb 2-1: selecting invalid altsetting 0 [ 1155.208479][T25740] netlink: 'syz.3.8718': attribute type 10 has an invalid length. [ 1155.240271][T25740] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.8718'. [ 1155.402530][T25745] netlink: 48 bytes leftover after parsing attributes in process `syz.3.8720'. [ 1155.524368][T25748] netlink: 188 bytes leftover after parsing attributes in process `syz.3.8722'. [ 1155.553039][ T966] usb 2-1: USB disconnect, device number 21 [ 1156.047512][T25768] netlink: 36 bytes leftover after parsing attributes in process `syz.2.8730'. [ 1156.542572][T25784] x_tables: ip_tables: socket match: used from hooks POSTROUTING, but only valid from PREROUTING/INPUT [ 1156.974983][T25797] loop0: detected capacity change from 0 to 512 [ 1156.991801][T25797] EXT4-fs: Ignoring removed orlov option [ 1157.028305][T25797] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 1157.091936][T25797] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2244: inode #15: comm syz.0.8746: corrupted in-inode xattr: e_value size too large [ 1157.236858][T25797] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.8746: couldn't read orphan inode 15 (err -117) [ 1157.285912][T25797] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1157.372738][T25804] loop2: detected capacity change from 0 to 512 [ 1157.446242][T25804] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1157.488805][ T6130] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1157.572147][T25804] EXT4-fs error (device loop2): ext4_empty_dir:3139: inode #12: comm syz.2.8749: Directory block failed checksum [ 1157.631311][T25793] loop3: detected capacity change from 0 to 32768 [ 1157.721446][ T6133] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1157.740483][T25793] jfs_strtoUCS: char2uni returned -22. [ 1157.746034][T25793] charset = cp950, char = 0xd4 [ 1157.753394][T25808] netlink: 84 bytes leftover after parsing attributes in process `syz.0.8750'. [ 1157.949351][T25812] loop0: detected capacity change from 0 to 512 [ 1158.009935][T25812] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1158.088486][T25812] ext4 filesystem being mounted at /2139/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1158.293804][ T6130] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1158.437919][T25826] loop2: detected capacity change from 0 to 8 [ 1158.521745][T25826] SQUASHFS error: Unable to read inode 0xe3 [ 1158.831169][T25841] trusted_key: encrypted_key: keyword 'ne' not recognized [ 1159.074297][T25852] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1160.016984][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 1160.017001][ T28] audit: type=1326 audit(1757993247.827:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25882 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x50000 [ 1160.078568][T25862] loop1: detected capacity change from 0 to 32768 [ 1160.085441][ T28] audit: type=1326 audit(1757993247.827:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25882 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x50000 [ 1160.107461][ C1] vkms_vblank_simulate: vblank timer overrun [ 1160.125319][T25862] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.8776 (25862) [ 1160.143104][ T28] audit: type=1326 audit(1757993247.827:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25882 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x50000 [ 1160.177503][T25862] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1160.200123][T25862] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 1160.218815][T25862] BTRFS info (device loop1): enabling auto defrag [ 1160.227478][ T28] audit: type=1326 audit(1757993247.827:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25882 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x50000 [ 1160.252318][T25862] BTRFS info (device loop1): doing ref verification [ 1160.258986][T25862] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_LZO (0x8) [ 1160.269811][T25862] BTRFS info (device loop1): force lzo compression, level 0 [ 1160.278044][ T28] audit: type=1326 audit(1757993247.827:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25882 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x50000 [ 1160.301851][T25862] BTRFS warning (device loop1): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 1160.312963][T25862] BTRFS info (device loop1): trying to use backup root at mount time [ 1160.322431][T25862] BTRFS info (device loop1): max_inline at 4096 [ 1160.329911][ T28] audit: type=1326 audit(1757993247.827:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25882 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x50000 [ 1160.353338][T25862] BTRFS info (device loop1): enabling ssd optimizations [ 1160.361396][T25862] BTRFS info (device loop1): using spread ssd allocation scheme [ 1160.407740][T25862] BTRFS info (device loop1): using free space tree [ 1160.418175][ T28] audit: type=1326 audit(1757993247.827:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25882 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x50000 [ 1160.449317][T25862] workqueue: max_active 65524 requested for btrfs-worker is out of range, clamping between 1 and 512 [ 1160.507979][T25862] workqueue: max_active 65524 requested for btrfs-delalloc is out of range, clamping between 1 and 512 [ 1160.529059][ T28] audit: type=1326 audit(1757993247.827:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25882 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x50000 [ 1160.631207][T25862] workqueue: max_active 65524 requested for btrfs-endio is out of range, clamping between 1 and 512 [ 1160.640171][ T28] audit: type=1326 audit(1757993247.827:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25882 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x50000 [ 1160.680539][ T28] audit: type=1326 audit(1757993247.827:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25882 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x50000 [ 1160.721757][T25862] workqueue: max_active 65524 requested for btrfs-endio-meta is out of range, clamping between 1 and 512 [ 1160.724013][T25903] loop0: detected capacity change from 0 to 256 [ 1160.776808][T25862] workqueue: max_active 65524 requested for btrfs-rmw is out of range, clamping between 1 and 512 [ 1160.805222][T25903] FAT-fs (loop0): Directory bread(block 64) failed [ 1160.828753][T25862] workqueue: max_active 65524 requested for btrfs-endio-write is out of range, clamping between 1 and 512 [ 1160.840912][T25903] FAT-fs (loop0): Directory bread(block 65) failed [ 1160.871751][T25903] FAT-fs (loop0): Directory bread(block 66) failed [ 1160.878334][T25903] FAT-fs (loop0): Directory bread(block 67) failed [ 1160.902144][T25862] workqueue: max_active 65524 requested for btrfs-compressed-write is out of range, clamping between 1 and 512 [ 1160.943477][T25903] FAT-fs (loop0): Directory bread(block 68) failed [ 1160.979025][T25903] FAT-fs (loop0): Directory bread(block 69) failed [ 1160.996089][T25903] FAT-fs (loop0): Directory bread(block 70) failed [ 1161.011018][T25903] FAT-fs (loop0): Directory bread(block 71) failed [ 1161.021200][T25903] FAT-fs (loop0): Directory bread(block 72) failed [ 1161.037744][T25903] FAT-fs (loop0): Directory bread(block 73) failed [ 1161.085936][T25862] BTRFS info (device loop1): auto enabling async discard [ 1161.353621][ T6126] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1161.474023][T25922] loop3: detected capacity change from 0 to 256 [ 1161.509962][T25922] exfat: Deprecated parameter 'namecase' [ 1161.550905][T25922] exfat: Deprecated parameter 'utf8' [ 1161.610043][T25922] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 1163.519743][T25978] loop1: detected capacity change from 0 to 256 [ 1163.519782][T25976] loop3: detected capacity change from 0 to 1764 [ 1163.549006][T25978] exfat: Deprecated parameter 'utf8' [ 1163.559056][T25976] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 1163.598176][T25978] exfat: Deprecated parameter 'utf8' [ 1163.603565][T25978] exfat: Deprecated parameter 'namecase' [ 1163.608641][T25976] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 1163.704127][T25978] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5f26ded4, utbl_chksum : 0xe619d30d) [ 1163.814173][T25986] netlink: 'syz.2.8827': attribute type 7 has an invalid length. [ 1164.805976][ T6491] usb 1-1: new full-speed USB device number 127 using dummy_hcd [ 1165.011613][ T6491] usb 1-1: config index 0 descriptor too short (expected 69, got 36) [ 1165.029878][ T6491] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1165.049271][ T6491] usb 1-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 1165.071044][ T6491] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1165.080348][ T6491] usb 1-1: Product: syz [ 1165.091101][ T6491] usb 1-1: Manufacturer: syz [ 1165.103582][ T6491] usb 1-1: SerialNumber: syz [ 1165.118130][ T6491] usb 1-1: config 0 descriptor?? [ 1165.129803][ T6491] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 1165.574242][ T6491] gspca_pac7302: reg_w() failed i: 78 v: 00 error -71 [ 1165.584268][ T6491] gspca_pac7302: probe of 1-1:0.0 failed with error -71 [ 1165.593343][T26053] loop3: detected capacity change from 0 to 512 [ 1165.602868][ T6491] usb 1-1: USB disconnect, device number 127 [ 1165.705481][T26053] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1165.845017][T26053] EXT4-fs error (device loop3): ext4_empty_dir:3139: inode #12: comm syz.3.8860: Directory block failed checksum [ 1165.965312][ T6134] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1166.226254][T26072] delete_channel: no stack [ 1166.431720][T26079] syz.0.8871 (26079): /proc/26077/oom_adj is deprecated, please use /proc/26077/oom_score_adj instead. [ 1166.755904][T26085] loop2: detected capacity change from 0 to 4096 [ 1166.801162][T26085] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 1166.967981][T26085] ntfs3: loop2: failed to convert "c46c" to iso8859-2 [ 1167.474233][T26110] loop2: detected capacity change from 0 to 2048 [ 1167.537520][T26117] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1167.620610][T26110] NILFS (loop2): bad btree root (ino=16): level = 164, flags = 0x1, nchildren = 1 [ 1168.167185][T26139] loop1: detected capacity change from 0 to 1024 [ 1169.010326][T26136] loop3: detected capacity change from 0 to 32768 [ 1169.051624][T26136] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.8899 (26136) [ 1169.119234][T26136] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1169.169133][T26136] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 1169.220526][T26136] BTRFS info (device loop3): metadata ratio 2 [ 1169.226675][T26136] BTRFS info (device loop3): allowing degraded mounts [ 1169.274708][T26136] BTRFS info (device loop3): force zlib compression, level 3 [ 1169.316816][T26136] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 1169.326394][T26136] BTRFS info (device loop3): use zstd compression, level 3 [ 1169.375739][T26136] BTRFS info (device loop3): force clearing of disk cache [ 1169.411501][T26136] BTRFS info (device loop3): max_inline at 0 [ 1169.455867][T26136] BTRFS info (device loop3): using free space tree [ 1169.604144][T26136] BTRFS info (device loop3): enabling ssd optimizations [ 1169.633989][T26189] loop0: detected capacity change from 0 to 4096 [ 1169.650482][T26195] [U]  [ 1169.696396][T26136] BTRFS info (device loop3): rebuilding free space tree [ 1169.705356][T26189] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 1169.958792][T26189] ntfs3: loop0: ino=1e, "file1" ntfs_sync_inode failed, -22. [ 1169.986534][T26189] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 1170.026735][T26136] BTRFS error (device loop3: state M): unrecognized mount option 'ÿÿ184467440737095516150xffffffffffffffff18446744073709551615±ñV?Œù³ßCp~'~8pٻ젌|ž^½Ë(c—oö—ÈŽ‡Æl2vJËÿÿÿÿÿÿÿÿÿ' [ 1170.151887][ T48] ntfs3: loop0: ino=1e, ntfs3_write_inode failed, -22. [ 1170.212138][ T6134] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1170.512103][T26215] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8929'. [ 1170.640935][T26220] loop0: detected capacity change from 0 to 256 [ 1170.763132][T26220] FAT-fs (loop0): Directory bread(block 64) failed [ 1170.769832][T26220] FAT-fs (loop0): Directory bread(block 65) failed [ 1170.833931][T26220] FAT-fs (loop0): Directory bread(block 66) failed [ 1170.877653][T26220] FAT-fs (loop0): Directory bread(block 67) failed [ 1170.884390][T26220] FAT-fs (loop0): Directory bread(block 68) failed [ 1170.910001][T26220] FAT-fs (loop0): Directory bread(block 69) failed [ 1170.916764][T26220] FAT-fs (loop0): Directory bread(block 70) failed [ 1170.938056][T26220] FAT-fs (loop0): Directory bread(block 71) failed [ 1170.952703][T26227] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8936'. [ 1170.988949][T26220] FAT-fs (loop0): Directory bread(block 72) failed [ 1170.998533][T26227] netlink: zone id is out of range [ 1171.005510][T26220] FAT-fs (loop0): Directory bread(block 73) failed [ 1171.006343][T26227] netlink: del zone limit has 4 unknown bytes [ 1171.357897][T26237] loop2: detected capacity change from 0 to 256 [ 1171.424359][T26237] FAT-fs (loop2): Directory bread(block 64) failed [ 1171.455068][T26237] FAT-fs (loop2): Directory bread(block 65) failed [ 1171.461868][T26237] FAT-fs (loop2): Directory bread(block 66) failed [ 1171.487074][T26237] FAT-fs (loop2): Directory bread(block 67) failed [ 1171.493780][T26237] FAT-fs (loop2): Directory bread(block 68) failed [ 1171.524750][T26237] FAT-fs (loop2): Directory bread(block 69) failed [ 1171.543222][T26237] FAT-fs (loop2): Directory bread(block 70) failed [ 1171.553602][T26237] FAT-fs (loop2): Directory bread(block 71) failed [ 1171.560483][T26237] FAT-fs (loop2): Directory bread(block 72) failed [ 1171.568409][T26237] FAT-fs (loop2): Directory bread(block 73) failed [ 1171.594507][T26243] geneve2: entered promiscuous mode [ 1171.862798][T26250] netlink: 56 bytes leftover after parsing attributes in process `syz.0.8947'. [ 1172.183084][T26262] "syz.2.8952" (26262) uses obsolete ecb(arc4) skcipher [ 1172.645020][T26284] loop1: detected capacity change from 0 to 128 [ 1172.672777][T26283] xt_hashlimit: max too large, truncated to 1048576 [ 1172.695857][T26284] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 1172.758276][T26284] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1172.922636][T26291] loop2: detected capacity change from 0 to 64 [ 1173.617351][T26312] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8976'. [ 1173.766279][T26318] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8979'. [ 1173.776385][T26318] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8979'. [ 1174.468087][T26342] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8992'. [ 1174.537419][T26347] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8993'. [ 1174.641321][ T8] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1174.869628][T26354] erspan0: entered promiscuous mode [ 1174.875024][T26354] erspan0: entered allmulticast mode [ 1174.887007][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 1174.902385][ T8] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1174.922991][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1174.951158][ T8] usb 1-1: Product: syz [ 1174.955398][ T8] usb 1-1: Manufacturer: syz [ 1174.979358][ T8] usb 1-1: SerialNumber: syz [ 1174.995666][ T8] r8152-cfgselector 1-1: config 0 descriptor?? [ 1175.137286][T26361] loop1: detected capacity change from 0 to 128 [ 1175.174962][T26361] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 1175.202473][T26361] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1175.241996][ T8] usbip-host 1-1: 1-1 is not in match_busid table... skip! [ 1175.494631][ T8] usb 1-1: USB disconnect, device number 2 [ 1175.530627][T26367] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9003'. [ 1175.652207][T26371] QAT: Stopping all acceleration devices. [ 1175.719391][T26357] loop3: detected capacity change from 0 to 32768 [ 1175.733620][T26357] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.8999 (26357) [ 1175.797501][T26357] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1175.818534][T26357] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 1175.827896][T26357] BTRFS info (device loop3): enabling auto defrag [ 1175.834361][T26357] BTRFS info (device loop3): doing ref verification [ 1175.851426][T26357] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 1175.873124][T26357] BTRFS info (device loop3): force lzo compression, level 0 [ 1175.891721][T26357] BTRFS warning (device loop3): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 1175.902941][T26357] BTRFS info (device loop3): trying to use backup root at mount time [ 1175.911185][T26357] BTRFS info (device loop3): max_inline at 4096 [ 1175.928437][T26357] BTRFS info (device loop3): enabling ssd optimizations [ 1175.944288][T26357] BTRFS info (device loop3): using spread ssd allocation scheme [ 1175.963061][T26357] BTRFS info (device loop3): using free space tree [ 1175.973919][T26357] workqueue: max_active 65524 requested for btrfs-worker is out of range, clamping between 1 and 512 [ 1176.008540][T26357] workqueue: max_active 65524 requested for btrfs-delalloc is out of range, clamping between 1 and 512 [ 1176.093307][T26357] workqueue: max_active 65524 requested for btrfs-endio is out of range, clamping between 1 and 512 [ 1176.180735][T26357] workqueue: max_active 65524 requested for btrfs-endio-meta is out of range, clamping between 1 and 512 [ 1176.228890][T26357] workqueue: max_active 65524 requested for btrfs-rmw is out of range, clamping between 1 and 512 [ 1176.270654][T26357] workqueue: max_active 65524 requested for btrfs-endio-write is out of range, clamping between 1 and 512 [ 1176.300805][T26357] workqueue: max_active 65524 requested for btrfs-compressed-write is out of range, clamping between 1 and 512 [ 1176.377859][T26373] loop1: detected capacity change from 0 to 32768 [ 1176.407650][T26373] add_index: next_index = 0. Resetting! [ 1176.419796][T26373] find_entry called with index >= next_index [ 1176.431668][T26373] find_entry called with index >= next_index [ 1176.501057][T26357] BTRFS info (device loop3): auto enabling async discard [ 1176.738152][ T28] kauditd_printk_skb: 2582 callbacks suppressed [ 1176.738170][ T28] audit: type=1326 audit(1757993263.485:2675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26402 comm="syz.0.9014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1176.784294][T26401] loop2: detected capacity change from 0 to 4096 [ 1176.795987][ T28] audit: type=1326 audit(1757993263.513:2676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26402 comm="syz.0.9014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1176.821167][T26401] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 1176.852511][ T28] audit: type=1326 audit(1757993263.513:2677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26402 comm="syz.0.9014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=445 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1176.902573][T26405] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9016'. [ 1176.912774][ T28] audit: type=1326 audit(1757993263.513:2678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26402 comm="syz.0.9014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1176.930059][ T6134] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1176.970223][ T28] audit: type=1326 audit(1757993263.513:2679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26402 comm="syz.0.9014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1177.141194][T26409] netlink: 184 bytes leftover after parsing attributes in process `syz.2.9018'. [ 1177.344054][T26411] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 1177.398952][T26411] overlayfs: missing 'lowerdir' [ 1177.600636][T26417] loop3: detected capacity change from 0 to 256 [ 1177.665647][T26417] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011a39, chksum : 0xd54015fb, utbl_chksum : 0xe619d30d) [ 1178.125110][T26431] netlink: 148 bytes leftover after parsing attributes in process `syz.0.9027'. [ 1178.436600][T26443] erspan0: entered promiscuous mode [ 1178.468122][T26443] erspan0: entered allmulticast mode [ 1178.562465][T26447] nvme_fabrics: unknown parameter or missing value 'V' in ctrl creation request [ 1178.716811][T26453] netlink: 'syz.3.9038': attribute type 6 has an invalid length. [ 1178.744715][T26453] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.9038'. [ 1178.945240][T26464] loop0: detected capacity change from 0 to 64 [ 1179.174232][T26471] warning: `syz.1.9047' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 1179.366005][T26479] netlink: 'syz.1.9051': attribute type 27 has an invalid length. [ 1179.781699][T26497] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 1180.392233][T12336] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 1180.531262][ T23] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1180.577754][T26528] loop2: detected capacity change from 0 to 256 [ 1180.638392][T12336] usb 2-1: Using ep0 maxpacket: 16 [ 1180.646373][T12336] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1180.662091][T12336] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22 [ 1180.713840][T12336] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1180.725087][T12336] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1180.728665][ T23] usb 1-1: config 0 has an invalid interface number: 216 but max is 0 [ 1180.733124][T12336] usb 2-1: SerialNumber: syz [ 1180.759015][T12336] cdc_acm 2-1:1.0: invalid descriptor buffer length [ 1180.765691][T12336] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 1180.800659][ T23] usb 1-1: config 0 has no interface number 0 [ 1180.801347][T12336] cdc_acm 2-1:1.0: This needs exactly 3 endpoints [ 1180.806998][ T23] usb 1-1: config 0 interface 216 altsetting 4 bulk endpoint 0x8F has invalid maxpacket 64 [ 1180.807037][ T23] usb 1-1: config 0 interface 216 altsetting 4 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1180.807062][ T23] usb 1-1: config 0 interface 216 has no altsetting 0 [ 1180.807104][ T23] usb 1-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c1.2e [ 1180.807131][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1180.858897][T12336] cdc_acm: probe of 2-1:1.0 failed with error -22 [ 1180.862143][ T23] usb 1-1: config 0 descriptor?? [ 1180.902913][T26514] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1180.914755][ T23] usb 1-1: NFC: intf ffff8880675c4000 id ffffffff8d63c320 [ 1180.988588][T12336] usb 2-1: USB disconnect, device number 22 [ 1181.193737][T26542] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9082'. [ 1181.226767][ T23] usb 1-1: USB disconnect, device number 3 [ 1181.871729][T26568] erspan0: left promiscuous mode [ 1181.876741][T26568] erspan0: left allmulticast mode [ 1181.907692][T26567] loop3: detected capacity change from 0 to 1024 [ 1181.938391][T26568] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1181.977527][T26567] hfsplus: cannot replace xattr [ 1182.076365][T26572] erspan0: entered promiscuous mode [ 1182.095891][T26572] erspan0: entered allmulticast mode [ 1182.460610][T26587] loop1: detected capacity change from 0 to 16 [ 1182.484888][T26587] erofs: (device loop1): mounted with root inode @ nid 36. [ 1182.566536][T26587] syz.1.9104: attempt to access beyond end of device [ 1182.566536][T26587] loop1: rw=0, sector=48, nr_sectors = 16 limit=16 [ 1182.604624][T26582] loop2: detected capacity change from 0 to 8192 [ 1182.646801][T26582] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 1182.649259][T26590] loop3: detected capacity change from 0 to 256 [ 1182.700701][T26582] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 1182.710561][T26582] REISERFS (device loop2): using ordered data mode [ 1182.718155][T26582] reiserfs: using flush barriers [ 1182.726339][T26582] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1182.743693][T26582] REISERFS (device loop2): checking transaction log (loop2) [ 1182.789930][T26582] REISERFS (device loop2): Using r5 hash to sort names [ 1182.802062][T26582] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 1183.072835][T26600] autofs4:pid:26600:autofs_fill_super: called with bogus options [ 1183.308592][T26606] loop3: detected capacity change from 0 to 164 [ 1183.437472][T26608] binder: 26607:26608 ioctl c018620c 0 returned -14 [ 1183.947416][T26599] loop0: detected capacity change from 0 to 32768 [ 1183.950993][T26618] netlink: 256 bytes leftover after parsing attributes in process `syz.3.9118'. [ 1183.975650][T26599] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.9108 (26599) [ 1184.004823][T26599] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1184.033674][T26599] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 1184.058348][T26599] BTRFS info (device loop0): enabling auto defrag [ 1184.079956][T26599] BTRFS info (device loop0): doing ref verification [ 1184.120824][T26599] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 1184.139690][T26599] BTRFS info (device loop0): force lzo compression, level 0 [ 1184.147561][T26599] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 1184.174331][T26599] BTRFS info (device loop0): trying to use backup root at mount time [ 1184.184280][T26599] BTRFS info (device loop0): max_inline at 4096 [ 1184.205841][T26599] BTRFS info (device loop0): enabling ssd optimizations [ 1184.225915][T26599] BTRFS info (device loop0): using spread ssd allocation scheme [ 1184.254258][T26599] BTRFS info (device loop0): using free space tree [ 1184.260922][T26599] workqueue: max_active 65524 requested for btrfs-worker is out of range, clamping between 1 and 512 [ 1184.277833][T26628] loop2: detected capacity change from 0 to 1024 [ 1184.322897][T26628] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1184.331903][T26599] workqueue: max_active 65524 requested for btrfs-delalloc is out of range, clamping between 1 and 512 [ 1184.410979][T26628] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1184.447293][T26599] workqueue: max_active 65524 requested for btrfs-endio is out of range, clamping between 1 and 512 [ 1184.459324][T26632] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 1184.474526][T26599] workqueue: max_active 65524 requested for btrfs-endio-meta is out of range, clamping between 1 and 512 [ 1184.486330][T26628] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e80ce018, mo2=0000] [ 1184.499902][T26628] System zones: 0-1, 3-12 [ 1184.505834][T26599] workqueue: max_active 65524 requested for btrfs-rmw is out of range, clamping between 1 and 512 [ 1184.531801][T26628] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #3: block 1: comm syz.2.9124: lblock 1 mapped to illegal pblock 1 (length 1) [ 1184.565052][T26599] workqueue: max_active 65524 requested for btrfs-endio-write is out of range, clamping between 1 and 512 [ 1184.584590][T26628] Quota error (device loop2): write_blk: dquota write failed [ 1184.608474][T26599] workqueue: max_active 65524 requested for btrfs-compressed-write is out of range, clamping between 1 and 512 [ 1184.611347][T26628] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 1184.631027][T26628] EXT4-fs error (device loop2): ext4_acquire_dquot:6940: comm syz.2.9124: Failed to acquire dquot type 0 [ 1184.679547][T26650] loop3: detected capacity change from 0 to 128 [ 1184.686083][T26628] EXT4-fs error (device loop2): ext4_free_blocks:6676: comm syz.2.9124: Freeing blocks not in datazone - block = 0, count = 4096 [ 1184.747579][T26599] BTRFS info (device loop0): auto enabling async discard [ 1184.747980][T26628] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.9124: Invalid inode bitmap blk 0 in block_group 0 [ 1184.779785][T26628] EXT4-fs error (device loop2) in ext4_free_inode:363: Corrupt filesystem [ 1184.788757][T22972] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 1184.825486][T26628] EXT4-fs (loop2): 1 orphan inode deleted [ 1184.843717][T26628] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1184.849635][T26656] loop1: detected capacity change from 0 to 256 [ 1184.874518][T22972] Quota error (device loop2): remove_tree: Can't read quota data block 1 [ 1184.892934][T22972] EXT4-fs error (device loop2): ext4_release_dquot:6976: comm kworker/u4:4: Failed to release dquot type 0 [ 1185.070199][T26628] EXT4-fs: Cannot change journaled quota options when quota turned on [ 1185.218740][ T6133] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1185.278986][ T6130] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1186.757098][T26702] erspan0: left promiscuous mode [ 1186.773641][T26702] erspan0: left allmulticast mode [ 1187.026969][T26702] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1187.467232][T26724] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9162'. [ 1187.515726][T26718] loop1: detected capacity change from 0 to 4096 [ 1187.549228][T26718] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 1187.594635][T26718] ntfs3: loop1: Failed to initialize $Extend/$Reparse. [ 1187.844199][T26734] vim2m vim2m.0: Fourcc format (0x56595559) invalid. [ 1187.871483][T26732] netlink: 136 bytes leftover after parsing attributes in process `syz.2.9166'. [ 1188.166491][T26744] netlink: 44 bytes leftover after parsing attributes in process `syz.1.9172'. [ 1188.185721][ T23] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 1188.204110][T26744] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1188.245820][T26746] netlink: 44 bytes leftover after parsing attributes in process `syz.3.9173'. [ 1188.259668][T26746] netlink: 43 bytes leftover after parsing attributes in process `syz.3.9173'. [ 1188.270935][T26746] netlink: 'syz.3.9173': attribute type 5 has an invalid length. [ 1188.284699][T26746] netlink: 43 bytes leftover after parsing attributes in process `syz.3.9173'. [ 1188.373492][T26748] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9174'. [ 1188.395819][ T23] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1188.411944][ T23] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1188.434657][ T23] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 1188.444352][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1188.473269][ T23] usb 1-1: SerialNumber: syz [ 1188.494463][ T23] cdc_ether: probe of 1-1:1.0 failed with error -22 [ 1188.514404][ T23] usb-storage 1-1:1.0: USB Mass Storage device detected [ 1188.568522][ T23] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 1188.592784][ T23] scsi host1: usb-storage 1-1:1.0 [ 1188.626414][T26761] nfs: Unknown parameter 'ntext' [ 1188.719775][T26763] bridge3: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 1188.883438][T26769] netlink: 136 bytes leftover after parsing attributes in process `syz.3.9180'. [ 1189.591893][T26792] binder: 26791:26792 ioctl c018620c 200000000380 returned -22 [ 1189.714194][T26796] netlink: 136 bytes leftover after parsing attributes in process `syz.1.9195'. [ 1189.971319][T26800] libceph: resolve '4..' (ret=-3): failed [ 1190.019337][ T27] usb 1-1: USB disconnect, device number 4 [ 1190.341207][T26815] kAFS: unable to lookup cell '' [ 1190.343467][T26806] loop1: detected capacity change from 0 to 8192 [ 1190.383092][T26806] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 1190.404792][T26806] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 1190.417111][T26806] REISERFS (device loop1): using ordered data mode [ 1190.424656][T26806] reiserfs: using flush barriers [ 1190.457855][T26806] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1190.484790][T26806] REISERFS (device loop1): checking transaction log (loop1) [ 1190.497319][T26806] REISERFS (device loop1): Using r5 hash to sort names [ 1190.504723][T26806] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 1190.504817][T26818] binder: 26817:26818 ioctl 400c620e ffffffffffffffff returned -14 [ 1191.588824][T26849] xt_limit: Overflow, try lower: 2147483649/3300 [ 1192.179119][T26872] erspan0: left promiscuous mode [ 1192.233241][T26872] bridge0: port 1(bridge_slave_0) entered disabled state [ 1192.246071][T26872] bridge0: port 2(bridge_slave_1) entered disabled state [ 1192.390066][T26872] macvlan0: left promiscuous mode [ 1192.438857][T26872] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 1192.477383][T26872] mac80211_hwsim hwsim8 wlan0: left promiscuous mode [ 1193.082029][ T966] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 1193.153351][T26899] loop3: detected capacity change from 0 to 8192 [ 1193.180530][T26899] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 1193.200336][T26899] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 1193.229150][T26899] REISERFS (device loop3): using ordered data mode [ 1193.246880][T26899] reiserfs: using flush barriers [ 1193.249543][T26882] loop0: detected capacity change from 0 to 32768 [ 1193.265126][T26882] XFS: noikeep mount option is deprecated. [ 1193.285207][T26899] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1193.313149][ T966] usb 3-1: Using ep0 maxpacket: 16 [ 1193.330435][T26899] REISERFS (device loop3): checking transaction log (loop3) [ 1193.332320][ T966] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7 [ 1193.351439][T26899] REISERFS (device loop3): Using r5 hash to sort names [ 1193.370608][ T966] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 1193.371127][T26899] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 1193.386534][T26882] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1193.408062][ T966] usb 3-1: New USB device found, idVendor=0d46, idProduct=0081, bcdDevice=19.82 [ 1193.418488][ T966] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1193.426929][ T966] usb 3-1: Product: syz [ 1193.433063][ T966] usb 3-1: Manufacturer: syz [ 1193.438587][ T966] usb 3-1: SerialNumber: syz [ 1193.446375][ T966] usb 3-1: config 0 descriptor?? [ 1193.474474][ T966] kobil_sct 3-1:0.0: KOBIL USB smart card terminal converter detected [ 1193.551082][T26882] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 1193.574288][ T966] usb 3-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 1193.665210][T26882] XFS (loop0): Starting recovery (logdev: internal) [ 1193.722152][T26882] XFS (loop0): Ending recovery (logdev: internal) [ 1193.746630][T26882] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x516/0x640, xfs_finobt block 0x20 [ 1193.792249][T26882] XFS (loop0): Unmount and run xfs_repair [ 1193.792451][ T966] usb 3-1: USB disconnect, device number 14 [ 1193.819327][T26882] XFS (loop0): Failed to initialize disk quotas. [ 1193.824254][ T966] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 1193.863342][ T966] kobil_sct 3-1:0.0: device disconnected [ 1193.924996][T26882] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x516/0x640, xfs_finobt block 0x20 [ 1193.987039][T26882] XFS (loop0): Unmount and run xfs_repair [ 1194.105076][ T6130] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1194.185836][T26927] usb usb8: usbfs: process 26927 (syz.3.9256) did not claim interface 0 before use [ 1194.226437][T26925] loop1: detected capacity change from 0 to 4096 [ 1194.241523][T26925] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 1194.350560][T26925] ntfs: volume version 3.1. [ 1194.922696][T26944] x_tables: unsorted underflow at hook 3 [ 1194.951557][T26945] loop3: detected capacity change from 0 to 512 [ 1194.979921][T26945] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002] [ 1195.035786][T26945] System zones: 0-2, 18-18, 34-34 [ 1195.061943][T26948] loop0: detected capacity change from 0 to 128 [ 1195.084402][T26945] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1195.091441][T26948] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 1195.117108][T26945] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.9262: bg 0: block 248: padding at end of block bitmap is not set [ 1195.118633][T26948] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1195.167020][T26945] Quota error (device loop3): write_blk: dquota write failed [ 1195.174586][T26945] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 1195.218215][T26945] EXT4-fs error (device loop3): ext4_acquire_dquot:6940: comm syz.3.9262: Failed to acquire dquot type 1 [ 1195.236434][T26945] EXT4-fs (loop3): 1 orphan inode deleted [ 1195.253515][ T1098] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-5 [ 1195.284335][ T1098] EXT4-fs error (device loop3): ext4_release_dquot:6976: comm kworker/u4:7: Failed to release dquot type 1 [ 1195.340632][T26945] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1195.487081][T26953] loop0: detected capacity change from 0 to 512 [ 1195.509609][T26953] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 1195.533630][T26945] EXT4-fs error (device loop3): ext4_lookup:1862: inode #2: comm syz.3.9262: deleted inode referenced: 12 [ 1195.559833][T26953] EXT4-fs (loop0): 1 truncate cleaned up [ 1195.578183][T26953] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1195.657163][ T6134] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1195.717207][T26953] EXT4-fs error (device loop0): mb_free_blocks:1938: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 1195.738376][T26958] xt_bpf: check failed: parse error [ 1195.807363][T26953] EXT4-fs (loop0): Remounting filesystem read-only [ 1195.971783][ T6130] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1195.989301][T26943] loop1: detected capacity change from 0 to 32768 [ 1196.159265][T26943] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode. [ 1196.244558][T26972] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 1196.282944][T26943] OCFS2: ERROR (device loop1): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #17056 has bit count 57088 but max bitmap bits of 2048 [ 1196.311225][T26972] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1196.354315][T26943] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 1196.374927][T26943] OCFS2: File system is now read-only. [ 1196.386822][T26943] (syz.1.9264,26943,1):ocfs2_search_chain:1761 ERROR: status = -30 [ 1196.425799][T26943] (syz.1.9264,26943,1):ocfs2_search_chain:1871 ERROR: status = -30 [ 1196.471033][T26943] (syz.1.9264,26943,1):ocfs2_claim_suballoc_bits:1940 ERROR: status = -30 [ 1196.513656][T26943] (syz.1.9264,26943,1):ocfs2_claim_suballoc_bits:1983 ERROR: status = -30 [ 1196.522259][T26943] (syz.1.9264,26943,1):ocfs2_claim_new_inode:2216 ERROR: status = -30 [ 1196.587868][T26943] (syz.1.9264,26943,1):ocfs2_claim_new_inode:2231 ERROR: status = -30 [ 1196.596609][T26943] (syz.1.9264,26943,1):ocfs2_mknod_locked:639 ERROR: status = -30 [ 1196.604906][T26943] (syz.1.9264,26943,1):ocfs2_mknod:385 ERROR: status = -30 [ 1196.618600][T26943] (syz.1.9264,26943,1):ocfs2_mknod:502 ERROR: status = -30 [ 1196.642963][T26943] (syz.1.9264,26943,1):ocfs2_create:676 ERROR: status = -30 [ 1196.702265][ T6126] ocfs2: Unmounting device (7,1) on (node local) [ 1196.833002][T26984] loop3: detected capacity change from 0 to 512 [ 1196.863097][T26984] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1196.924930][T26984] EXT4-fs (loop3): 1 truncate cleaned up [ 1196.949249][T26984] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1196.983531][ T28] audit: type=1800 audit(1757993282.399:2680): pid=26978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.2.9278" name="/newroot/2225/file0" dev="tmpfs" ino=11617 res=0 errno=0 [ 1197.158977][T26984] EXT4-fs error (device loop3): mb_free_blocks:1938: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 1197.239550][T26984] EXT4-fs (loop3): Remounting filesystem read-only [ 1197.259525][T26996] loop0: detected capacity change from 0 to 256 [ 1197.272856][T26996] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1197.393780][ T6134] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1198.297448][T27027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9300'. [ 1198.307328][T27027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9300'. [ 1198.316738][T27027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9300'. [ 1198.333687][T27027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9300'. [ 1198.343106][T27027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9300'. [ 1198.352250][T27027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9300'. [ 1198.362169][T27027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9300'. [ 1198.371635][T27027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9300'. [ 1198.381024][T27027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9300'. [ 1198.412220][T27027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9300'. [ 1198.850993][T27020] loop0: detected capacity change from 0 to 32768 [ 1198.874935][T27020] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.9297 (27020) [ 1198.965044][T27020] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1198.998732][T27020] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 1199.016480][T27020] BTRFS info (device loop0): using free space tree [ 1199.034685][T27048] netlink: 'syz.1.9310': attribute type 5 has an invalid length. [ 1199.040014][T27046] loop3: detected capacity change from 0 to 1024 [ 1199.223990][ T1317] hfsplus: b-tree write err: -5, ino 4 [ 1199.314049][T27020] BTRFS info (device loop0): enabling ssd optimizations [ 1199.325403][T27020] BTRFS info (device loop0): auto enabling async discard [ 1199.614362][ T6130] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1200.150473][T27091] netlink: 'syz.3.9325': attribute type 2 has an invalid length. [ 1200.381336][T27097] loop3: detected capacity change from 0 to 128 [ 1200.629771][ T27] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 1200.793355][T27106] xt_addrtype: ipv6 BLACKHOLE matching not supported [ 1200.841125][ T27] usb 2-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 1200.858875][ T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1200.867823][ T27] usb 2-1: Product: syz [ 1200.875085][ T27] usb 2-1: Manufacturer: syz [ 1200.884058][ T27] usb 2-1: SerialNumber: syz [ 1200.894540][ T27] r8152-cfgselector 2-1: config 0 descriptor?? [ 1201.207519][T27120] binder: 27119:27120 ioctl c018620c 200000000380 returned -1 [ 1201.370393][ T27] r8152-cfgselector 2-1: Unknown version 0x0000 [ 1201.389474][ T27] r8152-cfgselector 2-1: USB disconnect, device number 23 [ 1202.336954][T27160] loop0: detected capacity change from 0 to 512 [ 1202.351193][ T8] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 1202.385558][T27160] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1202.413041][T27160] ext4 filesystem being mounted at /2264/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1202.607734][ T8] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1202.632680][ T8] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1202.649057][ T6130] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1202.650479][ T8] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1202.670908][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1202.710208][T27148] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1202.728547][ T8] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 1202.826852][T27154] loop1: detected capacity change from 0 to 32768 [ 1202.852547][T27154] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.9356 (27154) [ 1202.929888][T27154] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1202.992686][T27154] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 1203.001988][T27154] BTRFS info (device loop1): force zlib compression, level 3 [ 1203.067114][T27154] BTRFS info (device loop1): force clearing of disk cache [ 1203.074329][T27154] BTRFS info (device loop1): setting nodatasum [ 1203.099240][T27154] BTRFS info (device loop1): use zlib compression, level 3 [ 1203.106531][T27154] BTRFS info (device loop1): allowing degraded mounts [ 1203.143105][T27154] BTRFS info (device loop1): enabling disk space caching [ 1203.150216][T27154] BTRFS info (device loop1): disk space caching is enabled [ 1203.433874][ T23] usb 4-1: USB disconnect, device number 7 [ 1203.453130][T27154] BTRFS info (device loop1): enabling ssd optimizations [ 1203.460148][T27154] BTRFS info (device loop1): auto enabling async discard [ 1203.516882][T27154] BTRFS info (device loop1): rebuilding free space tree [ 1203.572107][T27154] BTRFS info (device loop1): disabling free space tree [ 1203.579271][T27154] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1203.617274][T27154] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1203.757364][T27167] loop2: detected capacity change from 0 to 32768 [ 1203.858316][T27154] BTRFS info (device loop1): balance: start -f -susage=128..7,drange=9..0,limit=42949672974,stripes=0..255 [ 1203.880257][T27167] ea_get: invalid extended attribute [ 1203.886541][T27167] ffff88806a46bab0: 04 00 00 00 .... [ 1203.901840][T27154] BTRFS info (device loop1): balance: ended with status: 0 [ 1204.141476][ T6126] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1204.652392][T27206] binder: 27205:27206 ioctl c018620c 200000000380 returned -1 [ 1204.820489][T27208] netlink: 'syz.2.9373': attribute type 2 has an invalid length. [ 1204.875170][T27212] netlink: 'syz.3.9374': attribute type 3 has an invalid length. [ 1205.405063][ T28] audit: type=1326 audit(1757993290.294:2681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27228 comm="syz.0.9382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1205.430486][T27226] netlink: zone id is out of range [ 1205.456325][T27224] loop2: detected capacity change from 0 to 4096 [ 1205.462223][ T28] audit: type=1326 audit(1757993290.294:2682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27228 comm="syz.0.9382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1205.482807][T27226] netlink: set zone limit has 4 unknown bytes [ 1205.485111][ C0] vkms_vblank_simulate: vblank timer overrun [ 1205.509211][T27224] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 1205.557072][ T28] audit: type=1326 audit(1757993290.303:2683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27228 comm="syz.0.9382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1205.603933][ T28] audit: type=1326 audit(1757993290.303:2684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27228 comm="syz.0.9382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa36338eba9 code=0x7ffc0000 [ 1205.768165][T27236] __nla_validate_parse: 45 callbacks suppressed [ 1205.768192][T27236] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9386'. [ 1206.130516][T27245] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9390'. [ 1206.154590][T27242] loop0: detected capacity change from 0 to 4096 [ 1206.180424][T27242] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 1206.299657][T27242] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 1206.371726][T27253] netlink: 104 bytes leftover after parsing attributes in process `syz.1.9394'. [ 1206.428990][T27242] ntfs3: loop0: failed to convert "c46c" to euc-jp [ 1206.438695][T27254] loop2: detected capacity change from 0 to 1024 [ 1206.667979][ T1098] hfsplus: b-tree write err: -5, ino 4 [ 1207.009322][T27272] dlm: no locking on control device [ 1207.510612][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 1207.519251][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 1208.247740][T27319] loop0: detected capacity change from 0 to 256 [ 1208.280376][T27312] loop2: detected capacity change from 0 to 4096 [ 1208.325135][T27312] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 1208.390617][T27319] FAT-fs (loop0): Directory bread(block 64) failed [ 1208.408968][T27319] FAT-fs (loop0): Directory bread(block 65) failed [ 1208.418604][T27312] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 1208.460887][T27319] FAT-fs (loop0): Directory bread(block 66) failed [ 1208.468543][T27312] ntfs3: loop2: mft corrupted [ 1208.473398][T27312] ntfs3: loop2: Failed to load $Extend (-22). [ 1208.480156][T27319] FAT-fs (loop0): Directory bread(block 67) failed [ 1208.486935][T27319] FAT-fs (loop0): Directory bread(block 68) failed [ 1208.515167][T27312] ntfs3: loop2: Failed to initialize $Extend. [ 1208.521650][T27319] FAT-fs (loop0): Directory bread(block 69) failed [ 1208.542300][T27319] FAT-fs (loop0): Directory bread(block 70) failed [ 1208.548904][T27319] FAT-fs (loop0): Directory bread(block 71) failed [ 1208.583567][T27319] FAT-fs (loop0): Directory bread(block 72) failed [ 1208.612074][T27319] FAT-fs (loop0): Directory bread(block 73) failed [ 1208.702070][T27312] ntfs3: loop2: ino=1b, "file0" failed to parse mft record [ 1208.723785][T27312] ntfs3: loop2: ino=1b, "file0" attr_set_size [ 1209.058592][T27334] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1209.151248][T27338] raw_sendmsg: syz.1.9434 forgot to set AF_INET. Fix it! [ 1209.626512][T27357] loop0: detected capacity change from 0 to 1024 [ 1209.803607][ T1025] hfsplus: b-tree write err: -5, ino 4 [ 1210.143173][T27372] netlink: 'syz.1.9451': attribute type 10 has an invalid length. [ 1210.169076][T27372] netlink: 55 bytes leftover after parsing attributes in process `syz.1.9451'. [ 1210.544833][T27392] netlink: 32 bytes leftover after parsing attributes in process `syz.1.9461'. [ 1210.768515][T27388] loop0: detected capacity change from 0 to 4096 [ 1210.794865][T27388] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 1210.987088][T27388] ntfs3: loop0: failed to convert "c46c" to cp863 [ 1211.105311][T27408] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9469'. [ 1211.185292][T27406] loop2: detected capacity change from 0 to 4096 [ 1211.202693][T27406] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 1211.707495][ T8] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 1211.925952][ T8] usb 1-1: config 0 has an invalid interface number: 64 but max is 0 [ 1211.940252][ T8] usb 1-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config [ 1211.959308][ T8] usb 1-1: config 0 has no interface number 0 [ 1211.969028][ T8] usb 1-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48 [ 1211.988164][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1212.012153][ T8] usb 1-1: Product: syz [ 1212.016752][ T8] usb 1-1: Manufacturer: syz [ 1212.036507][ T8] usb 1-1: SerialNumber: syz [ 1212.055093][ T8] usb 1-1: config 0 descriptor?? [ 1212.252936][T27438] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9484'. [ 1212.260552][T27432] loop2: detected capacity change from 0 to 8192 [ 1212.527824][ T8] usb 1-1: Found UVC 0.00 device syz (046d:0823) [ 1212.530912][ T966] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 1212.542007][ T8] usb 1-1: No valid video chain found. [ 1212.543986][ T8] usb 1-1: USB disconnect, device number 5 [ 1212.591368][T27444] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1212.795737][ T966] usb 2-1: Using ep0 maxpacket: 16 [ 1212.813458][ T966] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1212.823395][ T966] usb 2-1: config 8 has an invalid interface number: 97 but max is 0 [ 1212.833861][ T966] usb 2-1: config 8 has no interface number 0 [ 1212.854454][ T966] usb 2-1: too many endpoints for config 8 interface 97 altsetting 97: 97, using maximum allowed: 30 [ 1212.893398][ T966] usb 2-1: config 8 interface 97 altsetting 97 has 0 endpoint descriptors, different from the interface descriptor's value: 97 [ 1212.893530][T27453] loop2: detected capacity change from 0 to 512 [ 1212.919387][ T966] usb 2-1: config 8 interface 97 has no altsetting 0 [ 1212.930284][ T966] usb 2-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=ab.34 [ 1212.942949][ T966] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1212.959611][ T966] usb 2-1: Product: syz [ 1212.983665][ T966] usb 2-1: Manufacturer: syz [ 1213.009572][ T966] usb 2-1: SerialNumber: syz [ 1213.145365][ T28] audit: type=1326 audit(1757993297.534:2685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27457 comm="syz.2.9494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1213.239987][ T28] audit: type=1326 audit(1757993297.534:2686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27457 comm="syz.2.9494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1213.278615][ T966] usb 2-1: USB disconnect, device number 24 [ 1213.338968][ T28] audit: type=1326 audit(1757993297.543:2687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27457 comm="syz.2.9494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=163 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1213.433661][ T28] audit: type=1326 audit(1757993297.543:2688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27457 comm="syz.2.9494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1213.480183][ T28] audit: type=1326 audit(1757993297.543:2689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27457 comm="syz.2.9494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1213.878355][T27480] loop2: detected capacity change from 0 to 1024 [ 1213.920575][T27482] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9506'. [ 1213.920784][T27480] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1214.433546][T27493] loop1: detected capacity change from 0 to 64 [ 1215.069640][T27512] random: crng reseeded on system resumption [ 1215.275247][T27517] binder: 27516:27517 ioctl c0306201 200000000380 returned -14 [ 1215.373785][T27519] program syz.2.9524 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1215.660925][T27525] xt_ecn: cannot match TCP bits for non-tcp packets [ 1215.767790][T27507] loop3: detected capacity change from 0 to 32768 [ 1215.907699][T27507] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode. [ 1215.984083][T27507] (syz.3.9518,27507,0):ocfs2_remount:630 ERROR: Cannot change data mode on remount [ 1216.086241][ T6134] ocfs2: Unmounting device (7,3) on (node local) [ 1216.635068][T27557] program syz.3.9542 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1216.729204][T27559] netlink: 'syz.1.9543': attribute type 10 has an invalid length. [ 1216.787776][T27559] team0: Cannot enslave team device to itself [ 1217.243015][T12336] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 1217.305510][T27581] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1217.334814][T27583] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.9555'. [ 1217.391702][T27585] loop1: detected capacity change from 0 to 8 [ 1217.445970][T12336] usb 4-1: Using ep0 maxpacket: 32 [ 1217.498869][T12336] usb 4-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 1217.515512][T12336] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1217.550344][T12336] usb 4-1: Product: syz [ 1217.570462][T12336] usb 4-1: Manufacturer: syz [ 1217.577703][T12336] usb 4-1: SerialNumber: syz [ 1217.616288][T12336] usb 4-1: config 0 descriptor?? [ 1217.637951][T27590] netlink: 'syz.2.9559': attribute type 21 has an invalid length. [ 1217.668878][T27590] netlink: 128 bytes leftover after parsing attributes in process `syz.2.9559'. [ 1217.691908][T27590] netlink: 'syz.2.9559': attribute type 4 has an invalid length. [ 1217.699924][T27590] netlink: 'syz.2.9559': attribute type 3 has an invalid length. [ 1217.755467][T27590] netlink: 3 bytes leftover after parsing attributes in process `syz.2.9559'. [ 1218.097701][T12336] peak_usb 4-1:0.0 can0: unable to request usb[type=0 value=0] err=-71 [ 1218.130136][T12336] peak_usb 4-1:0.0: unable to read PCAN-USB Pro bootloader info (err -71) [ 1218.130150][ T966] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 1218.217428][T12336] peak_usb: probe of 4-1:0.0 failed with error -71 [ 1218.255700][T12336] usb 4-1: USB disconnect, device number 8 [ 1218.324935][ T966] usb 1-1: config 0 has an invalid interface number: 117 but max is 0 [ 1218.343811][ T966] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1218.378866][ T966] usb 1-1: config 0 has no interface number 0 [ 1218.405952][ T966] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1218.427419][ T966] usb 1-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1218.476430][ T966] usb 1-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1218.489032][ T966] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1218.499045][ T966] usb 1-1: Product: syz [ 1218.503274][ T966] usb 1-1: Manufacturer: syz [ 1218.508582][ T966] usb 1-1: SerialNumber: syz [ 1218.517235][ T966] usb 1-1: config 0 descriptor?? [ 1218.737232][T27619] loop1: detected capacity change from 0 to 8192 [ 1218.756063][T27619] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 1218.936246][T27619] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1218.968998][ T966] usbtouchscreen: probe of 1-1:0.117 failed with error -71 [ 1218.979544][T27619] ntfs3: loop1: Failed to load $Extend (-2). [ 1219.001165][T27619] ntfs3: loop1: Failed to initialize $Extend. [ 1219.009759][ T966] usb 1-1: USB disconnect, device number 6 [ 1219.525293][T27621] loop2: detected capacity change from 0 to 32768 [ 1219.572594][T27621] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz.2.9574 (27621) [ 1219.605835][T27621] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1219.637776][T27621] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 1219.660154][T27621] BTRFS info (device loop2): force zlib compression, level 3 [ 1219.685986][T27621] BTRFS info (device loop2): force clearing of disk cache [ 1219.722964][T27621] BTRFS info (device loop2): setting nodatasum [ 1219.729203][T27621] BTRFS info (device loop2): use zlib compression, level 3 [ 1219.758413][T27621] BTRFS info (device loop2): allowing degraded mounts [ 1219.783242][T27621] BTRFS info (device loop2): enabling disk space caching [ 1219.834247][T27621] BTRFS info (device loop2): disk space caching is enabled [ 1220.030705][T27621] BTRFS info (device loop2): enabling ssd optimizations [ 1220.044587][T27621] BTRFS info (device loop2): auto enabling async discard [ 1220.097409][T27621] BTRFS info (device loop2): rebuilding free space tree [ 1220.161530][T27621] BTRFS info (device loop2): disabling free space tree [ 1220.168539][T27621] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1220.246399][T27662] netlink: 'syz.1.9586': attribute type 10 has an invalid length. [ 1220.258810][T27621] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1220.341697][T27662] team0: Device veth1_vlan failed to register rx_handler [ 1220.536501][T27621] BTRFS info (device loop2): balance: start -f -susage=128..7,drange=9..0,limit=42949672974,stripes=0..255 [ 1220.567656][T27621] BTRFS info (device loop2): balance: ended with status: 0 [ 1220.825652][ T6133] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1221.221736][T27688] loop1: detected capacity change from 0 to 8 [ 1221.859519][T27700] netlink: 'syz.2.9605': attribute type 8 has an invalid length. [ 1222.140880][T27682] loop0: detected capacity change from 0 to 32768 [ 1222.211308][T27682] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 1222.306186][T27682] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 1222.445549][T27716] loop1: detected capacity change from 0 to 512 [ 1222.486565][T27716] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1222.492440][T27720] vivid-007: disconnect [ 1222.534415][T27716] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 1222.538922][ T6130] ocfs2: Unmounting device (7,0) on (node local) [ 1222.546682][T27719] vivid-007: reconnect [ 1222.553242][T27716] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.9611: invalid indirect mapped block 2683928664 (level 1) [ 1222.639773][T27716] EXT4-fs (loop1): Remounting filesystem read-only [ 1222.648944][T27716] EXT4-fs (loop1): 1 truncate cleaned up [ 1222.656433][T27716] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1223.162213][ T6126] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1223.169983][T27735] loop0: detected capacity change from 0 to 2048 [ 1223.226849][T27735] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1223.320810][T20724] udevd[20724]: incorrect nilfs2 checksum on /dev/loop0 [ 1223.329106][T27738] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1223.471055][ T1098] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1223.486597][T27735] NILFS error (device loop0): __nilfs_read_inode: invalid file type bits in mode 0177777 for inode 12 [ 1223.522287][T27735] Remounting filesystem read-only [ 1223.713740][ T1098] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1223.858111][ T1098] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1224.022324][ T1098] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1224.121634][T27734] loop3: detected capacity change from 0 to 40427 [ 1224.145075][T27745] loop2: detected capacity change from 0 to 256 [ 1224.159652][T27734] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 1224.192989][T27734] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1224.209574][T27745] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1224.231106][T27734] F2FS-fs (loop3): heap/no_heap options were deprecated [ 1224.274047][T27734] F2FS-fs (loop3): invalid crc value [ 1224.397079][T27734] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1224.678799][T27734] F2FS-fs (loop3): Start checkpoint disabled! [ 1224.800954][T27734] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 1224.822420][T27734] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 1224.869493][T27750] loop2: detected capacity change from 0 to 4096 [ 1224.919596][T27756] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1224.950631][T27750] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 1224.960083][T27756] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1224.977513][T27756] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1225.015258][T27756] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1225.027019][T27756] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1225.035195][T27756] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1225.127871][T27734] F2FS-fs (loop3): disabling checkpoint not compatible with read-only [ 1225.181533][T27750] ntfs3: loop2: failed to convert "c46c" to iso8859-14 [ 1225.257583][T27743] loop0: detected capacity change from 0 to 32768 [ 1225.455030][T27743] JFS: metapage_get_blocks failed [ 1225.462322][T27743] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 1225.462322][T27743] [ 1225.614382][T27743] ERROR: (device loop0): remounting filesystem as read-only [ 1225.839301][ T113] blkno = 8ed2c, nblocks = 1 [ 1225.856823][ T113] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 1225.856823][ T113] [ 1226.043377][T27775] loop2: detected capacity change from 0 to 8 [ 1226.100678][T27775] SQUASHFS error: Failed to read block 0x1ec: -5 [ 1226.121090][T27775] SQUASHFS error: Unable to read metadata cache entry [1ea] [ 1226.701222][T27794] nftables ruleset with unbound chain [ 1226.775156][T27797] netlink: 'syz.2.9638': attribute type 1 has an invalid length. [ 1226.784453][T27797] netlink: 80 bytes leftover after parsing attributes in process `syz.2.9638'. [ 1227.236843][T27810] loop0: detected capacity change from 0 to 256 [ 1227.268178][ T6132] Bluetooth: hci0: command tx timeout [ 1227.341393][T27753] chnl_net:caif_netlink_parms(): no params data found [ 1227.373600][T27810] FAT-fs (loop0): Directory bread(block 64) failed [ 1227.403759][T27810] FAT-fs (loop0): Directory bread(block 65) failed [ 1227.469453][T27810] FAT-fs (loop0): Directory bread(block 66) failed [ 1227.506202][T27810] FAT-fs (loop0): Directory bread(block 67) failed [ 1227.512943][T27810] FAT-fs (loop0): Directory bread(block 68) failed [ 1227.538488][T27813] loop3: detected capacity change from 0 to 4096 [ 1227.541835][T27810] FAT-fs (loop0): Directory bread(block 69) failed [ 1227.555075][T27810] FAT-fs (loop0): Directory bread(block 70) failed [ 1227.565057][T27810] FAT-fs (loop0): Directory bread(block 71) failed [ 1227.572600][T27810] FAT-fs (loop0): Directory bread(block 72) failed [ 1227.579368][T27810] FAT-fs (loop0): Directory bread(block 73) failed [ 1227.703805][ T1098] hsr_slave_0: left promiscuous mode [ 1227.706559][T27813] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1227.722836][ T1098] hsr_slave_1: left promiscuous mode [ 1227.748417][ T1098] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1227.803110][ T1098] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1227.837964][ T1098] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1227.845459][ T1098] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1227.892562][T27813] EXT4-fs error (device loop3): ext4_generic_delete_entry:2729: inode #2: block 16: comm syz.3.9644: bad entry in directory: inode out of bounds - offset=12, inode=256, rec_len=12, size=4096 fake=1 [ 1227.919083][ T1098] bridge_slave_1: left allmulticast mode [ 1227.938179][ T1098] bridge_slave_1: left promiscuous mode [ 1227.949756][T27828] comedi comedi1: 8255: I/O port conflict (0x3,4) [ 1227.966425][T27828] comedi comedi1: 8255: I/O port conflict (0x10002,4) [ 1227.973932][ T1098] bridge0: port 2(bridge_slave_1) entered disabled state [ 1227.986094][T27813] EXT4-fs error (device loop3) in ext4_delete_entry:2800: Corrupt filesystem [ 1228.004623][T27813] EXT4-fs warning (device loop3): ext4_rename_delete:3778: inode #2: comm syz.3.9644: Deleting old file: nlink 4, error=-117 [ 1228.026199][ T1098] bridge_slave_0: left allmulticast mode [ 1228.033283][ T1098] bridge_slave_0: left promiscuous mode [ 1228.047594][ T1098] bridge0: port 1(bridge_slave_0) entered disabled state [ 1228.059469][T27813] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #15: comm syz.3.9644: corrupted inode contents [ 1228.131050][T27813] EXT4-fs error (device loop3): ext4_dirty_inode:6106: inode #15: comm syz.3.9644: mark_inode_dirty error [ 1228.160433][T27813] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #15: comm syz.3.9644: corrupted inode contents [ 1228.173766][T27813] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #15: comm syz.3.9644: mark_inode_dirty error [ 1228.185568][ T1098] veth1_macvtap: left promiscuous mode [ 1228.192298][ T1098] veth0_macvtap: left promiscuous mode [ 1228.199946][ T1098] veth0_vlan: left promiscuous mode [ 1228.207636][T27813] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #15: comm syz.3.9644: corrupted inode contents [ 1228.222176][T27813] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #15: comm syz.3.9644: mark_inode_dirty error [ 1228.308667][T27813] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #15: comm syz.3.9644: corrupted inode contents [ 1228.343410][T27813] EXT4-fs error (device loop3): ext4_truncate:4288: inode #15: comm syz.3.9644: mark_inode_dirty error [ 1228.523387][ T6134] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1228.793266][T27848] netlink: 260 bytes leftover after parsing attributes in process `syz.3.9655'. [ 1228.887398][ T1098] bond4 (unregistering): Released all slaves [ 1228.955206][ T1098] bond3 (unregistering): Released all slaves [ 1229.065456][T27860] loop2: detected capacity change from 0 to 64 [ 1229.090208][ T1098] bond2 (unregistering): Released all slaves [ 1229.226620][ T1098] bond1 (unregistering): Released all slaves [ 1229.353657][ T28] audit: type=1326 audit(1757993312.697:2690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27867 comm="syz.2.9664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1229.377538][ T28] audit: type=1326 audit(1757993312.697:2691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27867 comm="syz.2.9664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1229.401500][ T28] audit: type=1326 audit(1757993312.725:2692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27867 comm="syz.2.9664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=126 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1229.429402][ T28] audit: type=1326 audit(1757993312.725:2693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27867 comm="syz.2.9664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1229.452661][ T28] audit: type=1326 audit(1757993312.725:2694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27867 comm="syz.2.9664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1229.476595][ T6132] Bluetooth: hci0: command tx timeout [ 1229.572469][T27872] xt_hashlimit: max too large, truncated to 1048576 [ 1229.694400][ T1098] bond0 (unregistering): (slave macvlan0): Releasing backup interface [ 1230.507938][ T1098] team0 (unregistering): Port device team_slave_1 removed [ 1230.635981][ T1098] team0 (unregistering): Port device team_slave_0 removed [ 1230.753826][ T1098] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1230.873293][ T1098] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1231.696706][ T6132] Bluetooth: hci0: command tx timeout [ 1232.030125][ T1098] bond0 (unregistering): Released all slaves [ 1232.247753][T27857] bridge2: entered allmulticast mode [ 1232.510793][T27753] bridge0: port 1(bridge_slave_0) entered blocking state [ 1232.518172][T27753] bridge0: port 1(bridge_slave_0) entered disabled state [ 1232.538676][T27753] bridge_slave_0: entered allmulticast mode [ 1232.548117][T27753] bridge_slave_0: entered promiscuous mode [ 1232.563585][T27753] bridge0: port 2(bridge_slave_1) entered blocking state [ 1232.589138][T27753] bridge0: port 2(bridge_slave_1) entered disabled state [ 1232.598083][T27753] bridge_slave_1: entered allmulticast mode [ 1232.610802][T27753] bridge_slave_1: entered promiscuous mode [ 1232.801434][T27910] loop2: detected capacity change from 0 to 128 [ 1232.855680][T27753] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1232.897188][T27753] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1233.137659][T27753] team0: Port device team_slave_0 added [ 1233.202077][T27753] team0: Port device team_slave_1 added [ 1233.486450][T27753] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1233.503266][T27753] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1233.568628][T27753] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1233.623187][T27753] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1233.630180][T27753] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1233.743311][T27753] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1233.920269][ T6132] Bluetooth: hci0: command tx timeout [ 1233.928696][T27939] loop0: detected capacity change from 0 to 8192 [ 1233.951557][T27753] hsr_slave_0: entered promiscuous mode [ 1233.976956][T27939] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 1234.027444][T27753] hsr_slave_1: entered promiscuous mode [ 1234.033958][T27939] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 1234.044765][T27939] REISERFS (device loop0): using ordered data mode [ 1234.057435][T27939] reiserfs: using flush barriers [ 1234.110237][T27939] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1234.168128][T27939] REISERFS (device loop0): checking transaction log (loop0) [ 1234.240819][T27939] REISERFS (device loop0): Using r5 hash to sort names [ 1234.257701][T27953] loop2: detected capacity change from 0 to 2048 [ 1234.278778][T27939] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 1234.314118][T27953] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=3932051, location=3932051 [ 1234.369051][T27939] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 1234.447889][T27953] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1234.944851][T27753] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1235.004116][T27753] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1235.054158][T27753] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1235.076892][T27753] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1235.262753][T27982] netlink: 'syz.0.9705': attribute type 1 has an invalid length. [ 1235.307372][T27982] netlink: 112865 bytes leftover after parsing attributes in process `syz.0.9705'. [ 1235.396073][T27753] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1235.463987][T27753] 8021q: adding VLAN 0 to HW filter on device team0 [ 1235.550806][ T1025] bridge0: port 1(bridge_slave_0) entered blocking state [ 1235.558081][ T1025] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1235.576710][ T1025] bridge0: port 2(bridge_slave_1) entered blocking state [ 1235.584166][ T1025] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1235.760018][ T27] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 1235.989473][ T27] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1236.004988][ T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1236.024047][ T27] usb 4-1: Product: syz [ 1236.033737][ T27] usb 4-1: Manufacturer: syz [ 1236.068925][ T27] usb 4-1: SerialNumber: syz [ 1236.098088][ T27] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1236.127843][ T966] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1236.292344][T27753] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1236.431515][T28016] loop2: detected capacity change from 0 to 4096 [ 1236.519489][ C1] usb 4-1: ath9k_htc: invalid pkt_len (ffd7) [ 1236.776226][ T27] usb 4-1: USB disconnect, device number 9 [ 1237.247227][T27753] veth0_vlan: entered promiscuous mode [ 1237.259746][ T966] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 1237.271205][ T966] ath9k_htc: Failed to initialize the device [ 1237.290102][T27753] veth1_vlan: entered promiscuous mode [ 1237.299577][ T27] usb 4-1: ath9k_htc: USB layer deinitialized [ 1237.367189][T27753] veth0_macvtap: entered promiscuous mode [ 1237.407505][T27753] veth1_macvtap: entered promiscuous mode [ 1237.475333][T27753] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1237.491831][T27753] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1237.511913][T27753] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1237.531937][T27753] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1237.556006][T27753] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1237.576402][T27753] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1237.611279][T27753] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1237.670164][T27753] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1237.697915][T27753] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1237.735652][T27753] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1237.759510][T27753] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1237.790206][T27753] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1237.806045][T27753] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1237.818002][T27753] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1237.842662][T28055] : renamed from veth0_to_bond (while UP) [ 1237.880857][T27753] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1237.929705][T28060] overlayfs: disabling nfs_export due to verity=on [ 1237.936466][T28060] overlayfs: conflicting options: userxattr,redirect_dir=on [ 1237.944074][T27753] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1237.961643][T27753] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1237.980955][T27753] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1238.243308][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1238.271938][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1238.295390][T28068] loop2: detected capacity change from 0 to 64 [ 1238.382086][T28068] Bad inode number on dev loop2: 6 is out of range [ 1238.397710][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1238.434268][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1239.025299][T28091] loop3: detected capacity change from 0 to 256 [ 1239.058607][T28092] netlink: 830 bytes leftover after parsing attributes in process `syz.0.9740'. [ 1239.202518][T28091] FAT-fs (loop3): Directory bread(block 64) failed [ 1239.209150][T28091] FAT-fs (loop3): Directory bread(block 65) failed [ 1239.258791][T28091] FAT-fs (loop3): Directory bread(block 66) failed [ 1239.276581][T28091] FAT-fs (loop3): Directory bread(block 67) failed [ 1239.283327][T28091] FAT-fs (loop3): Directory bread(block 68) failed [ 1239.369844][T28091] FAT-fs (loop3): Directory bread(block 69) failed [ 1239.398867][T28091] FAT-fs (loop3): Directory bread(block 70) failed [ 1239.425768][T28091] FAT-fs (loop3): Directory bread(block 71) failed [ 1239.466196][T28091] FAT-fs (loop3): Directory bread(block 72) failed [ 1239.483825][T28091] FAT-fs (loop3): Directory bread(block 73) failed [ 1239.679641][ T28] audit: type=1326 audit(1757993322.350:2695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28109 comm="syz.2.9747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1239.779516][ T28] audit: type=1326 audit(1757993322.350:2696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28109 comm="syz.2.9747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1239.826206][T28117] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1239.862838][ T28] audit: type=1326 audit(1757993322.397:2697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28109 comm="syz.2.9747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1239.974016][ T28] audit: type=1326 audit(1757993322.397:2698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28109 comm="syz.2.9747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1240.035133][ T28] audit: type=1326 audit(1757993322.397:2699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28109 comm="syz.2.9747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762238eba9 code=0x7ffc0000 [ 1240.377874][T28136] loop2: detected capacity change from 0 to 512 [ 1240.436299][T28136] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1240.462312][T28136] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 1240.472953][T28136] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 1240.493866][T28136] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.9756: attempt to clear invalid blocks 2 len 1 [ 1240.519944][T28144] netlink: 132 bytes leftover after parsing attributes in process `syz.4.9759'. [ 1240.548235][T28136] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.9756: invalid indirect mapped block 1819239214 (level 0) [ 1240.655704][T28136] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.9756: invalid indirect mapped block 1819239214 (level 1) [ 1240.708049][T28136] EXT4-fs (loop2): 1 truncate cleaned up [ 1240.733165][T28136] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1240.857363][T28136] EXT4-fs error (device loop2): ext4_lookup:1855: inode #2: comm syz.2.9756: 'file1' linked to parent dir [ 1240.989836][ T6133] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1241.318927][T28165] loop0: detected capacity change from 0 to 256 [ 1241.510673][ T966] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 1241.746854][ T966] usb 3-1: config 0 has no interfaces? [ 1241.756736][ T966] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 1241.789623][ T966] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1241.797707][ T966] usb 3-1: Product: syz [ 1241.835424][ T966] usb 3-1: Manufacturer: syz [ 1241.840098][ T966] usb 3-1: SerialNumber: syz [ 1241.869594][ T966] r8152-cfgselector 3-1: config 0 descriptor?? [ 1241.932975][T28148] loop4: detected capacity change from 0 to 32768 [ 1242.005419][T28148] (syz.4.9761,28148,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1242.074428][T28148] (syz.4.9761,28148,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1242.128099][ T966] usbip-host 3-1: 3-1 is not in match_busid table... skip! [ 1242.178238][T28148] (syz.4.9761,28148,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC. [ 1242.224452][T28148] JBD2: Ignoring recovery information on journal [ 1242.317340][T28148] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 1242.384306][ T6161] usb 3-1: USB disconnect, device number 15 [ 1242.412408][T28148] [ 1242.414821][T28148] ====================================================== [ 1242.421868][T28148] WARNING: possible circular locking dependency detected [ 1242.429006][T28148] syzkaller #0 Not tainted [ 1242.433451][T28148] ------------------------------------------------------ [ 1242.440494][T28148] syz.4.9761/28148 is trying to acquire lock: [ 1242.446678][T28148] ffff888077c06608 (sb_internal#3){.+.+}-{0:0}, at: ocfs2_acquire_dquot+0x67b/0xaf0 [ 1242.456307][T28148] [ 1242.456307][T28148] but task is already holding lock: [ 1242.463694][T28148] ffff88804aa55be0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_lock_global_qf+0x1e9/0x270 [ 1242.474625][T28148] [ 1242.474625][T28148] which lock already depends on the new lock. [ 1242.474625][T28148] [ 1242.485142][T28148] [ 1242.485142][T28148] the existing dependency chain (in reverse order) is: [ 1242.494185][T28148] [ 1242.494185][T28148] -> #6 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}: [ 1242.503092][T28148] down_write+0x97/0x1f0 [ 1242.507915][T28148] ocfs2_lock_global_qf+0x1e9/0x270 [ 1242.513675][T28148] ocfs2_acquire_dquot+0x2a1/0xaf0 [ 1242.519345][T28148] dqget+0x77c/0xeb0 [ 1242.523834][T28148] dquot_get_next_dqblk+0xb4/0x380 [ 1242.530032][T28148] quota_getnextquota+0x2b2/0x490 [ 1242.535709][T28148] __se_sys_quotactl+0x27b/0x950 [ 1242.541230][T28148] do_syscall_64+0x55/0xb0 [ 1242.546197][T28148] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1242.552821][T28148] [ 1242.552821][T28148] -> #5 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{3:3}: [ 1242.563387][T28148] down_write+0x97/0x1f0 [ 1242.568201][T28148] ocfs2_lock_global_qf+0x1cb/0x270 [ 1242.573964][T28148] ocfs2_acquire_dquot+0x2a1/0xaf0 [ 1242.579635][T28148] dqget+0x77c/0xeb0 [ 1242.584102][T28148] dquot_get_next_dqblk+0xb4/0x380 [ 1242.589785][T28148] quota_getnextquota+0x2b2/0x490 [ 1242.595382][T28148] __se_sys_quotactl+0x27b/0x950 [ 1242.600921][T28148] do_syscall_64+0x55/0xb0 [ 1242.605994][T28148] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1242.612462][T28148] [ 1242.612462][T28148] -> #4 (&dquot->dq_lock){+.+.}-{3:3}: [ 1242.620167][T28148] __mutex_lock+0x129/0xcc0 [ 1242.625329][T28148] dqget+0x6fc/0xeb0 [ 1242.629892][T28148] __dquot_initialize+0x3ba/0xcb0 [ 1242.635789][T28148] __ext4_new_inode+0x77b/0x3a00 [ 1242.641819][T28148] ext4_xattr_inode_lookup_create+0x57b/0x1d80 [ 1242.649318][T28148] ext4_xattr_block_set+0x23e/0x32a0 [ 1242.655172][T28148] ext4_xattr_set_handle+0xbff/0x1290 [ 1242.661109][T28148] ext4_xattr_set+0x22d/0x320 [ 1242.666441][T28148] __vfs_setxattr+0x431/0x470 [ 1242.671682][T28148] __vfs_setxattr_noperm+0x12d/0x5e0 [ 1242.677533][T28148] vfs_setxattr+0x16c/0x2f0 [ 1242.682601][T28148] path_setxattr+0x362/0x550 [ 1242.687777][T28148] __x64_sys_lsetxattr+0xb8/0xd0 [ 1242.693375][T28148] do_syscall_64+0x55/0xb0 [ 1242.698357][T28148] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1242.704911][T28148] [ 1242.704911][T28148] -> #3 (&ei->xattr_sem){++++}-{3:3}: [ 1242.712516][T28148] down_read+0x46/0x2e0 [ 1242.717252][T28148] ext4_setattr+0x86b/0x1c90 [ 1242.722418][T28148] notify_change+0xb0d/0xe10 [ 1242.727610][T28148] chown_common+0x3f9/0x5a0 [ 1242.733245][T28148] do_fchownat+0x168/0x270 [ 1242.738287][T28148] __x64_sys_chown+0x82/0x90 [ 1242.743489][T28148] do_syscall_64+0x55/0xb0 [ 1242.748611][T28148] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1242.755102][T28148] [ 1242.755102][T28148] -> #2 (jbd2_handle){++++}-{0:0}: [ 1242.762462][T28148] start_this_handle+0x1e9d/0x20c0 [ 1242.768136][T28148] jbd2__journal_start+0x2bb/0x5b0 [ 1242.773901][T28148] jbd2_journal_start+0x2a/0x40 [ 1242.779311][T28148] ocfs2_start_trans+0x376/0x6c0 [ 1242.784830][T28148] ocfs2_shutdown_local_alloc+0x201/0xa10 [ 1242.791210][T28148] ocfs2_dismount_volume+0x1e2/0x890 [ 1242.797066][T28148] generic_shutdown_super+0x134/0x2b0 [ 1242.803010][T28148] kill_block_super+0x44/0x90 [ 1242.808334][T28148] deactivate_locked_super+0x97/0x100 [ 1242.814272][T28148] cleanup_mnt+0x429/0x4c0 [ 1242.819252][T28148] task_work_run+0x1ce/0x250 [ 1242.824404][T28148] exit_to_user_mode_loop+0xe6/0x110 [ 1242.830265][T28148] exit_to_user_mode_prepare+0xb1/0x140 [ 1242.836396][T28148] syscall_exit_to_user_mode+0x1a/0x50 [ 1242.842430][T28148] do_syscall_64+0x61/0xb0 [ 1242.847416][T28148] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1242.853893][T28148] [ 1242.853893][T28148] -> #1 (&journal->j_trans_barrier){.+.+}-{3:3}: [ 1242.862497][T28148] down_read+0x46/0x2e0 [ 1242.867227][T28148] ocfs2_start_trans+0x36a/0x6c0 [ 1242.872735][T28148] ocfs2_shutdown_local_alloc+0x201/0xa10 [ 1242.879045][T28148] ocfs2_dismount_volume+0x1e2/0x890 [ 1242.885067][T28148] generic_shutdown_super+0x134/0x2b0 [ 1242.891020][T28148] kill_block_super+0x44/0x90 [ 1242.896254][T28148] deactivate_locked_super+0x97/0x100 [ 1242.902292][T28148] cleanup_mnt+0x429/0x4c0 [ 1242.907272][T28148] task_work_run+0x1ce/0x250 [ 1242.912518][T28148] exit_to_user_mode_loop+0xe6/0x110 [ 1242.918372][T28148] exit_to_user_mode_prepare+0xb1/0x140 [ 1242.924492][T28148] syscall_exit_to_user_mode+0x1a/0x50 [ 1242.930522][T28148] do_syscall_64+0x61/0xb0 [ 1242.935515][T28148] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1242.941980][T28148] [ 1242.941980][T28148] -> #0 (sb_internal#3){.+.+}-{0:0}: [ 1242.949511][T28148] __lock_acquire+0x2ddb/0x7c80 [ 1242.954922][T28148] lock_acquire+0x197/0x410 [ 1242.959996][T28148] ocfs2_start_trans+0x26b/0x6c0 [ 1242.965503][T28148] ocfs2_acquire_dquot+0x67b/0xaf0 [ 1242.971176][T28148] dqget+0x77c/0xeb0 [ 1242.975636][T28148] dquot_get_next_dqblk+0xb4/0x380 [ 1242.981310][T28148] quota_getnextquota+0x2b2/0x490 [ 1242.987001][T28148] __se_sys_quotactl+0x27b/0x950 [ 1242.992592][T28148] do_syscall_64+0x55/0xb0 [ 1242.997571][T28148] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1243.004095][T28148] [ 1243.004095][T28148] other info that might help us debug this: [ 1243.004095][T28148] [ 1243.014366][T28148] Chain exists of: [ 1243.014366][T28148] sb_internal#3 --> &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7 --> &ocfs2_quota_ip_alloc_sem_key [ 1243.014366][T28148] [ 1243.031380][T28148] Possible unsafe locking scenario: [ 1243.031380][T28148] [ 1243.038862][T28148] CPU0 CPU1 [ 1243.044261][T28148] ---- ---- [ 1243.049748][T28148] lock(&ocfs2_quota_ip_alloc_sem_key); [ 1243.055420][T28148] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7); [ 1243.065275][T28148] lock(&ocfs2_quota_ip_alloc_sem_key); [ 1243.073562][T28148] rlock(sb_internal#3); [ 1243.077938][T28148] [ 1243.077938][T28148] *** DEADLOCK *** [ 1243.077938][T28148] [ 1243.086210][T28148] 4 locks held by syz.4.9761/28148: [ 1243.091436][T28148] #0: ffff888077c060e0 (&type->s_umount_key#96){++++}-{3:3}, at: super_lock+0x167/0x360 [ 1243.101353][T28148] #1: ffff88806a4d00a8 (&dquot->dq_lock){+.+.}-{3:3}, at: ocfs2_acquire_dquot+0x294/0xaf0 [ 1243.111431][T28148] #2: ffff88804aa55f58 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{3:3}, at: ocfs2_lock_global_qf+0x1cb/0x270 [ 1243.124642][T28148] #3: ffff88804aa55be0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_lock_global_qf+0x1e9/0x270 [ 1243.136239][T28148] [ 1243.136239][T28148] stack backtrace: [ 1243.142155][T28148] CPU: 1 PID: 28148 Comm: syz.4.9761 Not tainted syzkaller #0 [ 1243.149643][T28148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 1243.159740][T28148] Call Trace: [ 1243.163049][T28148] [ 1243.166126][T28148] dump_stack_lvl+0x16c/0x230 [ 1243.170871][T28148] ? load_image+0x3b0/0x3b0 [ 1243.175411][T28148] ? show_regs_print_info+0x20/0x20 [ 1243.180750][T28148] ? print_circular_bug+0x12b/0x1a0 [ 1243.186000][T28148] check_noncircular+0x2bd/0x3c0 [ 1243.190999][T28148] ? print_deadlock_bug+0x5d0/0x5d0 [ 1243.196256][T28148] ? lockdep_lock+0xe0/0x220 [ 1243.201244][T28148] ? _find_first_zero_bit+0xd3/0x100 [ 1243.206585][T28148] __lock_acquire+0x2ddb/0x7c80 [ 1243.211496][T28148] ? verify_lock_unused+0x140/0x140 [ 1243.216741][T28148] ? verify_lock_unused+0x140/0x140 [ 1243.222077][T28148] ? mark_lock+0x94/0x320 [ 1243.226475][T28148] ? verify_lock_unused+0x140/0x140 [ 1243.231710][T28148] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1243.237730][T28148] ? lock_chain_count+0x20/0x20 [ 1243.242624][T28148] lock_acquire+0x197/0x410 [ 1243.247257][T28148] ? ocfs2_acquire_dquot+0x67b/0xaf0 [ 1243.252590][T28148] ? __might_sleep+0xe0/0xe0 [ 1243.257215][T28148] ? do_raw_spin_lock+0x121/0x2c0 [ 1243.262374][T28148] ? read_lock_is_recursive+0x20/0x20 [ 1243.267794][T28148] ? __rwlock_init+0x150/0x150 [ 1243.272619][T28148] ? do_raw_spin_unlock+0x121/0x230 [ 1243.277889][T28148] ocfs2_start_trans+0x26b/0x6c0 [ 1243.282889][T28148] ? ocfs2_acquire_dquot+0x67b/0xaf0 [ 1243.288321][T28148] ? ocfs2_recovery_exit+0x50/0x50 [ 1243.293506][T28148] ? do_raw_spin_unlock+0x121/0x230 [ 1243.298753][T28148] ? _raw_spin_unlock+0x28/0x40 [ 1243.303639][T28148] ? ocfs2_qinfo_unlock+0x11e/0x140 [ 1243.308897][T28148] ocfs2_acquire_dquot+0x67b/0xaf0 [ 1243.314082][T28148] ? ocfs2_destroy_dquot+0x50/0x50 [ 1243.319232][T28148] ? do_raw_spin_unlock+0x121/0x230 [ 1243.324475][T28148] dqget+0x77c/0xeb0 [ 1243.328421][T28148] dquot_get_next_dqblk+0xb4/0x380 [ 1243.333585][T28148] quota_getnextquota+0x2b2/0x490 [ 1243.338670][T28148] ? quota_getquota+0x4e0/0x4e0 [ 1243.343584][T28148] ? bpf_lsm_capable+0x9/0x10 [ 1243.348321][T28148] ? do_quotactl+0x4a7/0x860 [ 1243.353003][T28148] __se_sys_quotactl+0x27b/0x950 [ 1243.357999][T28148] ? __x64_sys_quotactl+0xb0/0xb0 [ 1243.363084][T28148] ? lockdep_hardirqs_on+0x98/0x150 [ 1243.368332][T28148] do_syscall_64+0x55/0xb0 [ 1243.372805][T28148] ? clear_bhb_loop+0x40/0x90 [ 1243.377565][T28148] ? clear_bhb_loop+0x40/0x90 [ 1243.382373][T28148] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1243.388320][T28148] RIP: 0033:0x7fac7018eba9 [ 1243.392775][T28148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1243.412427][T28148] RSP: 002b:00007fac710a1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3 [ 1243.420915][T28148] RAX: ffffffffffffffda RBX: 00007fac703d5fa0 RCX: 00007fac7018eba9 [ 1243.428948][T28148] RDX: 0000000000000000 RSI: 0000200000000180 RDI: ffffffff80000901 [ 1243.437145][T28148] RBP: 00007fac70211e19 R08: 0000000000000000 R09: 0000000000000000 [ 1243.445157][T28148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1243.453165][T28148] R13: 00007fac703d6038 R14: 00007fac703d5fa0 R15: 00007ffd0e5d6b78 [ 1243.461190][T28148] [ 1243.569935][T27753] ocfs2: Unmounting device (7,4) on (node local)