last executing test programs: 43.028405753s ago: executing program 2 (id=672): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000000f300b704000000000000850000005700000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000001c0)=r1, 0x4) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB=' \x00\x00\x00.\x00\t'], 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x0) 42.652741444s ago: executing program 2 (id=673): r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x4, @empty, 0x2, 0x3}, 0x20) connect$l2tp6(r0, &(0x7f0000000180)={0xa, 0x0, 0x1b9fc8db, @remote, 0x7, 0x1}, 0x20) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000001000500050007000000000008000900030000001400200000000000000000000000e1ffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x0) 42.336872955s ago: executing program 2 (id=677): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x10040) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x67, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010001, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) syz_emit_ethernet(0x38, &(0x7f00000004c0)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2a, 0x67, 0x0, 0xb5, 0x6, 0x0, @rand_addr=0x64010001, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x40}, {"b38f"}}}}}}, 0x0) 42.121697112s ago: executing program 2 (id=678): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x2b5b093, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 41.985078996s ago: executing program 2 (id=681): r0 = socket(0xa, 0x3, 0x3a) r1 = socket$netlink(0x10, 0x3, 0x14) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'bridge0\x00', 0x0}) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000240)={0x4, 0x0, 0x0, r2}, 0xc) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f00000000c0)={0x0, 0x1, 0xd, r2, 0xfffffffc}, 0xc) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x4e24, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x2}, {0xa, 0x4e22, 0x6fe3, @mcast2, 0x393}, 0x0, {[0xbb6, 0x6, 0x7, 0x9, 0xbd, 0x7ff, 0xbb23, 0x400]}}, 0x5c) 41.402304855s ago: executing program 2 (id=683): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x4b, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r2, 0x0, 0x10001, 0x0, 0x8, 0x378d0c, 0x1b81a8}) ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000080)={0x18, r1}) 40.650054788s ago: executing program 32 (id=683): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x4b, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r2, 0x0, 0x10001, 0x0, 0x8, 0x378d0c, 0x1b81a8}) ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000080)={0x18, r1}) 35.040272459s ago: executing program 0 (id=716): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x1b32, 0x4) sendto$inet(r0, &(0x7f0000000540)='v', 0x1, 0x4040, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=""/37, 0x25}, 0x1}], 0x1, 0x120a0, 0x0) 34.910204432s ago: executing program 0 (id=717): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x20008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) mount(&(0x7f0000000280)=@nullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='udf\x00', 0x4, 0x0) 32.645066105s ago: executing program 0 (id=723): r0 = memfd_create(&(0x7f0000000000)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb90a\xa9\xb2\x04\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) r1 = dup(r0) r2 = fanotify_init(0x200, 0x0) fanotify_mark(r2, 0x1, 0x8000002, r1, 0x0) ftruncate(r0, 0x3) read$FUSE(r1, &(0x7f0000001600)={0x2020}, 0x2020) 32.47242653s ago: executing program 0 (id=724): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000004c0)={[{@resuid}, {@init_itable}, {@stripe}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==") mkdir(&(0x7f00000001c0)='./bus\x00', 0x40) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000240)=0x4013) 31.885374049s ago: executing program 0 (id=727): r0 = signalfd(0xffffffffffffffff, &(0x7f00000006c0)={[0xffffffffffffff37]}, 0x8) ppoll(&(0x7f00000004c0)=[{r0, 0x128}], 0x1, 0x0, 0x0, 0x0) rt_sigprocmask(0x0, &(0x7f0000000480)={[0xfffffffffffffffd]}, 0x0, 0x8) r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x800000003) fcntl$setlease(r1, 0x400, 0x2) 31.174244592s ago: executing program 0 (id=728): r0 = memfd_create(&(0x7f0000000640)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\xfd\x89\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xcb\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xcb\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0x0}) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x80) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@setlink={0x2c, 0x13, 0x1, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, 0x1ee86, 0x409}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r3}]}]}, 0x2c}}, 0x24008844) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@dellink={0x20, 0x11, 0x1, 0x70bd2c, 0x25dfdc00, {0x0, 0x0, 0x0, r2, 0xc0a742c700a80d57, 0x25aa6}}, 0x20}}, 0x2000e844) 2.350526354s ago: executing program 4 (id=911): r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x2, 0x200) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0x14, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000001e00000000000000200018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc040564a, &(0x7f0000000000)={0x0, 0x1, 0x1012, 0xffffffffffffffff, 0x0, 0x0}) 2.341126165s ago: executing program 1 (id=919): getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x82, 0x0, 0x1, 0x1, 0x0, 0x2}, &(0x7f0000000100)=0x20) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x780, &(0x7f0000000040)={0x0, 0xec5d, 0x1c881, 0x0, 0xd1}) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x5, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000ad"], 0x0, 0x8}, 0x94) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 2.239551348s ago: executing program 1 (id=912): socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000100)={0x0, 0x0}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x22d00, 0x0) unshare(0x2040400) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0102, 0x0) pselect6(0x40, &(0x7f0000000080)={0x1, 0xfff, 0x15f, 0x5, 0x3, 0x9, 0x8, 0x9}, 0x0, &(0x7f0000000100)={0x197, 0xffffffffffffffff, 0x82c7, 0x9, 0x3, 0x8, 0x10000, 0x1ff}, &(0x7f0000000140), 0x0) 2.125572662s ago: executing program 4 (id=914): open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x98) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) write$P9_RSTAT(r2, &(0x7f0000000140)={0x47, 0x7d, 0x1, {0x0, 0x40, 0x0, 0x7e4b, {0x1, 0x2, 0x2}, 0x4290000, 0x0, 0x1, 0x7ff, 0x3, '9p\x00', 0x0, '', 0x7, ':+{!\\\x05!', 0x3, '9p\x00'}}, 0x47) 2.050711134s ago: executing program 1 (id=916): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000100)={[{@grpid}, {@auto_da_alloc}, {@lazytime}, {@journal_dev={'journal_dev', 0x3d, 0x6}}]}, 0x7, 0x4d4, &(0x7f0000000180)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpiuJN4NDEejTdNvOrRePIPwIMHE0NCDBfA05jZnWm3291ttz8p+/kk232e2WfmeZ6ZeWaffZ7OBNCzhrI/ScT/IuJORDxVjy5MMFR/e3j/+sSj+9cnYjZNz/yT1NI9yOK5Yr2deWS4FFH6MmnaYN301WsXxqvVqSt5fHTm4mej01evvX7+4vi5qXNTl8ZOnTpx/NjJN8fe6L5SLfLL6vVg/xeXD+x79+zt9yfKxfKB/L2xHm2VuyvGUIfPXuluU4+9XQ3hZPF+urGhhWHZBvLTupK1/+vVw2c3u0DAhknTNO1v//Fs2uzmoiXAlpXEZpcA2BzFF332+7d4bVDX47Fw73T9B1BW74f5q/5JOUp5mkrT79u1NBQRH8/++032ik7jEH+uUwEAgJ7zy+miJ9jc/yvF3oZ0/8/nUAYj4umI2B0Rz0TEnoh4NqKW9rmIeL45gyQi7ZD/nqb4fP4/5rMIpburrmQHWf/vrXxua2H/r+j9xWBfHtsVUXSYp47m+2Q4Kv2fnK9OHWuz/W1L5N/Y/8teWf5FXzAvx91y0wDd5PjM+Mpqu9i9mxH7y831T8rZgSumcZKI2BcR+7vY7mBD+Pxr3x2Yi1Ty96/rb0vXvyZtMaXX9XxcK+m3Ea/Wj/9sNB7/ZD7HpPP85OhAVKeOjmZnwdGWefz2+60P2uW/ZP1/+qt5lXdO/nxm1fUuZMd/R8P5H8X87fwk6mASkczN105HpH3d5XHrj/YrrPT835Z8VAsX7evz8ZmZK8citiXvLV4+Nr9uES/SZ/UfPtK6/e/O18n2xAsRkZ3EL0bESxFxMC/7oYg4HBFHOtT/17df/nTl9V9fWf0nW17/Fhz/+fn6ZQaKlbMlfRcO3XnU5uKxvON/ohYazpe0vv4lCy4Ryy3p6vYeAAAAbA2lqP3vf2lkLlwqjYzUx4D2xI5S9fL0zMGIuDRZv0dgMCqlYqSrPh5cSYrxz8GG+FhT/Hg+bvxV3/ZafGTicnVysysPPW5nrc0ni9p/5u8ux3mBLWgN5tGALWqp9r/39gYVBNhwvv+hdzW0/9k2SWb9pww8mXz/Q+9q1f5vxPcd711wzYCtL9WWoadp/9C7yvHhXLh223PLu22BJ5Hvf+hJ3d7Xv5xA8biGaxfS/tZpBqLFEwMG1rgYeWB7i7w2JZD1rNZwg5WIWF7i7SvJougCtn/CQ6m7DfbH4o/6otNaSRfPcSgC2V5ZMvG5vWt+8hfPRFnr0+aH+XZaaTgW5aWOzuoDG3oZAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWDf/BQAA//8mic8a") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141442, 0x40) fallocate(r1, 0x0, 0xfff, 0x9) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) 1.967169626s ago: executing program 4 (id=918): sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00', @ANYRES16=0x0, @ANYBLOB="c4010026bd700000000000250000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008b"], 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x20048810) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x2000018c) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e"], 0x70}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) 1.760587433s ago: executing program 4 (id=921): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 1.704829455s ago: executing program 1 (id=923): ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0xd49, 0x1000009, 0x80000000, 0x3, 0x10000, 0x3, 0x4002004c1, 0xb, 0xe, 0x0, 0x3, 0x0, 0x2, 0x5, 0x2000000000008, 0x1000100000089], 0xddcd0000, 0x100102}) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000100)=""/35, 0x23}], 0x1) ptrace$setregs(0xd, r0, 0x2, &(0x7f0000000180)) ptrace$cont(0x21, r0, 0x80000001, 0x4) 1.434650074s ago: executing program 5 (id=925): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000040)=ANY=[@ANYBLOB="44010000100001000000000800000000fc0100000000000000000000000000000a"], 0x144}}, 0x20000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000425bd7000fcdbdf040200010008003f0036000000080061"], 0x24}, 0x1, 0x0, 0x0, 0x4008001}, 0x20000000) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @void}}}, 0x28}}, 0x0) 1.434074564s ago: executing program 1 (id=926): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000300)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x6d207ee5}, 0x8) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback, 0x8}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001140)=[{{&(0x7f0000000580)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f00000006c0)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x8020) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000240), 0x4) 1.395549365s ago: executing program 4 (id=927): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x88ce359bdb00143c, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCL_GETKMSGREDIRECT(r1, 0x541c, &(0x7f0000000000)) ioctl$TCFLSH(r1, 0x400455c8, 0x0) ioctl$sock_bt_hci(r0, 0x800448d3, &(0x7f0000000000)) 1.185818101s ago: executing program 5 (id=929): r0 = socket$nl_route(0x10, 0x3, 0x0) close(0x3) r1 = socket(0x10, 0x803, 0x0) write(r1, &(0x7f0000000040)="2600000022004701050007108980e8ff06006d20002b1ffec0e90101c7bb0000b00000000000", 0x26) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000d9bffc), 0x4) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@ipv6_getaddr={0x2c, 0x16, 0x1, 0x70bd28, 0x25dfdbfc, {0xa, 0x7f, 0x60, 0xfd}, [@IFA_ADDRESS={0x14, 0x1, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4044064}, 0x24008004) 1.169577712s ago: executing program 5 (id=930): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) close(0x3) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000fc007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000001a00)={r2, 0x1}, 0xc) 984.944168ms ago: executing program 3 (id=932): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xc4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) 984.595088ms ago: executing program 5 (id=933): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f00000013c0)) r1 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) r2 = fcntl$dupfd(r0, 0x0, r0) ioctl$MON_IOCX_GETX(r1, 0x4018920a, &(0x7f0000000180)={&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000940)=""/4098, 0x1002}) ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) 948.600949ms ago: executing program 5 (id=934): r0 = creat(&(0x7f0000000340)='./file0\x00', 0x28) close(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000000), 0x200040, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 907.9545ms ago: executing program 3 (id=935): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x38, &(0x7f0000000280)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) 286.37707ms ago: executing program 1 (id=936): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file0\x00', 0x8c0, &(0x7f0000000080)=ANY=[@ANYBLOB='acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noacl,\x00'/119], 0x5, 0x4451, &(0x7f0000008900)="$eJzs3T9sVPcdAPDfe3aLTYHalIFKlXpSUVu1lWUz0RqpxhiMDS4VLQxdjrN9gJuzD9nnKAODoyxImSJliDKgRMrmCXnLRJZIGbNkJDNSMmSJFAnlort7Z99758MX4sMBfT4S/t37/be/9373e8PxixOVO0truaW1XGElV164tXY693q5tL5cDHHWp205+6Lr8TlQvYiT2B+cq+cv/ufG6RA+WfziSbVarYaa/rCrsZbX335zb6E1bYpbL95q9Lt7b/vlfyGEE23zqukLIQwkr88l6WSSDoYQjoUQohDCjXtv38zt02wePi6ezT+du781fmp288FW5989CuH90m//dnv5qz/0jX/5l30aHgAAAAAAAAAAAAAAAACAl9z0tavX/z06Fh5FoX8zav++7nSSdvp+bHXf/L73vywAAAAAAAAAAAAAAAAAAAD8TO18/z8XHd/l+/9TSTrRoX31n92N88efOE96Y+ZfV6cujI4l579HbeVnkqyvz/WF4eb56p91Pv/9XKb97ue/t4/zvJrza447FKJ4JHUdxyMjIXyYHPx+Mjocl8prlb/eKq+vLO7bNF5a6fg3Tu9PRSc50D8V/2ec/z+Z6b/35///pu3dVLu+uX9vsVdaOv59Het99Gb0jPj/crve+Uy7FxF/nl86/v31vMHWChONBaAW/3f6977/pzL99yr+x0IIuag211xqBajtYWr5nfYrpKXj/4t6XmrpTP6Qne7/7zLxv5Dp/6DW/43sBxG7Sse/sY4PpGrs3P/D8d73/8VM/wcR/9r8N3z+dyUd/0ONzP5Ulfpfstv1fzrTf6/ifz1O5nksSr0DNqNGfqf/r460dPwH2sp3nv/irvb/lzLtX9TzX3Pc5vNfc/n/c9R4/mN32/HfCk+q1cGO9bq9/2cy7Xq9/k/U939tzpzo5aCvkPT9f7iel947D9V/dop/NRP/2Uz/zxH/jzs/he6o70oGmvHfWU++P9TI/8D+ryvp+P+qkRm31tio/6zv/6K99/+XM/0fxP6vNv+NuLejvirS8T/SsV4t/p938fl/JdOu9/EPYbT5BmjfvrCHdPyPdqxXv/8H9o7/XKZdr+P/p152DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPASmEzSoRDFI6nrOB4ZCeF8cn0yHI7mC4v5+VJ54bW1EKaS/Fw4Ht0ulecLpfzSSnmxmC+USuWFEC4k5SfCQLRWKlfyy4W7F7f7GozuFAurlflioRJCmE7yfxeONvuaX6osF+6GEC5tl/06Lq/evVNYyS8urf5jdHR0NMxsz2E4Kr5RKa5UGqM3SkOY3W47FLVMrl58eXsuR6L/l9dXVwqlev6Vljal8kKh1NJmLil7NwxHldX1lYVCpZgvlW83xztIE0k6NXPtv9eujLWV34wa6eSLnRYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP9Kj8b+/F0Lob1zFIYRclLyIkn8pDx8Xz+afzt3fGj81u/lg68ludQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4gR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirs0j9KA0EUB+A3Y6Glx7BadjvbFUW0cEXwBHoMD6NH8RLewSJF2hQhkMxC2D+wTVJ9X/Ngfsy8B/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACWe3zr3l/rJiLF1fYy4vfz7/84fy71+276/sUZZuR0nl66+4e6Kf+eRvltOVq1eZ9u1l8fMVF7P4M9Ge7TwbjP0Ny+zc3X972OlKuIaEt+k3KuqmVvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADs2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3jqJvAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//9HQIRk=") syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000340)='./file0\x00', 0x88bc56, 0x0, 0x0, 0x0, &(0x7f00000000c0)) openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file0/file1\x00', 0x40, 0x83) syz_mount_image$fuse(0x0, &(0x7f0000000740)='./bus\x00', 0x283016, 0x0, 0x11, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000140)='./bus/file0\x00', 0x183042, 0x1e3) rename(&(0x7f0000000680)='./file0/file1\x00', &(0x7f0000000a00)='./bus/file0\x00') 274.4907ms ago: executing program 3 (id=937): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 193.181483ms ago: executing program 3 (id=938): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000240)=@req3={0x1000, 0x1, 0x1000, 0x1, 0x7ff, 0xf84, 0x3}, 0x1c) syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff) 85.372787ms ago: executing program 3 (id=939): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000140)={0x800042, 0xf8, 0x1}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NODES(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r2, 0x1, 0x4, 0x0, {{}, {0x0, 0x6}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4081}, 0x0) 969.329µs ago: executing program 5 (id=940): r0 = io_uring_setup(0x74c0, &(0x7f0000000580)={0x0, 0xddf9, 0x2, 0x1, 0x183}) close_range(r0, r0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) membarrier(0x10, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000180)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000440)) 0s ago: executing program 3 (id=941): syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000240)={0x2c, &(0x7f0000000000)={0x0, 0x9, 0x71, {0x71, 0x30, "85262928f95d38909e1db88ee37c17f86c5fa54189e442a79e3318622dff9bd97dfdf1a4122a53a4da136943ccd9a0e9db587161d4337d3ae09989088bf40e428a634cf8083245459c1cebfbf3cc8193892d6e21742dcd7cc5f1948846c8cd4b2f1a4a63c8489cad1c191f9313389d"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010100000100000000000200fffc0900010073797a30000000000800024000000001cc000000030a01020000000000000000020019000900010073797a3000000000aa000300"], 0x1e4}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x7fff, 0x0) kernel console output (not intermixed with test programs): 7568][ T6122] Bluetooth: MGMT ver 1.22 [ 80.003302][ T6122] Bluetooth: hci0: unsupported parameter 256 [ 80.009982][ T6122] Bluetooth: hci0: invalid length 0, exp 2 for type 7 [ 80.054687][ T5809] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 80.090732][ T6124] loop3: detected capacity change from 0 to 512 [ 80.131428][ T6124] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.145839][ T6124] ext4 filesystem being mounted at /25/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 80.232359][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.285438][ T5809] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 80.304251][ T5809] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.331063][ T5809] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 80.361230][ T5809] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 80.372132][ T5601] em28xx 1-1:0.132: failed to trigger write to i2c address 0xa0 (error=-5) [ 80.384233][ T5601] em28xx 1-1:0.132: failed to read eeprom (err=-5) [ 80.391323][ T5601] em28xx 1-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 80.418156][ T5809] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.440587][ T5809] usb 3-1: config 0 descriptor?? [ 80.494397][ T5601] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 80.503557][ T5601] em28xx 1-1:0.132: analog set to bulk mode. [ 80.516239][ T5807] em28xx 1-1:0.132: Registering V4L2 extension [ 80.559677][ T5601] usb 1-1: USB disconnect, device number 4 [ 80.605054][ T5601] em28xx 1-1:0.132: Disconnecting em28xx [ 80.797025][ T5807] em28xx 1-1:0.132: Config register raw data: 0xffffffed [ 80.807602][ T5807] em28xx 1-1:0.132: AC97 chip type couldn't be determined [ 80.826241][ T5807] em28xx 1-1:0.132: No AC97 audio processor [ 80.846394][ T5807] usb 1-1: Decoder not found [ 80.851078][ T5807] em28xx 1-1:0.132: failed to create media graph [ 80.869424][ T5807] em28xx 1-1:0.132: V4L2 device video103 deregistered [ 80.887920][ T5807] em28xx 1-1:0.132: Remote control support is not available for this card. [ 80.912134][ T5809] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 80.938042][ T5601] em28xx 1-1:0.132: Closing input extension [ 80.953894][ T5809] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 80.986553][ T5601] em28xx 1-1:0.132: Freeing device [ 81.390039][ T6159] loop0: detected capacity change from 0 to 1024 [ 81.614785][ T6159] EXT4-fs: Ignoring removed i_version option [ 81.622809][ T6159] EXT4-fs: inline encryption not supported [ 81.644423][ T6159] EXT4-fs (loop0): Test dummy encryption mode enabled [ 81.661214][ T6159] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.815767][ T8] cfg80211: failed to load regulatory.db [ 81.855018][ T6152] loop1: detected capacity change from 0 to 32768 [ 81.875039][ T786] usb 3-1: USB disconnect, device number 3 [ 81.895701][ T6152] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.124 (6152) [ 82.030023][ T6152] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 82.054650][ T6152] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 82.079322][ T6152] BTRFS info (device loop1): force clearing of disk cache [ 82.097436][ T6152] BTRFS info (device loop1): metadata ratio 0 [ 82.109069][ T6152] BTRFS info (device loop1): enabling ssd optimizations [ 82.124899][ T6152] BTRFS info (device loop1): using spread ssd allocation scheme [ 82.145409][ T6152] BTRFS info (device loop1): using free space tree [ 82.227664][ T6159] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 82.330569][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.355481][ T6152] BTRFS info (device loop1): auto enabling async discard [ 82.416421][ T6152] BTRFS info (device loop1): rebuilding free space tree [ 82.904805][ T786] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 82.931006][ T5768] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 82.994835][ T6010] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 83.113222][ T786] usb 3-1: Using ep0 maxpacket: 16 [ 83.133691][ T786] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 83.166784][ T786] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 83.194906][ T6010] usb 4-1: Using ep0 maxpacket: 32 [ 83.212285][ T786] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 83.221686][ T6010] usb 4-1: config 0 has an invalid interface number: 188 but max is 0 [ 83.230300][ T786] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.239274][ T6010] usb 4-1: config 0 has no interface number 0 [ 83.253661][ T6010] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 83.264757][ T786] usb 3-1: Product: syz [ 83.268963][ T786] usb 3-1: Manufacturer: syz [ 83.274153][ T786] usb 3-1: SerialNumber: syz [ 83.288354][ T6010] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 83.300778][ T6010] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.319912][ T6010] usb 4-1: Product: syz [ 83.324192][ T6010] usb 4-1: Manufacturer: syz [ 83.329206][ T6010] usb 4-1: SerialNumber: syz [ 83.356992][ T6010] usb 4-1: config 0 descriptor?? [ 83.369957][ T6202] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 83.520086][ T786] usb 3-1: 0:2 : does not exist [ 83.527729][ T6211] loop0: detected capacity change from 0 to 512 [ 83.539797][ T786] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 83.559720][ T6211] EXT4-fs: Mount option(s) incompatible with ext2 [ 83.603689][ T786] usb 3-1: USB disconnect, device number 4 [ 83.661201][ T5973] udevd[5973]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 83.678206][ T5757] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 83.763674][ T6202] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 84.141882][ T6224] capability: warning: `syz.0.146' uses deprecated v2 capabilities in a way that may be insecure [ 84.367604][ T6230] trusted_key: syz.2.149 sent an empty control message without MSG_MORE. [ 84.768261][ T6228] loop0: detected capacity change from 0 to 32768 [ 84.784177][ T6228] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.148 (6228) [ 84.838160][ T6010] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 84.866190][ T6010] asix: probe of 4-1:0.188 failed with error -71 [ 84.892262][ T6228] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 84.897631][ T6010] usb 4-1: USB disconnect, device number 4 [ 84.938104][ T6228] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 84.973299][ T6228] BTRFS info (device loop0): turning on sync discard [ 84.998551][ T6228] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 85.020923][ T6228] BTRFS info (device loop0): use zstd compression, level 3 [ 85.036583][ T6228] BTRFS info (device loop0): turning on async discard [ 85.043775][ T6228] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 85.062454][ T6228] BTRFS info (device loop0): trying to use backup root at mount time [ 85.071030][ T6228] BTRFS info (device loop0): enabling auto defrag [ 85.086475][ T6228] BTRFS info (device loop0): using free space tree [ 85.241086][ T1096] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 85.268775][ T6228] BTRFS error (device loop0): failed to load root extent [ 85.283715][ T6254] loop1: detected capacity change from 0 to 128 [ 85.284346][ T6228] BTRFS warning (device loop0): try to load backup roots slot 1 [ 85.317079][ T3439] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 85.404987][ T6228] BTRFS warning (device loop0): couldn't read tree root [ 85.412002][ T6228] BTRFS warning (device loop0): try to load backup roots slot 2 [ 85.467688][ T42] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 85.497402][ T27] audit: type=1800 audit(1774963896.993:3): pid=6254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.153" name="bus" dev="loop1" ino=1048592 res=0 errno=0 [ 85.519398][ T6228] BTRFS warning (device loop0): couldn't read tree root [ 85.545152][ T6228] BTRFS warning (device loop0): try to load backup roots slot 3 [ 85.596392][ T6228] BTRFS info (device loop0): enabling ssd optimizations [ 85.646038][ T6260] syz.1.153: attempt to access beyond end of device [ 85.646038][ T6260] loop1: rw=2049, sector=937, nr_sectors = 104 limit=128 [ 85.654721][ T6228] BTRFS info (device loop0): rebuilding free space tree [ 85.715405][ T6228] BTRFS info (device loop0): checking UUID tree [ 86.188315][ T5766] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 86.874784][ T6287] IPv6: NLM_F_CREATE should be specified when creating new route [ 87.176924][ T6279] loop2: detected capacity change from 0 to 32768 [ 87.269629][ T6279] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 87.447137][ T6279] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 87.491825][ T6279] XFS (loop2): Starting recovery (logdev: internal) [ 87.552228][ T6279] XFS (loop2): Ending recovery (logdev: internal) [ 87.985757][ T5769] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 89.412909][ T6375] loop2: detected capacity change from 0 to 1024 [ 89.422761][ T6378] loop0: detected capacity change from 0 to 128 [ 89.432718][ T6375] EXT4-fs: Ignoring removed bh option [ 89.445044][ T6378] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 89.466751][ T6375] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 89.533957][ T6375] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.621253][ T6378] UDF-fs: error (device loop0): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 89.649351][ T6378] UDF-fs: error (device loop0): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 89.676419][ T6375] EXT4-fs (loop2): shut down requested (2) [ 89.732594][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.166260][ T6389] loop2: detected capacity change from 0 to 32768 [ 90.266741][ T6397] netlink: 'syz.1.195': attribute type 13 has an invalid length. [ 90.278850][ T6397] netlink: 4 bytes leftover after parsing attributes in process `syz.1.195'. [ 90.299569][ T6397] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 90.309416][ T6397] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 90.318354][ T6397] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 90.327130][ T6397] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 90.349408][ T6397] netlink: 'syz.1.195': attribute type 13 has an invalid length. [ 90.359387][ T6397] netlink: 4 bytes leftover after parsing attributes in process `syz.1.195'. [ 90.378840][ T6398] syz.2.190: attempt to access beyond end of device [ 90.378840][ T6398] loop2: rw=2049, sector=4680032, nr_sectors = 8 limit=32768 [ 90.414518][ T8] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 90.596713][ T112] blkno = 8ed2c, nblocks = 1 [ 90.601331][ T112] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map [ 90.601331][ T112] [ 90.613027][ T112] ERROR: (device loop2): remounting filesystem as read-only [ 90.614481][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 90.642091][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 90.660736][ T8] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 90.684385][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.705172][ T8] usb 1-1: config 0 descriptor?? [ 90.834016][ T6407] loop1: detected capacity change from 0 to 128 [ 90.849769][ T6407] EXT4-fs (loop1): Test dummy encryption mode enabled [ 90.861323][ T6407] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 90.876676][ T6407] ext4 filesystem being mounted at /46/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 90.992012][ T8] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 91.102318][ T5768] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 91.356001][ T8] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 91.446454][ T5807] usb 1-1: USB disconnect, device number 5 [ 91.560384][ T8] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 91.577775][ T8] usb 4-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 91.591896][ T6429] process 'syz.1.207' launched './file2' with NULL argv: empty string added [ 91.594317][ T8] usb 4-1: Product: syz [ 91.605637][ T8] usb 4-1: Manufacturer: syz [ 91.610258][ T8] usb 4-1: SerialNumber: syz [ 91.621136][ T8] usb 4-1: config 0 descriptor?? [ 91.637035][ T8] ch341 4-1:0.0: ch341-uart converter detected [ 91.909935][ T6425] loop2: detected capacity change from 0 to 40427 [ 91.938533][ T6425] F2FS-fs (loop2): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288) [ 91.952032][ T6425] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 91.963967][ T6425] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x35f7 [ 92.014427][ T6425] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x7ffff [ 92.033717][ T6425] F2FS-fs (loop2): Image doesn't support compression [ 92.085861][ T6425] F2FS-fs (loop2): invalid crc value [ 92.109948][ T6425] F2FS-fs (loop2): Found nat_bits in checkpoint [ 92.208404][ T6425] F2FS-fs (loop2): Start checkpoint disabled! [ 92.234638][ T6425] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 92.241754][ T6425] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 92.440714][ T6425] syz.2.205: attempt to access beyond end of device [ 92.440714][ T6425] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 92.461229][ T6425] F2FS-fs (loop2): inject kvmalloc in f2fs_kvmalloc of f2fs_insert_range+0x3ab/0x470 [ 92.565378][ T42] kworker/u4:2: attempt to access beyond end of device [ 92.565378][ T42] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 92.598514][ T42] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 92.606141][ T42] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 92.681735][ T8] usb 4-1: ch341-uart converter now attached to ttyUSB0 [ 92.938480][ T8] usb 4-1: USB disconnect, device number 5 [ 92.964727][ T8] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0 [ 92.983156][ T8] ch341 4-1:0.0: device disconnected [ 93.037390][ T6454] loop0: detected capacity change from 0 to 32768 [ 93.048317][ T6454] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.216 (6454) [ 93.080049][ T6454] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 93.091650][ T6454] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 93.101616][ T6454] BTRFS info (device loop0): force clearing of disk cache [ 93.110094][ T6454] BTRFS info (device loop0): enabling auto defrag [ 93.120683][ T6454] BTRFS info (device loop0): max_inline at 0 [ 93.126890][ T6454] BTRFS info (device loop0): enabling ssd optimizations [ 93.133929][ T6454] BTRFS info (device loop0): using spread ssd allocation scheme [ 93.146834][ T6454] BTRFS info (device loop0): using free space tree [ 93.254798][ T6454] BTRFS info (device loop0): rebuilding free space tree [ 93.407487][ T6477] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 93.431402][ T6477] overlayfs: failed to clone lowerpath [ 93.519861][ T3439] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 93.619673][ T5766] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 94.400476][ T6495] loop2: detected capacity change from 0 to 1024 [ 94.480970][ T6495] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a002c018, mo2=0002] [ 94.510632][ T6486] loop0: detected capacity change from 0 to 32768 [ 94.514491][ T6495] System zones: 0-1, 3-12 [ 94.528949][ T6495] EXT4-fs (loop2): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.563671][ T6486] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 scanned by syz.0.219 (6486) [ 94.662007][ T6486] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 94.694557][ T6486] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 94.722630][ T6486] BTRFS info (device loop0): using free space tree [ 94.738948][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0500-0000-0000-000000000000. [ 94.898941][ T6486] BTRFS info (device loop0): enabling ssd optimizations [ 94.965331][ T6486] BTRFS info (device loop0): auto enabling async discard [ 95.062487][ T6528] netlink: 8 bytes leftover after parsing attributes in process `syz.3.233'. [ 95.094711][ T6528] netlink: 'syz.3.233': attribute type 9 has an invalid length. [ 95.166234][ T6528] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.175429][ T6528] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.184148][ T6528] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.193284][ T6528] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.245440][ T27] audit: type=1800 audit(1774963906.763:4): pid=6486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.219" name="file1" dev="loop0" ino=261 res=0 errno=0 [ 95.380183][ T6536] netlink: 'syz.2.235': attribute type 1 has an invalid length. [ 95.409512][ T6536] netlink: 16179 bytes leftover after parsing attributes in process `syz.2.235'. [ 95.616840][ T5766] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 96.134810][ T6550] loop0: detected capacity change from 0 to 128 [ 96.192013][ T6533] loop1: detected capacity change from 0 to 40427 [ 96.228223][ T6533] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 96.235931][ T6533] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 96.258837][ T6533] F2FS-fs (loop1): invalid crc value [ 96.402393][ T6538] loop3: detected capacity change from 0 to 32768 [ 96.509053][ T6538] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 96.638748][ T6533] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 96.652691][ T6538] XFS (loop3): Ending clean mount [ 96.687399][ T6533] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 96.853035][ T5767] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 97.052758][ T5768] syz-executor: attempt to access beyond end of device [ 97.052758][ T5768] loop1: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 97.100975][ T6572] loop2: detected capacity change from 0 to 8192 [ 97.113684][ T5768] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 97.127615][ T6572] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 97.160189][ T5768] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 97.172162][ T5768] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 97.850522][ T6597] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 98.075500][ T6605] netlink: 4 bytes leftover after parsing attributes in process `syz.3.260'. [ 98.295545][ T6605] hsr_slave_1 (unregistering): left promiscuous mode [ 98.740140][ T6634] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 99.147129][ T6649] lo speed is unknown, defaulting to 1000 [ 99.154888][ T6649] lo speed is unknown, defaulting to 1000 [ 99.167217][ T6649] lo speed is unknown, defaulting to 1000 [ 99.183274][ T6649] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 99.223331][ T6649] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 99.263855][ T6649] lo speed is unknown, defaulting to 1000 [ 99.272718][ T6649] lo speed is unknown, defaulting to 1000 [ 99.279521][ T6649] lo speed is unknown, defaulting to 1000 [ 99.287834][ T6649] lo speed is unknown, defaulting to 1000 [ 100.172598][ T6657] loop2: detected capacity change from 0 to 32768 [ 100.211853][ T6657] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.282 (6657) [ 100.272360][ T6660] loop3: detected capacity change from 0 to 32768 [ 100.314120][ T6660] (syz.3.284,6660,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 100.327661][ T6657] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 100.339134][ T6657] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 100.349142][ T6660] (syz.3.284,6660,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 100.372452][ T6657] BTRFS info (device loop2): enabling auto defrag [ 100.379778][ T6657] BTRFS info (device loop2): use no compression [ 100.388864][ T6657] BTRFS info (device loop2): force clearing of disk cache [ 100.397862][ T6657] BTRFS info (device loop2): max_inline at 4096 [ 100.404669][ T6657] BTRFS info (device loop2): disabling free space tree [ 100.435727][ T6660] JBD2: Ignoring recovery information on journal [ 100.569819][ T6657] BTRFS info (device loop2): enabling ssd optimizations [ 100.610421][ T6657] BTRFS info (device loop2): auto enabling async discard [ 100.639379][ T6660] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 100.664070][ T6657] BTRFS info (device loop2): rebuilding free space tree [ 100.719952][ T6657] BTRFS info (device loop2): disabling free space tree [ 100.741617][ T6657] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 100.772098][ T6657] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 101.128509][ T5769] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 101.364538][ T8] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 101.416838][ T5767] ocfs2: Unmounting device (7,3) on (node local) [ 102.374271][ C0] sched: RT throttling activated [ 102.436045][ T6721] loop2: detected capacity change from 0 to 131072 [ 102.446502][ T6721] F2FS-fs (loop2): Segment count (31) mismatch with total segments from devices (0) [ 102.456022][ T6721] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 102.477417][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.489071][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.498941][ T6721] F2FS-fs (loop2): invalid crc value [ 102.504566][ T8] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 102.518652][ T8] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 102.538346][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.559660][ T6721] F2FS-fs (loop2): Found nat_bits in checkpoint [ 102.608625][ T8] usb 1-1: config 0 descriptor?? [ 102.640580][ T6721] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 102.647769][ T6721] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 102.772270][ T6721] F2FS-fs (loop2): f2fs_fill_dentries: corrupted namelen=24152, run fsck to fix. [ 102.788250][ T6721] F2FS-fs (loop2): checksum invalid, nid = 7, ino_of_node = 7, 32dd6215 vs. 1de10dc4 [ 103.057076][ T8] plantronics 0003:047F:FFFF.0002: unknown main item tag 0xd [ 103.077082][ T8] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 103.106913][ T8] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 103.399027][ T786] usb 1-1: USB disconnect, device number 6 [ 103.521421][ T27] audit: type=1326 audit(1774963915.033:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6752 comm="syz.3.299" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f003379c819 code=0x0 [ 103.972866][ T6760] loop2: detected capacity change from 0 to 32768 [ 104.002371][ T6760] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 104.088898][ T6760] XFS (loop2): Ending clean mount [ 104.138716][ T6760] xfs: Unknown parameter '@LqE: 艞t}0$' [ 104.177531][ T5769] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 104.882633][ T6779] loop2: detected capacity change from 0 to 32768 [ 104.934890][ T6779] JBD2: Ignoring recovery information on journal [ 105.054502][ T6779] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 105.054952][ T6797] loop1: detected capacity change from 0 to 512 [ 105.121226][ T6797] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.138852][ T6797] ext4 filesystem being mounted at /74/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.171215][ T27] audit: type=1800 audit(1774963916.683:6): pid=6797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.312" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 105.244341][ T27] audit: type=1800 audit(1774963916.713:7): pid=6797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.312" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 105.350528][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.378628][ T5769] ocfs2: Unmounting device (7,2) on (node local) [ 105.402230][ T5601] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 105.616153][ T5601] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 105.632372][ T5601] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.649744][ T5601] usb 4-1: config 0 descriptor?? [ 106.042784][ T6823] loop2: detected capacity change from 0 to 8192 [ 106.083445][ T27] audit: type=1800 audit(1774963917.593:8): pid=6823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.322" name="file2" dev="loop2" ino=1048598 res=0 errno=0 [ 106.086828][ T6823] FAT-fs (loop2): error, invalid access to FAT (entry 0x00008114) [ 106.125628][ T6823] FAT-fs (loop2): Filesystem has been set read-only [ 106.136464][ T6823] syz.2.322: attempt to access beyond end of device [ 106.136464][ T6823] loop2: rw=0, sector=33114, nr_sectors = 1 limit=8192 [ 106.646300][ T6825] loop1: detected capacity change from 0 to 32768 [ 106.663250][ T6825] XFS (loop1): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 106.718512][ T6825] XFS (loop1): Ending clean mount [ 106.842847][ T5768] XFS (loop1): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 106.927953][ T5601] usb 4-1: Cannot set autoneg [ 106.936124][ T5601] MOSCHIP usb-ethernet driver: probe of 4-1:0.0 failed with error -71 [ 106.949246][ T5601] usb 4-1: USB disconnect, device number 6 [ 107.472630][ T6848] warning: `syz.2.330' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 107.853513][ T6851] loop3: detected capacity change from 0 to 32768 [ 107.916871][ T6851] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 107.949373][ T6866] loop2: detected capacity change from 0 to 128 [ 108.042341][ T6866] loop2: detected capacity change from 0 to 256 [ 108.104592][ T6851] XFS (loop3): Ending clean mount [ 108.244365][ T27] audit: type=1804 audit(1774963919.753:9): pid=6851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.331" name="/newroot/79/file1/file1" dev="loop3" ino=6150 res=1 errno=0 [ 108.355513][ T5767] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 109.083057][ T6888] loop3: detected capacity change from 0 to 32768 [ 109.145130][ T6888] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 109.203710][ T6888] XFS (loop3): Ending clean mount [ 109.225629][ T6888] XFS (loop3): Quotacheck needed: Please wait. [ 109.330011][ T6888] XFS (loop3): Quotacheck: Done. [ 109.542354][ T5767] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 109.830509][ T6906] loop2: detected capacity change from 0 to 32768 [ 109.837965][ T6906] XFS: attr2 mount option is deprecated. [ 109.857092][ T6906] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 109.969831][ T6906] XFS (loop2): Ending clean mount [ 110.007833][ T6906] XFS (loop2): Quotacheck needed: Please wait. [ 110.014878][ T6926] loop1: detected capacity change from 0 to 2048 [ 110.059588][ T6926] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 110.148164][ T6906] XFS (loop2): Quotacheck: Done. [ 110.200952][ T6925] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 110.208685][ T27] audit: type=1800 audit(1774963921.713:10): pid=6906 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.344" name="file1" dev="loop2" ino=4422 res=0 errno=0 [ 110.253338][ T6925] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 110.268044][ T6925] EXT4-fs (loop1): This should not happen!! Data will be lost [ 110.268044][ T6925] [ 110.279808][ T6925] EXT4-fs (loop1): Total free blocks count 0 [ 110.286883][ T6925] EXT4-fs (loop1): Free/Dirty block details [ 110.311345][ T6925] EXT4-fs (loop1): free_blocks=4096 [ 110.318846][ T6925] EXT4-fs (loop1): dirty_blocks=16 [ 110.324014][ T6925] EXT4-fs (loop1): Block reservation details [ 110.334218][ T6925] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 110.346368][ T6926] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 110.518238][ T5769] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 110.539707][ T6938] netlink: 4 bytes leftover after parsing attributes in process `syz.1.352'. [ 111.384355][ T5807] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 111.574436][ T5807] usb 3-1: Using ep0 maxpacket: 16 [ 111.578846][ T6962] loop1: detected capacity change from 0 to 512 [ 111.584194][ T5807] usb 3-1: config 1 has an invalid interface number: 105 but max is 0 [ 111.604345][ T5807] usb 3-1: config 1 has no interface number 0 [ 111.624438][ T5807] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 111.636449][ T6962] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 111.649736][ T5807] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 111.691583][ T5807] usb 3-1: config 1 interface 105 has no altsetting 0 [ 111.722632][ T6962] EXT4-fs error (device loop1): ext4_orphan_get:1424: comm syz.1.361: bad orphan inode 131083 [ 111.746001][ T5807] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 111.775636][ T5807] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 111.793803][ T6962] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 111.821745][ T6966] loop0: detected capacity change from 0 to 256 [ 111.832310][ T5807] usb 3-1: Product: syz [ 111.838944][ T6952] loop3: detected capacity change from 0 to 40427 [ 111.844230][ T5807] usb 3-1: Manufacturer: syz [ 111.845427][ T5807] usb 3-1: SerialNumber: syz [ 111.860612][ T6945] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 111.880473][ T6952] F2FS-fs (loop3): invalid crc value [ 111.881197][ T6945] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 111.907490][ T6966] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 111.925650][ T6952] F2FS-fs (loop3): Found nat_bits in checkpoint [ 112.076068][ T6952] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 112.219473][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.246891][ T5767] syz-executor: attempt to access beyond end of device [ 112.246891][ T5767] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 112.292946][ T5767] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 112.379700][ T6945] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 112.394457][ T6945] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 112.541981][ T6977] loop1: detected capacity change from 0 to 64 [ 112.829752][ T5807] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32 [ 112.897922][ T6981] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.937778][ T6988] set_capacity_and_notify: 1 callbacks suppressed [ 112.937791][ T6988] loop1: detected capacity change from 0 to 1024 [ 113.088291][ T5807] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 113.101437][ T6981] EXT4-fs (loop3): shut down requested (2) [ 113.172642][ T5807] aqc111 3-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, e4:5d:bf:c3:ab:ee [ 113.203851][ T5807] usb 3-1: USB disconnect, device number 5 [ 113.220497][ T5807] aqc111 3-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 113.246620][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.403486][ T5807] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 113.443521][ T5807] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 113.464151][ T5807] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 114.154602][ T28] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 114.194565][ T5807] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 114.364622][ T28] usb 1-1: Using ep0 maxpacket: 8 [ 114.383888][ T5807] usb 3-1: Using ep0 maxpacket: 8 [ 114.388545][ T28] usb 1-1: config index 0 descriptor too short (expected 5924, got 36) [ 114.402599][ T5807] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 114.418451][ T28] usb 1-1: config 250 has an invalid interface number: 228 but max is -1 [ 114.425172][ T5807] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 114.439129][ T28] usb 1-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 114.468209][ T28] usb 1-1: config 250 has no interface number 0 [ 114.504543][ T28] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 114.564216][ T28] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 114.612608][ T28] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid maxpacket 28276, setting to 1024 [ 114.657974][ T28] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 1024 [ 114.704652][ T28] usb 1-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 114.773649][ T28] usb 1-1: config 250 interface 228 has no altsetting 0 [ 114.817168][ T28] usb 1-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 114.856258][ T28] usb 1-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 114.889508][ T28] usb 1-1: Product: syz [ 114.909799][ T28] usb 1-1: SerialNumber: syz [ 114.955885][ T28] hub 1-1:250.228: bad descriptor, ignoring hub [ 114.962201][ T28] hub: probe of 1-1:250.228 failed with error -5 [ 115.220718][ T28] usblp 1-1:250.228: usblp0: USB Bidirectional printer dev 7 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 115.459338][ T7035] loop3: detected capacity change from 0 to 131072 [ 115.469501][ T5807] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 115.479353][ T7035] F2FS-fs (loop3): Invalid log sectorsize (67108873) [ 115.486095][ T7035] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 115.494704][ T5807] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 115.505174][ T5807] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 115.518335][ T7035] F2FS-fs (loop3): invalid crc value [ 115.525066][ T5807] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 115.534401][ T5807] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.557922][ T7035] F2FS-fs (loop3): Found nat_bits in checkpoint [ 115.561405][ T28] usb 1-1: reset high-speed USB device number 7 using dummy_hcd [ 115.611085][ T7035] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 115.618289][ T7035] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 115.764663][ T5807] usb 3-1: usb_control_msg returned -32 [ 115.770285][ T5807] usbtmc 3-1:16.0: can't read capabilities [ 116.200260][ T7062] loop1: detected capacity change from 0 to 512 [ 116.215185][ T7062] EXT4-fs: Ignoring removed oldalloc option [ 116.239606][ T7062] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 116.258368][ T7062] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.388: invalid indirect mapped block 256 (level 2) [ 116.283856][ T7062] EXT4-fs (loop1): 2 truncates cleaned up [ 116.299529][ T7062] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.371144][ T1078] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm kworker/u4:5: bg 0: block 5: invalid block bitmap [ 116.401336][ T1078] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 4 with error 28 [ 116.416065][ T1078] EXT4-fs (loop1): This should not happen!! Data will be lost [ 116.416065][ T1078] [ 116.426717][ T1078] EXT4-fs (loop1): Total free blocks count 0 [ 116.432746][ T1078] EXT4-fs (loop1): Free/Dirty block details [ 116.439012][ C0] usblp0: nonzero read bulk status received: -71 [ 116.444001][ T1078] EXT4-fs (loop1): free_blocks=0 [ 116.451514][ T1078] EXT4-fs (loop1): dirty_blocks=4 [ 116.473891][ T1078] EXT4-fs (loop1): Block reservation details [ 116.481276][ T1078] EXT4-fs (loop1): i_reserved_data_blocks=4 [ 116.493835][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.511451][ T28] usb 1-1: USB disconnect, device number 7 [ 116.562342][ T28] usblp0: removed [ 116.770559][ T7069] loop3: detected capacity change from 0 to 512 [ 116.802983][ T7069] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.849711][ T7069] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 116.963337][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.468897][ T7086] loop1: detected capacity change from 0 to 32768 [ 117.483149][ T7086] (syz.1.395,7086,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 117.501418][ T7086] (syz.1.395,7086,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 117.550621][ T7086] JBD2: Ignoring recovery information on journal [ 117.618351][ T7086] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 117.631044][ T7084] loop0: detected capacity change from 0 to 40427 [ 117.636338][ T28] usb 3-1: USB disconnect, device number 6 [ 117.659764][ T7084] F2FS-fs (loop0): invalid crc value [ 117.680585][ T7084] F2FS-fs (loop0): Found nat_bits in checkpoint [ 117.804167][ T7084] F2FS-fs (loop0): Start checkpoint disabled! [ 117.833790][ T7084] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 118.074091][ T27] audit: type=1800 audit(1774963929.583:11): pid=7097 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.395" name="file1" dev="loop1" ino=16979 res=0 errno=0 [ 118.224604][ T28] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 118.265327][ T7086] syz.1.395 (7086) used greatest stack depth: 18736 bytes left [ 118.330691][ T59] kworker/u4:4: attempt to access beyond end of device [ 118.330691][ T59] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 118.331558][ T5768] ocfs2: Unmounting device (7,1) on (node local) [ 118.354228][ T59] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 118.424625][ T28] usb 3-1: Using ep0 maxpacket: 8 [ 118.436534][ T28] usb 3-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 118.455026][ T28] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=239 [ 118.463234][ T28] usb 3-1: Product: syz [ 118.481457][ T28] usb 3-1: Manufacturer: syz [ 118.493503][ T28] usb 3-1: SerialNumber: syz [ 118.516790][ T28] usb 3-1: config 0 descriptor?? [ 118.539473][ T28] gspca_main: sq905-2.14.0 probing 2770:9120 [ 118.984620][ T5809] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 119.176481][ T5809] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.187575][ T5809] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 119.198597][ T5809] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 119.210357][ T5809] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 119.218465][ T5809] usb 1-1: Manufacturer: syz [ 119.227601][ T5809] usb 1-1: config 0 descriptor?? [ 119.538149][ T28] gspca_sq905: bulk read fail (-22) len 0/4 [ 119.544338][ T28] sq905: probe of 3-1:0.0 failed with error -5 [ 119.776617][ T5807] usb 3-1: USB disconnect, device number 7 [ 120.068112][ T5809] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0003/input/input8 [ 120.093628][ T7079] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 120.125088][ T5809] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0003/input/input9 [ 120.185204][ T5809] input: syz Touch Strip as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0003/input/input10 [ 120.286966][ T5809] input: syz Dial as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0003/input/input11 [ 120.394985][ T5809] uclogic 0003:256C:006D.0003: input,hidraw0: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.0-1/input0 [ 120.490617][ T5809] usb 1-1: USB disconnect, device number 8 [ 120.688400][ T7109] loop1: detected capacity change from 0 to 131072 [ 120.723095][ T7109] F2FS-fs (loop1): invalid crc value [ 120.800162][ T7109] F2FS-fs (loop1): Found nat_bits in checkpoint [ 120.872808][ T7114] fido_id[7114]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 120.887543][ T7109] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 121.022689][ T7109] F2FS-fs (loop1): Stopped filesystem due to reason: 0 [ 122.212600][ T7148] loop2: detected capacity change from 0 to 512 [ 122.245414][ T7148] EXT4-fs: Ignoring removed bh option [ 122.295257][ T7148] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 122.327854][ T7148] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 122.341955][ T7148] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.413: Corrupt directory, running e2fsck is recommended [ 122.360974][ T7148] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 122.369627][ T7148] EXT4-fs error (device loop2): ext4_iget_extra_inode:4732: inode #15: comm syz.2.413: corrupted in-inode xattr: invalid ea_ino [ 122.404586][ T7148] EXT4-fs (loop2): Remounting filesystem read-only [ 122.413837][ T7148] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.551510][ T7148] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 122.603557][ T7148] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 122.638861][ T7153] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 122.645309][ T7148] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.413: Corrupt directory, running e2fsck is recommended [ 122.678801][ T7153] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 122.694583][ T7153] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.413: Corrupt directory, running e2fsck is recommended [ 122.763343][ T7148] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 122.782574][ T7148] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 122.800868][ T7148] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.413: Corrupt directory, running e2fsck is recommended [ 122.822900][ T7148] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 122.881261][ T7142] loop0: detected capacity change from 0 to 40427 [ 122.891871][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.915985][ T7142] F2FS-fs (loop0): heap/no_heap options were deprecated [ 122.936232][ T7142] F2FS-fs (loop0): build fault injection attr: rate: 19, type: 0x7ffff [ 122.964614][ T7142] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77e8c [ 123.013553][ T7142] F2FS-fs (loop0): invalid crc value [ 123.032915][ T7142] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x21d/0x9b0 [ 123.061404][ T7142] F2FS-fs (loop0): Found nat_bits in checkpoint [ 123.185367][ T7142] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650 [ 123.220951][ C1] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of blk_update_request+0x597/0xe40 [ 123.256160][ T7142] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 123.377536][ T7142] F2FS-fs (loop0): inject no more block in inc_valid_node_count of f2fs_new_node_page+0x187/0x910 [ 123.404756][ T7172] loop2: detected capacity change from 0 to 2048 [ 123.446105][ T7172] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 123.468012][ T7142] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_mpage_readpages+0xc1a/0x1ea0 [ 123.506359][ T7172] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 123.516503][ T7142] syz.0.412: attempt to access beyond end of device [ 123.516503][ T7142] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 123.570280][ T7172] UDF-fs: Scanning with blocksize 512 failed [ 123.621884][ T7172] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 123.697033][ T5766] syz-executor: attempt to access beyond end of device [ 123.697033][ T5766] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 123.716908][ T5766] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 123.779594][ T7176] loop3: detected capacity change from 0 to 4096 [ 123.905775][ T7181] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 123.992538][ T7184] netlink: 'syz.1.428': attribute type 12 has an invalid length. [ 124.024362][ T7184] netlink: 4 bytes leftover after parsing attributes in process `syz.1.428'. [ 124.053817][ T7184] netlink: 'syz.1.428': attribute type 12 has an invalid length. [ 124.086110][ T7184] netlink: 4 bytes leftover after parsing attributes in process `syz.1.428'. [ 124.437647][ T7195] netlink: 'syz.1.432': attribute type 11 has an invalid length. [ 124.620483][ T7201] loop0: detected capacity change from 0 to 128 [ 124.661071][ T7201] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 124.699620][ T7201] ext4 filesystem being mounted at /105/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 124.865342][ T5766] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 126.630324][ T786] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 126.696388][ T786] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 126.784456][ T23] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 126.965450][ T7275] loop0: detected capacity change from 0 to 1024 [ 127.007666][ T23] usb 4-1: unable to get BOS descriptor or descriptor too short [ 127.023944][ T23] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 50, changing to 7 [ 127.052876][ T23] usb 4-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40 [ 127.072005][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.094454][ T23] usb 4-1: Product: syz [ 127.098728][ T23] usb 4-1: Manufacturer: syz [ 127.103337][ T23] usb 4-1: SerialNumber: syz [ 127.318813][ T1317] hfsplus: b-tree write err: -5, ino 3 [ 127.331455][ T5766] hfsplus: node 4:3 still has 2 user(s)! [ 127.393453][ T23] snd-ua101 4-1:1.1: invalid format type [ 127.413662][ T23] snd-ua101 4-1:1.0: invalid num_altsetting [ 127.474182][ T23] usb 4-1: USB disconnect, device number 7 [ 128.186889][ T7315] netlink: 168 bytes leftover after parsing attributes in process `syz.3.462'. [ 128.625098][ T23] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 128.666421][ T7335] loop1: detected capacity change from 0 to 1024 [ 128.779888][ T59] hfsplus: b-tree write err: -5, ino 25 [ 128.786268][ T59] hfsplus: b-tree write err: -5, ino 4 [ 128.794775][ T59] hfsplus: b-tree write err: -5, ino 2 [ 128.800314][ T59] hfsplus: b-tree write err: -5, ino 26 [ 128.822719][ T23] usb 4-1: config 150 has an invalid interface number: 204 but max is 2 [ 128.837746][ T23] usb 4-1: config 150 has 2 interfaces, different from the descriptor's value: 3 [ 128.866729][ T23] usb 4-1: config 150 has no interface number 0 [ 128.884203][ T23] usb 4-1: config 150 interface 204 has no altsetting 0 [ 128.894134][ T7342] "syz.1.468" (7342) uses obsolete ecb(arc4) skcipher [ 128.915883][ T23] usb 4-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 128.952673][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.963600][ T23] usb 4-1: Product: syz [ 128.969260][ T23] usb 4-1: Manufacturer: syz [ 128.974418][ T23] usb 4-1: SerialNumber: syz [ 129.255831][ T23] xr_serial 4-1:150.204: skipping garbage [ 129.261649][ T23] xr_serial 4-1:150.204: xr_serial converter detected [ 129.503111][ T7348] loop0: detected capacity change from 0 to 40427 [ 129.539938][ T7348] F2FS-fs (loop0): invalid crc value [ 129.557181][ T7348] F2FS-fs (loop0): Found nat_bits in checkpoint [ 129.670528][ T7348] F2FS-fs (loop0): Start checkpoint disabled! [ 129.692109][ T7348] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 129.873500][ T59] kworker/u4:4: attempt to access beyond end of device [ 129.873500][ T59] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 129.894374][ T59] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 129.911947][ T59] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 130.057465][ T23] usb 4-1: xr_serial converter now attached to ttyUSB0 [ 130.275941][ T5807] usb 4-1: USB disconnect, device number 8 [ 130.290642][ T5807] xr_serial ttyUSB0: xr_serial converter now disconnected from ttyUSB0 [ 130.305230][ T5807] xr_serial 4-1:150.204: device disconnected [ 130.418248][ T7380] loop8: detected capacity change from 0 to 8 [ 130.433203][ T5973] Dev loop8: unable to read RDB block 8 [ 130.445423][ T5973] loop8: unable to read partition table [ 130.451189][ T5973] loop8: partition table beyond EOD, truncated [ 130.462399][ T7380] Dev loop8: unable to read RDB block 8 [ 130.469397][ T7380] loop8: unable to read partition table [ 130.475724][ T7380] loop8: partition table beyond EOD, truncated [ 130.482141][ T7380] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 130.914821][ T23] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 130.996226][ T7390] loop1: detected capacity change from 0 to 128 [ 131.006469][ T7390] EXT4-fs: Ignoring removed nobh option [ 131.021248][ T7390] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 131.038080][ T7390] ext4 filesystem being mounted at /142/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 131.108278][ T23] usb 1-1: config index 0 descriptor too short (expected 28277, got 36) [ 131.116763][ T23] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 131.129680][ T23] usb 1-1: config 0 has no interfaces? [ 131.135317][ T23] usb 1-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 131.138311][ T5768] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 131.144659][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.174423][ T6010] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 131.201140][ T23] usb 1-1: config 0 descriptor?? [ 131.385705][ T6010] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.396748][ T6010] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.406647][ T6010] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 131.415982][ T6010] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.427114][ T6010] usb 4-1: config 0 descriptor?? [ 131.481503][ T8] usb 1-1: USB disconnect, device number 9 [ 131.867714][ T6010] playstation 0003:054C:0DF2.0005: unknown main item tag 0x0 [ 131.879386][ T6010] playstation 0003:054C:0DF2.0005: unknown main item tag 0x0 [ 131.886934][ T6010] playstation 0003:054C:0DF2.0005: unknown main item tag 0x0 [ 131.901752][ T6010] playstation 0003:054C:0DF2.0005: unknown main item tag 0x0 [ 131.909497][ T6010] playstation 0003:054C:0DF2.0005: unknown main item tag 0x0 [ 131.919836][ T6010] playstation 0003:054C:0DF2.0005: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.3-1/input0 [ 132.061290][ T6010] playstation 0003:054C:0DF2.0005: Invalid reportID received, expected 9 got 0 [ 132.073908][ T6010] playstation 0003:054C:0DF2.0005: Failed to retrieve DualSense pairing info: -22 [ 132.085126][ T6010] playstation 0003:054C:0DF2.0005: Failed to get MAC address from DualSense [ 132.096543][ T6010] playstation 0003:054C:0DF2.0005: Failed to create dualsense. [ 132.112299][ T6010] playstation: probe of 0003:054C:0DF2.0005 failed with error -22 [ 132.330864][ T23] usb 4-1: USB disconnect, device number 9 [ 132.452401][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805d76c400: rx timeout, send abort [ 132.465060][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805d76c400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 132.554455][ T6010] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 132.741061][ T6010] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 132.751631][ T6010] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 132.764336][ T6010] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.779416][ T6010] usb 1-1: config 0 descriptor?? [ 132.803003][ T6010] pwc: Askey VC010 type 2 USB webcam detected. [ 132.998847][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.006955][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.242957][ T6010] pwc: recv_control_msg error -32 req 02 val 2b00 [ 133.255346][ T6010] pwc: recv_control_msg error -32 req 02 val 2700 [ 133.274381][ T6010] pwc: recv_control_msg error -32 req 02 val 2c00 [ 133.406397][ T7410] loop3: detected capacity change from 0 to 32768 [ 133.435336][ T7410] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 133.477134][ T7410] XFS (loop3): Ending clean mount [ 133.482952][ T6010] pwc: recv_control_msg error -71 req 04 val 1300 [ 133.509759][ T6010] pwc: recv_control_msg error -71 req 04 val 1400 [ 133.535251][ T6010] pwc: recv_control_msg error -71 req 02 val 2000 [ 133.553595][ T6010] pwc: recv_control_msg error -71 req 02 val 2100 [ 133.563262][ T6010] pwc: recv_control_msg error -71 req 04 val 1500 [ 133.583306][ T6010] pwc: recv_control_msg error -71 req 02 val 2500 [ 133.600230][ T6010] pwc: recv_control_msg error -71 req 02 val 2400 [ 133.617706][ T6010] pwc: recv_control_msg error -71 req 02 val 2600 [ 133.639734][ T5767] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 133.642772][ T6010] pwc: recv_control_msg error -71 req 02 val 2900 [ 133.659785][ T6010] pwc: recv_control_msg error -71 req 02 val 2800 [ 133.670919][ T6010] pwc: recv_control_msg error -71 req 04 val 1100 [ 133.684048][ T6010] pwc: recv_control_msg error -71 req 04 val 1200 [ 133.752320][ T6010] pwc: Registered as video103. [ 133.778286][ T6010] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input12 [ 133.818531][ T6010] usb 1-1: USB disconnect, device number 10 [ 134.130846][ T786] IPVS: starting estimator thread 0... [ 134.224523][ T7427] IPVS: using max 21 ests per chain, 50400 per kthread [ 134.276171][ T7432] netlink: 'syz.0.491': attribute type 1 has an invalid length. [ 134.284006][ T7432] netlink: 'syz.0.491': attribute type 4 has an invalid length. [ 134.293154][ T7432] netlink: 15334 bytes leftover after parsing attributes in process `syz.0.491'. [ 134.739779][ T7443] loop1: detected capacity change from 0 to 512 [ 134.814374][ T7443] EXT4-fs error (device loop1): ext4_orphan_get:1398: inode #15: comm syz.1.496: inode has both inline data and extents flags [ 134.836095][ T7443] EXT4-fs error (device loop1): ext4_orphan_get:1403: comm syz.1.496: couldn't read orphan inode 15 (err -117) [ 134.879781][ T7443] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.347835][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.448376][ T7449] loop0: detected capacity change from 0 to 40427 [ 135.471041][ T7449] F2FS-fs (loop0): invalid crc value [ 135.501579][ T7449] F2FS-fs (loop0): Found nat_bits in checkpoint [ 135.677673][ T7449] F2FS-fs (loop0): Start checkpoint disabled! [ 135.720459][ T7449] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 136.069811][ T1317] kworker/u4:8: attempt to access beyond end of device [ 136.069811][ T1317] loop0: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 136.103655][ T1317] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 136.116470][ T1317] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 136.124544][ T1317] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 136.896211][ T7489] loop3: detected capacity change from 0 to 4096 [ 137.006296][ T7489] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 137.025516][ T7489] ntfs3: loop3: Failed to load $Extend (-22). [ 137.032021][ T7489] ntfs3: loop3: Failed to initialize $Extend. [ 137.698644][ T7516] loop1: detected capacity change from 0 to 128 [ 137.722738][ T7516] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 137.793604][ T7516] UDF-fs: error (device loop1): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 137.833534][ T7516] UDF-fs: error (device loop1): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 137.980979][ T7522] loop2: detected capacity change from 0 to 512 [ 138.029413][ T7522] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 138.089248][ T7522] EXT4-fs error (device loop2): ext4_readdir:223: inode #12: comm syz.2.524: path /115/file0/file0: directory fails checksum at offset 0 [ 138.197594][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.478944][ T7518] loop3: detected capacity change from 0 to 32768 [ 138.675916][ T7539] syz.3.521: attempt to access beyond end of device [ 138.675916][ T7539] loop3: rw=2049, sector=4680032, nr_sectors = 8 limit=32768 [ 138.683034][ T7541] netlink: 'syz.2.531': attribute type 13 has an invalid length. [ 138.702267][ T7541] netlink: 4 bytes leftover after parsing attributes in process `syz.2.531'. [ 138.726165][ T7541] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 138.735145][ T7541] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 138.743844][ T7541] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 138.752686][ T7541] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 138.772146][ T7541] netlink: 'syz.2.531': attribute type 13 has an invalid length. [ 138.814365][ T7541] netlink: 4 bytes leftover after parsing attributes in process `syz.2.531'. [ 139.101047][ T111] blkno = 8ed2c, nblocks = 1 [ 139.106095][ T111] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map [ 139.106095][ T111] [ 139.149313][ T111] ERROR: (device loop3): remounting filesystem as read-only [ 139.378190][ T7556] netlink: 'syz.2.538': attribute type 2 has an invalid length. [ 139.478479][ T7562] tls_set_device_offload_rx: netdev not found [ 140.691686][ T7612] netlink: 'syz.2.556': attribute type 10 has an invalid length. [ 140.723980][ T7612] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 141.460965][ T7624] loop3: detected capacity change from 0 to 256 [ 141.500770][ T7624] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d) [ 142.114616][ T23] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 142.384384][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.418812][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.419199][ T7644] netlink: 'syz.0.572': attribute type 1 has an invalid length. [ 142.458769][ T23] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 142.471986][ T7644] netlink: 16179 bytes leftover after parsing attributes in process `syz.0.572'. [ 142.502888][ T23] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 142.531833][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.558047][ T23] usb 2-1: config 0 descriptor?? [ 142.754445][ T6010] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 142.954459][ T6010] usb 4-1: Using ep0 maxpacket: 8 [ 142.965370][ T6010] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 142.976893][ T6010] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 142.991219][ T6010] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.021700][ T6010] usb 4-1: config 0 descriptor?? [ 143.029604][ T23] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 143.050542][ T6010] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 143.085855][ T23] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 143.401433][ T7662] loop0: detected capacity change from 0 to 8192 [ 143.422857][ T7662] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 144.297503][ T6010] gspca_vc032x: reg_w err -71 [ 144.303522][ T6010] vc032x: probe of 4-1:0.0 failed with error -71 [ 144.330935][ T6010] usb 4-1: USB disconnect, device number 10 [ 144.439986][ C0] plantronics 0003:047F:FFFF.0006: usb_submit_urb(ctrl) failed: -1 [ 144.523597][ T7687] loop2: detected capacity change from 0 to 512 [ 144.554670][ T7687] EXT4-fs (loop2): 1 truncate cleaned up [ 144.568407][ T7687] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.673809][ T7687] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.588: invalid indirect mapped block 4294901760 (level 0) [ 144.698372][ T7687] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.588: invalid indirect mapped block 4294967295 (level 1) [ 144.753949][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.909656][ T7693] netlink: 4 bytes leftover after parsing attributes in process `syz.2.591'. [ 144.937935][ T7691] loop0: detected capacity change from 0 to 32768 [ 145.086737][ T7691] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 145.196029][ T7691] XFS (loop0): Ending clean mount [ 145.225775][ T7693] hsr_slave_1 (unregistering): left promiscuous mode [ 145.237172][ T7691] XFS (loop0): Quotacheck needed: Please wait. [ 145.290964][ T5807] usb 2-1: USB disconnect, device number 4 [ 145.339654][ T7691] XFS (loop0): Quotacheck: Done. [ 145.520659][ T7718] loop2: detected capacity change from 0 to 1024 [ 145.554207][ T7718] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e000c01c, mo2=0002] [ 145.583326][ T5766] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 145.588907][ T7718] System zones: 0-1, 3-36 [ 145.603347][ T7718] EXT4-fs error (device loop2): ext4_orphan_get:1424: comm syz.2.600: bad orphan inode 134217728 [ 145.655123][ T7718] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.798020][ T7718] syz.2.600 (pid 7718) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 145.843164][ T7722] loop3: detected capacity change from 0 to 4096 [ 145.891881][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.919827][ T6010] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 147.108648][ T6010] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 147.121314][ T6010] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.131380][ T6010] usb 1-1: Product: syz [ 147.146444][ T6010] usb 1-1: Manufacturer: syz [ 147.151191][ T6010] usb 1-1: SerialNumber: syz [ 147.414405][ T6010] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 147.455082][ T6010] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 147.530467][ T7752] loop1: detected capacity change from 0 to 4096 [ 147.658327][ T7752] ntfs3: loop1: ino=5, "/" directory corrupted [ 147.740471][ T7748] loop3: detected capacity change from 0 to 32768 [ 147.800945][ T7748] (syz.3.613,7748,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 147.834118][ T7748] (syz.3.613,7748,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 147.901526][ T7748] JBD2: Ignoring recovery information on journal [ 148.025158][ T7748] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 148.093839][ T6010] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 148.121050][ T6010] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 148.142352][ T6010] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 148.185561][ T6010] lan78xx: probe of 1-1:1.0 failed with error -71 [ 148.238279][ T6010] usb 1-1: USB disconnect, device number 11 [ 148.355400][ T7748] (syz.3.613,7748,0):ocfs2_remount:623 ERROR: Cannot change heartbeat mode on remount [ 148.367289][ T7770] loop2: detected capacity change from 0 to 1024 [ 148.388123][ T27] audit: type=1800 audit(1774963959.903:12): pid=7748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.613" name="file1" dev="loop3" ino=16979 res=0 errno=0 [ 148.414038][ T7770] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.527741][ T5767] ocfs2: Unmounting device (7,3) on (node local) [ 148.697065][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.164788][ T7786] loop2: detected capacity change from 0 to 128 [ 149.200886][ T7786] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 149.262143][ T7786] ext4 filesystem being mounted at /157/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 149.439122][ T7774] loop1: detected capacity change from 0 to 32768 [ 149.501481][ T7774] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 149.594748][ T7774] XFS (loop1): Ending clean mount [ 149.725552][ T27] audit: type=1800 audit(1774963961.213:13): pid=7774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.623" name="file2" dev="loop1" ino=6151 res=0 errno=0 [ 149.846922][ T5768] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 149.868893][ T7786] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-avx2)" [ 149.879339][ T7781] loop3: detected capacity change from 0 to 131072 [ 149.909887][ T7781] F2FS-fs (loop3): Allow to mount readonly mode only [ 150.049325][ T5769] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 150.069677][ T5975] I/O error, dev loop3, sector 130944 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 150.851289][ T7812] loop3: detected capacity change from 0 to 32768 [ 150.869414][ T7812] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.635 (7812) [ 150.913228][ T7812] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 150.924351][ T7812] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 150.933085][ T7812] BTRFS info (device loop3): enabling auto defrag [ 150.939768][ T7812] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 150.949235][ T7812] BTRFS info (device loop3): use zstd compression, level 3 [ 150.956519][ T7812] BTRFS info (device loop3): turning on async discard [ 150.963340][ T7812] BTRFS warning (device loop3): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 150.974211][ T7812] BTRFS info (device loop3): trying to use backup root at mount time [ 150.982364][ T7812] BTRFS info (device loop3): enabling ssd optimizations [ 150.989804][ T7812] BTRFS info (device loop3): using spread ssd allocation scheme [ 150.997602][ T7812] BTRFS info (device loop3): force zlib compression, level 3 [ 151.005483][ T7812] BTRFS info (device loop3): using free space tree [ 151.122535][ T1317] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 151.158185][ T7812] BTRFS error (device loop3): failed to load root extent [ 151.165430][ T7812] BTRFS warning (device loop3): try to load backup roots slot 1 [ 151.174663][ T59] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 151.256367][ T7812] BTRFS warning (device loop3): couldn't read tree root [ 151.263401][ T7812] BTRFS warning (device loop3): try to load backup roots slot 2 [ 151.271533][ T42] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 151.324714][ T7812] BTRFS warning (device loop3): couldn't read tree root [ 151.333382][ T7812] BTRFS warning (device loop3): try to load backup roots slot 3 [ 151.361189][ T7812] BTRFS info (device loop3): rebuilding free space tree [ 151.379346][ T7843] loop1: detected capacity change from 0 to 512 [ 151.387565][ T7812] BTRFS info (device loop3): checking UUID tree [ 151.501151][ T7843] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 151.623880][ T7843] ext4 filesystem being mounted at /182/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 151.783903][ T7840] loop2: detected capacity change from 0 to 32768 [ 151.803189][ T5767] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 151.865321][ T7840] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 151.907743][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.987854][ T7840] XFS (loop2): Ending clean mount [ 152.063202][ T7840] XFS (loop2): Quotacheck needed: Please wait. [ 152.145568][ T7868] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 152.187213][ T7869] loop1: detected capacity change from 0 to 128 [ 152.210414][ T7840] XFS (loop2): Quotacheck: Done. [ 152.565131][ T5769] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 152.668078][ T7873] loop0: detected capacity change from 0 to 2048 [ 152.828002][ T7873] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 153.048556][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.577607][ T7898] loop2: detected capacity change from 0 to 164 [ 153.639965][ T7904] netlink: 'syz.1.662': attribute type 12 has an invalid length. [ 153.648109][ T7904] netlink: 'syz.1.662': attribute type 29 has an invalid length. [ 153.667829][ T7904] netlink: 148 bytes leftover after parsing attributes in process `syz.1.662'. [ 153.694437][ T7904] netlink: 'syz.1.662': attribute type 2 has an invalid length. [ 153.724538][ T7904] netlink: 'syz.1.662': attribute type 3 has an invalid length. [ 153.753180][ T7904] netlink: 15 bytes leftover after parsing attributes in process `syz.1.662'. [ 153.921626][ T7911] loop2: detected capacity change from 0 to 16 [ 153.958212][ T7911] erofs: (device loop2): mounted with root inode @ nid 36. [ 154.071163][ T7911] erofs: (device loop2): erofs_read_inode: bogus i_mode (0) @ nid 281474976710655 [ 154.363857][ T7902] loop3: detected capacity change from 0 to 32768 [ 154.388073][ T7902] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.661 (7902) [ 154.428434][ T7902] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 154.454964][ T7902] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 154.463696][ T7902] BTRFS info (device loop3): using free space tree [ 154.581104][ T7902] BTRFS info (device loop3): enabling ssd optimizations [ 154.592416][ T7902] BTRFS info (device loop3): auto enabling async discard [ 154.984119][ T7919] loop2: detected capacity change from 0 to 40427 [ 155.015963][ T7919] F2FS-fs (loop2): Image doesn't support compression [ 155.042782][ T7918] loop0: detected capacity change from 0 to 32768 [ 155.051439][ T7919] F2FS-fs (loop2): Unrecognized mount option "whint_mode=fs-based" or missing value [ 155.109676][ T7921] loop1: detected capacity change from 0 to 32768 [ 155.114693][ T7918] JBD2: Ignoring recovery information on journal [ 155.142621][ T7918] jbd2_journal_bmap: journal block not found at offset 32 on loop0-75 [ 155.151505][ T7921] (syz.1.670,7921,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 155.152412][ T7918] JBD2: bad block at offset 32 [ 155.227500][ T7921] (syz.1.670,7921,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 155.232035][ T7918] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 155.297728][ T1078] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 155.326919][ T5767] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 155.469211][ T7921] JBD2: Ignoring recovery information on journal [ 155.679838][ T7921] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 155.946395][ T5766] ocfs2: Unmounting device (7,0) on (node local) [ 156.197339][ T27] audit: type=1800 audit(1774963967.713:14): pid=7921 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.670" name="file1" dev="loop1" ino=16980 res=0 errno=0 [ 156.349007][ T7961] netlink: 8 bytes leftover after parsing attributes in process `syz.0.674'. [ 156.442028][ T5768] ocfs2: Unmounting device (7,1) on (node local) [ 156.943933][ T7966] loop0: detected capacity change from 0 to 32768 [ 157.014067][ T7966] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 157.471911][ T5766] ocfs2: Unmounting device (7,0) on (node local) [ 157.643716][ T42] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 157.710416][ T42] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.775464][ T7968] loop1: detected capacity change from 0 to 131072 [ 157.788097][ T7968] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0) [ 157.796438][ T7968] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 157.823181][ T7968] F2FS-fs (loop1): invalid crc value [ 157.875290][ T7968] F2FS-fs (loop1): Found nat_bits in checkpoint [ 157.932813][ T7968] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 157.940126][ T7968] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 158.061631][ T42] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 158.094830][ T42] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.313150][ T42] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 158.344642][ T42] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.478897][ T42] bond0: (slave netdevsim0): Releasing backup interface [ 158.509965][ T42] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 158.514423][ T5771] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 158.531415][ T5771] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 158.540245][ T42] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.558888][ T5771] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 158.564654][ T6010] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 158.586609][ T5771] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 158.594993][ T5771] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 158.603404][ T5771] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 158.783525][ T6010] usb 4-1: Using ep0 maxpacket: 8 [ 158.808066][ T6010] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 158.858311][ T6010] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 158.914709][ T6010] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.945616][ T6010] usb 4-1: config 0 descriptor?? [ 159.234693][ T6010] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 159.331624][ T7989] chnl_net:caif_netlink_parms(): no params data found [ 159.486145][ T5807] usb 4-1: USB disconnect, device number 11 [ 159.871844][ T7989] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.900503][ T7989] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.907952][ T7989] bridge_slave_0: entered allmulticast mode [ 159.917102][ T7989] bridge_slave_0: entered promiscuous mode [ 159.940566][ T7989] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.948488][ T7989] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.955970][ T7989] bridge_slave_1: entered allmulticast mode [ 159.962674][ T7989] bridge_slave_1: entered promiscuous mode [ 160.024692][ T5807] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 160.037233][ T7989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 160.050183][ T7989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 160.139028][ T7989] team0: Port device team_slave_0 added [ 160.151561][ T7989] team0: Port device team_slave_1 added [ 160.157789][ T8] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 160.188603][ T7989] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 160.196947][ T7989] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 160.223684][ T7989] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 160.246882][ T5807] usb 2-1: Using ep0 maxpacket: 32 [ 160.286458][ T5807] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 160.321749][ T5807] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 160.331674][ T5807] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.351432][ T7989] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 160.359088][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 160.368977][ T8] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 160.377596][ T7989] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 160.407103][ T5807] usb 2-1: config 0 descriptor?? [ 160.412282][ T8] usb 1-1: config 179 has no interface number 0 [ 160.427599][ T5807] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 160.444390][ T8] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 160.448258][ T7989] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 160.475781][ T8] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 160.487501][ T8] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 160.504548][ T8] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 160.526462][ T8] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 160.583279][ T8] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 160.609628][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.643031][ T8022] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 160.681055][ T5777] Bluetooth: hci1: command tx timeout [ 160.761841][ T8] usb 2-1: USB disconnect, device number 5 [ 160.961211][ T7989] hsr_slave_0: entered promiscuous mode [ 160.996898][ T7989] hsr_slave_1: entered promiscuous mode [ 161.018803][ T8046] loop3: detected capacity change from 0 to 512 [ 161.034435][ T7989] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 161.046260][ T7989] Cannot create hsr debugfs directory [ 161.054520][ T5807] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input13 [ 161.084155][ T8046] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #12: comm syz.3.700: missing EA_INODE flag [ 161.141556][ T8046] EXT4-fs error (device loop3): ext4_xattr_inode_iget:446: comm syz.3.700: error while reading EA inode 12 err=-117 [ 161.164189][ T8046] EXT4-fs (loop3): 1 orphan inode deleted [ 161.211811][ T8046] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 161.438053][ T8050] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 161.474902][ T5807] usb 1-1: USB disconnect, device number 12 [ 161.474959][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 161.475006][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 161.479837][ T8046] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 161.504460][ T5807] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 161.615154][ T42] hsr_slave_0: left promiscuous mode [ 161.623814][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 161.645416][ T42] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 161.673742][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 161.686049][ T42] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 161.701149][ T42] bridge_slave_1: left allmulticast mode [ 161.710632][ T42] bridge_slave_1: left promiscuous mode [ 161.712857][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.719247][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.791715][ T42] bridge_slave_0: left allmulticast mode [ 161.804301][ T42] bridge_slave_0: left promiscuous mode [ 161.810081][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.935850][ T8056] loop3: detected capacity change from 0 to 4096 [ 161.947107][ T42] veth1_macvtap: left promiscuous mode [ 161.965307][ T42] veth0_macvtap: left promiscuous mode [ 161.973434][ T42] veth1_vlan: left promiscuous mode [ 161.982360][ T42] veth0_vlan: left promiscuous mode [ 162.031180][ T8060] loop1: detected capacity change from 0 to 1024 [ 162.042560][ T8060] EXT4-fs: Ignoring removed orlov option [ 162.148845][ T8060] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 162.338252][ T8060] EXT4-fs error (device loop1): __ext4_new_inode:1284: comm syz.1.705: failed to insert inode 15: doubly allocated? [ 162.365032][ T8060] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2853: Unable to expand inode 13. Delete some EAs or run e2fsck. [ 162.462285][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.754985][ T5777] Bluetooth: hci1: command tx timeout [ 162.983221][ T8078] loop0: detected capacity change from 0 to 2048 [ 163.030221][ T8078] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=66359, location=66359 [ 163.067152][ T8084] netlink: 'syz.3.713': attribute type 3 has an invalid length. [ 163.098472][ T8078] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 163.272541][ T8086] loop1: detected capacity change from 0 to 1024 [ 163.285551][ T8086] EXT4-fs: Ignoring removed oldalloc option [ 163.297786][ T8086] EXT4-fs: Ignoring removed bh option [ 163.305495][ T8086] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 163.363732][ T8086] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 163.646434][ T8092] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 163.668996][ T8092] UDF-fs: Scanning with blocksize 512 failed [ 163.680228][ T8092] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 163.701958][ T8092] UDF-fs: Scanning with blocksize 1024 failed [ 163.711697][ T8092] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 163.720218][ T8092] UDF-fs: Scanning with blocksize 2048 failed [ 163.753829][ T8092] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 163.765072][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.802133][ T8092] UDF-fs: Scanning with blocksize 4096 failed [ 163.983118][ T42] team0 (unregistering): Port device team_slave_1 removed [ 164.042483][ T42] team0 (unregistering): Port device team_slave_0 removed [ 164.121375][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 164.190738][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 164.753371][ T42] bond0 (unregistering): Released all slaves [ 164.834720][ T5777] Bluetooth: hci1: command tx timeout [ 164.916358][ T8095] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 165.325956][ T7989] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 165.369354][ T7989] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 165.421053][ T7989] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 165.464656][ T7989] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 165.816683][ T7989] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.843096][ T7989] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.856765][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.863987][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.892967][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.900175][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 165.909741][ T5808] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 166.019254][ T8123] loop0: detected capacity change from 0 to 512 [ 166.033628][ T8123] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 166.092292][ T8129] "syz.3.725" (8129) uses obsolete ecb(arc4) skcipher [ 166.105531][ T8123] EXT4-fs (loop0): 1 truncate cleaned up [ 166.114470][ T5808] usb 2-1: Using ep0 maxpacket: 16 [ 166.125488][ T5808] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.135593][ T8123] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 166.137163][ T5808] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.159055][ T5808] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 166.172461][ T5808] usb 2-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 166.182859][ T5808] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.196529][ T5808] usb 2-1: config 0 descriptor?? [ 166.351627][ T8133] loop3: detected capacity change from 0 to 512 [ 166.460367][ T8133] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.475062][ T5766] EXT4-fs error (device loop0): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 166.518411][ T8133] ext4 filesystem being mounted at /156/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 166.688286][ T5808] input: HID 05ac:8241 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:05AC:8241.0007/input/input14 [ 166.701632][ T7989] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 166.817572][ T5808] appleir 0003:05AC:8241.0007: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.1-1/input0 [ 166.885018][ T5808] usb 2-1: USB disconnect, device number 6 [ 166.915815][ T5777] Bluetooth: hci1: command tx timeout [ 167.076817][ T8147] fido_id[8147]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 167.100157][ T6773] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.245506][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.502052][ T7989] veth0_vlan: entered promiscuous mode [ 167.541857][ T7989] veth1_vlan: entered promiscuous mode [ 167.635288][ T7989] veth0_macvtap: entered promiscuous mode [ 167.655005][ T7989] veth1_macvtap: entered promiscuous mode [ 167.697458][ T7989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.725339][ T7989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.748741][ T7989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.785700][ T7989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.804278][ T7989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.824188][ T7989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.838465][ T7989] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 167.868939][ T7989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.899623][ T7989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.928844][ T7989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.946693][ T7989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.957564][ T7989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.968361][ T7989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.979977][ T7989] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 168.019428][ T7989] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.054380][ T7989] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.063134][ T7989] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.084435][ T7989] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.118778][ T8171] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 168.137232][ T8171] batadv_slave_0: entered promiscuous mode [ 168.382366][ T1317] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 168.415143][ T5771] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 168.427043][ T5771] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 168.427919][ T1317] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 168.444650][ T5771] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 168.455747][ T5771] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 168.475346][ T5771] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 168.482925][ T5771] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 168.575226][ T1317] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 168.611288][ T1317] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 168.770153][ T8175] loop1: detected capacity change from 0 to 32768 [ 168.784729][ T8175] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.734 (8175) [ 168.857001][ T8175] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 168.900572][ T8175] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 168.922156][ T8175] BTRFS info (device loop1): enabling auto defrag [ 168.969642][ T8175] BTRFS info (device loop1): use no compression [ 169.006691][ T8175] BTRFS info (device loop1): max_inline at 4096 [ 169.013053][ T8175] BTRFS info (device loop1): using free space tree [ 169.059545][ T8180] chnl_net:caif_netlink_parms(): no params data found [ 169.215773][ T8175] BTRFS info (device loop1): enabling ssd optimizations [ 169.258755][ T8175] BTRFS info (device loop1): auto enabling async discard [ 169.321745][ T8229] loop3: detected capacity change from 0 to 8 [ 169.428130][ T8229] SQUASHFS error: Unable to read inode 0x127 [ 169.518253][ T8180] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.571615][ T8180] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.600348][ T8180] bridge_slave_0: entered allmulticast mode [ 169.628783][ T8180] bridge_slave_0: entered promiscuous mode [ 169.668324][ T8180] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.686163][ T8180] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.705887][ T8180] bridge_slave_1: entered allmulticast mode [ 169.726265][ T8180] bridge_slave_1: entered promiscuous mode [ 169.826186][ T5768] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 169.838384][ T8180] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.879019][ T8180] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 170.032931][ T8180] team0: Port device team_slave_0 added [ 170.192813][ T8180] team0: Port device team_slave_1 added [ 170.405924][ T786] IPVS: starting estimator thread 0... [ 170.423864][ T8180] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 170.455546][ T8180] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.517431][ T5777] Bluetooth: hci3: command tx timeout [ 170.534712][ T8256] IPVS: using max 22 ests per chain, 52800 per kthread [ 170.544372][ T8180] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 170.606450][ T8180] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 170.613695][ T8180] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.639631][ C1] vkms_vblank_simulate: vblank timer overrun [ 170.731114][ T8180] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 170.951291][ T8180] hsr_slave_0: entered promiscuous mode [ 170.992727][ T8180] hsr_slave_1: entered promiscuous mode [ 171.018151][ T8180] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 171.042080][ T8180] Cannot create hsr debugfs directory [ 171.094075][ T8272] loop1: detected capacity change from 0 to 512 [ 171.173985][ T8272] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 171.266717][ T8272] EXT4-fs (loop1): 1 truncate cleaned up [ 171.273650][ T8272] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 171.860855][ T8180] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 171.881893][ T8180] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 171.912399][ T8180] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 171.942591][ T8180] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 171.978447][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.215611][ T27] audit: type=1326 audit(1774963983.733:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8293 comm="syz.3.754" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f003379c819 code=0x0 [ 172.237104][ C1] vkms_vblank_simulate: vblank timer overrun [ 172.247124][ T8180] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.296756][ T8180] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.327888][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.335115][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.367898][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.375151][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.605450][ T5777] Bluetooth: hci3: command tx timeout [ 173.041121][ T8309] loop1: detected capacity change from 0 to 40427 [ 173.064344][ T8309] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x7ffff [ 173.072980][ T8309] F2FS-fs (loop1): Image doesn't support compression [ 173.079861][ T8309] F2FS-fs (loop1): Image doesn't support compression [ 173.092359][ T8309] F2FS-fs (loop1): invalid crc value [ 173.121202][ T8309] F2FS-fs (loop1): Found nat_bits in checkpoint [ 173.179406][ T8180] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.195221][ T8309] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 173.285411][ T8309] F2FS-fs (loop1): inject orphan in f2fs_acquire_orphan_inode of __f2fs_tmpfile+0x1a8/0x340 [ 173.407937][ T5768] syz-executor: attempt to access beyond end of device [ 173.407937][ T5768] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 173.484468][ T5768] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 173.491616][ T5768] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 173.959968][ T8180] veth0_vlan: entered promiscuous mode [ 174.001717][ T8180] veth1_vlan: entered promiscuous mode [ 174.111534][ T8180] veth0_macvtap: entered promiscuous mode [ 174.170933][ T8180] veth1_macvtap: entered promiscuous mode [ 174.234881][ T8180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.275146][ T8180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.301373][ T8324] loop4: detected capacity change from 0 to 32768 [ 174.307918][ T8180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.324372][ T8180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.364542][ T8180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.389083][ T8180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.399163][ T8324] (syz.4.758,8324,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 174.455975][ T8180] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 174.467882][ T8348] loop1: detected capacity change from 0 to 512 [ 174.475947][ T8324] (syz.4.758,8324,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 174.499081][ T8180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.530722][ T8348] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 174.545486][ T8180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.579656][ T8180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.592967][ T8180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.604573][ T8180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.615308][ T8180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.626087][ T8180] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.637114][ T8180] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.647052][ T8324] JBD2: Ignoring recovery information on journal [ 174.648536][ T8180] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 174.668709][ T8348] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 174.684765][ T5777] Bluetooth: hci3: command tx timeout [ 174.738851][ T8180] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.752751][ T8180] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.763171][ T8180] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.772014][ T8180] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.775631][ T8348] ext4 filesystem being mounted at /214/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 174.832749][ T8324] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 175.031137][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.044987][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.057362][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.094688][ T5807] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 175.141917][ T1096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.175315][ T1096] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.297133][ T5807] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 175.314885][ T5807] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.358968][ T5807] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.369752][ T27] audit: type=1800 audit(1774963986.863:16): pid=8367 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.758" name="file1" dev="loop4" ino=16979 res=0 errno=0 [ 175.391567][ T5807] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 175.446536][ T5807] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 175.486252][ T5807] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.537963][ T5807] usb 4-1: config 0 descriptor?? [ 175.711177][ T8324] (syz.4.758,8324,0):ocfs2_dio_end_io:2428 ERROR: Direct IO failed, bytes = -4 [ 175.951812][ T7989] ocfs2: Unmounting device (7,4) on (node local) [ 176.000484][ T5807] plantronics 0003:047F:FFFF.0008: unknown main item tag 0xd [ 176.022749][ T5807] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 176.076365][ T5807] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 176.390658][ T6010] usb 4-1: USB disconnect, device number 12 [ 176.724115][ T8385] loop5: detected capacity change from 0 to 32768 [ 176.750200][ T8385] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.770 (8385) [ 176.763026][ T5777] Bluetooth: hci3: command tx timeout [ 176.783427][ T8385] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 176.811711][ T8402] loop4: detected capacity change from 0 to 1024 [ 176.837541][ T8385] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 176.865718][ T8402] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 176.894443][ T8385] BTRFS info (device loop5): enabling auto defrag [ 176.900935][ T8385] BTRFS info (device loop5): use no compression [ 176.915107][ T8385] BTRFS info (device loop5): max_inline at 4096 [ 176.925066][ T8385] BTRFS info (device loop5): using free space tree [ 176.965081][ T8402] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.997372][ T8402] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 177.071553][ T8396] loop1: detected capacity change from 0 to 32768 [ 177.130063][ T8396] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.772 (8396) [ 177.172429][ T8396] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 177.226207][ T8385] BTRFS info (device loop5): enabling ssd optimizations [ 177.244444][ T8396] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 177.251843][ T8385] BTRFS info (device loop5): auto enabling async discard [ 177.295521][ T8396] BTRFS info (device loop1): using free space tree [ 177.354787][ T7989] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 177.600276][ T8396] BTRFS info (device loop1): enabling ssd optimizations [ 177.632515][ T8396] BTRFS info (device loop1): auto enabling async discard [ 177.770122][ T8180] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 178.239014][ T42] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 178.393206][ T5768] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 178.904385][ T786] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 179.099214][ T8477] loop1: detected capacity change from 0 to 2048 [ 179.127744][ T786] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 179.144343][ T786] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 179.153403][ T8477] loop1: p2 p3 < > p4 < p5 > [ 179.164181][ T786] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 179.182711][ T786] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.207110][ T8467] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 179.251675][ T786] usb 6-1: Quirk or no altest; falling back to MIDI 1.0 [ 179.596221][ T5808] usb 6-1: USB disconnect, device number 2 [ 180.208099][ T8504] loop4: detected capacity change from 0 to 1024 [ 180.268402][ T27] audit: type=1800 audit(1774963991.783:17): pid=8504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.800" name=80E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E29080E [ 180.336900][ T59] hfsplus: b-tree write err: -5, ino 4 [ 180.399634][ T8507] netlink: 11 bytes leftover after parsing attributes in process `syz.3.802'. [ 180.436628][ T5808] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 180.462936][ T59] hfsplus: b-tree write err: -5, ino 2 [ 180.526972][ T8509] kernel read not supported for file /file0 (pid: 8509 comm: syz.4.801) [ 180.550204][ T27] audit: type=1800 audit(1774963992.063:18): pid=8509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.801" name="file0" dev="mqueue" ino=16048 res=0 errno=0 [ 180.641434][ T5808] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 180.671914][ T5808] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 180.692494][ T5808] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 180.709261][ T5808] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 180.719302][ T5808] usb 2-1: SerialNumber: syz [ 180.955233][ T5808] usb 2-1: 0:2 : does not exist [ 181.029586][ T5808] usb 2-1: USB disconnect, device number 7 [ 181.111170][ T5973] udevd[5973]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 182.264364][ T28] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 182.349896][ T8542] loop3: detected capacity change from 0 to 32768 [ 182.365326][ T8542] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.811 (8542) [ 182.405838][ T8542] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 182.429848][ T8542] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 182.448294][ T8542] BTRFS info (device loop3): enabling auto defrag [ 182.457728][ T28] usb 2-1: config 0 has no interfaces? [ 182.464330][ T8542] BTRFS info (device loop3): use no compression [ 182.470661][ T8542] BTRFS info (device loop3): max_inline at 4096 [ 182.487221][ T8542] BTRFS info (device loop3): using free space tree [ 182.494859][ T28] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 182.536299][ T28] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.555109][ T28] usb 2-1: config 0 descriptor?? [ 182.562194][ T8581] loop5: detected capacity change from 0 to 512 [ 182.583084][ T8581] EXT4-fs: Ignoring removed bh option [ 182.607863][ T8581] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 182.613288][ T8542] BTRFS info (device loop3): enabling ssd optimizations [ 182.625369][ T8542] BTRFS info (device loop3): auto enabling async discard [ 182.733004][ T8581] EXT4-fs (loop5): 1 truncate cleaned up [ 182.748138][ T8581] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.789154][ T28] usb 2-1: USB disconnect, device number 8 [ 182.819899][ T27] audit: type=1800 audit(1774963994.333:19): pid=8542 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.811" name="file1" dev="loop3" ino=263 res=0 errno=0 [ 182.891050][ T27] audit: type=1800 audit(1774963994.403:20): pid=8581 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.822" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 182.985738][ T5767] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 183.052644][ T8180] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.102438][ T5973] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 10 /dev/loop3 scanned by udevd (5973) [ 183.130105][ T8598] loop4: detected capacity change from 0 to 512 [ 183.166832][ T8598] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 183.242865][ T8598] EXT4-fs (loop4): orphan cleanup on readonly fs [ 183.288359][ T8598] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 183.373363][ T8598] EXT4-fs (loop4): 1 truncate cleaned up [ 183.415868][ T8598] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 183.733780][ T7989] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.059302][ T8622] loop4: detected capacity change from 0 to 128 [ 184.263397][ T8604] loop5: detected capacity change from 0 to 32768 [ 184.268862][ T8627] trusted_key: encrypted_key: insufficient parameters specified [ 184.308924][ T8604] (syz.5.825,8604,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 184.368948][ T8604] (syz.5.825,8604,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 184.482780][ T8604] JBD2: Ignoring recovery information on journal [ 184.636127][ T8604] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 185.184641][ T27] audit: type=1800 audit(1774963996.683:21): pid=8656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.825" name="file1" dev="loop5" ino=16979 res=0 errno=0 [ 185.571681][ T8642] loop4: detected capacity change from 0 to 32768 [ 185.601439][ T8642] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.839 (8642) [ 185.702863][ T8642] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 185.717430][ T8180] ocfs2: Unmounting device (7,5) on (node local) [ 185.748144][ T8642] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 185.793038][ T8642] BTRFS info (device loop4): using free space tree [ 185.972618][ T8642] BTRFS info (device loop4): enabling ssd optimizations [ 186.032890][ T8642] BTRFS info (device loop4): auto enabling async discard [ 186.262878][ T8660] loop3: detected capacity change from 0 to 32768 [ 186.274652][ T5771] Bluetooth: hci0: command 0x0406 tx timeout [ 186.413110][ T8660] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 186.511630][ T1078] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 186.702014][ T8660] XFS (loop3): Ending clean mount [ 186.705051][ T7989] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 186.711987][ T8660] XFS (loop3): Quotacheck needed: Please wait. [ 186.833174][ T8660] XFS (loop3): Quotacheck: Done. [ 187.244633][ T8715] netlink: 20 bytes leftover after parsing attributes in process `syz.4.856'. [ 187.367702][ T5767] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 187.802066][ T8705] loop5: detected capacity change from 0 to 40427 [ 187.900270][ T8705] F2FS-fs (loop5): invalid crc value [ 187.930187][ T8727] bridge_slave_0: left allmulticast mode [ 187.939588][ T8705] F2FS-fs (loop5): Found nat_bits in checkpoint [ 187.952943][ T8727] bridge_slave_0: left promiscuous mode [ 187.980921][ T8727] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.064173][ T8727] bridge_slave_1: left allmulticast mode [ 188.075186][ T8727] bridge_slave_1: left promiscuous mode [ 188.093221][ T8727] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.139687][ T8727] bond0: (slave bond_slave_0): Releasing backup interface [ 188.143882][ T8705] F2FS-fs (loop5): Start checkpoint disabled! [ 188.171677][ T8705] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 188.180074][ T8727] bond0: (slave bond_slave_1): Releasing backup interface [ 188.306921][ T8727] team0: Port device team_slave_0 removed [ 188.362774][ T8727] team0: Port device team_slave_1 removed [ 188.388293][ T8727] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 188.421355][ T8727] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 188.448638][ T8727] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 188.728880][ T8752] loop1: detected capacity change from 0 to 256 [ 188.913366][ T8752] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 189.213718][ T3490] kworker/u4:11: attempt to access beyond end of device [ 189.213718][ T3490] loop5: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 189.273688][ T3490] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 190.384054][ T8783] input: syz0 as /devices/virtual/input/input16 [ 190.752868][ T8792] bridge1: entered promiscuous mode [ 190.965502][ T8780] loop5: detected capacity change from 0 to 32768 [ 191.077093][ T8780] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 191.096179][ T8802] ALSA: seq fatal error: cannot create timer (-16) [ 191.261812][ T8780] XFS (loop5): Ending clean mount [ 191.621963][ T8180] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 191.821774][ T8830] loop4: detected capacity change from 0 to 1024 [ 191.852143][ T8791] loop3: detected capacity change from 0 to 40427 [ 191.894296][ T8791] F2FS-fs (loop3): invalid crc value [ 191.937715][ T8830] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 191.950713][ T8791] F2FS-fs (loop3): Found nat_bits in checkpoint [ 192.214582][ T8791] F2FS-fs (loop3): Start checkpoint disabled! [ 192.252952][ T7989] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.300346][ T8791] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 192.310313][ T8848] loop1: detected capacity change from 0 to 8 [ 192.540178][ T27] audit: type=1800 audit(1774964004.053:22): pid=8848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.890" name="file2" dev="overlay" ino=6 res=0 errno=0 [ 193.094462][ T8868] mac80211_hwsim hwsim9 : renamed from wlan1 [ 193.427881][ T42] kworker/u4:2: attempt to access beyond end of device [ 193.427881][ T42] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 193.471101][ T42] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 193.826642][ T8892] loop4: detected capacity change from 0 to 512 [ 193.866267][ T8892] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 193.903069][ T8892] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a800e01c, mo2=0002] [ 193.931993][ T8892] System zones: 1-12 [ 193.984785][ T8892] EXT4-fs (loop4): orphan cleanup on readonly fs [ 193.991478][ T8892] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.895: invalid indirect mapped block 12 (level 1) [ 194.049815][ T8896] loop3: detected capacity change from 0 to 4096 [ 194.080317][ T8896] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 194.114510][ T8892] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.895: invalid indirect mapped block 2 (level 2) [ 194.140661][ T8896] ntfs3: loop3: Failed to load $Extend (-22). [ 194.154450][ T8892] EXT4-fs (loop4): 1 truncate cleaned up [ 194.167562][ T8896] ntfs3: loop3: Failed to initialize $Extend. [ 194.171660][ T8892] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 194.381355][ T8892] EXT4-fs (loop4): ext4_remount: Checksum for group 0 failed (17031!=33349) [ 194.446963][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.453314][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.483521][ T27] audit: type=1800 audit(1774964005.993:23): pid=8907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.889" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=33 res=0 errno=0 [ 194.652854][ T7989] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 194.895942][ T8918] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 195.600307][ T8945] loop1: detected capacity change from 0 to 64 [ 195.860807][ T8946] bond0: (slave bond_slave_0): Releasing backup interface [ 196.319964][ T8965] netlink: 'syz.5.915': attribute type 5 has an invalid length. [ 196.388933][ T8967] loop1: detected capacity change from 0 to 512 [ 196.459360][ T8967] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.916: invalid indirect mapped block 256 (level 2) [ 196.476478][ T8967] EXT4-fs (loop1): 2 truncates cleaned up [ 196.483576][ T8969] netlink: 64 bytes leftover after parsing attributes in process `syz.5.917'. [ 196.494340][ T8967] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 196.526074][ T8967] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm syz.1.916: bg 0: block 5: invalid block bitmap [ 196.558753][ T8967] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 196.573767][ T8967] EXT4-fs (loop1): This should not happen!! Data will be lost [ 196.573767][ T8967] [ 196.583618][ T8967] EXT4-fs (loop1): Total free blocks count 0 [ 196.589742][ T8967] EXT4-fs (loop1): Free/Dirty block details [ 196.596333][ T8967] EXT4-fs (loop1): free_blocks=0 [ 196.601507][ T8967] EXT4-fs (loop1): dirty_blocks=2 [ 196.607019][ T8967] EXT4-fs (loop1): Block reservation details [ 196.613131][ T8967] EXT4-fs (loop1): i_reserved_data_blocks=2 [ 196.694564][ T3490] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 131075 with max blocks 1 with error 28 [ 196.872634][ T8985] netlink: 32 bytes leftover after parsing attributes in process `syz.5.924'. [ 197.053681][ T8988] netlink: 4 bytes leftover after parsing attributes in process `syz.5.925'. [ 197.135872][ T1078] Bluetooth: hci4: Frame reassembly failed (-84) [ 198.241137][ T9017] netlink: 'syz.3.938': attribute type 29 has an invalid length. [ 198.249691][ T9017] netlink: 'syz.3.938': attribute type 29 has an invalid length. [ 198.514535][ T9013] loop1: detected capacity change from 0 to 32768 [ 198.549982][ T9013] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 198.561890][ T9013] JBD2: Ignoring recovery information on journal [ 198.610477][ T9013] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 198.741884][ T9012] [ 198.744262][ T9012] ====================================================== [ 198.751280][ T9012] WARNING: possible circular locking dependency detected [ 198.758303][ T9012] syzkaller #0 Not tainted [ 198.762701][ T9012] ------------------------------------------------------ [ 198.769705][ T9012] syz.1.936/9012 is trying to acquire lock: [ 198.775587][ T9012] ffff88805ae1b498 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}, at: ocfs2_evict_inode+0x1d84/0x41e0 [ 198.788036][ T9012] [ 198.788036][ T9012] but task is already holding lock: [ 198.795387][ T9012] ffff88805dceed98 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}, at: ocfs2_evict_inode+0x2d24/0x41e0 [ 198.807646][ T9012] [ 198.807646][ T9012] which lock already depends on the new lock. [ 198.807646][ T9012] [ 198.818033][ T9012] [ 198.818033][ T9012] the existing dependency chain (in reverse order) is: [ 198.827026][ T9012] [ 198.827026][ T9012] -> #3 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}: [ 198.837359][ T9012] down_write+0x97/0x200 [ 198.842122][ T9012] ocfs2_del_inode_from_orphan+0x12f/0x7a0 [ 198.848443][ T9012] ocfs2_dio_end_io+0x546/0x1200 [ 198.853888][ T9012] dio_complete+0x254/0x710 [ 198.858896][ T9012] __blockdev_direct_IO+0x2ea8/0x3500 [ 198.864775][ T9012] ocfs2_direct_IO+0x235/0x2a0 [ 198.870048][ T9012] generic_file_direct_write+0x1d4/0x3e0 [ 198.876199][ T9012] __generic_file_write_iter+0x11b/0x230 [ 198.882352][ T9012] ocfs2_file_write_iter+0x167a/0x1e80 [ 198.888327][ T9012] do_iter_write+0x738/0xc30 [ 198.893426][ T9012] do_pwritev+0x241/0x3a0 [ 198.898265][ T9012] do_syscall_64+0x55/0xa0 [ 198.903193][ T9012] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 198.909591][ T9012] [ 198.909591][ T9012] -> #2 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}: [ 198.918442][ T9012] down_write+0x97/0x200 [ 198.923195][ T9012] ocfs2_create_local_dquot+0x1a9/0x18f0 [ 198.929336][ T9012] ocfs2_acquire_dquot+0x7f1/0xb10 [ 198.934955][ T9012] dqget+0x77c/0xeb0 [ 198.939356][ T9012] __dquot_initialize+0x3c7/0xcd0 [ 198.944884][ T9012] ocfs2_get_init_inode+0x148/0x1c0 [ 198.950586][ T9012] ocfs2_mknod+0x867/0x2300 [ 198.955593][ T9012] ocfs2_mkdir+0x196/0x430 [ 198.960515][ T9012] vfs_mkdir+0x296/0x440 [ 198.965260][ T9012] do_mkdirat+0x1dc/0x450 [ 198.970092][ T9012] __x64_sys_mkdirat+0x89/0xa0 [ 198.975363][ T9012] do_syscall_64+0x55/0xa0 [ 198.980299][ T9012] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 198.986703][ T9012] [ 198.986703][ T9012] -> #1 (&dquot->dq_lock){+.+.}-{3:3}: [ 198.994341][ T9012] __mutex_lock+0x136/0xcc0 [ 198.999350][ T9012] dqget+0x6fc/0xeb0 [ 199.003750][ T9012] __dquot_initialize+0x3c7/0xcd0 [ 199.009281][ T9012] ocfs2_get_init_inode+0x148/0x1c0 [ 199.014988][ T9012] ocfs2_mknod+0x867/0x2300 [ 199.020000][ T9012] ocfs2_mkdir+0x196/0x430 [ 199.024921][ T9012] vfs_mkdir+0x296/0x440 [ 199.029669][ T9012] do_mkdirat+0x1dc/0x450 [ 199.034505][ T9012] __x64_sys_mkdirat+0x89/0xa0 [ 199.039775][ T9012] do_syscall_64+0x55/0xa0 [ 199.044702][ T9012] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 199.051126][ T9012] [ 199.051126][ T9012] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}: [ 199.061622][ T9012] __lock_acquire+0x2df1/0x7d40 [ 199.066979][ T9012] lock_acquire+0x19e/0x420 [ 199.071985][ T9012] down_write+0x97/0x200 [ 199.076735][ T9012] ocfs2_evict_inode+0x1d84/0x41e0 [ 199.082357][ T9012] evict+0x4ca/0x8d0 [ 199.086761][ T9012] ocfs2_dentry_iput+0x24e/0x390 [ 199.092204][ T9012] __dentry_kill+0x431/0x650 [ 199.097304][ T9012] dentry_kill+0xb8/0x290 [ 199.102140][ T9012] dput+0xfe/0x1e0 [ 199.106365][ T9012] __fput+0x5e5/0x970 [ 199.110851][ T9012] task_work_run+0x1d4/0x260 [ 199.115945][ T9012] exit_to_user_mode_loop+0xe6/0x110 [ 199.121739][ T9012] exit_to_user_mode_prepare+0xee/0x180 [ 199.127790][ T9012] syscall_exit_to_user_mode+0x1a/0x50 [ 199.133757][ T9012] do_syscall_64+0x61/0xa0 [ 199.138682][ T9012] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 199.145081][ T9012] [ 199.145081][ T9012] other info that might help us debug this: [ 199.145081][ T9012] [ 199.155290][ T9012] Chain exists of: [ 199.155290][ T9012] &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5 --> &ocfs2_quota_ip_alloc_sem_key --> &ocfs2_sysfile_lock_key[args->fi_sysfile_type] [ 199.155290][ T9012] [ 199.175085][ T9012] Possible unsafe locking scenario: [ 199.175085][ T9012] [ 199.182516][ T9012] CPU0 CPU1 [ 199.187862][ T9012] ---- ---- [ 199.193205][ T9012] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]); [ 199.200298][ T9012] lock(&ocfs2_quota_ip_alloc_sem_key); [ 199.208432][ T9012] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]); [ 199.218040][ T9012] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5); [ 199.225308][ T9012] [ 199.225308][ T9012] *** DEADLOCK *** [ 199.225308][ T9012] [ 199.233432][ T9012] 2 locks held by syz.1.936/9012: [ 199.238433][ T9012] #0: ffff888076f28bd0 (&osb->nfs_sync_rwlock){.+.+}-{3:3}, at: ocfs2_nfs_sync_lock+0x107/0x270 [ 199.248960][ T9012] #1: ffff88805dceed98 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}, at: ocfs2_evict_inode+0x2d24/0x41e0 [ 199.261641][ T9012] [ 199.261641][ T9012] stack backtrace: [ 199.267531][ T9012] CPU: 0 PID: 9012 Comm: syz.1.936 Not tainted syzkaller #0 [ 199.274798][ T9012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 199.284848][ T9012] Call Trace: [ 199.288116][ T9012] [ 199.291033][ T9012] dump_stack_lvl+0x18c/0x250 [ 199.295704][ T9012] ? load_image+0x400/0x400 [ 199.300195][ T9012] ? show_regs_print_info+0x20/0x20 [ 199.305383][ T9012] ? print_circular_bug+0x12b/0x1a0 [ 199.310568][ T9012] check_noncircular+0x2fc/0x400 [ 199.315495][ T9012] ? print_deadlock_bug+0x5d0/0x5d0 [ 199.320681][ T9012] ? lockdep_lock+0xf5/0x230 [ 199.325257][ T9012] ? _find_first_zero_bit+0xd3/0x100 [ 199.330526][ T9012] __lock_acquire+0x2df1/0x7d40 [ 199.335370][ T9012] ? __lock_acquire+0x7d40/0x7d40 [ 199.340379][ T9012] ? verify_lock_unused+0x140/0x140 [ 199.345565][ T9012] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 199.351179][ T9012] ? do_raw_spin_lock+0x11f/0x2c0 [ 199.356189][ T9012] ? mutex_unlock+0x10/0x10 [ 199.360675][ T9012] lock_acquire+0x19e/0x420 [ 199.365161][ T9012] ? ocfs2_evict_inode+0x1d84/0x41e0 [ 199.370439][ T9012] ? ocfs2_get_system_file_inode+0x202/0x850 [ 199.376407][ T9012] ? __might_sleep+0xe0/0xe0 [ 199.380983][ T9012] ? read_lock_is_recursive+0x20/0x20 [ 199.386339][ T9012] ? ocfs2_fast_symlink_read_folio+0x550/0x550 [ 199.392479][ T9012] ? ocfs2_evict_inode+0x165e/0x41e0 [ 199.397755][ T9012] down_write+0x97/0x200 [ 199.401984][ T9012] ? ocfs2_evict_inode+0x1d84/0x41e0 [ 199.407259][ T9012] ? down_read_killable+0x340/0x340 [ 199.412442][ T9012] ocfs2_evict_inode+0x1d84/0x41e0 [ 199.417550][ T9012] ? ocfs2_sync_blockdev+0x40/0x40 [ 199.422648][ T9012] ? __lock_acquire+0x1347/0x7d40 [ 199.427659][ T9012] ? print_deadlock_bug+0x5d0/0x5d0 [ 199.432862][ T9012] ? __lock_acquire+0x2b81/0x7d40 [ 199.437891][ T9012] ? verify_lock_unused+0x140/0x140 [ 199.443086][ T9012] ? mark_lock+0x94/0x320 [ 199.447406][ T9012] ? __lock_acquire+0x1347/0x7d40 [ 199.452420][ T9012] ? writeback_single_inode+0x24b/0x760 [ 199.457964][ T9012] ? __lock_acquire+0x1347/0x7d40 [ 199.462975][ T9012] ? verify_lock_unused+0x140/0x140 [ 199.468168][ T9012] ? inode_wait_for_writeback+0x1e3/0x230 [ 199.473873][ T9012] ? __lock_acquire+0x7d40/0x7d40 [ 199.478880][ T9012] ? do_raw_spin_lock+0x11f/0x2c0 [ 199.483893][ T9012] ? __rwlock_init+0x150/0x150 [ 199.488650][ T9012] ? do_raw_spin_unlock+0x121/0x230 [ 199.493835][ T9012] ? _raw_spin_unlock+0x28/0x40 [ 199.498670][ T9012] ? inode_wait_for_writeback+0x1e3/0x230 [ 199.504381][ T9012] ? evict+0x495/0x8d0 [ 199.508432][ T9012] ? sb_clear_inode_writeback+0x360/0x360 [ 199.514144][ T9012] ? do_raw_spin_lock+0x11f/0x2c0 [ 199.519156][ T9012] ? bit_waitqueue+0x30/0x30 [ 199.523736][ T9012] ? do_raw_spin_unlock+0x121/0x230 [ 199.528924][ T9012] ? ocfs2_sync_blockdev+0x40/0x40 [ 199.534022][ T9012] evict+0x4ca/0x8d0 [ 199.537904][ T9012] ? proc_nr_inodes+0x230/0x230 [ 199.542738][ T9012] ? do_raw_spin_unlock+0x121/0x230 [ 199.547921][ T9012] ? _raw_spin_unlock+0x28/0x40 [ 199.552759][ T9012] ? iput+0x706/0x920 [ 199.556735][ T9012] ocfs2_dentry_iput+0x24e/0x390 [ 199.561675][ T9012] ? fsnotify_grab_connector+0x3f/0x230 [ 199.567214][ T9012] ? ocfs2_dentry_revalidate+0xbb0/0xbb0 [ 199.572833][ T9012] ? fsnotify_destroy_marks+0x82/0x310 [ 199.578277][ T9012] ? dentry_unlink_inode+0x2e4/0x3c0 [ 199.583546][ T9012] __dentry_kill+0x431/0x650 [ 199.588131][ T9012] dentry_kill+0xb8/0x290 [ 199.592454][ T9012] ? dput+0x3b/0x1e0 [ 199.596337][ T9012] dput+0xfe/0x1e0 [ 199.600048][ T9012] __fput+0x5e5/0x970 [ 199.604013][ T9012] task_work_run+0x1d4/0x260 [ 199.608593][ T9012] ? task_work_cancel+0x220/0x220 [ 199.613604][ T9012] ? exit_to_user_mode_loop+0x3b/0x110 [ 199.619049][ T9012] exit_to_user_mode_loop+0xe6/0x110 [ 199.624320][ T9012] exit_to_user_mode_prepare+0xee/0x180 [ 199.629855][ T9012] syscall_exit_to_user_mode+0x1a/0x50 [ 199.635301][ T9012] do_syscall_64+0x61/0xa0 [ 199.639707][ T9012] ? clear_bhb_loop+0x40/0x90 [ 199.644368][ T9012] ? clear_bhb_loop+0x40/0x90 [ 199.649381][ T9012] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 199.655260][ T9012] RIP: 0033:0x7fb122d9c819 [ 199.659669][ T9012] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 199.679259][ T9012] RSP: 002b:00007ffd5cea1e88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 199.687661][ T9012] RAX: 0000000000000000 RBX: 00007ffd5cea1f70 RCX: 00007fb122d9c819 [ 199.695616][ T9012] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 199.703585][ T9012] RBP: 00000000000305a5 R08: 0000000000000001 R09: 0000000000000000 [ 199.711559][ T9012] R10: 0000001b2c320000 R11: 0000000000000246 R12: 00007ffd5cea1fb0 [ 199.719525][ T9012] R13: 00007fb123015fac R14: 0000000000030856 R15: 00007fb123015fa0 [ 199.727497][ T9012] [ 199.747915][ T5777] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 199.836134][ T5768] ocfs2: Unmounting device (7,1) on (node local)