last executing test programs: 38.791502434s ago: executing program 2 (id=691): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000003c0)={[{@resgid={'resgid', 0x3d, 0xee00}}, {}, {@grpquota}, {@nobarrier}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=") unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f00000008c0)={0x7, 0x8000000003ff, 0x0, 0x100}) 38.321654862s ago: executing program 2 (id=695): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x34, r0, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8}]]}, 0x34}}, 0x884) 38.038896805s ago: executing program 2 (id=699): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) 37.776512256s ago: executing program 2 (id=704): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804071, 0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) rmdir(&(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 37.637645387s ago: executing program 2 (id=705): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f00000000c0), 0x12) 37.125222588s ago: executing program 2 (id=712): syz_mount_image$hfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x22000c0, &(0x7f0000001700)={[{@codepage={'codepage', 0x3d, 'iso8859-13'}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}]}, 0x4, 0x32d, &(0x7f0000000540)="$eJzs3U1P1E4cB/DvtLtL9w/hXwFD4smgJJ4I4EHjRWKIF9+AB0NEWBJCxUQxURIjejbGm4mJR2+ejb4FvRjfgJ44GE96IR6smel0d1pnug8sWwjfT+JS2nn4TafTzkCwIKJj68ri1zfnd+U/UQXgA7gEeAACoALgJCaD+5tbbQvym1sCSU7xT5qVzYYtawCdQwvldxWMmPvoYMRxHH9rm+rnQGKh8ghzBBs8YEiPTnU8GHhkB2MnadfxYvSw2MMeHmC0zHCIiKh8+vnv6afEiJ6/ex4wrefhR/35n5nf7JUXx6HQfP57yfexkOfnf3VIrvfWt6LGarKEk73vpatEW1nWayJune4akivLHzamXEYtdioWr762HjVmdlQBT3FZM5JNqM9VpA1RXNHWki9TlrVpgaK2FxtWbajKNsw74h8vqtG6AP7wHS/t1S196iAm8VF8FksixCusNud/lVjIk6POT5gbKkn8s+4SVSvDJFWmla3wT6hKTqU98P5tq5V113kN4MtYbGQpIj9/D9M4X9TcuTCG7I8VktbNuVunco0DFaFWDWau+Wai39ZcE/m66mvVqDGzcidyXfT9ZV3RiefiupjCD7zDojH/92TqabhHZmaUC5VSXxmF7amolI5+zFAD+HZXI5OUq9aOLvYMt3ARo/cebm8sR1Hjbvkb6VDpMfvpPseTXIj6cpR75FcjDQK5UQXQt0r/xHFsPVTBILqgqpp64XWrydsby0Lf8/ZXhbxz5g4tuBMDWACg96R3hF5qf9zMNdQqsKPsv2Rvqz32CzKNagADJK0qc8jHUEcjpd5DpdcebSxHPd2J6IhpdTomb5QdDJVBzrtEsv4z1iuz6q4jP8KC9U/crnCjxDnHCmhMff7X2QquWaxznjicbrRZc505B5zN1eghrfFJvthQx4nD+FvJ7n+VIRbxBTf5838iIiIiIiIiIiIiIiIiIiIiIiIioqOm279G6OXPCbI17h7D/3iDiIiIiIiIiIiIiIiIiIiIiIiIiIiIiGh/jPf/Ar56Y0zN9v7fojc1KX7yhpigH+//9Tt4/6/Y6aKVRGTzNwAA///ltF7V") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) lseek(r0, 0x2, 0x0) getdents64(r0, 0x0, 0x22) 36.773329396s ago: executing program 32 (id=712): syz_mount_image$hfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x22000c0, &(0x7f0000001700)={[{@codepage={'codepage', 0x3d, 'iso8859-13'}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}]}, 0x4, 0x32d, &(0x7f0000000540)="$eJzs3U1P1E4cB/DvtLtL9w/hXwFD4smgJJ4I4EHjRWKIF9+AB0NEWBJCxUQxURIjejbGm4mJR2+ejb4FvRjfgJ44GE96IR6smel0d1pnug8sWwjfT+JS2nn4TafTzkCwIKJj68ri1zfnd+U/UQXgA7gEeAACoALgJCaD+5tbbQvym1sCSU7xT5qVzYYtawCdQwvldxWMmPvoYMRxHH9rm+rnQGKh8ghzBBs8YEiPTnU8GHhkB2MnadfxYvSw2MMeHmC0zHCIiKh8+vnv6afEiJ6/ex4wrefhR/35n5nf7JUXx6HQfP57yfexkOfnf3VIrvfWt6LGarKEk73vpatEW1nWayJune4akivLHzamXEYtdioWr762HjVmdlQBT3FZM5JNqM9VpA1RXNHWki9TlrVpgaK2FxtWbajKNsw74h8vqtG6AP7wHS/t1S196iAm8VF8FksixCusNud/lVjIk6POT5gbKkn8s+4SVSvDJFWmla3wT6hKTqU98P5tq5V113kN4MtYbGQpIj9/D9M4X9TcuTCG7I8VktbNuVunco0DFaFWDWau+Wai39ZcE/m66mvVqDGzcidyXfT9ZV3RiefiupjCD7zDojH/92TqabhHZmaUC5VSXxmF7amolI5+zFAD+HZXI5OUq9aOLvYMt3ARo/cebm8sR1Hjbvkb6VDpMfvpPseTXIj6cpR75FcjDQK5UQXQt0r/xHFsPVTBILqgqpp64XWrydsby0Lf8/ZXhbxz5g4tuBMDWACg96R3hF5qf9zMNdQqsKPsv2Rvqz32CzKNagADJK0qc8jHUEcjpd5DpdcebSxHPd2J6IhpdTomb5QdDJVBzrtEsv4z1iuz6q4jP8KC9U/crnCjxDnHCmhMff7X2QquWaxznjicbrRZc505B5zN1eghrfFJvthQx4nD+FvJ7n+VIRbxBTf5838iIiIiIiIiIiIiIiIiIiIiIiIioqOm279G6OXPCbI17h7D/3iDiIiIiIiIiIiIiIiIiIiIiIiIiIiIiGh/jPf/Ar56Y0zN9v7fojc1KX7yhpigH+//9Tt4/6/Y6aKVRGTzNwAA///ltF7V") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) lseek(r0, 0x2, 0x0) getdents64(r0, 0x0, 0x22) 8.93873129s ago: executing program 3 (id=955): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1, 0x8000000000000003}, 0x18) sendmmsg$inet(r0, &(0x7f00000033c0)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000100)="aa", 0x1}], 0x1}}, {{&(0x7f0000000580)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x2, 0x881) 8.798136532s ago: executing program 3 (id=958): ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000040)={0x0, 0x6, 0x1, 0x0, 0x83, "00000000000000000000ffff00"}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl(r0, 0x8b2a, &(0x7f0000000040)) 8.672898871s ago: executing program 3 (id=960): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) r1 = socket(0x15, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x2720, &(0x7f0000005ec0)=""/102394, &(0x7f0000000040)=0x18ffa) 8.462524058s ago: executing program 3 (id=961): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect$packet(r0, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x2}, 0x14) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040)={0x1, 0x380000}, 0x8) shutdown(r0, 0x1) 7.57790351s ago: executing program 3 (id=972): sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4040090}, 0x2400c8c1) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) syz_read_part_table(0x104c, &(0x7f0000001080)="$eJzsz8EJwjAYBeBnjbRFiy7nJi7gMF6coieX8OAq0lRKFxARvu+Q/HnwEhJ+arNMXV238+G0xM1nHx5dWdX67ErGqX97pp2SetMhuRyT7JO82mRIrnOj1KEf12825/t3fwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/+EdAAD//9q1B7k=") 7.114463657s ago: executing program 3 (id=979): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) 3.947628813s ago: executing program 0 (id=1005): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r0, 0x40384708, &(0x7f0000000080)={0x8, 0x1, 0x609152b0, 0x10000000, 0xe, "3eccd2000500"}) ioctl$TCSETS(r0, 0xc0384707, &(0x7f0000000080)={0x8, 0x5, 0x609152b0, 0x10000000, 0xe, "3eccd2000500ef002100"}) 3.706269142s ago: executing program 0 (id=1007): syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000000)='./file1\x00', 0x10, &(0x7f0000000200)=ANY=[], 0x5, 0x62c, &(0x7f0000000640)="$eJzs3ctvXFcdB/DvHT/iCVLqtklbEAgrWYAakdieNvUCiYAQ8qJCldh004WVOI3VSYpsF7kVQglPseM/oCA5a1YsEItIZc2elaUuukBix8IbZHTv3GuP40dsF2fG5fORjs85c+4993d/M/fMwx45wP+t+bcz9jhF5q++uVb2N9Y73Y31zr2mneRcklYy2qtS3E+KT5Kb6ZV8ubyxnq446DjvjL4x99nMo4e93mhdqu1be/f79N/HO4sHdclUkpG6/hx2zXerf77WSaYrts+wTNiVJnEwaFt7PDjO7gde78DZUfSeN/eYTM4nmahfB6ReHU70NDhMjrXKAQAAwBn13GY2s5YLg44DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzpIiIyNV1Sutpj2Vovn//+P1banbw27isMHHzy4OAAAAAAAAADg1X9/MZtZyoelvFdXv/C9XnYvVzy/lg6xkMcu5lrUsZDWrWc5Mksm+icbXFlZXl2eOsOfsvnvOPi3Ss/CnBgAAAAAAAAAwMD/P/M7v/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYBgUyUivqsrFpj2Z1miSiSTj5XYPkr827bPs8aADAAAAgFMy0dd+bjObWcuFpr9VVO/5X6re90/kg9zPapaymm4Wc7v6LKD3rr+1sd7pbqx37pVl7zG++69jhVTNmN5nD/sfebra4tL2HvP5QX6Uq5nKW1nOUn6ShaxmMVP5ftVaSJHJ+tOLySbO/eO9uav31tNifaWKpJ07Wapiu5ZbeT/d3E6rOodqm8OP+LDMTvGd2hFzdLuuyzP6XV0/U+cOGpisMjK2nZHpOvdlNp4/PBPbj5OHRwrhySPNpLX9GdTFU8j5+V5V3a2/HkTOD/RkJmb7Hn0vHZSJsbq+/OnX/ny3e/+9u3dWrg7PKZ3Qk5no9GXi5Wajg1aqL1Qmxuts9FbR462Wl6t9L2QpP8z7uZ3FvJ65vJ7ZvJbXMp253OjL66UjXGut411rV75ZN9pJflPXw6HM6/N9ee1f6Sarsf5bdrL0wnFXpDutp4Uy+pW6UW75i2ZpGgo7mSjvud7a3ET34uGZ+MNW0zrGNfiNvl1+NVRrc/l4eaG8s6re7kdHOfbivmMz1djF7bHWnrFL22NPu1LH69dwe2earcZe3nesU4290je236scAIbe+VfPj7f/2f57++P2L9t3229OfO/c3Lmvjmfsb6N/GflT61Hr28Wr+Tg/23n/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnNzKhx+9t9DtLi5rDHuj+T9HwxLPF6Yxtrzyn62e/+XM5wd9Xp+vMeCFCTh111fv/fj6yocffWvp3sK7i+8u3u90Zm7Mzt2Ym71x/c5Sd3G693PQYQKnYOdJf/ftv/3Hru4fn21UAAAAAAAAAAAAwGGO8H2A1F88OfHXCXYfcXwg5wkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcXfNvZ+xxisxMX5su+xvrnW5ZmvbOlqNJWkmKnybFJ8nN9Eom+6YrDjrOO79/Y+6zmUcPd+YabbZvHbbf0TyoS6aSjNT14UaOPN+tI813mCJp91plwq40iYNB+28AAAD//6yLBy0=") mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x66960000) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x0, 0x80) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 3.518128087s ago: executing program 0 (id=1008): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000300)={[{}]}, 0x1, 0x235, &(0x7f0000000000)="$eJzKKC4sZmdgYPj7sSaZgUGAAQRYGEQYLjAwMrAwMDDIM4KFGD4yQeipUPomlGaDyl+B0r5Q8XYo/de8KiKKgYExU+meGdMB8RRFRgEGHpGvpx4wJDPwxzJYzvNecykoc8pVobdL94PUe4VWbmJgVE/hXzRnwwSnmbxgYxkjo5DNYT4gM4sDZBADA8PkPxH3HrBIMoggmSXK8U/sVMvyVWad9xlmdExLY2A0mMXBwMCgd0R3pp0BbzcT1MziyqrsxJyc1KLiAwyo5k9m3M+kyAhSd+bv1eAHjHYM3bEMjAxyG/zVFn/7I1W5cVN95PSqiJqp3U03l66PY9im//eKidT7iRlh/x8cEtSyyMv/ME9G6fvmhjkfauqemDh2NirP5W+9/Pfd+5ja4gQ1psfiXYVs/AluWjWfnJ3cLB/PTa9u31KsuCArzWXisakX/yYcX8vAMPnCE1v9mjOH4hVjOKXcKufG3HWLF+Rapn6+7s0LhoNRnycyMDIyMDAxMMwM27kH2V/lDdDIYGBmYGBQYQApYmFIy8xJNfBgYGRghnIMWaCqYKqZGDjAEnrJ+Tkp7QyM4CQA1racgQVuhuFjBlZ+kHIQx+gxAytcxtiiAWoSQzuUVoHSHlB6OZR+DKXl0ZINC9iEfihPo4GBgY2hIvE/f5EhGwMDQ0ViSUmRIUSspKTICC5mJAC3mQlq61wmVM8dZ2IYBaNgFIyCUTAKRsEoGAWjYBSMgpEMAAEAAP//obu5oA==") sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x4008800) getsockopt$inet_mptcp_buf(r0, 0x11c, 0x4, &(0x7f00000000c0)=""/206, &(0x7f0000000080)=0xce) 3.36027969s ago: executing program 0 (id=1010): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x3) 1.62224116s ago: executing program 4 (id=1017): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x44, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x88f8}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@rts={{}, {0x2}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 1.454478843s ago: executing program 4 (id=1018): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f00000019c0)=[{{&(0x7f00000000c0)={0xa, 0x4e20, 0x4, @remote, 0x7}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000280)="e9", 0x1}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x4e20, 0x8, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x8}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000080)='T', 0x1}], 0x1}}], 0x2, 0x931766f6319eed44) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x8}, &(0x7f00000002c0)=0x8) 1.286095497s ago: executing program 4 (id=1019): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000000)={0x3, 0x0, 0x0, 0xa, 0x5, "00120df500001e200000f3c90a0080000500"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x80) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000040)=0xd) 1.050356476s ago: executing program 0 (id=1021): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c1, &(0x7f00000001c0)={[{@coherency_buffered}, {@heartbeat_none}, {@coherency_full}, {@commit={'commit', 0x3d, 0x4}}, {@heartbeat_none}, {@localflocks}, {@intr}, {@dir_resv_level={'dir_resv_level', 0x3d, 0x5}}, {@noacl}, {@resv_level={'resv_level', 0x3d, 0x1}}, {@journal_async_commit}, {@commit={'commit', 0x3d, 0xf9}}]}, 0x9, 0x442b, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzsLOwIaVsGDr53NgmOf38p159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4n2zb/6H965/2dOI6Oehr75/s6vmL7944E8L3sz8+WV9fXw9V3SERhWZDTb//9uu9meZjQxzSqu2GjvoghHByy7iqukII739X/xTnkrTR5NgbQjiWfMIb9z67mduj0Tx8XDybfzp1f2349OTqg7XWnz0K4avS/167Pf/zi13DP72yR90DAAAAAAAAAAAAAAAAAPCMG7929fo7g0PhURS6V6Ot7+uOJ8dW78eu75kXOv9hAQAAAAAAAAAAAAAAAAAA4G9q8/3/XHRim/f/x5LjSIv66291fox0zsTbV8cuDA4l+79HW/JfT5J+OdcV+rfZ9z27//u5TP3t93/f2s9uNcbX6LcvRPFA6jyOBwZC+CbZ+P1UdCQulZcqr94qLy/M7tkwnlnp+Nd3709FJ9nQv934j2ba7/z+///dcjVVz2/u3SX2XEvHv6tluW8/jdqK//lMvf2IP7uXjn93La23ucBIfQKoxv/z7p3jP5Zpv1PxPx5CyEXVseZSM0B1DVNNb7VeIS0d/0O1tNTUmfwhW93/v2fifyHT/kHN/yvZLyK2lY7/v2ppPakSm/d/f7zz/X8x0/5BxL86/hXf/21Jx/9wPbE7VaT2l2x3/h/PtN+p+F+Pk3Eej1JXwGpUT2/1/+pIS8e/Z0v+5vNf3Nb671Km/n49/zX6bTz/Nab/l6P68x/bS8e/t2W5du//iUy9Ts//I7X1H7uVjv+RWlp67dxX+9lu/Ccz7Xcq/rVVSU8j/pvzyR+H6+lfW/+1JR3/f9cT4+YSK7WftfVftPP6/3Km/YNY/1XHvxJ3ttfnRXP8u8LRluWq8f+hje//K5l6nY9/CIPW+ruWvv+PtSxXu/97do7/VKZep+P/UicbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgGjCbHvhDFA6nzOB4YCOF8cn4qHImmC7P56VJ55qOlEMaS9Fw4Ed0ulacLpfzcQnm2mC+USuWZEC4k+SdDT7RUKlfy84W7Fzfa6o3uFAuLlelioRJCGE/S/x+ONdqanqvMF+6GEC5t5P0nLi/evVNYyM/OLb45ODg4GCY2xtAfFT+pFBcq9d7ruSFMbtTti5oGV8u+vDGWo9GH5eXFhUKpln6lqU6pPFMoNdWZSvK+CP1RZXF5YaZQKeZL5duN/g7SSHIcm7j23rUrQ1vyb0b14+j+DgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAv+jR8BtfhhC662dxCGGk8Uu0XfmHj4tn80+n7q8Nn55cfbD2pFU5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD/ZgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwi4dozQQRGEAfjMWaucxrJbdznZFES1cETyBHsPD6FG8hHdIkSJtihBIZiFsdmGbpPq+5sH8zLwH8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJjn6b37eKubiBRXm8uIv6//xWH+UurP/fj9izPMyOk8v3YPj3VT/j0d5XflaNnmXbpefX/GSO39DvZkuE97fZ/rybmm9m1qvr7vTaRcRURb8tuUc1XNewsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhB44FAAAAAIT5W0fRtwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/AgAA//+Elx0W") setresuid(0x0, 0xee01, 0x0) r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40046f01, 0x0) 1.00203154s ago: executing program 4 (id=1023): syz_mount_image$udf(&(0x7f00000019c0), &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa00010, &(0x7f0000000680)=ANY=[@ANYBLOB="6d6f64653d30303030303030303030303030303030303030303030372c6e6f7374726963742c7569643d69676e6f72652c6769643d666f726765742c6c6f6e6761642c6e6f7672732c756e64656c6574652c6d6f64653d30303030303030303030303030303030303033353031362c646d6f64653d30303030303030303030303030303030303030303031312c00e3cc6abaa52ef118fcbe734b47a6bf66bdd357c81c22ed4c07659e40ba6f24e50fafda55f8d6b01f7fa9505996c5c8e5fac082523b41c69e892f8f3372228da85b089c449c8243489693fc724dc3a34a1c85226b306f86ba0484aad17849d21905bbe3dbc20bf4c98777720c05637db44ef1224790223b183be4cbccef28b6dc7701cf3b6d45babe7a0177b34116f8033c0614d351a01526a5e4626159b2d7a3176575b87ce23efc23d6fc182ecb01ea4d182720d93ab9a99e432ce3c68dcdeec61f9cc21345ccd818e18d6d9c4bb97e0f79e4cfb80641"], 0x1, 0xc56, &(0x7f0000002680)="$eJzs3U9sHNd9B/DfGy21S7mtmdhVnDQONm2Ryorl6l9MxSrcVU2zLSDLQijmFoArkVIXpkiCpBrZSAumlx56CFAUPeREoDUKpGhgNEXQI9O6QHLxocipJ6KFjaDogS0CBCgQMJjZt+KKIhNaFEVK/nxs6Ts7897MezPrGVrQmxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMTvvXrh5Km0xYZD+9AYAOChuDT2pZOnt3r+AwCPrSvb/f8/AAAAAAAAAAAAAABwUKQo4qlIMXdpLU1Un7saFzsDt26Pj4xuXW0wVTUPVeXLX41Tp8+c/cKLw+d6ebEz83PqP2ifitfHrlxovjJ7c25+amFharI5PtO5Njs5teM97Lb+ZserE9C8+catyevXF5qnXzhz1+bbQx/Unzg6dH74uRPP9sqOj4yOjm0UafSXr913Q7q2G+FxOIo4ESme//aPUjsiitj9uWg83Gu/2WDVieNVJ8ZHRquOTHfaM4vlxsu9E1FENPsqtXrnaOtrEbWBh9qH7bUilsrmlw0+XnZvbK493746PdW83J5f7Cx2Zmcup25ry/40o4hzKWI5Ilbr9+5uIIqoRYpvPrmWrua3flTn4fPVwODt21HsYR93oGxncyBiuXgErtkBVo8iXosUP373WFzL95nqXvO5iNfK/G7E22W+HJHKL8bZiPe3+B7xaKpFEX9RXv/za2myuh/07isXv9z8w5nrs31le/eVD/l8uOdOsU/Ph8FN+XAc8HtTI4poV3f8tXT/P+wAAAAAAAAAAAAAAAAA8KANRhGfjBSv/vsfV+OKoxqX/uT54d8f+uX+MePP/IL9lGVfiIilYmdjcg/ngYGX0+WU9nks8UdZI4r4kzz+7+v73RgAAAAAAAAAAAAAAAAAAICPtCJ+GCleeu9YWo7+OcU7MzeaV9pXp7uzwvbm/u3Nmb6+vr7eTN1s5ZzIuZRzOedKztWcUeT69e6OWvnzRM6lnMs5V3Ku5oxDuX7OVs6JnEs5l3Ou5FzNGbVcP2cr50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4aKb7x1bUUKSJaERPRzZX6frcOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACjVUxHfiRTNP2jdWVeLiFT923Ws/O1stA6X+fFoDZf5crQu5GxXWWt9fR/az+4MpCJ+ECnqjXfuXPB8/Qe6n+58DeLtr0UM5uVP1bp5qLdx6IP6E0efPD88+plntltOWzXg+MXOzK3bzfGR0dGxvtW1fPSP960bysctHkzXiYiFN996oz09PTV/PwuHq4XyK3Bf1R+5hVTbh57WPzKn9+AtRO1ANGN/+n6Xxn7doNhT5fP//Ujx2+/9R++B333+N+KXup/uPOHjJ3+68dPAS5t3tMPnf21zvfz8L5/pWz3/n+pb91L+aWSgFtFYvDk3cDSisfDmWyc6N9s3pm5MzZw9efKLw8NfPHNy4HBE43pneqpv6YGcLgAAAAAAAAAAAAAAAICHJxXxu5Gi/YO11IyI29V4raHzw8+dePZQHKrGW901bvv1sSsXmq/M3pybn1pYmJpsjs90rs1OTu30cI1quNf4yOiedOYXGtzj9g82Xpmde3O+c+OPFrfcfqRx4erC4nz72tabYzCKiFb/muNVg8dHRqtGT3faM1XVy1sOpv/wBlIR/xkprp1tps/mdXn8/+YR/tX4/95hlzbv6AGO///MkY3xfx/rK1oeM6UifhIpfusvn4nPVu08Evecs1zubyPF8XOfzuXicFmu14buewW6IwPLsv8bKf7xp3eX7Y2HfGqj7KkPdXIfAeX1fzJSfOfPvxW/ntfd/f6Hra//kc072qP3Pzzdt+7IXe8r2HXXydf/RKR4+al34jeqNf//c9//0Xv3xrFu4Y33c+zR9f/VvnVD+bi/+aA6DwAAAAAAAAAA8AgbSEX8XaT43mgtvZjX7eTv/01u3tEe/f2vT/Stm9ztfEU7XNj1SQUAAACAA2IgFfHDSHFj8Z07Y6jvHv/dN/7zdzbGf46kTVurP+f7leq9AQ/yz//6DeXjTuy+2wAAAAAAAAAAAAAAAAAAAHCgpFTEi3k+9YlqPP/ktvOpr0SKV//7+VwuHS3L9eaBH6p+b1yanTlxYXp6thGL7avTU82xufa1qbLu05Fi7W8+nesW1fzqvfnmu3O8b8zFPh8pRv++V7Y7F3tvbvKnN8qeKst+LFL81z/cXTZPTZ3njq7Kni7L/nWk+Mo/b1326EbZM2XZb0WK73+l2St7pCzbez/qJzbKvnBtttiDqwIAAAAAAAAAAAAAAAAAAMBHzUAq4s8ixf/cXL4zlj/P/z/Q97Hy9tf65vvf5HY1z/9QNf//dsv3M/9/9V6Bpe2OCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj6cURbwVKeYuraWVevm5q3GxU8Tt8ZHRrasNpqrmoap8+atx6vSZs194cfhcLy92Zm5tX/9B+2S8PnblQvOV2Ztz81MLC1OTzfGZzrXZyakd72G39Tc7Xp2A5s03bk1ev77QPP3Cmbs23x76oP7E0aHzw8+deLZXdnxkdHSsr0xt4L6Pfo+0zfrDUcRfRYrnv/2j9L16RBG7PxeNh3vtNxusOnG86sT4yGjVkelOe2ax3Hi5dyKKiGZfpVbvHD2Ea7ErrYilsvllg4+X3Ruba8+3r05PNS+35xc7i53Zmcup29qyP80o4lyKWI6I1fq9uxuIIt6IFN98ci39Sz3iUO88fP7S2JdOnt6+HcUe9nEHynY2ByKWi+2v2eF9bN+joh5F/FOk+PG7x+Jf6xG16P6Kz0W8VuZ3I96O7vVO5RfjbMT7W3yPeDTVooj/K6//+bX0br28H/TuKxe/nJYiZvvK9u4rj/zz4WE64M+TRhTx/eqOv5b+zX/XAAAAAAAAAAAAAAAAAAdIEb8WKV5671iqxgffGVPcmbnRvNK+Ot0d1tcb+9cbM72+vr7eTN1s5ZzIuZRzOedKztWcUeT6OVtlNtbXJ/LnpZzLOVdyruaMQ7l+zlbOiZxLOZdzruRczRm1XD9nK+dEzqWcyzlXcq7mjAMydg8AAAAAAAAAAAAAAAAAAHi8FNU/Kb7x1bW0Xu/OLz0R3VwxH+hj72cBAAD///9X9JQ=") r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r0, 0x0, 0x0, 0xa00}]) 810.554275ms ago: executing program 1 (id=1025): r0 = socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x1, 0x9}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4) sendmmsg(r0, &(0x7f0000001500)=[{{&(0x7f00000001c0)=@l2tp6={0xa, 0x0, 0x7080000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4, 0x4}, 0x80, 0x0, 0x0, &(0x7f00000008c0)=[{0x10, 0x29, 0xb}], 0x10}}], 0x1, 0x0) 673.637377ms ago: executing program 4 (id=1026): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 673.257086ms ago: executing program 1 (id=1027): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000f80)=""/4096, 0x1000) 549.841306ms ago: executing program 1 (id=1028): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000002b40)='bic\x00', 0x4) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000040)=0x80000001, 0x3a) 540.697567ms ago: executing program 4 (id=1029): syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d740109730773396000000010902120001"], 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl(r0, 0x8b2c, &(0x7f0000000040)) 305.407586ms ago: executing program 1 (id=1030): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6, 0x37, 0x0, 0x9}]}, 0x10) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0) 122.441831ms ago: executing program 1 (id=1031): r0 = socket$kcm(0x10, 0x2, 0x4) r1 = socket$igmp(0x2, 0x3, 0x2) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000150097f87059ae08060c040002ff0f020000000000000187ac1414aaa69d35a2cca84708f7abca1bac14141bbd7c493872f750375ed08a560400000003c48f93b82a03000000461e", 0x4c}], 0x1}, 0x0) 19.483089ms ago: executing program 1 (id=1032): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000100)='>', 0x1, 0x20004891, &(0x7f0000004ff0)={0x2, 0xfffd, @rand_addr=0xfffffffffffffffe}, 0x10) listen(r0, 0xda90) accept4$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x0, 0x800) 0s ago: executing program 0 (id=1033): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x8000000, 0x0, 0x85, "00000000000000000000ffff00"}) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCMBIC(r1, 0x5417, 0x0) kernel console output (not intermixed with test programs): 9][ T6376] [U] 00000 [ 98.713136][ T6376] [U] [ 98.715863][ T6376] [U] [ 98.718665][ T6376] [U] [ 98.721382][ T6376] [U] [ 98.724161][ T6376] [U] [ 98.726888][ T6376] [U] [ 98.729700][ T6376] [U] [ 98.739963][ T6376] [U] [ 98.742712][ T6376] [U] J [ 98.746056][ T6376] [U] m&Feee0e$N76ЃQ`=lv0 6; ŊvZfix_>(Y8d1/|ɇo [ 98.756686][ T6376] [U] ~M(bzo [ 98.771624][ T6349] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 98.781189][ T6349] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 98.810793][ T6375] [U] woVVVVR'9ry6煜9弞͜7rfQˏs(ɜgs^9Z9y#[9o\ֽ [ 98.851392][ T6349] syz.0.182: attempt to access beyond end of device [ 98.851392][ T6349] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 98.902128][ T6374] loop1: detected capacity change from 0 to 32768 [ 98.920924][ T6349] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 98.934406][ T6374] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.187 (6374) [ 98.935768][ T5780] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 99.025679][ T6374] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 99.053386][ T6374] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 99.062179][ T6374] BTRFS info (device loop1): setting nodatacow, compression disabled [ 99.121353][ T6374] BTRFS info (device loop1): max_inline at 0 [ 99.153324][ T6374] BTRFS info (device loop1): enabling disk space caching [ 99.181850][ T6374] BTRFS info (device loop1): turning off barriers [ 99.207260][ T6374] BTRFS info (device loop1): turning on flush-on-commit [ 99.220712][ T6374] BTRFS info (device loop1): doing ref verification [ 99.233386][ T6374] BTRFS info (device loop1): force clearing of disk cache [ 99.240748][ T6374] BTRFS info (device loop1): enabling ssd optimizations [ 99.270550][ T6374] BTRFS info (device loop1): max_inline at 4096 [ 99.293691][ T6374] BTRFS info (device loop1): disk space caching is enabled [ 99.383798][ T6374] BTRFS info (device loop1): auto enabling async discard [ 99.416280][ T6374] BTRFS info (device loop1): rebuilding free space tree [ 99.486395][ T6374] BTRFS info (device loop1): disabling free space tree [ 99.513447][ T6374] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 99.543727][ T6374] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 99.652241][ T6401] loop3: detected capacity change from 0 to 128 [ 99.874220][ T5781] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 100.189500][ T6411] loop0: detected capacity change from 0 to 512 [ 100.290801][ T6411] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #16: comm syz.0.196: corrupted inode contents [ 100.305026][ T6411] EXT4-fs error (device loop0): ext4_dirty_inode:6106: inode #16: comm syz.0.196: mark_inode_dirty error [ 100.327675][ T6411] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #16: comm syz.0.196: corrupted inode contents [ 100.359431][ T6411] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm syz.0.196: mark_inode_dirty error [ 100.369768][ T6417] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 100.403014][ T6411] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #16: comm syz.0.196: corrupted inode contents [ 100.428584][ T6411] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 100.438784][ T6411] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #16: comm syz.0.196: corrupted inode contents [ 100.459449][ T6411] EXT4-fs error (device loop0): ext4_truncate:4288: inode #16: comm syz.0.196: mark_inode_dirty error [ 100.500977][ T6411] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 100.548863][ T6411] EXT4-fs (loop0): 1 truncate cleaned up [ 100.554045][ T6421] vxcan1: tx address claim with dlc 0 [ 100.570530][ T2952] EXT4-fs error (device loop0): ext4_release_dquot:6976: comm kworker/u4:8: Failed to release dquot type 1 [ 100.574559][ T6411] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.633490][ T6411] ext4 filesystem being mounted at /54/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.720491][ T6411] netlink: 32 bytes leftover after parsing attributes in process `syz.0.196'. [ 100.962906][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.113533][ T5872] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 101.332361][ T5872] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 101.356364][ T5872] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.373607][ T5872] usb 4-1: Product: syz [ 101.383313][ T5872] usb 4-1: Manufacturer: syz [ 101.393533][ T5872] usb 4-1: SerialNumber: syz [ 101.410133][ T5872] usb 4-1: config 0 descriptor?? [ 101.426486][ T5872] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 004 [ 101.543629][ T6442] loop1: detected capacity change from 0 to 64 [ 101.854455][ T5872] (null): failure reading functionality [ 101.879200][ T5872] i2c i2c-1: connected i2c-tiny-usb device [ 102.129317][ T8] usb 4-1: USB disconnect, device number 4 [ 102.562075][ T6459] loop1: detected capacity change from 0 to 1024 [ 102.578672][ T6461] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 102.631215][ T6459] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.668205][ T6459] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.769784][ T6461] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 102.860594][ T6468] netlink: 20 bytes leftover after parsing attributes in process `syz.3.219'. [ 102.878371][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.017316][ T6470] loop1: detected capacity change from 0 to 128 [ 103.285822][ T6483] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 103.285822][ T6483] The task syz.3.224 (6483) triggered the difference, watch for misbehavior. [ 103.345093][ T6484] netlink: 7 bytes leftover after parsing attributes in process `syz.1.226'. [ 103.370646][ T6484] netlink: 60 bytes leftover after parsing attributes in process `syz.1.226'. [ 103.655085][ T6484] netlink: 7 bytes leftover after parsing attributes in process `syz.1.226'. [ 103.668368][ T6484] netlink: 60 bytes leftover after parsing attributes in process `syz.1.226'. [ 103.812869][ T6484] netlink: 7 bytes leftover after parsing attributes in process `syz.1.226'. [ 103.828444][ T6484] netlink: 60 bytes leftover after parsing attributes in process `syz.1.226'. [ 103.994434][ T6500] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.336345][ T6516] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 104.543602][ T5872] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 104.577019][ T6527] warning: `syz.3.245' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 104.756403][ T5872] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 104.778639][ T5872] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.803460][ T5872] usb 1-1: New USB device found, idVendor=28bd, idProduct=0075, bcdDevice= 0.00 [ 104.828800][ T5872] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.851080][ T5872] usb 1-1: config 0 descriptor?? [ 105.022264][ T6548] netlink: 24 bytes leftover after parsing attributes in process `syz.3.253'. [ 105.299714][ T5872] uclogic 0003:28BD:0075.0003: interface is invalid, ignoring [ 105.529336][ T5872] usb 1-1: USB disconnect, device number 6 [ 105.960124][ T6580] loop2: detected capacity change from 0 to 1024 [ 105.994781][ T6580] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.123093][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.277509][ T6589] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 106.310647][ T6589] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.340583][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 106.549788][ T6596] loop2: detected capacity change from 0 to 4096 [ 106.584675][ T6596] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.597344][ T6599] loop3: detected capacity change from 0 to 2048 [ 106.653026][ T6599] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.724424][ T6599] EXT4-fs error (device loop3): ext4_find_extent:936: inode #2: comm syz.3.274: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 106.746808][ T6599] EXT4-fs (loop3): Remounting filesystem read-only [ 106.791957][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.819661][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.043374][ T28] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 107.247828][ T28] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 107.267501][ T28] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.280022][ T28] usb 1-1: Product: syz [ 107.284382][ T28] usb 1-1: Manufacturer: syz [ 107.299309][ T28] usb 1-1: SerialNumber: syz [ 107.310656][ T28] usb 1-1: config 0 descriptor?? [ 107.512811][ T6637] capability: warning: `syz.3.290' uses deprecated v2 capabilities in a way that may be insecure [ 107.550671][ T786] usb 1-1: USB disconnect, device number 7 [ 107.724702][ T6629] loop1: detected capacity change from 0 to 32768 [ 107.737297][ T6629] [ 107.737297][ T6629] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.737297][ T6629] [ 107.807195][ T6629] [ 107.807195][ T6629] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.807195][ T6629] [ 107.827511][ T6629] [ 107.827511][ T6629] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.827511][ T6629] [ 107.845055][ T6629] [ 107.845055][ T6629] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.845055][ T6629] [ 107.860684][ T6647] netlink: 'syz.2.293': attribute type 29 has an invalid length. [ 107.868853][ T6647] netlink: 8 bytes leftover after parsing attributes in process `syz.2.293'. [ 107.878282][ T6647] netlink: 'syz.2.293': attribute type 29 has an invalid length. [ 107.890256][ T110] [ 107.890256][ T110] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.890256][ T110] [ 107.895381][ T6647] netlink: 8 bytes leftover after parsing attributes in process `syz.2.293'. [ 107.933542][ T6645] read_mapping_page failed! [ 107.945683][ T6645] ERROR: (device loop1): txCommit: [ 107.945683][ T6645] [ 108.021218][ T5781] [ 108.021218][ T5781] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 108.021218][ T5781] [ 108.054748][ T5781] [ 108.054748][ T5781] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 108.054748][ T5781] [ 108.298477][ T6655] binder: 6654:6655 ioctl 400c620e 2000000001c0 returned -22 [ 108.688322][ T6671] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.305'. [ 108.719349][ T6671] openvswitch: netlink: Flow key attribute not present in set flow. [ 108.923495][ T5102] Bluetooth: hci1: command tx timeout [ 109.188933][ T6693] netlink: 20 bytes leftover after parsing attributes in process `syz.2.315'. [ 109.724944][ T27] kauditd_printk_skb: 96 callbacks suppressed [ 109.724971][ T27] audit: type=1326 audit(2000000011.270:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6716 comm="syz.2.326" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1aebb8ebe9 code=0x0 [ 110.153378][ T8] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 110.313351][ T5873] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 110.346939][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 110.359681][ T8] usb 4-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 110.368993][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.380416][ T8] usb 4-1: Product: syz [ 110.385098][ T8] usb 4-1: Manufacturer: syz [ 110.389849][ T8] usb 4-1: SerialNumber: syz [ 110.396907][ T8] usb 4-1: config 0 descriptor?? [ 110.403031][ T8] ums-onetouch 4-1:0.0: USB Mass Storage device detected [ 110.498256][ T5873] usb 1-1: config 0 has an invalid interface number: 128 but max is 0 [ 110.513406][ T5873] usb 1-1: config 0 has no interface number 0 [ 110.536022][ T5873] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 110.548531][ T5873] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.556749][ T5873] usb 1-1: Product: syz [ 110.561415][ T5873] usb 1-1: Manufacturer: syz [ 110.566665][ T5873] usb 1-1: SerialNumber: syz [ 110.568341][ T6740] netlink: 36 bytes leftover after parsing attributes in process `syz.1.343'. [ 110.573844][ T5873] usb 1-1: config 0 descriptor?? [ 110.622808][ T8] usb 4-1: USB disconnect, device number 5 [ 110.844851][ T6749] veth0_vlan: entered allmulticast mode [ 111.023819][ T5873] usb 1-1: Firmware: major: 22, minor: 220, hardware type: UNKNOWN (68) [ 111.064034][ T6757] netlink: 'syz.1.344': attribute type 29 has an invalid length. [ 111.072388][ T6757] netlink: 'syz.1.344': attribute type 29 has an invalid length. [ 111.083637][ T6757] netlink: 'syz.1.344': attribute type 29 has an invalid length. [ 111.092138][ T6757] netlink: 'syz.1.344': attribute type 29 has an invalid length. [ 111.223363][ T786] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 111.239718][ T5873] usb 1-1: failed to fetch extended address, random address set [ 111.260104][ T5873] usb 1-1: atusb_probe: initialization failed, error = -524 [ 111.275713][ T5873] atusb: probe of 1-1:0.128 failed with error -524 [ 111.277311][ T6761] loop1: detected capacity change from 0 to 4096 [ 111.286209][ T5873] usb 1-1: USB disconnect, device number 8 [ 111.310893][ T6761] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.418162][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.427556][ T786] usb 3-1: Using ep0 maxpacket: 16 [ 111.436055][ T786] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 111.450734][ T786] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 111.481885][ T786] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 111.499428][ T786] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 111.519701][ T786] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 111.555928][ T786] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 111.566296][ T786] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 111.584266][ T786] usb 3-1: Manufacturer: syz [ 111.607719][ T786] usb 3-1: config 0 descriptor?? [ 111.958406][ T786] rc_core: IR keymap rc-hauppauge not found [ 111.973408][ T786] Registered IR keymap rc-empty [ 111.991335][ T786] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 112.049420][ T786] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 112.097242][ T786] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 112.115916][ T6784] capability: warning: `syz.1.355' uses 32-bit capabilities (legacy support in use) [ 112.129611][ T786] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input9 [ 112.161179][ T6784] loop1: detected capacity change from 0 to 512 [ 112.183485][ T786] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 112.226643][ T6784] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.231128][ T786] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 112.263568][ T6784] ext4 filesystem being mounted at /104/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 112.313612][ T786] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 112.358566][ T786] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 112.380375][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.425208][ T786] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 112.453518][ T786] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 112.504067][ T786] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 112.521543][ T6773] loop3: detected capacity change from 0 to 32768 [ 112.553862][ T786] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 112.564272][ T6773] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 112.583568][ T6773] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 112.613480][ T786] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 112.627571][ T6773] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 112.646770][ T786] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 112.656567][ T28] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 112.665700][ T28] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 112.668519][ T6793] loop0: detected capacity change from 0 to 4096 [ 112.695223][ T786] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 112.705544][ T786] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 112.715275][ T28] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 49ms [ 112.723036][ T28] gfs2: fsid=syz:syz.0: jid=0: Done [ 112.732163][ T6773] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 112.742122][ T786] usb 3-1: USB disconnect, device number 6 [ 112.785959][ T6793] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.022555][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.393855][ T6876] loop2: detected capacity change from 0 to 256 [ 115.916921][ T6872] loop3: detected capacity change from 0 to 32768 [ 115.925718][ T6870] loop1: detected capacity change from 0 to 32768 [ 115.961044][ T6872] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 115.973499][ T6870] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 116.057119][ T6870] XFS (loop1): Ending clean mount [ 116.063404][ T5871] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 116.071883][ T6872] XFS (loop3): Ending clean mount [ 116.100086][ T6870] XFS (loop1): Quotacheck needed: Please wait. [ 116.198941][ T6870] XFS (loop1): Quotacheck: Done. [ 116.221988][ T5780] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 116.224775][ T6870] XFS (loop1): User initiated shutdown received. [ 116.238555][ T6870] XFS (loop1): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:501). Shutting down filesystem. [ 116.254372][ T6870] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 116.268188][ T5871] usb 3-1: Using ep0 maxpacket: 16 [ 116.280094][ T5871] usb 3-1: config 1 has an invalid interface number: 105 but max is 0 [ 116.296146][ T5871] usb 3-1: config 1 has no interface number 0 [ 116.302327][ T5871] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 116.318138][ T5781] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 116.357937][ T5871] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 116.371254][ T5871] usb 3-1: config 1 interface 105 has no altsetting 0 [ 116.409700][ T5871] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 116.419017][ T5871] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.427103][ T5871] usb 3-1: Product: syz [ 116.440227][ T5871] usb 3-1: Manufacturer: syz [ 116.455139][ T5871] usb 3-1: SerialNumber: syz [ 116.474421][ T6880] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 116.481766][ T6880] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 116.499010][ T6903] loop0: detected capacity change from 0 to 256 [ 116.845966][ T6905] loop3: detected capacity change from 0 to 4096 [ 116.949182][ T6880] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 116.964462][ T6880] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 117.046921][ T6912] loop0: detected capacity change from 0 to 256 [ 117.088568][ T6912] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 117.289098][ T6916] loop3: detected capacity change from 0 to 2048 [ 117.333263][ T6916] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 117.359585][ T6916] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 117.396299][ T5871] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 117.433804][ T5871] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 117.455564][ T5871] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 117.522204][ T5871] aqc111 3-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 72:a5:b3:a2:19:1e [ 117.563747][ T5871] usb 3-1: USB disconnect, device number 7 [ 117.576555][ T5871] aqc111 3-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 117.693823][ T5871] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 117.713584][ T5871] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 117.733406][ T5871] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 117.789124][ T6914] loop1: detected capacity change from 0 to 32768 [ 117.800289][ T6914] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.400 (6914) [ 117.821271][ T6914] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 117.840651][ T6914] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 117.849749][ T6914] BTRFS info (device loop1): enabling disk space caching [ 117.862174][ T6914] BTRFS info (device loop1): enabling auto defrag [ 117.870167][ T6914] BTRFS info (device loop1): turning on sync discard [ 117.880355][ T6914] BTRFS info (device loop1): use no compression [ 117.891626][ T6914] BTRFS info (device loop1): force clearing of disk cache [ 117.893563][ T28] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 117.899080][ T6914] BTRFS info (device loop1): turning on async discard [ 117.934743][ T6914] BTRFS info (device loop1): disabling disk space caching [ 117.960705][ T6931] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 118.053431][ T6914] BTRFS info (device loop1): enabling ssd optimizations [ 118.072906][ T6914] BTRFS info (device loop1): rebuilding free space tree [ 118.102709][ T6914] BTRFS info (device loop1): disabling free space tree [ 118.116319][ T28] usb 4-1: Using ep0 maxpacket: 8 [ 118.133479][ T6914] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 118.147179][ T28] usb 4-1: New USB device found, idVendor=0458, idProduct=7003, bcdDevice=7a.1a [ 118.150455][ T6914] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 118.179008][ T28] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.190467][ T28] usb 4-1: Product: syz [ 118.203294][ T28] usb 4-1: Manufacturer: syz [ 118.208055][ T28] usb 4-1: SerialNumber: syz [ 118.227003][ T28] usb 4-1: config 0 descriptor?? [ 118.247049][ T28] gspca_main: sn9c2028-2.14.0 probing 0458:7003 [ 118.404280][ T5781] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 118.462126][ T28] gspca_sn9c2028: read1 error -32 [ 118.484075][ T28] gspca_sn9c2028: read1 error -32 [ 118.551695][ T6957] loop2: detected capacity change from 0 to 128 [ 118.605778][ T6957] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 118.647196][ T6957] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 118.709816][ T5873] usb 4-1: USB disconnect, device number 6 [ 118.842877][ T5779] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 119.243682][ T6977] bond0: entered allmulticast mode [ 119.248888][ T6977] bond_slave_0: entered allmulticast mode [ 119.263361][ T6977] bond_slave_1: entered allmulticast mode [ 119.863483][ T5871] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 120.053758][ T5871] usb 4-1: Using ep0 maxpacket: 16 [ 120.061062][ T5871] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 120.074643][ T5871] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 120.099919][ T5871] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 120.109421][ T5871] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.131630][ T5871] usb 4-1: Product: syz [ 120.147700][ T5871] usb 4-1: Manufacturer: syz [ 120.164211][ T5871] usb 4-1: SerialNumber: syz [ 120.494696][ T7012] loop0: detected capacity change from 0 to 16 [ 120.507130][ T7012] erofs: (device loop0): mounted with root inode @ nid 36. [ 120.585222][ T5871] usb 4-1: 0:2 : does not exist [ 120.725040][ T7016] netlink: 12 bytes leftover after parsing attributes in process `syz.0.437'. [ 120.753610][ T7016] netlink: 12 bytes leftover after parsing attributes in process `syz.0.437'. [ 120.780514][ T7016] bridge0: port 3(vlan2) entered blocking state [ 120.788830][ T7016] bridge0: port 3(vlan2) entered disabled state [ 120.795859][ T7016] vlan2: entered allmulticast mode [ 120.801533][ T7016] bridge0: entered allmulticast mode [ 120.810604][ T7016] vlan2: left allmulticast mode [ 120.817737][ T7016] bridge0: left allmulticast mode [ 120.824126][ T7018] loop2: detected capacity change from 0 to 2048 [ 120.856486][ T7018] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 120.881284][ T7018] EXT4-fs error (device loop2): ext4_find_extent:936: inode #2: comm syz.2.438: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 120.907455][ T7018] EXT4-fs (loop2): Remounting filesystem read-only [ 120.952027][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.002759][ T5871] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 121.053626][ T5871] usb 4-1: USB disconnect, device number 7 [ 121.349350][ T7014] loop1: detected capacity change from 0 to 32768 [ 121.370855][ T7014] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 121.393052][ T7014] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 121.433071][ T7014] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 121.473493][ T5872] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 121.483459][ T5786] Bluetooth: hci1: command tx timeout [ 121.483854][ T7030] loop0: detected capacity change from 0 to 256 [ 121.495670][ T5872] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 121.570281][ T7023] loop2: detected capacity change from 0 to 32768 [ 121.585826][ T5872] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 90ms [ 121.593368][ T7023] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.439 (7023) [ 121.598314][ T7023] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 121.616599][ T5872] gfs2: fsid=syz:syz.0: jid=0: Done [ 121.621964][ T7014] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 121.630836][ T7023] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 121.656783][ T7023] BTRFS info (device loop2): using free space tree [ 121.768397][ T7023] BTRFS info (device loop2): enabling ssd optimizations [ 121.777762][ T7023] BTRFS info (device loop2): auto enabling async discard [ 121.828371][ T7049] program syz.0.445 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 121.838058][ T27] audit: type=1800 audit(2000000023.370:111): pid=7023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.439" name="bus" dev="loop2" ino=263 res=0 errno=0 [ 121.915236][ T5779] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 122.004787][ T5872] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 122.195576][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 122.226539][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1088, setting to 64 [ 122.271839][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 122.308238][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 122.328295][ T5872] usb 4-1: New USB device found, idVendor=1e71, idProduct=2019, bcdDevice= 0.00 [ 122.348746][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.382639][ T5872] usb 4-1: config 0 descriptor?? [ 122.396066][ T7037] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 122.888923][ T5872] nzxt-smart2 0003:1E71:2019.0004: hidraw0: USB HID v0.07 Device [HID 1e71:2019] on usb-dummy_hcd.3-1/input0 [ 123.157758][ T8] usb 4-1: USB disconnect, device number 8 [ 123.417999][ T7068] loop0: detected capacity change from 0 to 32768 [ 123.445129][ T7068] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 123.459713][ T7068] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 123.498674][ T7068] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 123.522482][ T786] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 123.537419][ T7087] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input10 [ 123.548401][ T786] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 123.602812][ T786] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 54ms [ 123.624912][ T786] gfs2: fsid=syz:syz.0: jid=0: Done [ 123.630234][ T7068] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 124.115897][ T5873] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 124.313451][ T5873] usb 4-1: Using ep0 maxpacket: 32 [ 124.326648][ T5873] usb 4-1: config 4 has an invalid interface number: 128 but max is 0 [ 124.346181][ T5873] usb 4-1: config 4 has no interface number 0 [ 124.352452][ T5873] usb 4-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.383403][ T5873] usb 4-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 124.405526][ T5873] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 124.415046][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.439624][ T5873] hub 4-1:4.128: USB hub found [ 124.654012][ T5873] hub 4-1:4.128: 2 ports detected [ 124.659172][ T5873] hub 4-1:4.128: Using single TT (err -22) [ 124.808282][ T7112] loop1: detected capacity change from 0 to 32768 [ 124.866592][ T7114] loop0: detected capacity change from 0 to 32768 [ 124.881826][ T7112] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 124.892461][ T7114] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 124.924644][ T7114] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 125.031544][ T5778] ocfs2: Unmounting device (7,0) on (node local) [ 125.042251][ T5781] ocfs2: Unmounting device (7,1) on (node local) [ 125.062847][ T5873] usb 4-1: USB disconnect, device number 9 [ 125.799655][ T7126] loop0: detected capacity change from 0 to 32768 [ 125.812654][ T27] audit: type=1326 audit(2000000027.360:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7131 comm="syz.1.479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5f45385ba7 code=0x7ffc0000 [ 125.839078][ T7133] bond0: entered allmulticast mode [ 125.855265][ T7133] bond_slave_0: entered allmulticast mode [ 125.862425][ T7126] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.477 (7126) [ 125.865796][ T27] audit: type=1326 audit(2000000027.360:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7131 comm="syz.1.479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5f4532ade9 code=0x7ffc0000 [ 125.875583][ T7133] bond_slave_1: entered allmulticast mode [ 125.916520][ T7126] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 125.933555][ T7126] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 125.942502][ T7126] BTRFS info (device loop0): enabling disk space caching [ 125.951874][ T7135] loop1: detected capacity change from 0 to 8 [ 125.958760][ T27] audit: type=1326 audit(2000000027.360:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7131 comm="syz.1.479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f4538ebe9 code=0x7ffc0000 [ 125.993012][ T7126] BTRFS info (device loop0): enabling auto defrag [ 126.000070][ T7135] SQUASHFS error: lzo decompression failed, data probably corrupt [ 126.008356][ T7135] SQUASHFS error: Failed to read block 0x91: -5 [ 126.012255][ T7126] BTRFS info (device loop0): turning on sync discard [ 126.021769][ T7126] BTRFS info (device loop0): use no compression [ 126.021791][ T7135] SQUASHFS error: Unable to read metadata cache entry [8f] [ 126.033515][ T27] audit: type=1326 audit(2000000027.360:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7131 comm="syz.1.479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5f45385ba7 code=0x7ffc0000 [ 126.053283][ T7135] SQUASHFS error: Unable to read inode 0x11f [ 126.063540][ T7126] BTRFS info (device loop0): force clearing of disk cache [ 126.081396][ T7126] BTRFS info (device loop0): turning on async discard [ 126.093663][ T7126] BTRFS info (device loop0): disabling disk space caching [ 126.111160][ T27] audit: type=1326 audit(2000000027.360:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7131 comm="syz.1.479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5f4532ade9 code=0x7ffc0000 [ 126.153743][ T27] audit: type=1326 audit(2000000027.360:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7131 comm="syz.1.479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5f45385ba7 code=0x7ffc0000 [ 126.200193][ T27] audit: type=1326 audit(2000000027.360:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7131 comm="syz.1.479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5f4532ade9 code=0x7ffc0000 [ 126.260370][ T27] audit: type=1326 audit(2000000027.360:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7131 comm="syz.1.479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5f45385ba7 code=0x7ffc0000 [ 126.305486][ T7126] BTRFS info (device loop0): enabling ssd optimizations [ 126.348246][ T7126] BTRFS info (device loop0): rebuilding free space tree [ 126.369947][ T27] audit: type=1326 audit(2000000027.360:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7131 comm="syz.1.479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5f4532ade9 code=0x7ffc0000 [ 126.440726][ T7137] loop2: detected capacity change from 0 to 32768 [ 126.448887][ T7126] BTRFS info (device loop0): disabling free space tree [ 126.459751][ T7137] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz.2.489 (7137) [ 126.461455][ T7126] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 126.489056][ T7126] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 126.508261][ T7137] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 126.523930][ T7137] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 126.553287][ T7137] BTRFS info (device loop2): enabling disk space caching [ 126.560844][ T7137] BTRFS info (device loop2): force clearing of disk cache [ 126.593281][ T7137] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 126.603024][ T7137] BTRFS info (device loop2): use zstd compression, level 3 [ 126.623443][ T7137] BTRFS info (device loop2): disk space caching is enabled [ 126.709576][ T5778] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 126.725725][ T7137] BTRFS info (device loop2): enabling ssd optimizations [ 126.737260][ T7137] BTRFS info (device loop2): auto enabling async discard [ 126.748294][ T7137] BTRFS info (device loop2): rebuilding free space tree [ 126.797515][ T7137] BTRFS info (device loop2): disabling free space tree [ 126.804818][ T7137] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 126.826003][ T7137] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 127.217838][ T5779] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 127.873306][ T5871] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 128.054148][ T5871] usb 2-1: Using ep0 maxpacket: 16 [ 128.058017][ T7186] loop0: detected capacity change from 0 to 32768 [ 128.075915][ T5871] usb 2-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 128.099420][ T7186] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 128.100643][ T5871] usb 2-1: config 0 interface 0 has no altsetting 0 [ 128.119952][ T5871] usb 2-1: New USB device found, idVendor=056a, idProduct=00f0, bcdDevice= 0.00 [ 128.135765][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.159393][ T5871] usb 2-1: config 0 descriptor?? [ 128.248281][ T7186] XFS (loop0): Ending clean mount [ 128.282196][ T7186] XFS (loop0): Quotacheck needed: Please wait. [ 128.287000][ T7193] loop2: detected capacity change from 0 to 32768 [ 128.318134][ T7193] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 128.359749][ T7186] XFS (loop0): Quotacheck: Done. [ 128.422869][ T7193] XFS (loop2): Ending clean mount [ 128.432684][ T27] kauditd_printk_skb: 17 callbacks suppressed [ 128.432699][ T27] audit: type=1800 audit(2000000029.970:138): pid=7186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.485" name="file1" dev="loop0" ino=9286 res=0 errno=0 [ 128.494383][ T7193] XFS (loop2): WARNING: Reset corrupted AGFL on AG 0. 1 blocks leaked. Please unmount and run xfs_repair. [ 128.534944][ T5778] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 128.642343][ T5779] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 128.666954][ T5871] wacom 0003:056A:00F0.0005: unknown main item tag 0x0 [ 128.674484][ T5871] wacom 0003:056A:00F0.0005: unknown main item tag 0x0 [ 128.681896][ T5871] wacom 0003:056A:00F0.0005: unknown main item tag 0x0 [ 128.703543][ T5871] wacom 0003:056A:00F0.0005: unknown main item tag 0x0 [ 128.721857][ T5871] wacom 0003:056A:00F0.0005: unknown main item tag 0x0 [ 128.782500][ T5871] wacom 0003:056A:00F0.0005: hidraw0: USB HID v0.05 Device [HID 056a:00f0] on usb-dummy_hcd.1-1/input0 [ 128.986436][ T5872] usb 2-1: USB disconnect, device number 4 [ 129.451885][ T7235] loop2: detected capacity change from 0 to 2048 [ 129.471283][ T7221] loop3: detected capacity change from 0 to 32768 [ 129.502847][ T7235] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.576974][ T7242] loop0: detected capacity change from 0 to 1024 [ 129.584618][ T7242] UDF-fs: bad mount option "y^7Yy){m_(qS#X00000000000000000000" or missing value [ 129.602103][ T7235] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 129.635507][ T7235] overlayfs: failed to create directory ./file0/work (errno: 28); mounting read-only [ 129.833986][ T7248] loop0: detected capacity change from 0 to 128 [ 129.868675][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.124644][ T5102] Bluetooth: hci1: command tx timeout [ 130.372906][ T7246] loop1: detected capacity change from 0 to 40427 [ 130.393883][ T7246] F2FS-fs (loop1): Small segment_count (9 < 1 * 24) [ 130.407684][ T7246] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 130.447273][ T7246] F2FS-fs (loop1): Found nat_bits in checkpoint [ 130.552880][ T7246] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 130.570823][ T7246] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 130.722302][ T7272] loop0: detected capacity change from 0 to 4096 [ 130.734539][ T7272] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 130.758796][ T5102] Bluetooth: hci2: unexpected cc 0x0c5b length: 5 > 1 [ 130.803124][ T7272] ntfs3: loop0: Failed to initialize $Extend/$Reparse. [ 130.817268][ T5781] syz-executor: attempt to access beyond end of device [ 130.817268][ T5781] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 130.836951][ T5781] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 130.847877][ T7281] Cannot find del_set index 1 as target [ 131.722541][ T7298] loop1: detected capacity change from 0 to 2048 [ 131.779914][ T7298] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 131.888595][ T7298] EXT4-fs error (device loop1): ext4_find_extent:936: inode #2: comm syz.1.530: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 131.905060][ T7290] loop3: detected capacity change from 0 to 32768 [ 131.939657][ T7298] EXT4-fs (loop1): Remounting filesystem read-only [ 131.959527][ T7290] JBD2: Ignoring recovery information on journal [ 132.052611][ T7290] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 132.054322][ T7292] loop2: detected capacity change from 0 to 32768 [ 132.073390][ T7292] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.528 (7292) [ 132.108971][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.136788][ T7292] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 132.171846][ T7294] loop0: detected capacity change from 0 to 32768 [ 132.179644][ T7294] XFS: attr2 mount option is deprecated. [ 132.183446][ T7292] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 132.209270][ T7292] BTRFS info (device loop2): force clearing of disk cache [ 132.218398][ T7292] BTRFS info (device loop2): enabling auto defrag [ 132.225526][ T7292] BTRFS info (device loop2): max_inline at 0 [ 132.227254][ T5780] ocfs2: Unmounting device (7,3) on (node local) [ 132.232352][ T7292] BTRFS info (device loop2): enabling disk space caching [ 132.246642][ T7292] BTRFS info (device loop2): disk space caching is enabled [ 132.251180][ T7294] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 132.282753][ T7294] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 132.343419][ T7292] BTRFS info (device loop2): enabling ssd optimizations [ 132.355662][ T7292] BTRFS info (device loop2): rebuilding free space tree [ 132.357280][ T7294] XFS (loop0): Ending clean mount [ 132.379994][ T7292] BTRFS info (device loop2): disabling free space tree [ 132.401384][ T7292] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 132.424138][ T7294] XFS (loop0): Quotacheck needed: Please wait. [ 132.435785][ T7292] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 132.509093][ T7294] XFS (loop0): Quotacheck: Done. [ 132.662351][ T5778] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 132.689016][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.695722][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.705766][ T2921] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 132.795767][ T786] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 132.946638][ T5779] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 133.003517][ T786] usb 4-1: Using ep0 maxpacket: 8 [ 133.015330][ T786] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 133.033480][ T786] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.053006][ T7315] loop1: detected capacity change from 0 to 32768 [ 133.111409][ T786] pvrusb2: Hardware description: Terratec Grabster AV400 [ 133.137231][ T786] pvrusb2: ********** [ 133.142323][ T786] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 133.169473][ T786] pvrusb2: Important functionality might not be entirely working. [ 133.179143][ T786] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 133.207136][ T786] pvrusb2: ********** [ 133.354519][ T2314] pvrusb2: Invalid write control endpoint [ 133.509104][ T2314] pvrusb2: Invalid write control endpoint [ 133.539481][ T2314] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 133.564104][ T2314] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 133.571731][ T2314] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 133.596559][ T2314] pvrusb2: Device being rendered inoperable [ 133.605284][ T7329] pvrusb2: Killing an I2C write to 0 that is too large (desired=62 limit=61) [ 133.615213][ T2314] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 133.622575][ T2314] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 133.634172][ T5815] usb 4-1: USB disconnect, device number 10 [ 133.653766][ T2314] pvrusb2: Attached sub-driver cx25840 [ 133.659296][ T2314] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 133.670457][ T2314] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 133.793468][ T5872] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 133.986395][ T5872] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.002316][ T5872] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 134.012732][ T8] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 134.020933][ T5872] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 134.030258][ T5872] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.044505][ T5872] usb 1-1: config 0 descriptor?? [ 134.217020][ T8] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 134.223013][ T7352] loop1: detected capacity change from 0 to 32768 [ 134.232188][ T8] usb 3-1: config 0 has no interface number 0 [ 134.242262][ T8] usb 3-1: config 0 interface 2 altsetting 2 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 134.261723][ T8] usb 3-1: config 0 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 134.280427][ T8] usb 3-1: config 0 interface 2 altsetting 2 endpoint 0x82 has invalid maxpacket 192, setting to 64 [ 134.293112][ T8] usb 3-1: config 0 interface 2 has no altsetting 0 [ 134.311349][ T7352] ERROR: (device loop1): dtSearch: DT_GETPAGE: dtree page corrupt [ 134.311349][ T7352] [ 134.317126][ T8] usb 3-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f [ 134.332273][ T7352] ERROR: (device loop1): remounting filesystem as read-only [ 134.337141][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.349593][ T8] usb 3-1: Product: syz [ 134.349834][ T7352] jfs_lookup: dtSearch returned -5 [ 134.357802][ T8] usb 3-1: Manufacturer: syz [ 134.366800][ T8] usb 3-1: SerialNumber: syz [ 134.383148][ T8] usb 3-1: config 0 descriptor?? [ 134.392875][ T7344] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 134.407173][ T110] blkno = 8ed2c, nblocks = 1 [ 134.408819][ T7344] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 134.412771][ T110] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map [ 134.412771][ T110] [ 134.430021][ T110] JFS: metapage_get_blocks failed [ 134.437255][ T110] ERROR: (device loop1): release_metapage: metapage_write_one() failed [ 134.437255][ T110] [ 134.448895][ T110] blkno = 8ed2c, nblocks = 1 [ 134.454003][ T110] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map [ 134.454003][ T110] [ 134.485546][ T5872] hid-steam 0003:28DE:1142.0006: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0 [ 134.563492][ T5872] hid-steam 0003:28DE:1142.0006: Steam wireless receiver connected [ 134.595288][ T5872] hid-steam 0003:28DE:1142.0007: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0 [ 134.651134][ T8] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 134.678112][ T8] usb 3-1: USB disconnect, device number 8 [ 134.696162][ T786] usb 1-1: USB disconnect, device number 9 [ 134.717383][ T786] hid-steam 0003:28DE:1142.0006: Steam wireless receiver disconnected [ 134.919963][ T7364] loop1: detected capacity change from 0 to 1024 [ 135.308980][ T7371] loop0: detected capacity change from 0 to 4096 [ 135.387606][ T7374] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 135.693333][ T5871] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 135.913302][ T5871] usb 2-1: Using ep0 maxpacket: 16 [ 135.924165][ T5871] usb 2-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 135.934083][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.942215][ T5871] usb 2-1: Product: syz [ 135.966915][ T5871] usb 2-1: Manufacturer: syz [ 135.971595][ T5871] usb 2-1: SerialNumber: syz [ 136.000625][ T5871] usb 2-1: config 0 descriptor?? [ 136.020460][ T5871] ums-onetouch 2-1:0.0: USB Mass Storage device detected [ 136.154987][ T7383] loop2: detected capacity change from 0 to 32768 [ 136.196830][ T7383] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 136.303766][ T5871] usb 2-1: USB disconnect, device number 5 [ 136.382377][ T5779] ocfs2: Unmounting device (7,2) on (node local) [ 136.853797][ T5871] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 136.867912][ T7417] netlink: 28 bytes leftover after parsing attributes in process `syz.2.568'. [ 136.883359][ T7417] netlink: 28 bytes leftover after parsing attributes in process `syz.2.568'. [ 136.910408][ T7417] gretap0: entered promiscuous mode [ 136.929169][ T7417] batadv_slave_1: entered promiscuous mode [ 137.083481][ T5871] usb 4-1: Using ep0 maxpacket: 16 [ 137.090886][ T5871] usb 4-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.112413][ T5871] usb 4-1: config 0 interface 0 has no altsetting 0 [ 137.122572][ T5871] usb 4-1: New USB device found, idVendor=056a, idProduct=00f0, bcdDevice= 0.00 [ 137.143277][ T5871] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.180864][ T5871] usb 4-1: config 0 descriptor?? [ 137.446804][ T7429] loop0: detected capacity change from 0 to 64 [ 137.610930][ T5871] wacom 0003:056A:00F0.0008: unknown main item tag 0x0 [ 137.633363][ T5871] wacom 0003:056A:00F0.0008: unknown main item tag 0x0 [ 137.653354][ T5871] wacom 0003:056A:00F0.0008: unknown main item tag 0x0 [ 137.666559][ T5871] wacom 0003:056A:00F0.0008: unknown main item tag 0x0 [ 137.676917][ T5871] wacom 0003:056A:00F0.0008: unknown main item tag 0x0 [ 137.693519][ T5871] wacom 0003:056A:00F0.0008: hidraw0: USB HID v0.05 Device [HID 056a:00f0] on usb-dummy_hcd.3-1/input0 [ 137.774231][ T7419] loop1: detected capacity change from 0 to 40427 [ 137.776766][ T7425] loop2: detected capacity change from 0 to 32768 [ 137.782211][ T7419] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 137.797879][ T7419] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 137.847486][ T7419] F2FS-fs (loop1): invalid crc value [ 137.896540][ T7419] F2FS-fs (loop1): Found nat_bits in checkpoint [ 137.933651][ T5871] usb 4-1: USB disconnect, device number 11 [ 138.153804][ T7419] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 138.171442][ T7419] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 138.503727][ T786] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 138.574991][ T7445] loop2: detected capacity change from 0 to 512 [ 138.620729][ T7445] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2244: inode #15: comm syz.2.580: corrupted in-inode xattr: invalid ea_ino [ 138.658041][ T7445] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.580: couldn't read orphan inode 15 (err -117) [ 138.713533][ T786] usb 1-1: Using ep0 maxpacket: 16 [ 138.741930][ T7445] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.762567][ T786] usb 1-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 138.774087][ T786] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.782876][ T786] usb 1-1: Product: syz [ 138.823268][ T786] usb 1-1: Manufacturer: syz [ 138.828045][ T786] usb 1-1: SerialNumber: syz [ 138.836390][ T786] usb 1-1: config 0 descriptor?? [ 138.855165][ T786] ums-onetouch 1-1:0.0: USB Mass Storage device detected [ 138.876192][ T7445] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #2: block 3: comm syz.2.580: lblock 0 mapped to illegal pblock 3 (length 1) [ 138.896243][ T7445] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.580: error -117 reading directory block [ 138.980377][ T7445] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #2: block 3: comm syz.2.580: lblock 0 mapped to illegal pblock 3 (length 1) [ 139.005316][ T7445] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.580: error -117 reading directory block [ 139.074781][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.136853][ T5871] usb 1-1: USB disconnect, device number 10 [ 139.400437][ T7472] loop2: detected capacity change from 0 to 128 [ 139.421635][ T7472] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 139.434485][ T7472] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 139.502081][ T2921] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 139.564426][ T7463] loop1: detected capacity change from 0 to 32768 [ 139.643439][ T968] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 139.821911][ T7483] loop2: detected capacity change from 0 to 512 [ 139.829308][ T7483] EXT4-fs: Ignoring removed oldalloc option [ 139.836841][ T968] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 139.853507][ T968] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.878800][ T968] usb 4-1: config 0 descriptor?? [ 139.896191][ T7483] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.918513][ T7483] ext4 filesystem being mounted at /146/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 139.920311][ T968] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 139.956332][ T7483] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.595: bg 0: block 217: padding at end of block bitmap is not set [ 140.035097][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.153970][ T968] gp8psk: usb in 128 operation failed. [ 140.186773][ T7492] mmap: syz.2.599 (7492) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 140.362672][ T968] gp8psk: FW Version = 12.160.214 (0xca0d6) Build 2146/135/53 [ 140.411733][ T7497] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 140.470998][ T7500] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 140.573572][ T968] gp8psk: usb in 149 operation failed. [ 140.579214][ T968] gp8psk: failed to get FPGA version [ 140.595923][ T968] gp8psk: usb in 138 operation failed. [ 140.601470][ T968] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 140.627582][ T968] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 140.653585][ T968] usb 4-1: USB disconnect, device number 12 [ 141.099617][ T7510] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 141.106374][ T7506] loop1: detected capacity change from 0 to 32768 [ 141.116686][ T7510] macsec1: entered allmulticast mode [ 141.122643][ T7506] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.604 (7506) [ 141.140165][ T7510] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 141.156548][ T7510] mac80211_hwsim hwsim2 wlan0: left allmulticast mode [ 141.167871][ T7510] mac80211_hwsim hwsim2 wlan0: left promiscuous mode [ 141.185371][ T7506] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 141.206425][ T7506] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 141.229582][ T7506] BTRFS info (device loop1): force clearing of disk cache [ 141.237451][ T7506] BTRFS info (device loop1): enabling auto defrag [ 141.249884][ T7508] loop2: detected capacity change from 0 to 32768 [ 141.251575][ T7506] BTRFS info (device loop1): max_inline at 0 [ 141.263601][ T7506] BTRFS info (device loop1): enabling disk space caching [ 141.270737][ T7506] BTRFS info (device loop1): disk space caching is enabled [ 141.272877][ T7512] netlink: 'syz.3.607': attribute type 1 has an invalid length. [ 141.289292][ T7512] netlink: 'syz.3.607': attribute type 2 has an invalid length. [ 141.298412][ T7516] netlink: 'syz.3.607': attribute type 1 has an invalid length. [ 141.307879][ T7516] netlink: 'syz.3.607': attribute type 2 has an invalid length. [ 141.335492][ T7508] JBD2: Ignoring recovery information on journal [ 141.396729][ T7506] BTRFS info (device loop1): enabling ssd optimizations [ 141.429267][ T7506] BTRFS info (device loop1): rebuilding free space tree [ 141.481133][ T7508] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 141.508769][ T7506] BTRFS info (device loop1): disabling free space tree [ 141.523388][ T7506] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 141.540874][ T7506] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 141.712177][ T48] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 141.747378][ T5779] ocfs2: Unmounting device (7,2) on (node local) [ 142.104390][ T5781] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 142.425153][ T7562] loop1: detected capacity change from 0 to 512 [ 142.435046][ T7562] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 142.450517][ T7562] EXT4-fs (loop1): invalid journal inode [ 142.460251][ T7562] EXT4-fs (loop1): can't get journal size [ 142.477111][ T7562] EXT4-fs (loop1): 1 truncate cleaned up [ 142.486326][ T7562] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 142.506738][ T27] audit: type=1800 audit(2000000044.050:139): pid=7562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.617" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 142.544130][ T968] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 142.552443][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.740981][ T968] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 142.749118][ T968] usb 4-1: config 0 has no interface number 0 [ 142.755473][ T968] usb 4-1: config 0 interface 2 altsetting 2 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 142.769286][ T968] usb 4-1: config 0 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 142.780833][ T968] usb 4-1: config 0 interface 2 altsetting 2 endpoint 0x82 has invalid maxpacket 192, setting to 64 [ 142.792339][ T968] usb 4-1: config 0 interface 2 has no altsetting 0 [ 142.808104][ T968] usb 4-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f [ 142.817589][ T968] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.825756][ T968] usb 4-1: Product: syz [ 142.829953][ T968] usb 4-1: Manufacturer: syz [ 142.834693][ T968] usb 4-1: SerialNumber: syz [ 142.841116][ T968] usb 4-1: config 0 descriptor?? [ 142.847349][ T7559] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 142.855324][ T7559] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 143.111407][ T968] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 143.170237][ T968] usb 4-1: USB disconnect, device number 13 [ 143.638492][ T7570] loop0: detected capacity change from 0 to 32768 [ 143.805731][ T7573] loop2: detected capacity change from 0 to 32768 [ 143.853452][ T7573] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 144.042885][ T7573] XFS (loop2): Ending clean mount [ 144.061947][ T7573] XFS (loop2): Quotacheck needed: Please wait. [ 144.103689][ T27] audit: type=1326 audit(2000000045.640:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7591 comm="syz.1.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f4538ebe9 code=0x7ffc0000 [ 144.164491][ T7573] XFS (loop2): Quotacheck: Done. [ 144.170902][ T27] audit: type=1326 audit(2000000045.640:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7591 comm="syz.1.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f4538ebe9 code=0x7ffc0000 [ 144.200004][ T27] audit: type=1326 audit(2000000045.680:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7591 comm="syz.1.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5f4538ebe9 code=0x7ffc0000 [ 144.230131][ T27] audit: type=1326 audit(2000000045.680:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7591 comm="syz.1.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f4538ebe9 code=0x7ffc0000 [ 144.253982][ T27] audit: type=1326 audit(2000000045.680:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7591 comm="syz.1.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f4538ebe9 code=0x7ffc0000 [ 144.276813][ T27] audit: type=1326 audit(2000000045.680:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7591 comm="syz.1.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5f4538ebe9 code=0x7ffc0000 [ 144.328124][ T27] audit: type=1326 audit(2000000045.680:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7591 comm="syz.1.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f4538ebe9 code=0x7ffc0000 [ 144.385607][ T27] audit: type=1326 audit(2000000045.680:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7591 comm="syz.1.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f4538ebe9 code=0x7ffc0000 [ 144.433294][ T27] audit: type=1326 audit(2000000045.680:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7591 comm="syz.1.629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5f4538ebe9 code=0x7ffc0000 [ 144.585289][ T7596] loop0: detected capacity change from 0 to 4096 [ 144.593649][ T5779] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 144.596639][ T7596] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 144.643366][ T5872] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 144.666703][ T7580] loop3: detected capacity change from 0 to 32768 [ 144.675752][ T7580] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.626 (7580) [ 144.708170][ T7580] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 144.719957][ T7580] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 144.737310][ T7580] BTRFS info (device loop3): force clearing of disk cache [ 144.745953][ T7580] BTRFS info (device loop3): enabling auto defrag [ 144.752592][ T7580] BTRFS info (device loop3): max_inline at 0 [ 144.773076][ T7580] BTRFS info (device loop3): enabling disk space caching [ 144.798149][ T7580] BTRFS info (device loop3): disk space caching is enabled [ 144.832266][ T5872] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 144.842903][ T5872] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 144.853085][ T5872] usb 2-1: config 1 has no interface number 0 [ 144.863820][ T5872] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.875169][ T5872] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 144.889834][ T5872] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 144.913480][ T5872] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.922277][ T5872] usb 2-1: Product: syz [ 144.943381][ T5872] usb 2-1: Manufacturer: syz [ 144.948081][ T5872] usb 2-1: SerialNumber: syz [ 144.950785][ T7580] BTRFS info (device loop3): enabling ssd optimizations [ 144.982415][ T7580] BTRFS info (device loop3): rebuilding free space tree [ 145.021573][ T7580] BTRFS info (device loop3): disabling free space tree [ 145.032574][ T7580] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 145.057784][ T7580] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 145.291570][ T7623] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 145.293164][ T159] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 145.578521][ T7629] loop2: detected capacity change from 0 to 256 [ 145.588323][ T7629] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 145.609523][ T7629] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 145.628968][ T5780] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 145.636001][ T7629] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 145.802782][ T5872] cdc_ncm 2-1:1.1: bind() failure [ 145.832814][ T5872] usb 2-1: USB disconnect, device number 6 [ 146.130875][ T7625] loop0: detected capacity change from 0 to 32768 [ 146.326969][ T7636] loop3: detected capacity change from 0 to 8192 [ 146.608058][ T7640] loop1: detected capacity change from 0 to 4096 [ 146.637596][ T7642] loop3: detected capacity change from 0 to 4096 [ 146.676558][ T7642] NILFS (loop3): invalid segment: Checksum error in segment payload [ 146.705316][ T7642] NILFS (loop3): trying rollback from an earlier position [ 146.739098][ T7642] NILFS (loop3): recovery complete [ 146.755949][ T7643] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 147.060484][ T7637] loop2: detected capacity change from 0 to 40427 [ 147.072942][ T7637] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 147.081592][ T7637] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 147.117677][ T7637] F2FS-fs (loop2): Found nat_bits in checkpoint [ 147.136089][ T7650] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.143788][ T7650] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.191541][ T7650] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 147.222636][ T7637] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 147.236473][ T7637] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 147.314458][ T7655] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 147.443409][ T8] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 147.641863][ T8] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 147.663596][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.694593][ T8] usb 2-1: config 0 descriptor?? [ 148.159564][ T8] [drm] Initialized udl 0.0.1 20120220 for 2-1:0.0 on minor 2 [ 148.179786][ T8] [drm] Initialized udl on minor 2 [ 148.555581][ T8] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 1 failed err ffffffb9 [ 148.584513][ T8] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 148.608806][ T5872] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 148.623863][ T8] usb 2-1: USB disconnect, device number 7 [ 148.644098][ T5872] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 148.771331][ T7663] loop3: detected capacity change from 0 to 65536 [ 148.809097][ T7663] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 148.870750][ T7663] XFS (loop3): Ending clean mount [ 148.893075][ T7683] loop2: detected capacity change from 0 to 4096 [ 148.921437][ T7683] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 148.935483][ T7683] ntfs3: loop2: Failed to initialize $Extend/$ObjId. [ 148.943068][ T5780] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 149.001202][ T7683] ntfs3: loop2: ino=1e, "file1" attr_set_size [ 149.026965][ T7682] ntfs3: loop2: ino=1e, "file1" attr_set_size [ 149.074298][ T2921] ntfs3: loop2: ino=3, ntfs3_write_inode failed, -22. [ 149.082190][ T5779] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 149.103112][ T5779] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 149.115959][ T5779] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 149.122773][ T2921] ntfs3: loop2: ino=3, ntfs3_write_inode failed, -22. [ 149.163564][ T5872] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 149.231670][ T7690] 8021q: adding VLAN 0 to HW filter on device bond0 [ 149.277260][ T7690] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 149.344944][ T7691] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 149.365649][ T5872] usb 1-1: Using ep0 maxpacket: 8 [ 149.375381][ T5872] usb 1-1: config index 0 descriptor too short (expected 30, got 18) [ 149.395132][ T5872] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 149.409927][ T5872] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.418513][ T5872] usb 1-1: Product: syz [ 149.423561][ T5872] usb 1-1: Manufacturer: syz [ 149.428413][ T5872] usb 1-1: SerialNumber: syz [ 149.436125][ T5872] usb 1-1: config 0 descriptor?? [ 149.444602][ T5872] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 149.453078][ T5872] usb 1-1: setting power ON [ 149.458845][ T5872] dvb-usb: bulk message failed: -22 (2/0) [ 149.459892][ T7695] loop3: detected capacity change from 0 to 256 [ 149.474588][ T5872] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 149.496200][ T5872] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 149.506885][ T5872] usb 1-1: media controller created [ 149.518163][ T7695] FAT-fs (loop3): Directory bread(block 64) failed [ 149.537397][ T7695] FAT-fs (loop3): Directory bread(block 65) failed [ 149.541065][ T5872] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 149.551556][ T7695] FAT-fs (loop3): Directory bread(block 66) failed [ 149.568039][ T5872] usb 1-1: selecting invalid altsetting 6 [ 149.571485][ T7695] FAT-fs (loop3): Directory bread(block 67) failed [ 149.575807][ T5872] usb 1-1: digital interface selection failed (-22) [ 149.585302][ T7695] FAT-fs (loop3): Directory bread(block 68) failed [ 149.594374][ T5872] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 149.595900][ T7695] FAT-fs (loop3): Directory bread(block 69) failed [ 149.611140][ T7695] FAT-fs (loop3): Directory bread(block 70) failed [ 149.616604][ T5872] usb 1-1: setting power OFF [ 149.622851][ T5872] dvb-usb: bulk message failed: -22 (2/0) [ 149.631444][ T7695] FAT-fs (loop3): Directory bread(block 71) failed [ 149.636305][ T5872] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 149.643829][ T7695] FAT-fs (loop3): Directory bread(block 72) failed [ 149.659613][ T5872] (NULL device *): no alternate interface [ 149.664931][ T7695] FAT-fs (loop3): Directory bread(block 73) failed [ 149.682373][ T7688] dvb-usb: bulk message failed: -22 (3/0) [ 149.697168][ T7688] dvb-usb: bulk message failed: -22 (37/0) [ 149.722842][ T7688] cxusb: i2c rd: len=80 is too big! [ 149.722842][ T7688] [ 149.753091][ T5872] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 149.773406][ T5872] usb 1-1: USB disconnect, device number 11 [ 149.934444][ T7703] loop2: detected capacity change from 0 to 256 [ 149.951279][ T7703] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 149.976983][ T7703] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 149.999029][ T7703] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 150.110086][ T7707] loop3: detected capacity change from 0 to 512 [ 150.117928][ T7707] EXT4-fs: Ignoring removed orlov option [ 150.125404][ T7707] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 150.150437][ T7707] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002] [ 150.168255][ T7707] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2244: inode #15: comm syz.3.670: corrupted in-inode xattr: e_value size too large [ 150.186559][ T7707] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.670: couldn't read orphan inode 15 (err -117) [ 150.208631][ T7707] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 150.241550][ T7713] loop2: detected capacity change from 0 to 1024 [ 150.310970][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.318959][ T7713] hfsplus: keylen 65060 too large [ 150.326213][ T7713] hfsplus: xattr search failed [ 150.433139][ T7717] netlink: 12 bytes leftover after parsing attributes in process `syz.3.674'. [ 150.451419][ T7717] netlink: 28 bytes leftover after parsing attributes in process `syz.3.674'. [ 150.473437][ T7717] netlink: 12 bytes leftover after parsing attributes in process `syz.3.674'. [ 150.513126][ T7717] netlink: 28 bytes leftover after parsing attributes in process `syz.3.674'. [ 150.543602][ T7717] netlink: 'syz.3.674': attribute type 6 has an invalid length. [ 150.674846][ T7725] loop1: detected capacity change from 0 to 22 [ 150.682074][ T7725] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 150.709686][ T7725] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 150.730964][ T7729] loop3: detected capacity change from 0 to 256 [ 150.830998][ T7731] loop0: detected capacity change from 0 to 256 [ 150.851747][ T7731] exfat: Deprecated parameter 'utf8' [ 150.871630][ T7731] exfat: Deprecated parameter 'utf8' [ 150.883257][ T7731] exfat: Deprecated parameter 'namecase' [ 150.889510][ T7731] exfat: Deprecated parameter 'utf8' [ 150.902156][ T7731] exfat: Deprecated parameter 'utf8' [ 150.922202][ T7731] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e8072e, utbl_chksum : 0xe619d30d) [ 151.010331][ T7735] nbd0: detected capacity change from 0 to 127 [ 151.035626][ T5102] block nbd0: Receive control failed (result -32) [ 151.287481][ T7749] loop3: detected capacity change from 0 to 256 [ 151.316613][ T7749] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011a39, chksum : 0xd54015fb, utbl_chksum : 0xe619d30d) [ 151.416760][ T7751] loop2: detected capacity change from 0 to 1024 [ 151.421748][ T7749] exFAT-fs (loop3): error, invalid size(size(1) > aligned(9223372036854777344) [ 151.421748][ T7749] [ 151.441017][ T7749] exFAT-fs (loop3): Filesystem has been set read-only [ 151.449009][ T7751] EXT4-fs: Ignoring removed orlov option [ 151.479288][ T7751] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 151.486148][ T7753] loop0: detected capacity change from 0 to 2048 [ 151.529116][ T7753] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 151.529119][ T7751] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 151.576597][ T7753] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 151.774958][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.175004][ T7768] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 152.197961][ T7768] team0: Port device batadv1 added [ 152.368892][ T7778] loop6: detected capacity change from 0 to 524287999 [ 152.845459][ T7787] loop1: detected capacity change from 0 to 8192 [ 152.872378][ T7788] loop0: detected capacity change from 0 to 4096 [ 152.885063][ T7788] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 153.039939][ T48] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.056241][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 153.056258][ T27] audit: type=1800 audit(2000000054.600:151): pid=7788 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.708" name="file1" dev="loop0" ino=33 res=0 errno=0 [ 153.089629][ T27] audit: type=1800 audit(2000000054.600:152): pid=7788 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.708" name="file3" dev="loop0" ino=31 res=0 errno=0 [ 153.270073][ T48] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.394718][ T48] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.499771][ T48] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.935168][ T5786] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 153.953588][ T5786] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 153.970320][ T5786] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 153.984680][ T5786] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 153.994949][ T5786] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 154.002418][ T5786] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 154.320651][ T786] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 154.533605][ T786] usb 4-1: Using ep0 maxpacket: 16 [ 154.557799][ T786] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 154.591835][ T786] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 154.608077][ T786] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 154.638174][ T786] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 154.685455][ T786] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 154.712907][ T786] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 154.733386][ T786] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 154.753289][ T786] usb 4-1: Manufacturer: syz [ 154.762970][ T786] usb 4-1: config 0 descriptor?? [ 154.854445][ T7834] loop0: detected capacity change from 0 to 1024 [ 154.871822][ T48] gretap0 (unregistering): left promiscuous mode [ 154.965097][ T7834] hfsplus: bad catalog entry type [ 154.998710][ T2921] hfsplus: b-tree write err: -5, ino 4 [ 155.016503][ T7811] chnl_net:caif_netlink_parms(): no params data found [ 155.204627][ T786] rc_core: IR keymap rc-hauppauge not found [ 155.210609][ T786] Registered IR keymap rc-empty [ 155.245298][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.284261][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.330174][ T786] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 155.350559][ T786] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input17 [ 155.368059][ T7811] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.376193][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.380530][ T7811] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.398895][ T7811] bridge_slave_0: entered allmulticast mode [ 155.407614][ T7811] bridge_slave_0: entered promiscuous mode [ 155.424080][ T7811] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.431419][ T7811] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.444420][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.446542][ T7811] bridge_slave_1: entered allmulticast mode [ 155.465188][ T7811] bridge_slave_1: entered promiscuous mode [ 155.483721][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.521520][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.574914][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.613754][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.615327][ T7811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.642483][ T7811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 155.653552][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.681985][ T48] batadv_slave_1: left promiscuous mode [ 155.694902][ T48] hsr_slave_0: left promiscuous mode [ 155.698120][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.708214][ T48] hsr_slave_1: left promiscuous mode [ 155.714918][ T48] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 155.722537][ T48] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 155.731635][ T48] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 155.740612][ T48] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 155.745436][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.756059][ T48] bridge_slave_1: left allmulticast mode [ 155.761756][ T48] bridge_slave_1: left promiscuous mode [ 155.778305][ T48] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.793451][ T786] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.803004][ T48] bridge_slave_0: left allmulticast mode [ 155.812409][ T48] bridge_slave_0: left promiscuous mode [ 155.826511][ T786] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 155.830918][ T48] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.837955][ T786] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 155.868974][ T786] usb 4-1: USB disconnect, device number 14 [ 155.900066][ T48] veth1_macvtap: left promiscuous mode [ 155.906764][ T48] veth0_macvtap: left promiscuous mode [ 155.920619][ T48] veth1_vlan: left promiscuous mode [ 155.928876][ T48] veth0_vlan: left promiscuous mode [ 156.130557][ T5102] Bluetooth: hci3: command tx timeout [ 156.251514][ T48] team0 (unregistering): Port device batadv1 removed [ 156.510951][ T7852] loop1: detected capacity change from 0 to 32768 [ 156.578410][ T7852] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 156.705782][ T7852] XFS (loop1): Ending clean mount [ 156.966587][ T5781] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 157.511486][ T48] team0 (unregistering): Port device team_slave_1 removed [ 157.615585][ T48] team0 (unregistering): Port device team_slave_0 removed [ 157.698062][ T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 157.700939][ T7873] loop3: detected capacity change from 0 to 40427 [ 157.715664][ T48] bond_slave_1 (unregistering): left allmulticast mode [ 157.716102][ T7873] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 157.730600][ T7873] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 157.782669][ T7873] F2FS-fs (loop3): Found nat_bits in checkpoint [ 157.790773][ T48] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 157.802869][ T48] bond_slave_0 (unregistering): left allmulticast mode [ 157.848478][ T7873] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 157.857047][ T7873] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 158.222940][ T5102] Bluetooth: hci3: command tx timeout [ 158.428713][ T7881] loop1: detected capacity change from 0 to 512 [ 158.437483][ T7881] ext4: Unknown parameter 'obj_role' [ 158.746289][ T7889] loop3: detected capacity change from 0 to 64 [ 159.040939][ T48] bond0 (unregistering): Released all slaves [ 159.241520][ T7811] team0: Port device team_slave_0 added [ 159.262562][ T7811] team0: Port device team_slave_1 added [ 159.350957][ T7811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 159.369032][ T7811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 159.403028][ T7811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 159.419189][ T7811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 159.427998][ T7811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 159.455197][ T7811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 159.664593][ T7811] hsr_slave_0: entered promiscuous mode [ 159.672305][ T7811] hsr_slave_1: entered promiscuous mode [ 159.685876][ T7811] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 159.699975][ T7811] Cannot create hsr debugfs directory [ 160.093472][ T5872] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 160.146834][ T7811] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 160.167459][ T7811] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 160.193512][ T7811] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 160.231282][ T7811] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 160.274143][ T5872] usb 4-1: Using ep0 maxpacket: 8 [ 160.284919][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.292492][ T5102] Bluetooth: hci3: command tx timeout [ 160.297252][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 160.321185][ T5872] usb 4-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 160.331801][ T7929] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 160.340415][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.348910][ T7929] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 160.357226][ T7929] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 160.365690][ T5872] usb 4-1: config 0 descriptor?? [ 160.371770][ T7929] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 160.390707][ T7929] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 160.407423][ T7929] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 160.438884][ T7929] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4) [ 160.457079][ T7811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.468878][ T7929] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 160.485512][ T7929] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 160.493020][ T7929] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 160.506285][ T7811] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.516683][ T7929] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 160.524066][ T7929] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 160.538780][ T159] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.543401][ T7929] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4) [ 160.545983][ T159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.561221][ T7929] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4) [ 160.597430][ T159] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.604794][ T159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.772310][ T7939] loop1: detected capacity change from 0 to 128 [ 160.809225][ T5872] holtek 0003:1241:5015.0009: unknown main item tag 0x0 [ 160.843548][ T5872] holtek 0003:1241:5015.0009: unknown main item tag 0x0 [ 160.853918][ T5872] holtek 0003:1241:5015.0009: unknown main item tag 0x0 [ 160.870702][ T5872] holtek 0003:1241:5015.0009: unknown main item tag 0x0 [ 160.880249][ T5872] holtek 0003:1241:5015.0009: unknown main item tag 0x0 [ 160.914504][ T5872] holtek 0003:1241:5015.0009: hidraw0: USB HID vff.ff Device [HID 1241:5015] on usb-dummy_hcd.3-1/input0 [ 160.955777][ T5872] holtek 0003:1241:5015.0009: no inputs found [ 160.980332][ T7942] loop0: detected capacity change from 0 to 2048 [ 161.032710][ T7942] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 161.050956][ T5872] usb 4-1: USB disconnect, device number 15 [ 161.068793][ T7946] loop1: detected capacity change from 0 to 2048 [ 161.080405][ T7946] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! [ 161.090853][ T7811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.125630][ T7946] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 161.309655][ T7951] loop0: detected capacity change from 0 to 128 [ 161.352815][ T7951] VFS: Found a Xenix FS (block size = 512) on device loop0 [ 161.410076][ T7951] syz.0.766: attempt to access beyond end of device [ 161.410076][ T7951] loop0: rw=2049, sector=2066843070, nr_sectors = 1 limit=128 [ 161.435193][ T7951] Buffer I/O error on dev loop0, logical block 2066843070, lost async page write [ 161.448688][ T7951] syz.0.766: attempt to access beyond end of device [ 161.448688][ T7951] loop0: rw=2049, sector=8767744, nr_sectors = 1 limit=128 [ 161.465085][ T7951] Buffer I/O error on dev loop0, logical block 8767744, lost async page write [ 161.491868][ T7951] syz.0.766: attempt to access beyond end of device [ 161.491868][ T7951] loop0: rw=2049, sector=13269809, nr_sectors = 1 limit=128 [ 161.526876][ T7951] Buffer I/O error on dev loop0, logical block 13269809, lost async page write [ 161.562191][ T7951] syz.0.766: attempt to access beyond end of device [ 161.562191][ T7951] loop0: rw=2049, sector=1157, nr_sectors = 1 limit=128 [ 161.587403][ T7951] Buffer I/O error on dev loop0, logical block 1157, lost async page write [ 161.593066][ T7811] veth0_vlan: entered promiscuous mode [ 161.623528][ T7951] syz.0.766: attempt to access beyond end of device [ 161.623528][ T7951] loop0: rw=2049, sector=3211264, nr_sectors = 1 limit=128 [ 161.628580][ T7811] veth1_vlan: entered promiscuous mode [ 161.673341][ T7951] Buffer I/O error on dev loop0, logical block 3211264, lost async page write [ 161.682677][ T7951] syz.0.766: attempt to access beyond end of device [ 161.682677][ T7951] loop0: rw=2049, sector=8768635, nr_sectors = 1 limit=128 [ 161.697642][ T7811] veth0_macvtap: entered promiscuous mode [ 161.711600][ T7811] veth1_macvtap: entered promiscuous mode [ 161.723557][ T7951] Buffer I/O error on dev loop0, logical block 8768635, lost async page write [ 161.732706][ T7951] syz.0.766: attempt to access beyond end of device [ 161.732706][ T7951] loop0: rw=2049, sector=13466417, nr_sectors = 1 limit=128 [ 161.761804][ T7811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.773308][ T7951] Buffer I/O error on dev loop0, logical block 13466417, lost async page write [ 161.788361][ T7811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.788494][ T7951] syz.0.766: attempt to access beyond end of device [ 161.788494][ T7951] loop0: rw=2049, sector=209285, nr_sectors = 1 limit=128 [ 161.816334][ T7958] loop1: detected capacity change from 0 to 4096 [ 161.822797][ T7811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.823872][ T7960] program syz.3.769 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 161.845203][ T7951] Buffer I/O error on dev loop0, logical block 209285, lost async page write [ 161.849492][ T7811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.854428][ T7958] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 161.880115][ T7811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.890978][ T7811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.910745][ T7811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 161.929649][ T7811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.938217][ T7958] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 161.941364][ T7811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.966982][ T7811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.005600][ T7811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.023406][ T7811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.033330][ T7958] ntfs3: loop1: ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" failed to parse mft record [ 162.039846][ T7811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.078714][ T7811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 162.082197][ T5778] sysv_free_block: trying to free block not in datazone [ 162.090327][ T7811] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.102682][ T7811] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.111676][ T7811] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.133299][ T5778] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 162.163479][ T7811] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.186964][ T48] ntfs3: loop1: ino=1e, failed to parse mft record [ 162.341436][ T159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.362671][ T159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 162.373311][ T5102] Bluetooth: hci3: command tx timeout [ 162.463078][ T2921] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.491338][ T2921] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.653513][ T8011] loop0: detected capacity change from 0 to 64 [ 163.702102][ T8009] loop3: detected capacity change from 0 to 4096 [ 163.720012][ T7991] loop1: detected capacity change from 0 to 32768 [ 163.728931][ T7991] XFS: noikeep mount option is deprecated. [ 163.771088][ T7991] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 163.796214][ T8011] Trying to free block not in datazone [ 163.802634][ T8009] ntfs: volume version 3.1. [ 164.006576][ T7991] XFS (loop1): Ending clean mount [ 164.033978][ T7991] XFS (loop1): Quotacheck needed: Please wait. [ 164.122503][ T7991] XFS (loop1): Quotacheck: Done. [ 164.159549][ T8007] loop4: detected capacity change from 0 to 32768 [ 164.183393][ T8007] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.788 (8007) [ 164.212352][ T8007] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 164.223139][ T8007] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 164.232247][ T8007] BTRFS info (device loop4): setting nodatacow, compression disabled [ 164.240855][ T8007] BTRFS info (device loop4): max_inline at 0 [ 164.247107][ T8007] BTRFS info (device loop4): enabling disk space caching [ 164.254551][ T8007] BTRFS info (device loop4): turning off barriers [ 164.261013][ T8007] BTRFS info (device loop4): turning on flush-on-commit [ 164.268682][ T8007] BTRFS info (device loop4): doing ref verification [ 164.277774][ T8007] BTRFS info (device loop4): force clearing of disk cache [ 164.280991][ T5781] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 164.286266][ T8007] BTRFS info (device loop4): enabling ssd optimizations [ 164.301310][ T8007] BTRFS info (device loop4): max_inline at 4096 [ 164.307833][ T8007] BTRFS info (device loop4): disk space caching is enabled [ 164.430419][ T8034] loop3: detected capacity change from 0 to 2048 [ 164.463442][ T8007] BTRFS info (device loop4): auto enabling async discard [ 164.482603][ T8034] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 164.514066][ T8007] BTRFS info (device loop4): rebuilding free space tree [ 164.562812][ T8034] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 164.576708][ T8007] BTRFS info (device loop4): disabling free space tree [ 164.599558][ T8007] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 164.614706][ T8007] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 164.678762][ T27] audit: type=1800 audit(2000000066.220:153): pid=8007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.788" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 164.945682][ T8048] loop1: detected capacity change from 0 to 4096 [ 165.085899][ T7811] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 165.284434][ T8054] netlink: 8 bytes leftover after parsing attributes in process `syz.1.802'. [ 165.612709][ T8063] loop3: detected capacity change from 0 to 64 [ 165.640473][ T8046] loop0: detected capacity change from 0 to 32768 [ 165.708625][ T8063] ieee802154 phy0 wpan0: encryption failed: -90 [ 165.728381][ T8046] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 165.849677][ T8046] XFS (loop0): Ending clean mount [ 165.864877][ T8071] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4) [ 165.872078][ T8071] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 165.907846][ T8071] vhci_hcd vhci_hcd.0: Device attached [ 166.007912][ T5778] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 166.193915][ T5871] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 166.201580][ T28] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 166.336495][ T8097] loop1: detected capacity change from 0 to 4096 [ 166.350754][ T8097] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 166.381331][ T8097] ntfs: (device loop1): ntfs_read_locked_inode(): Corrupt standard information attribute in inode. [ 166.392452][ T8097] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 166.410823][ T8097] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 166.413296][ T28] usb 5-1: Using ep0 maxpacket: 16 [ 166.428709][ T8097] ntfs: volume version 3.1. [ 166.442424][ T28] usb 5-1: config 0 has no interfaces? [ 166.449137][ T28] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 166.470814][ T28] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.491708][ T28] usb 5-1: config 0 descriptor?? [ 166.615334][ T159] ntfs: (device loop1): ntfs_write_block(): Writing beyond initialized size is not supported yet. Sorry. [ 166.634592][ T5781] ntfs: (device loop1): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 166.635397][ T8095] loop3: detected capacity change from 0 to 32768 [ 166.655417][ T8095] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.817 (8095) [ 166.680719][ T8095] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 166.700771][ T8095] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 166.710058][ T8095] BTRFS info (device loop3): turning on sync discard [ 166.721798][ T8095] BTRFS info (device loop3): enabling auto defrag [ 166.730035][ T8095] BTRFS info (device loop3): doing ref verification [ 166.741689][ T8095] BTRFS info (device loop3): use no compression [ 166.749330][ T8095] BTRFS info (device loop3): force clearing of disk cache [ 166.761714][ T8095] BTRFS info (device loop3): disabling free space tree [ 166.765092][ T28] usb 5-1: USB disconnect, device number 2 [ 166.771582][ T8077] vhci_hcd: connection closed [ 166.783003][ T159] vhci_hcd: stop threads [ 166.793634][ T159] vhci_hcd: release socket [ 166.800746][ T159] vhci_hcd: disconnect device [ 166.822091][ T8095] BTRFS info (device loop3): enabling ssd optimizations [ 166.830067][ T5871] vhci_hcd: vhci_device speed not set [ 166.841333][ T8095] BTRFS info (device loop3): rebuilding free space tree [ 166.864699][ T8095] BTRFS info (device loop3): disabling free space tree [ 166.880289][ T8095] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 166.890472][ T8095] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 166.949448][ T27] audit: type=1800 audit(2000000068.490:154): pid=8095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.817" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 166.988892][ T27] audit: type=1804 audit(2000000068.530:155): pid=8095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.817" name="/newroot/183/file1/file1" dev="loop3" ino=260 res=1 errno=0 [ 167.042840][ T5780] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 168.029419][ T8142] loop4: detected capacity change from 0 to 1024 [ 168.303727][ T60] hfsplus: b-tree write err: -5, ino 4 [ 169.176929][ T8153] loop0: detected capacity change from 0 to 40427 [ 169.195332][ T8153] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 169.202343][ T8153] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 169.222484][ T8153] F2FS-fs (loop0): build fault injection attr: rate: 17008, type: 0x7ffff [ 169.244666][ T8153] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x1f8 [ 169.266091][ T8179] loop1: detected capacity change from 0 to 512 [ 169.279442][ T8153] F2FS-fs (loop0): invalid crc value [ 169.295792][ T8179] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 169.324193][ T8153] F2FS-fs (loop0): Found nat_bits in checkpoint [ 169.363374][ T8179] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 169.383632][ T8179] ext4 filesystem being mounted at /233/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 169.458343][ T8153] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 169.483296][ T8153] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 169.560151][ T8173] loop4: detected capacity change from 0 to 40427 [ 169.593534][ T8173] F2FS-fs (loop4): heap/no_heap options were deprecated [ 169.614838][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.636563][ T8173] F2FS-fs (loop4): invalid crc value [ 169.672951][ T8173] F2FS-fs (loop4): Found nat_bits in checkpoint [ 169.692449][ T8153] syz.0.834: attempt to access beyond end of device [ 169.692449][ T8153] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 169.720642][ T8153] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 169.811382][ T8173] F2FS-fs (loop4): Start checkpoint disabled! [ 169.833337][ T8173] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 170.205252][ T42] kworker/u4:2: attempt to access beyond end of device [ 170.205252][ T42] loop4: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 170.236279][ T42] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 170.244581][ T42] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 170.251752][ T42] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 170.757734][ T8204] loop1: detected capacity change from 0 to 32768 [ 171.252905][ T8231] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 171.261059][ T8231] syzkaller0: linktype set to 270 [ 171.703452][ T5815] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 171.851992][ T8233] loop4: detected capacity change from 0 to 32768 [ 171.860006][ T8233] XFS: ikeep mount option is deprecated. [ 171.894811][ T8233] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 171.907121][ T5815] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 171.926779][ T5815] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.942184][ T5815] usb 2-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 171.953012][ T5815] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.983025][ T5815] usb 2-1: config 0 descriptor?? [ 172.057409][ T8233] XFS (loop4): Ending clean mount [ 172.071650][ T8233] XFS (loop4): Quotacheck needed: Please wait. [ 172.087522][ T8243] loop3: detected capacity change from 0 to 32768 [ 172.120503][ T8233] XFS (loop4): Quotacheck: Done. [ 172.129032][ T8255] block nbd1: server does not support multiple connections per device. [ 172.144088][ T8255] block nbd1: shutting down sockets [ 172.288766][ T8233] XFS (loop4): Metadata corruption detected at xfs_dinode_verify+0x2b9/0x1140, inode 0x244b dinode [ 172.325971][ T8233] XFS (loop4): Unmount and run xfs_repair [ 172.343061][ T8233] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 172.365268][ T8233] 00000000: 49 4e 00 00 03 00 00 00 00 00 00 00 00 00 00 00 IN.............. [ 172.388079][ T8233] 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 172.403294][ T8233] 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 172.422142][ T8233] 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 172.428351][ T5815] sony 0003:054C:024B.000A: unknown main item tag 0x0 [ 172.442090][ T8233] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 172.450017][ T5815] sony 0003:054C:024B.000A: unknown main item tag 0x0 [ 172.452470][ T8233] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 172.471277][ T8233] 00000060: ff ff ff ff e6 8a f7 29 00 00 00 00 00 00 00 00 .......)........ [ 172.473400][ T5815] sony 0003:054C:024B.000A: unexpected long global item [ 172.481935][ T8233] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 172.507962][ T5815] sony 0003:054C:024B.000A: parse failed [ 172.518954][ T8233] XFS (loop4): Internal error xfs_trans_cancel at line 1096 of file fs/xfs/xfs_trans.c. Caller xfs_create+0x774/0xe60 [ 172.520537][ T5815] sony: probe of 0003:054C:024B.000A failed with error -22 [ 172.555838][ T8233] CPU: 1 PID: 8233 Comm: syz.4.864 Not tainted syzkaller #0 [ 172.563218][ T8233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 172.573310][ T8233] Call Trace: [ 172.576623][ T8233] [ 172.579595][ T8233] dump_stack_lvl+0x16c/0x230 [ 172.584318][ T8233] ? show_regs_print_info+0x20/0x20 [ 172.589732][ T8233] ? xfs_ialloc_inode_init+0xb30/0xb30 [ 172.595228][ T8233] ? xfs_trans_reserve_quota_icreate+0xa0/0xe0 [ 172.601434][ T8233] ? xfs_error_report+0x92/0xd0 [ 172.606334][ T8233] ? xfs_create+0x774/0xe60 [ 172.610885][ T8233] ? xfs_create+0x774/0xe60 [ 172.615438][ T8233] xfs_trans_cancel+0x1b8/0x3c0 [ 172.620408][ T8233] ? xfs_create+0x774/0xe60 [ 172.624953][ T8233] xfs_create+0x774/0xe60 [ 172.629325][ T8233] ? mb_cache_destroy+0x2c0/0x2c0 [ 172.634426][ T8233] ? xfs_inode_inherit_flags2+0x320/0x320 [ 172.640413][ T8233] ? get_inode_acl+0x30/0x30 [ 172.645157][ T8233] ? xfs_ip2xflags+0x1c0/0x1c0 [ 172.650029][ T8233] ? current_umask+0x16/0x70 [ 172.654851][ T8233] ? posix_acl_create+0x169/0x440 [ 172.659940][ T8233] xfs_generic_create+0x32d/0xa00 [ 172.665020][ T8233] ? xfs_vn_tmpfile+0xd0/0xd0 [ 172.669758][ T8233] ? from_kgid+0x15d/0x680 [ 172.674251][ T8233] ? inode_permission+0xf3/0x480 [ 172.679253][ T8233] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 172.684412][ T8233] ? security_inode_mkdir+0xb7/0x100 [ 172.689844][ T8233] vfs_mkdir+0x296/0x440 [ 172.694171][ T8233] do_mkdirat+0x1d4/0x440 [ 172.698564][ T8233] ? vfs_mkdir+0x440/0x440 [ 172.703049][ T8233] __x64_sys_mkdirat+0x89/0xa0 [ 172.707881][ T8233] do_syscall_64+0x55/0xb0 [ 172.712441][ T8233] ? clear_bhb_loop+0x40/0x90 [ 172.717163][ T8233] ? clear_bhb_loop+0x40/0x90 [ 172.721905][ T8233] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 172.727876][ T8233] RIP: 0033:0x7f1e5818d457 [ 172.732340][ T8233] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.735346][ T5815] usb 2-1: USB disconnect, device number 8 [ 172.752057][ T8233] RSP: 002b:00007f1e58fc7e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 172.752091][ T8233] RAX: ffffffffffffffda RBX: 00007f1e58fc7ef0 RCX: 00007f1e5818d457 [ 172.752106][ T8233] RDX: 00000000000001ff RSI: 0000200000000140 RDI: 00000000ffffff9c [ 172.752119][ T8233] RBP: 0000000000000000 R08: 0000200000000000 R09: 0000000000000000 [ 172.752131][ T8233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000140 [ 172.752144][ T8233] R13: 00007f1e58fc7eb0 R14: 0000000000000000 R15: 0000000000000000 [ 172.752177][ T8233] [ 172.828583][ T8233] XFS (loop4): Corruption of in-memory data (0x8) detected at xfs_trans_cancel+0x1d1/0x3c0 (fs/xfs/xfs_trans.c:1097). Shutting down filesystem. [ 172.884737][ T8233] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 173.030174][ T7811] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 173.378295][ T8259] loop3: detected capacity change from 0 to 32768 [ 173.723363][ T5871] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 173.907911][ T5871] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 173.929042][ T8278] sctp: [Deprecated]: syz.3.882 (pid 8278) Use of struct sctp_assoc_value in delayed_ack socket option. [ 173.929042][ T8278] Use struct sctp_sack_info instead [ 173.948319][ T5871] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.974024][ T5871] usb 5-1: Product: syz [ 173.978267][ T5871] usb 5-1: Manufacturer: syz [ 173.982909][ T5871] usb 5-1: SerialNumber: syz [ 174.009514][ T5871] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 174.058462][ T786] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 174.922852][ T8297] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 174.957319][ T8297] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 175.047963][ T8308] loop0: detected capacity change from 0 to 128 [ 175.163992][ T786] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 175.197042][ T786] ath9k_htc: Failed to initialize the device [ 175.242696][ T786] usb 5-1: ath9k_htc: USB layer deinitialized [ 175.288055][ T968] usb 5-1: USB disconnect, device number 3 [ 175.629161][ T8301] loop3: detected capacity change from 0 to 40427 [ 175.649462][ T8301] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x7ffff [ 175.677199][ T8301] F2FS-fs (loop3): invalid crc value [ 175.705304][ T8301] F2FS-fs (loop3): Found nat_bits in checkpoint [ 175.720316][ T8327] netlink: 36 bytes leftover after parsing attributes in process `syz.0.902'. [ 175.791995][ T8301] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 175.989373][ T5780] syz-executor: attempt to access beyond end of device [ 175.989373][ T5780] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 176.013652][ T5780] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 176.383134][ T8337] loop4: detected capacity change from 0 to 4096 [ 176.444043][ T8337] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 176.514015][ T8337] ntfs3: loop4: Failed to load $Extend (-22). [ 176.520179][ T8337] ntfs3: loop4: Failed to initialize $Extend. [ 176.632487][ T8330] loop0: detected capacity change from 0 to 32768 [ 176.652992][ T27] audit: type=1800 audit(2000000078.190:156): pid=8337 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.907" name="file1" dev="loop4" ino=30 res=0 errno=0 [ 177.669566][ T968] kernel write not supported for file /59/clear_refs (pid: 968 comm: kworker/0:2) [ 177.864867][ T8351] loop0: detected capacity change from 0 to 32768 [ 177.960390][ T8375] loop4: detected capacity change from 0 to 8 [ 178.386276][ T8380] loop4: detected capacity change from 0 to 2048 [ 178.419194][ T8380] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 178.451959][ T8380] EXT4-fs (loop4): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 178.489700][ T8382] loop0: detected capacity change from 0 to 4096 [ 178.517116][ T8380] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.567329][ T8380] EXT4-fs (loop4): shut down requested (1) [ 178.636578][ T8376] loop3: detected capacity change from 0 to 32768 [ 178.645238][ T8376] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.925 (8376) [ 178.665088][ T8376] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 178.677669][ T7811] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.693634][ T8376] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 178.710445][ T8376] BTRFS info (device loop3): enabling ssd optimizations [ 178.723362][ T8376] BTRFS info (device loop3): using spread ssd allocation scheme [ 178.739205][ T8376] BTRFS info (device loop3): setting nodatacow, compression disabled [ 178.758290][ T8376] BTRFS info (device loop3): not using ssd optimizations [ 178.783314][ T8376] BTRFS info (device loop3): not using spread ssd allocation scheme [ 178.791525][ T8376] BTRFS info (device loop3): max_inline at 0 [ 178.824672][ T8376] BTRFS info (device loop3): using free space tree [ 178.891842][ T8373] loop1: detected capacity change from 0 to 32768 [ 178.932640][ T8373] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 178.971246][ T8373] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 178.993448][ T8376] BTRFS info (device loop3): auto enabling async discard [ 179.027804][ T8373] (syz.1.924,8373,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len % 4 != 0 - offset=312, inode=13845347915746889, rec_len=25793, name_len=214 [ 179.115270][ T5781] ocfs2: Unmounting device (7,1) on (node local) [ 179.175554][ T5780] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 179.577255][ T5873] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 179.775575][ T5873] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 179.793482][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.805760][ T5873] usb 5-1: config 0 descriptor?? [ 179.813159][ T5873] cp210x 5-1:0.0: cp210x converter detected [ 180.005125][ T8424] loop1: detected capacity change from 0 to 32768 [ 180.013918][ T8424] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.934 (8424) [ 180.033004][ T8424] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 180.059776][ T8424] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 180.068694][ T8424] BTRFS info (device loop1): using free space tree [ 180.118649][ T8424] BTRFS info (device loop1): enabling ssd optimizations [ 180.125515][ T8452] loop3: detected capacity change from 0 to 128 [ 180.132236][ T8424] BTRFS info (device loop1): auto enabling async discard [ 180.196058][ T8452] FAT-fs (loop3): error, corrupted directory (invalid i_start) [ 180.213549][ T8452] FAT-fs (loop3): Filesystem has been set read-only [ 180.221422][ T5873] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 180.235383][ T5781] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 180.250873][ T5873] usb 5-1: cp210x converter now attached to ttyUSB0 [ 180.461148][ T5873] usb 5-1: USB disconnect, device number 4 [ 180.492667][ T5873] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 180.518567][ T5873] cp210x 5-1:0.0: device disconnected [ 180.621852][ T8459] tap0: tun_chr_ioctl cmd 1074025681 [ 180.798146][ T8467] loop3: detected capacity change from 0 to 4096 [ 180.815832][ T8465] loop1: detected capacity change from 0 to 4096 [ 180.827275][ T8468] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 180.831038][ T8465] ntfs: (device loop1): ntfs_read_locked_inode(): Corrupt standard information attribute in inode. [ 180.849760][ T8465] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 180.865371][ T8465] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 180.880556][ T8465] ntfs: volume version 3.1. [ 180.919917][ T8467] syz.3.949 (8467) used greatest stack depth: 19368 bytes left [ 180.972123][ T11] ntfs: (device loop1): ntfs_write_block(): Writing beyond initialized size is not supported yet. Sorry. [ 180.985538][ T5781] ntfs: (device loop1): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 181.326620][ T8482] ref_ctr_offset mismatch. inode: 0xd5 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x4 [ 181.470093][ T8486] loop4: detected capacity change from 0 to 2048 [ 181.498692][ T8486] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 181.709487][ T8472] loop1: detected capacity change from 0 to 32768 [ 181.717187][ T8472] XFS: noikeep mount option is deprecated. [ 181.728397][ T8472] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 181.760405][ T8472] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 181.783501][ T8472] XFS (loop1): Starting recovery (logdev: internal) [ 181.803671][ T8472] XFS (loop1): Ending recovery (logdev: internal) [ 181.845397][ T5781] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 182.523686][ T5873] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 182.673029][ T8522] loop3: detected capacity change from 0 to 8192 [ 182.715321][ T8522] loop3: p1 p2 p3 p4 [ 182.728548][ T8522] loop3: partition table partially beyond EOD, truncated [ 182.741713][ T8522] loop3: p1 start 16777216 is beyond EOD, truncated [ 182.748934][ T5873] usb 2-1: Using ep0 maxpacket: 32 [ 182.762804][ T8522] loop3: p2 size 515840 extends beyond EOD, truncated [ 182.772506][ T5873] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 182.790715][ T5873] usb 2-1: config 0 has no interface number 0 [ 182.797986][ T8522] loop3: p3 start 67108864 is beyond EOD, truncated [ 182.806589][ T8522] loop3: p4 size 33554432 extends beyond EOD, truncated [ 182.816155][ T5873] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 182.829827][ T5873] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.840805][ T5873] usb 2-1: Product: syz [ 182.848546][ T5873] usb 2-1: Manufacturer: syz [ 182.859350][ T5873] usb 2-1: SerialNumber: syz [ 182.868515][ T5873] usb 2-1: config 0 descriptor?? [ 182.886777][ T5873] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 182.903235][ T5873] usb 2-1: selecting invalid altsetting 1 [ 182.914002][ T5873] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 182.939742][ T5873] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 182.954117][ T5873] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 182.968325][ T5873] usb 2-1: media controller created [ 183.014788][ T5873] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 183.142342][ T5873] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-32 [ 183.150716][ T8539] loop0: detected capacity change from 0 to 256 [ 183.178189][ T5873] zl10353_read_register: readreg error (reg=127, ret==-32) [ 183.390614][ T8545] loop0: detected capacity change from 0 to 2048 [ 183.723488][ T5102] Bluetooth: hci3: command tx timeout [ 183.775387][ T8554] netlink: 4 bytes leftover after parsing attributes in process `syz.4.987'. [ 184.291848][ T8513] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 184.324877][ T5873] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 184.414904][ T5873] usb 2-1: USB disconnect, device number 9 [ 185.437037][ T8581] netlink: 152 bytes leftover after parsing attributes in process `syz.0.999'. [ 185.456495][ T8581] netlink: 20 bytes leftover after parsing attributes in process `syz.0.999'. [ 185.666033][ T8583] loop0: detected capacity change from 0 to 1024 [ 185.699019][ T8583] EXT4-fs: Ignoring removed orlov option [ 185.734130][ T8583] EXT4-fs: Ignoring removed nomblk_io_submit option [ 186.110878][ T8579] loop4: detected capacity change from 0 to 32768 [ 186.134248][ T8579] XFS: noikeep mount option is deprecated. [ 186.205793][ T8579] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 186.318397][ T8579] XFS (loop4): invalid iclog size (4096 bytes), using lsunit (32768 bytes) [ 186.348008][ T8579] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 186.411326][ T8579] XFS (loop4): Starting recovery (logdev: internal) [ 186.455294][ T8579] XFS (loop4): Ending recovery (logdev: internal) [ 186.461931][ T8606] loop0: detected capacity change from 0 to 1024 [ 186.636479][ T7811] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 186.646770][ T8608] loop0: detected capacity change from 0 to 8 [ 187.713294][ T8614] loop1: detected capacity change from 0 to 40427 [ 187.737813][ T8614] F2FS-fs (loop1): invalid crc value [ 187.751639][ T8614] F2FS-fs (loop1): Found nat_bits in checkpoint [ 187.883478][ T8614] F2FS-fs (loop1): Start checkpoint disabled! [ 187.933375][ T8614] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 188.031501][ T27] audit: type=1800 audit(2000000089.570:157): pid=8614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1012" name="file1" dev="loop1" ino=10 res=0 errno=0 [ 188.245656][ T2921] kworker/u4:7: attempt to access beyond end of device [ 188.245656][ T2921] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 188.280859][ T2921] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 188.290995][ T2921] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 188.320841][ T8624] netlink: 452 bytes leftover after parsing attributes in process `syz.4.1016'. [ 188.844648][ T5786] Bluetooth: hci4: command 0x1003 tx timeout [ 188.852075][ T5102] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 189.091007][ T8637] loop1: detected capacity change from 0 to 1024 [ 189.157067][ T8639] loop4: detected capacity change from 0 to 2048 [ 189.213401][ T8639] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 189.903787][ T28] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 189.943989][ T8641] loop0: detected capacity change from 0 to 32768 [ 189.978152][ T8641] ocfs2: Readonly device (7,0) detected. Cluster services will not be used for this mount. Recovery will be skipped. [ 189.992024][ T8641] ocfs2: Mounting device (7,0) on (node local, slot 65535) with ordered data mode. [ 190.086624][ T5778] INFO: trying to register non-static key. [ 190.092490][ T5778] The code is fine but needs lockdep annotation, or maybe [ 190.099617][ T5778] you didn't initialize this object before use? [ 190.105997][ T5778] turning off the locking correctness validator. [ 190.112526][ T5778] CPU: 0 PID: 5778 Comm: syz-executor Not tainted syzkaller #0 [ 190.120100][ T5778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 190.130183][ T5778] Call Trace: [ 190.133491][ T5778] [ 190.136531][ T5778] dump_stack_lvl+0x16c/0x230 [ 190.141270][ T5778] ? show_regs_print_info+0x20/0x20 [ 190.145152][ T28] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 190.146574][ T5778] ? load_image+0x3b0/0x3b0 [ 190.146602][ T5778] ? __is_module_percpu_address+0x219/0x380 [ 190.166104][ T28] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 190.167652][ T5778] ? __is_kernel_percpu_address+0x133/0x270 [ 190.182794][ T5778] assign_lock_key+0x1f9/0x230 [ 190.187605][ T5778] ? SOFTIRQ_verbose+0x10/0x10 [ 190.188021][ T28] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 190.192387][ T5778] ? deref_stack_reg+0x1bd/0x240 [ 190.206490][ T5778] register_lock_class+0x212/0x890 [ 190.211655][ T5778] ? mark_lock+0x94/0x320 [ 190.216017][ T5778] ? is_dynamic_key+0x260/0x260 [ 190.216546][ T28] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.220887][ T5778] ? __lock_acquire+0x1334/0x7c80 [ 190.220914][ T5778] __lock_acquire+0x17a/0x7c80 [ 190.239224][ T5778] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 190.245183][ T28] usb 5-1: config 0 descriptor?? [ 190.245408][ T5778] ? __kernel_text_address+0xd/0x30 [ 190.255664][ T5778] ? verify_lock_unused+0x140/0x140 [ 190.261158][ T5778] ? arch_stack_walk+0x160/0x190 [ 190.266226][ T5778] ? verify_lock_unused+0x140/0x140 [ 190.271462][ T5778] ? stack_trace_save+0x9c/0xe0 [ 190.276350][ T5778] ? stack_trace_snprint+0xf0/0xf0 [ 190.281598][ T5778] lock_acquire+0x197/0x410 [ 190.286221][ T5778] ? ocfs2_mark_lockres_freeing+0x126/0x570 [ 190.292247][ T5778] ? __asan_memset+0x22/0x40 [ 190.296910][ T5778] ? read_lock_is_recursive+0x20/0x20 [ 190.302586][ T5778] ? seqcount_lockdep_reader_access+0x124/0x1c0 [ 190.308878][ T5778] ? lockdep_hardirqs_on+0x98/0x150 [ 190.314163][ T5778] _raw_spin_lock_irqsave+0xa8/0xf0 [ 190.319406][ T5778] ? ocfs2_mark_lockres_freeing+0x126/0x570 [ 190.325338][ T5778] ? _raw_spin_lock+0x40/0x40 [ 190.330155][ T5778] ? read_tsc+0x9/0x20 [ 190.334256][ T5778] ? ktime_get+0x24b/0x280 [ 190.338708][ T5778] ocfs2_mark_lockres_freeing+0x126/0x570 [ 190.344469][ T5778] ? ocfs2_dlm_shutdown+0x240/0x240 [ 190.349790][ T5778] ? ocfs2_journal_shutdown+0x62c/0xaa0 [ 190.355381][ T5778] ? ocfs2_journal_submit_inode_data_buffers+0x1b0/0x1b0 [ 190.362540][ T5778] ? __kmem_cache_free+0xba/0x1f0 [ 190.367696][ T5778] ocfs2_dlm_shutdown+0x3a/0x240 [ 190.372673][ T5778] ocfs2_dismount_volume+0x44b/0x890 [ 190.378077][ T5778] ? ocfs2_enable_quotas+0x440/0x440 [ 190.383407][ T5778] ? clear_inode+0x150/0x150 [ 190.388035][ T5778] ? ocfs2_free_inode+0x30/0x30 [ 190.392923][ T5778] generic_shutdown_super+0x134/0x2b0 [ 190.398350][ T5778] kill_block_super+0x44/0x90 [ 190.403114][ T5778] deactivate_locked_super+0x97/0x100 [ 190.408544][ T5778] cleanup_mnt+0x429/0x4c0 [ 190.413004][ T5778] task_work_run+0x1ce/0x250 [ 190.417636][ T5778] ? task_work_cancel+0x240/0x240 [ 190.422908][ T5778] ? exit_to_user_mode_loop+0x3b/0x110 [ 190.428412][ T5778] exit_to_user_mode_loop+0xe6/0x110 [ 190.433738][ T5778] exit_to_user_mode_prepare+0xb1/0x140 [ 190.439338][ T5778] syscall_exit_to_user_mode+0x1a/0x50 [ 190.444928][ T5778] do_syscall_64+0x61/0xb0 [ 190.449379][ T5778] ? clear_bhb_loop+0x40/0x90 [ 190.454102][ T5778] ? clear_bhb_loop+0x40/0x90 [ 190.458806][ T5778] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 190.464742][ T5778] RIP: 0033:0x7f52b198ff17 [ 190.469063][ T28] usb 5-1: USB disconnect, device number 5 [ 190.469258][ T5778] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 190.495048][ T5778] RSP: 002b:00007ffd360d8b68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 190.503763][ T5778] RAX: 0000000000000000 RBX: 00007f52b1a11c05 RCX: 00007f52b198ff17 [ 190.511856][ T5778] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd360d8c20 [ 190.519866][ T5778] RBP: 00007ffd360d8c20 R08: 0000000000000000 R09: 0000000000000000 [ 190.528135][ T5778] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd360d9cb0 [ 190.536224][ T5778] R13: 00007f52b1a11c05 R14: 000000000002e635 R15: 00007ffd360d9cf0 [ 190.544417][ T5778] [ 190.558061][ T5778] ocfs2: Unmounting device (7,0) on (node local) [ 190.581342][ T5778] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN [ 190.593241][ T5778] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 190.601788][ T5778] CPU: 1 PID: 5778 Comm: syz-executor Not tainted syzkaller #0 [ 190.609364][ T5778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 190.619459][ T5778] RIP: 0010:ocfs2_evict_inode+0x2a4d/0x3e60 [ 190.625856][ T5778] Code: 02 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 74 99 8a fe 4d 01 ee 48 8b 1b 48 83 c3 08 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 54 99 8a fe 48 8b 3b 49 81 c7 90 [ 190.645501][ T5778] RSP: 0018:ffffc90003dd7340 EFLAGS: 00010202 [ 190.651693][ T5778] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888025640000 [ 190.659790][ T5778] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 190.667795][ T5778] RBP: ffffc90003dd7a70 R08: ffff88805d1ba277 R09: 1ffff1100ba3744e [ 190.675886][ T5778] R10: dffffc0000000000 R11: ffffed100ba3744f R12: 1ffff1100ba3747c [ 190.683893][ T5778] R13: dffffc0000000000 R14: fffff520007bae78 R15: ffff88805d1ba4f8 [ 190.691898][ T5778] FS: 0000555561c33500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 190.700949][ T5778] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 190.707568][ T5778] CR2: 000000110c3a8237 CR3: 0000000060c91000 CR4: 00000000003506e0 [ 190.715659][ T5778] Call Trace: [ 190.719090][ T5778] [ 190.722092][ T5778] ? __kasan_record_aux_stack+0xaf/0xc0 [ 190.727671][ T5778] ? call_rcu+0x158/0x930 [ 190.732037][ T5778] ? __schedule+0x14da/0x44d0 [ 190.736763][ T5778] ? ocfs2_dismount_volume+0x55b/0x890 [ 190.742340][ T5778] ? ocfs2_sync_blockdev+0x40/0x40 [ 190.747571][ T5778] ? task_work_run+0x1ce/0x250 [ 190.752367][ T5778] ? exit_to_user_mode_loop+0xe6/0x110 [ 190.757869][ T5778] ? exit_to_user_mode_prepare+0xb1/0x140 [ 190.763738][ T5778] ? syscall_exit_to_user_mode+0x1a/0x50 [ 190.769504][ T5778] ? do_syscall_64+0x61/0xb0 [ 190.774144][ T5778] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 190.780296][ T5778] ? rcu_rdp_is_offloaded+0x66/0x180 [ 190.785893][ T5778] ? rcu_is_watching+0x15/0xb0 [ 190.791065][ T5778] ? rcu_is_watching+0x15/0xb0 [ 190.795968][ T5778] ? lock_release+0xba/0x8b0 [ 190.800590][ T5778] ? xfd_validate_state+0x6d/0x150 [ 190.805739][ T5778] ? save_fpregs_to_fpstate+0xa3/0x210 [ 190.811246][ T5778] ? rcu_is_watching+0x15/0xb0 [ 190.816052][ T5778] ? lock_release+0xba/0x8b0 [ 190.820673][ T5778] ? rcu_is_watching+0x15/0xb0 [ 190.825483][ T5778] ? lock_release+0xba/0x8b0 [ 190.830134][ T5778] ? rcu_is_watching+0x15/0xb0 [ 190.834940][ T5778] ? rcu_is_watching+0x15/0xb0 [ 190.839742][ T5778] ? lock_release+0xba/0x8b0 [ 190.844543][ T5778] ? __lock_acquire+0x7c80/0x7c80 [ 190.849598][ T5778] ? do_raw_spin_lock+0x121/0x2c0 [ 190.854742][ T5778] ? __rwlock_init+0x150/0x150 [ 190.859546][ T5778] ? do_raw_spin_unlock+0x121/0x230 [ 190.864865][ T5778] ? _raw_spin_unlock+0x28/0x40 [ 190.869765][ T5778] ? inode_wait_for_writeback+0x1b4/0x200 [ 190.875608][ T5778] ? sb_clear_inode_writeback+0x360/0x360 [ 190.881376][ T5778] ? do_raw_spin_lock+0x121/0x2c0 [ 190.886441][ T5778] ? bit_waitqueue+0x30/0x30 [ 190.891123][ T5778] ? do_raw_spin_unlock+0x121/0x230 [ 190.896548][ T5778] ? ocfs2_sync_blockdev+0x40/0x40 [ 190.901699][ T5778] evict+0x486/0x870 [ 190.905713][ T5778] ? __lock_acquire+0x7c80/0x7c80 [ 190.910784][ T5778] ? proc_nr_inodes+0x230/0x230 [ 190.915753][ T5778] ? do_raw_spin_unlock+0x121/0x230 [ 190.920988][ T5778] ? _raw_spin_unlock+0x28/0x40 [ 190.925967][ T5778] ? iput+0x70a/0x920 [ 190.929986][ T5778] ocfs2_free_slot_info+0x79/0x250 [ 190.935143][ T5778] ocfs2_delete_osb+0x58/0x170 [ 190.939942][ T5778] ocfs2_dismount_volume+0x55b/0x890 [ 190.945437][ T5778] ? ocfs2_enable_quotas+0x440/0x440 [ 190.950756][ T5778] ? clear_inode+0x150/0x150 [ 190.955385][ T5778] ? ocfs2_free_inode+0x30/0x30 [ 190.960512][ T5778] generic_shutdown_super+0x134/0x2b0 [ 190.966014][ T5778] kill_block_super+0x44/0x90 [ 190.970899][ T5778] deactivate_locked_super+0x97/0x100 [ 190.976310][ T5778] cleanup_mnt+0x429/0x4c0 [ 190.980755][ T5778] task_work_run+0x1ce/0x250 [ 190.985382][ T5778] ? task_work_cancel+0x240/0x240 [ 190.990445][ T5778] ? exit_to_user_mode_loop+0x3b/0x110 [ 190.996028][ T5778] exit_to_user_mode_loop+0xe6/0x110 [ 191.001347][ T5778] exit_to_user_mode_prepare+0xb1/0x140 [ 191.007113][ T5778] syscall_exit_to_user_mode+0x1a/0x50 [ 191.012620][ T5778] do_syscall_64+0x61/0xb0 [ 191.017076][ T5778] ? clear_bhb_loop+0x40/0x90 [ 191.021882][ T5778] ? clear_bhb_loop+0x40/0x90 [ 191.026592][ T5778] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 191.032531][ T5778] RIP: 0033:0x7f52b198ff17 [ 191.037035][ T5778] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 191.056672][ T5778] RSP: 002b:00007ffd360d8b68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 191.065209][ T5778] RAX: 0000000000000000 RBX: 00007f52b1a11c05 RCX: 00007f52b198ff17 [ 191.073216][ T5778] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd360d8c20 [ 191.081221][ T5778] RBP: 00007ffd360d8c20 R08: 0000000000000000 R09: 0000000000000000 [ 191.083495][ T50] Bluetooth: hci2: command 0x0406 tx timeout [ 191.089299][ T5778] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd360d9cb0 [ 191.095377][ T50] Bluetooth: hci0: command 0x0406 tx timeout [ 191.103512][ T5778] R13: 00007f52b1a11c05 R14: 000000000002e635 R15: 00007ffd360d9cf0 [ 191.103536][ T5778] [ 191.103543][ T5778] Modules linked in: [ 191.134815][ T5778] ---[ end trace 0000000000000000 ]--- [ 191.141317][ T5778] RIP: 0010:ocfs2_evict_inode+0x2a4d/0x3e60 [ 191.179075][ T5778] Code: 02 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 74 99 8a fe 4d 01 ee 48 8b 1b 48 83 c3 08 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 54 99 8a fe 48 8b 3b 49 81 c7 90 [ 191.211411][ T5778] RSP: 0018:ffffc90003dd7340 EFLAGS: 00010202 [ 191.217735][ T5778] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888025640000 [ 191.226083][ T5778] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 191.236054][ T5778] RBP: ffffc90003dd7a70 R08: ffff88805d1ba277 R09: 1ffff1100ba3744e [ 191.244404][ T5778] R10: dffffc0000000000 R11: ffffed100ba3744f R12: 1ffff1100ba3747c [ 191.252485][ T5778] R13: dffffc0000000000 R14: fffff520007bae78 R15: ffff88805d1ba4f8 [ 191.260641][ T5778] FS: 0000555561c33500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 191.269990][ T5778] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.276855][ T5778] CR2: 00007f5f455812f8 CR3: 0000000060c91000 CR4: 00000000003506f0 [ 191.284949][ T5778] Kernel panic - not syncing: Fatal exception [ 191.291360][ T5778] Kernel Offset: disabled [ 191.295692][ T5778] Rebooting in 86400 seconds..