last executing test programs: 5m50.473625117s ago: executing program 0 (id=10709): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) read(r0, 0x0, 0x0) 5m50.22997795s ago: executing program 0 (id=10713): r0 = socket$nl_route(0x10, 0x3, 0x0) sendto(r0, &(0x7f0000000140)="120000003200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) 5m49.982182383s ago: executing program 0 (id=10718): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000180)={0x3, 0xf00001, 0x3}) 5m49.66146792s ago: executing program 0 (id=10724): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x800c11, &(0x7f0000000080)={[{@barrier}, {@uid}, {@nodecompose}, {@type={'type', 0x3d, "25c3f159"}}, {@nls={'nls', 0x3d, 'iso8859-5'}}, {@nodecompose}]}, 0x1, 0x703, &(0x7f0000001240)="$eJzs3U1sHGcZAOB3Ztdrbyq52yppA0KK1YgIGkjsLCVBQiIghHyoIBKXXk3iNFbWbmS7yIkQcYHCEU4ohx6KkDn0hDggFXFAlDMSEvfcI3HgFnFg0czO2LNre20nXjuhzyPNzjfz/b3z7szsT2JtAJ9as2/F2HokMXv+zbVs++FGu/Nwo71YliNiPCLSiHpvFclSRPJJxNXoLfGZbGcxXLLbPG88+viDcw8+ave26sWSt0+H9StNxLAZ1oslpiKiVqwPqL7beNd3GO/+gYZONuPOEna2TBwct+426wMtxoZ13/O6BZ599yNqO13prYgTxctv9j4girtDesThHbrBuxwAAAA8h2p7NXjxcTyOtZg8mnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg+TcREUnvNwOTYknL8lQkxe//fy+KfZlG43hD3sOX9qh//+YRBQIAAAAAAAAAB9DcX7OxreKZx/E41mKy3O4m+b/5v5ZvnMwfX4h3YyXmYzkuxFrMxWqsxnLMRIxNVsZsrM2tri7PbO/568h6drvd+0XPSxHR2tbz0tMcNwAAAAAAAAB86v0kZmPyuIMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICqJKLWW+XLybLcirQeERMR0cjarUf8uSw/z/5y3AEAAADA6DWL9WTy316hm+Sf+V/JP/dPxLuxFKuxEKvRifm4kX8X0PvUn/5jvd15uNFezJbtA3/zXweKIx8xImrx3i4zT+ctTm32mI3vxPfjfEzFtViOhfhhzMVqzMdUNLODiLlIotXsfXvRKuPsj7dWDHW1L5Rrg7GdGdg+nUfSjJuxkMd2Ia43ytHSvEUSpyuz/bERUc3QZMR7WXaSbxT2maMblefrV8X3MoXui/scYzRa+ZGPbWZkOst9kY2Xds596YDnyeBMM5Fufgd1cmuWbHNwpjLnPxjI+fiw+U4U6yzXP+/P+WE74Fdpg5m4FOlEWfdKf87vfP7By/2dv/jPv167lS7dvnVz5fwID2mkxsrCYCbakRbXYcSrw8++IhOdLBPr+8/E2OCOiac4jkPUKLLRu7Ht72757bw0F69VTsF34kbMx+WYjpm4EtPxtbgU7ewM28zrqb681tuL/TnJr7V0+/2tOST4s1+oNPrFHo2PVpaXlyp5rd7pWnldsefqL2O6kqWXh599T/IqUP9sUcjm+OnmK86zoC8Txb25jK58gdolE7/pZo8rnaXby7fm7lQqtl1pFeeKdXbZvt9/b/7toRzQE8vOl+yOW8+38pw0y/OlUbzfSLbqNvPVKP7Fpdcv3VZ3arOuFZOxEN/d9UptFO/hto/Uq3t1x7p2Xne6Utf3LifeiU7+LmTA1JEkFYD9O/H6iUbzUfPvzQ+bP2vear458a3xK+Ofa8TY3+p/qv0+/V369eT1+DB+nH0mBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAntbK3Xu35zqd+eURFhoHmCtrV+6JdM8pNl7YXxjRihjaJpKi0Bh1Np6Bwr8nhmajGSOa/Q+VJ3eHNo2nniIZ/fmcnaCHMmD5E1f5nm5tt8blb8xVquplr51HrsfKxG7P4PjWONG6Pdf5T7evTTPKxsN+gAv4/3BxdfHOxZW79768sDj39vzb80uXrly+crn91ZmvXLy50Jmf7j0ed5TAKKzcvVc77hgAAAAAAAAAAACAgyn+9/9q5S8E4kB//lHfo01jeWXnmc8c9aECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz6nZt2JsPZKYmb4wnW0/3Gh3sqUsb7WsR0QaEcmPIpJPIq5Gb4lWZbhkt3neePTxB+cefNTeGqtetk+H9duf9WKJqYioFeu9je8wzPbxrlfGW3+i8JLNI8wSdrZMHBy3/wUAAP//8oXtNQ==") mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) 5m49.169733035s ago: executing program 0 (id=10732): r0 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000001c0)={0x1, @pix={0x0, 0x0, 0x47524247}}) 5m48.362237548s ago: executing program 0 (id=10742): r0 = mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x6, 0x101}) mq_timedsend(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)) 5m47.933336701s ago: executing program 32 (id=10742): r0 = mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x6, 0x101}) mq_timedsend(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)) 3.051006209s ago: executing program 1 (id=15694): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0) ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000000)={0x1, 0x2e, 0xf, 0x3, 0x7, 0x10, 0x6, 0xa0, 0x1}) 2.875454508s ago: executing program 2 (id=15697): r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f00000000c0)={0x1, 0x0, {0xed9, 0x800cd3, 0x300f, 0x4, 0x0, 0x1, 0x0, 0x1}}) 2.802819751s ago: executing program 1 (id=15698): creat(&(0x7f00000000c0)='./bus\x00', 0x107) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x44, &(0x7f0000000100)='trans=rdma,\xd6\xd2\x1e\x80\xc2W\xbe\xbf\x16S\x84j\xea1Z\x8e\xe9\xc7\x0e.*\xd9\x94Mk\xb9\xc6\x9e\xcf\xd7\x9eoc\xe2(\x03\xc3.{\x8aY\x17\xd0\xa3\xfe\xe3/\xc4\f\b2t\x1c4\x93/^\x91\xe8\xabK\x9e\x14j\xb3\x92\x13\x80\x96m\xc7\x96\"\xcb\xdc\xcc\xd8\x18\"\x9eT\x97Kh5i\x8f\xfc\xd8=\x8b\xe9\x1b\xce\xe4\xf5$\xf1sa,\x8f\xb6\x89\xcfZ\xa0\xae>Xs=\xadu\x9aQ\xe2z\xaf\x90\x90\x9b\x92\x9b\xeb\aQb#\xec}\xa79\xd7\xe6<6\xadL\xd8$\xd3\xa9\x1d\xd9W\x8a\xb9F\x982%g!\x8a\"@*\xb8\xc6\xddw\xefY\xefJ\x0e\xc5%S.\n\xde\x95l\xd9\x1cPp\xb3\xfe+rY\xc24\x99\x88\xe7\njs\xb2\x8f') 2.785044473s ago: executing program 2 (id=15699): r0 = syz_usb_connect$uac3(0x0, 0x9c, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x1235, 0x10, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8a, 0x3, 0x1, 0x4, 0x60, 0x8, {0x8, 0xb, 0x0, 0x1, 0x1, 0x24, 0x30, 0x1}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0xf5, 0x26, 0xd145}, [@output_terminal={0x13, 0x24, 0x3, 0x5, 0x400, 0x3, 0x3, 0x6, 0x7, 0x4, 0x1, 0x4}, @mixer_unit={0x9, 0x24, 0x5, 0x6, 0x2, "54599189"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0xb9, 0x5, 0x3, {0xa, 0x25, 0x25, 0x200, 0x1, 0x6}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x6, 0x2, 0x8, {0xa, 0x25, 0x25, 0x7, 0x1, 0x5}}}}}}}}]}}, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) syz_usb_control_io$uac3(r0, &(0x7f00000002c0)={0x14, &(0x7f00000000c0)=ANY=[], 0x0}, 0x0) 2.502783307s ago: executing program 1 (id=15703): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="3c02000019000100000000000008000000000000000000000000ffff00000000be14144416000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084010500ff010000000000000000000000000001000004d2330000000a000000000000000000000000000000000000000135000001003b00830000000500000007000000fe8000000000000000000000000000aa000004d63c0000000a000000ff01000000000000000000000000000102350000020007007f0000000000000004000000e0000001000000000000000000000000000004d56c00000002000000000000000000000000000000000000000000000004030300040000000200000003000000fc000000000000000000000000000000000004d33c00000002000000200100000000000000000000000000020000000000000200faffffff0104000081000000fe880000000000000000000000000001000004d32b"], 0x23c}}, 0x4000) 2.25798935s ago: executing program 1 (id=15704): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000840)={0x2, {{0x2, 0x4e21, @multicast2}}}, 0x90) 2.083195239s ago: executing program 1 (id=15706): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000600)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030332c726573765f6c6576656c3d30303030303030303030303030303030303030362c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c636f686572656e63793d66756c6c2c6e6f61636c2c004c98065b85e5b137d63b2211c62c402045083da9bddc3b0d88d44ecd24ba5288d428197284f332858b83349af2c7646f1e07e91120d7f23ce20389bbc031d81d654f1ca08f61c92d90e6ea478843c1ad942c7c257f9ff5348dd038e947775991ad90f8861dada21d5fa2de7042b5e2cbbcd1ada2b568e375812eb0bc448e68eda4c70cf1d5adf566142ed45924fe72a1eb1a914faf754b9d94bf0fdc1f98c708bd89940b5ef96e328240c39559b35bc83c15c15104f3b3fe1945f0278c34e2399dadcd9776ac659afcbb239569140ab408ad87f15b353941"], 0x1, 0x442a, &(0x7f0000004480)="$eJzs3c9vVNUeAPBzb/seLQ94LY8FLzFxEkk0apqWlVoSSymUFioGhRg3w7QdoDrtkHZqXLCoOxJXJi6MC6KJu65IF27xT3DjEtckunBjQkKsmZnbdu7tTDrWTivk80nonXt+z3znnjl3cTlxonJ7bik3t5QrLOTKMzeXTuc+KZeW54sh3icH3T/t6UScxP7gXDl34b3rp0P4Yfanx+vr6+uhqjs0NdTw+vff7s40HjfEmTrVdpu3tlc+DCGc2Dauqq4QwgffhxCFEM4maaPJsTeEcCzU867f/fxGbo9G8+BR8Uz+6dS9teFTk6v311q/9yiEr0v/f/3W/C8vdQ3//OoedQ8AAAAAAAAAAAAAAAAAwDNu/OqVa+8ODoWHUehejbY/rzueHFs9H7u+Z15sa7xPktJ/930DAAAAAAAAAAAAAAAAAADAP8nW8/+56HiT5//HkuNIi/rrb3d+jHTOxDtXxs4PDiX7v0fb8t9Ikn492xX6m+z7nt3//WymfvP937f3s1sb49voty9E8UBD+30hjgcGQvg22fj9ZHQ4LpWXKq/dLC8vzO7ZMJ5Z6fjXd+9PRSfZ0L/d+I9m2u/8/v//2/Ztqp7f2Luv2HMtHf+uluW++yxqK/7nMvX2I/7sXjr+3bW03sYCI/UJoBr/L7p3jv9Ypv1Oxf9YCCEXVceaS80A1TVMNb3VeoW0dPz/VUtLTZ3JB9nq+n+Sif/5TPsHNf+vZH+IaCod/3/X0npSJbau//545+v/Qqb9g4h/dfwrfv/bko7/oXpid6pI7ZNsd/4fz7Tfqfhfi5NxHotS34DVqJ7e6v+rIy0d/55t+Vv3f3Fb67+Lmfr7df+30W/9/m/rPuSVqH7/R3Pp+Pe2LNfu9T+Rqdfp+X+ktv5jt9LxP1xLS6+d+2p/243/ZKb9zsR/a/4Yyaz//zhUXwB8Y/3XlnT8/1NPjBtLrNT+1tZ/0c7r/0uZ9g9i/Vcd/0rc2V6fF+n4H2lZrhr/H9v4/b+cqdf5+IcwaK2/a+n4H21Zrnb99+wc/6lMvU7H/+VONg4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwDBhNjn0higdS53E8MBDCueT8ZDgcTRdm89Ol8szHSyGMJem5cDy6VSpPF0r5uYXybDFfKJXKMyGcT/JPhJ5oqVSu5OcLdy5sttUb3S4WFivTxUIlhDCepL8Qjm60NT1XmS/cCSFc3Mz7b1xevHO7sJCfnVt8a3BwcDBMbI6hPyp+WikuVOq913NDmNys2xc1DK6WfWlzLEeij8rLiwuFUi39ckOdUnmmUGqoM5XkfRn6o8ri8sJMoVLMl8q3Nvo7SCPJcWzi6vtXLw9ty78R1Y+j+zssAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6ih8NvfhVC6K6fxSGEXJS8iJJ/KQ8eFc/kn07dWxs+Nbl6f+1xszIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sgMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYVd+kdpIIjiAPxmLLT0GFbLbme7oogWrgieQI/hYfQoXsI7WKRImyIEklkI+we2Sarvax7Mj5n3YB4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyz2+de+vdROR4mp7GfH7+fd/nD+X+n03ff/iDDNyOk8v3f1D3ZR/T6P8thyt2rxPN+uvj5iovZ/Bngz36WDcZ2hu3+bm6/teR8pVRLQlv0k5V9WytwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAdO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD//+86Jvs=") creat(&(0x7f00000002c0)='./file0\x00', 0x0) 2.058344691s ago: executing program 3 (id=15707): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a28000000000a01040000000000000000010080030900010073797a300000000008000240000000012c000000030a01010000000000000000010002000900010073797a30000000000900030073797a300000000028010000030a05000000000000000000010000050c00024000000000000000010900010073797a30000000000c0002400000000000000001080005"], 0x1a4}}, 0x0) 2.038591052s ago: executing program 4 (id=15708): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000140)={[{@test_dummy_encryption_v1}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==") mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, 0x1) 1.738991428s ago: executing program 4 (id=15709): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='400:\x00\x8e\xf7\xd4\t\xe1\xae\x19\xe5\xf7c\x84\x9c\x06\x00\x06\x00\x11\x01\xf2 \xec\xbe#\'S\xc4\xbd\xb5\x1e\x98MM\x06\x1a\x7f5U\x18\x90\x99\xb2\xfa\')Z\x9ew\xae\xe8\xdd\b\t\xf0\xc4\xbfj\xb6\x88/)~\x93E\x1d4\xa7\xcb\xeb\x0f\xd4(\xb6>\x87\xc3\t\xb0\x80\xf7\xe6\x8b?\xa4\xb3\b\x00\x81\xbe\xea\x1f\xfe\xed\x9d\x1a\x8aQ\xafQ\x06\x0fJ\xc0\xc0=}\x7f\xaeB\xb1\xed\xa4\xf3c#\xbe\b\x1f\xa4L[\xfa\x01Uu\xe0\x8b\x94E\xda\xd9j\x93\xc8~\xd9\x82\x8f\xcam\x17\xa2\xed\xf3\xc3_h\xfc6\t\x96@\xaf\xe6\xd0!)\xc3\xcfe\xe1g\xe7\xe5F\xbdC\xd9$\x9b@\xaf\xc2j1p\xa9\xb2d\x92\x8fo\xcbg\x9fZ\xd7\xef\xb2z\xf5\x0fq\x7f\b\xc2\xa7\x90\xc5\xf5Y\xbc\xf1s\x93X\xb6\xeb\x86&\xa7\x14%B', 0x0) 1.733587298s ago: executing program 3 (id=15710): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f00000001c0)={0x5a, 0xa, 0x1, "3258c5c000e12d001b0000f400"}) 1.422154245s ago: executing program 3 (id=15712): r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_int(r0, 0x107, 0xe, 0x0, 0xfffffffffffffffd) 1.381343907s ago: executing program 4 (id=15713): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x3d, 0xa, 0xa, 0x0, 0x0, 0x71, 0x10, 0x11}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) 1.233994204s ago: executing program 5 (id=15714): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, &(0x7f0000000c00)=ANY=[@ANYBLOB="18000000000000000000000023ed0000180100002820702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000007000000b703000000000083850000007100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) 1.229710605s ago: executing program 3 (id=15715): r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x3, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000100)={0x1, 0x7, 0x0, 0x0, 0x55}) 1.1306945s ago: executing program 4 (id=15716): creat(0x0, 0xd931d3864d39dffa) syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f00000000c0)='./file0\x00', 0x10, &(0x7f0000000200)={[{@nobarrier}, {@errors_continue}, {@order_strict}, {@nobarrier}, {@errors_remount_ro}]}, 0x3, 0xd97, &(0x7f0000000e80)="$eJzs3ctvXNX9APBzx544L35xiPnZTdPEJaW4j9gkWKW7Gild0EqoEn8BSgMNNfQRugAFKWHRTReNhPgDili3iz6zQIpYpWLTqv8AYtVNipBoFVUCV7bPGY+/mdGdcWyPx/P5SGfO3Pu9c885M3fu3Lmvk4ARt7g4U6X09q23Ln7vV7+dWh1zphWbXXscz0NLKaVmSqmRhyfDnJYm1vPPPrl2qT3/POdVupCqVLXGp2fvtl57JKV0Pc2m22kyPffx9M2XPnhm+b0TN05cfGPuzk61HAAARsm977/7s78+/t1rx//7u9NLaaI1vmyfL+Xho3m7f6laH85Z639A1ZZXbcPFgTDdeE6NMN1Yh+nay2mG6ca7lH8gzLfZZbqJmvLH2sZ1ajcMs43/8VVjftNwozE/v/6ffNWHYweq+VeuLL9wdUAVBbbdp2fyLj5JkkYurRwb9BoIYF08bnif63HPwoNpzW28t/LvPt3o/HrYBru9/Ct/uMp/94Y1Dttnvy5NpV3le3Q0D8fjCOPhdf1+/8v84vGIZo/17HYcYViOL3Sr59gu12OrutU/Lhf71ZdyXt6H0yHe/v2Jn+mwfMZAZ/fs/5ekkU0rg14BAXtWPG9uJSvxeF5fjE/UxA/WxA/VxA/XxI/UxGGU/f7VX6eb1cb//Pifvt/9YWU/20M5/78+6xP3R/Zbfjzvt18PWn48nxj2tLn/nPr0F7f/Fs///zyc/382/5ZO5hVE2V8Y96u3zv0PFwY3ukz3cKjOQx2mX3s+tXm6ampjPqltPXNfPWY2v+5Yt+lObZ5uMkx3OG+LHAz1jdsnh8PryvZHWa+W92s8tLcZ2nEg1KN8MsdzfjC053i3doUd2QfCdM2cToR2TYV2PRJe9/+hXdXM5nbF/eelPtNhfDxOUqYLH9t9v0vxs4jXZTya8zdz/k7O38/5Rx3KHUVleex2/n9ZPmdSs3rhyvLlJ/JwWU7vjDUnVsef3+V6Aw+u1+t/ZtLm63+OtsY3G+3rhWMb46v29cJkGH+hy/gn83D5PfvR2KG18fOXfrL8w+1uPIy4q6+9/uPnl5cv/9wTTzzxpPVk0GsmYKctvPryTxeuvvb6uSsvP//i5Rcvv3L+iW9/68mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz6JzX3d+2XE9erk+P18czHMrnVpaGch+Dcv1nt/u6lOs3j+9CHdl+u3E50aDbCHT2L/f/laSRTSsr7uIP7A2D7v+v3Pew5EfP/eP4aiqT3X168/oy3r8QHsRe739O+fur/79W/1c9r/9Cj1mTWyv3D/cO/b2t2HSy1/Jj+8t9YKf6K/+PufzSmsdSb+Wv/CaUH29U2qM/hfIP91j+fe0/tbXy/5zLL2/b3Nley1+vcdXYXI+437jcBzDuNy7+Etpf7u3Xd/u32FHbrVw+jLJh6WeyX8PS/2c3Zb5lPZhXz63jdOX+27G/g37rX+77XX4HHgnzr2p+3/T/Odzq+v8sy9+C/j9h3/nQ8T9JGtm0srIy0K5PRrXflb1i0O//oLchB13+oN//OrH/z/h/Kfb/GeOx/88Yj/1/xnjsXyvGY/+f8f2M/X/G+HSYb+wfdKYm/oWa+Mma+Bdr4qdq4vH/W4zP1sRP18TP1MQfrok/WhM/WxP/Sk38sZr44zXxuZr4fvflnI9q+2GUxX4jff9hdJTjP92+/1M1cWB4xX6d4/f7qzVxYHiV8zx8v2EEVZ3v2BH3t5f9uG/m/J2cv5/zj3asguyGr+X86zn/Rs6/mfNzOZ/P+ULO9Q053H75z5Onb1Yb5/kdC/FezyeN1wPE+8Sc77E+8fhcv+ezTvdYzk6Vv8XLQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACGRmPtcXFxpkrp7VtvXfz31Hd+sDrmTGuK2bXH8Ty0lFJqppSqPDwe5nd9Yj3/7JNrlzrlVbqw9liG07N3W689svr6NJtup8n03MfTN1/64Jnl907cOHHxjbk7O9N6AAAAGA3/CwAA//9D8eVE") 1.083900032s ago: executing program 5 (id=15717): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ppoll(&(0x7f0000000280)=[{r0, 0x640}], 0x1, &(0x7f0000000700)={0x0, 0x989680}, 0x0, 0x0) 1.006915206s ago: executing program 3 (id=15718): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x1, &(0x7f0000000300)={[{@heartbeat_none}, {@heartbeat_none}, {@dir_resv_level}, {@barrier={'barrier', 0x3d, 0x2}}, {@coherency_full}, {@localflocks}, {@coherency_full}, {@inode64}]}, 0x1, 0x4421, &(0x7f0000004500)="$eJzs3c9PHGUfAPBnBt63UNsKtYeamLiJTTRqCPSk0kRKaSm0WFNtY7xsF9i26MI2sBgPPeCtiScTD8ZDo4k3Tg0Hr/VP8OKxnpvowYuJSSNmd2eBGXbDSliwzeeTlNl5fu9+d5595jB94kTl9txSbm4pV1jIlWduLp3OfVYuLc8XQ7xPDrp/2tOJOIn9wbly7sIH10+H8NPsL4/X19fXQ1V3aGpoy+s//7g7s/XYEGfqVNtt3tpe+TiEcGLbuKq6Qggf/RhCFEI4m6SNJsfeEMKxUM+7fvfLG7k9Gs2DR8Uz+SdT99aGT02u3l9r/d6jEL4tvfjmrfnfXuka/vX1PeoeAAAAAAAAAAAAAAAAAICn3PjVK9feHxwKD6PQvRptf153PDm2ej52fc+83Pk3CwAAAAAAAAAAAAAAAAAAAP9Rm8//56LjTZ7/H0uOIy3qr7/b+THSORPvXRk7PziU7P8ebct/K0n6/WxX6G+y73t2//ezmfrN93/f3s9uNcbX6LcvRPFA6jyOBwZC+D7Z+P1kdDgulZcqb9wsLy/M7tkwnlrp+Nd3709FJ9nQv934j2ba7/z+/y9s+zZVz2/s3VfsmZaOf1fLcj98EbUV/3OZevsRf3YvHf/uWlrv1gIj9QmgGv+vuneO/1im/U7F/1gIIRdVx5pLzQDVNUw1vdV6hbR0/P9XS0tNnckH2er6/ysT//OZ9g9q/l/J/hDRVDr+/6+l9aRKbF7//fHO1/+FTPsHEf/q+Ff8/rclHf9D9cTuVJHaJ9nu/D+eab9T8b8WJ+M8FqW+AatRPb3V/1dHWjr+PdvyN+//4rbWfxcz9ffr/q/Rb+P+rzH9vxbV7/9oLh3/3pbl2r3+JzL1Oj3/j9TWf+xWOv6Ha2nptXNf7W+78Z/MtN+p+NdWJT2N+G/OJ38fqqd/Z/3XlnT8n6snxltLrNT+1tZ/0c7r/0uZ9g9i/Vcd/0rc2V6fFen4H2lZrhr/n9v4/b+cqdf5+IcwaK2/a+n4H21Zrnb99+wc/6lMvU7H/9VONg4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFBhNjn0higdS53E8MBDCueT8ZDgcTRdm89Ol8synSyGMJem5cDy6VSpPF0r5uYXybDFfKJXKMyGcT/JPhJ5oqVSu5OcLdy5stNUb3S4WFivTxUIlhDCepL8Ujjbamp6rzBfuhBAubuQ9H5cX79wuLORn5xbfGRwcHAwTG2Poj4qfV4oLlXrv9dwQJjfq9kVbBlfLvrQxliPRJ+XlxYVCqZZ+eUudUnmmUNpSZyrJ+zr0R5XF5YWZQqWYL5VvNfo7SCPJcWzi6odXLw9ty78R1Y+j+zssAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6lh8NvfxNC6K6fxSGEXJS8iJJ/KQ8eFc/kn0zdWxs+Nbl6f+1xszIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7ADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFXfpHaSCI4gD8Ziy09BhWy25nu6KIFq4InkCP4WH0KF7CO1ikSJsiBJJZCPsHtkmq72sezI+Z92AeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyz2+de+vdROR4mp7GfH7+fd/nD+X+n03ff/iDDNyOk8v3f1D3ZR/T6P8thyt2rxPN+uvj5iovZ/Bngz36WDcZ2hu3+bm6/teR8pVRLQlv0k5V9WytwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHTtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD//z8QH1I=") syz_mount_image$msdos(&(0x7f0000000940), &(0x7f0000001cc0)='.\x00', 0x1a4a438, &(0x7f0000000300)=ANY=[], 0xb, 0x0, &(0x7f0000000300)) 910.497362ms ago: executing program 5 (id=15719): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r0, &(0x7f00000002c0)={0x24, @short={0x2, 0xffff}}, 0x14) 887.815303ms ago: executing program 2 (id=15720): r0 = socket$rxrpc(0x21, 0x2, 0x2) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000040), 0x4) 602.101298ms ago: executing program 5 (id=15721): r0 = socket$caif_stream(0x25, 0x1, 0x3) connect$caif(r0, 0x0, 0x0) 531.994212ms ago: executing program 4 (id=15722): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x0, 0x9, 0x7}, 0x50) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) 515.536322ms ago: executing program 2 (id=15723): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f00000000c0)={0x4400003f, 0x5, 0x1}) 405.336719ms ago: executing program 5 (id=15724): r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000ac0)="ee", 0xffffff1f}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb71658bda99b49720fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0) 315.694013ms ago: executing program 1 (id=15725): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv4_getnexthop={0x18, 0x6a, 0xdadaa134146f5b73, 0x0, 0x0, {0x2, 0x0, 0x6}}, 0x18}}, 0x0) 315.040503ms ago: executing program 4 (id=15726): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x3, 0x13, &(0x7f0000000800)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x73}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 267.889506ms ago: executing program 2 (id=15727): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, 0x16, 0x1, 0x0, 0x0, {0xa}, [@typed={0x4}, @nested={0x14, 0x2, 0x0, 0x1, [@generic="bf74a7dffdd8f8331ba40dfabcc81c75"]}]}, 0x2c}}, 0x0) 109.762684ms ago: executing program 2 (id=15728): r0 = syz_io_uring_setup(0xbdc, &(0x7f0000000240)={0x0, 0xec25, 0x1, 0x0, 0x83}, &(0x7f0000000080), &(0x7f00000001c0), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, 0x0, 0x1) 108.980254ms ago: executing program 5 (id=15729): r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) getsockopt$sock_int(r0, 0x1, 0x22, 0x0, &(0x7f0000001700)) 0s ago: executing program 3 (id=15730): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in6=@empty, 0x0, 0x0, 0x4e24, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x4, 0x0, 0x3, 0x0, 0xfffffffffffffffc, 0x0, 0x6}, {0x0, 0x0, 0x5}, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3}, {{@in=@remote, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x1, 0x0, 0xb7, 0x2, 0xfffffffe}}, 0xe8) kernel console output (not intermixed with test programs): dc_wdm 5-1:1.0: Error submitting int urb - -90 [ 1505.563232][ T6807] usb 5-1: USB disconnect, device number 14 [ 1505.665507][T31961] EXT4-fs (loop5): unmounting filesystem. [ 1506.388806][T10299] loop3: detected capacity change from 0 to 256 [ 1507.187002][T10347] loop5: detected capacity change from 0 to 128 [ 1508.403086][ T4558] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 1508.422373][T10412] netlink: 'syz.2.13432': attribute type 21 has an invalid length. [ 1508.464870][T10412] netlink: 132 bytes leftover after parsing attributes in process `syz.2.13432'. [ 1508.617904][ T4558] usb 6-1: Using ep0 maxpacket: 8 [ 1508.624980][ T4558] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 1508.665531][ T4558] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1508.679430][ T4558] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1508.709475][ T4558] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 1508.756113][ T4558] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1508.785465][ T4558] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1508.806039][ T4558] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1508.822356][ T4558] usb 6-1: config 0 descriptor?? [ 1508.884695][T10394] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1509.036741][T10445] qrtr: Invalid version 0 [ 1509.385520][T10461] openvswitch: netlink: Message has 4 unknown bytes. [ 1509.428134][T18545] Bluetooth: hci5: Opcode 0x0c03 failed: -71 [ 1509.439826][T19763] usb 6-1: USB disconnect, device number 13 [ 1509.890278][T10486] loop1: detected capacity change from 0 to 4096 [ 1509.958333][T10486] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute. [ 1510.017490][T10486] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 1510.037482][ C1] vkms_vblank_simulate: vblank timer overrun [ 1510.124222][T10486] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute. [ 1510.146302][T10486] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 1510.235480][T10486] ntfs: (device loop1): check_mft_mirror(): Failed to read $MFTMirr. [ 1510.260766][T10486] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1510.370607][T10486] ntfs: (device loop1): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1510.423243][T10486] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1510.461269][ T27] audit: type=1326 audit(1777443942.647:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10510 comm="syz.3.13457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f8799cdd9 code=0x7ffc0000 [ 1510.518104][T10486] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1510.571202][T10486] ntfs: volume version 3.1. [ 1510.749167][T10485] Process accounting paused [ 1511.551384][T10564] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check. [ 1511.723768][T10571] xt_hashlimit: overflow, try lower: 18446744073709551615/255 [ 1511.757682][T10573] affs: No valid root block on device nbd1 [ 1511.970009][T10579] loop5: detected capacity change from 0 to 4096 [ 1512.088031][T10592] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1512.198369][T10595] tmpfs: Bad value for 'mpol' [ 1512.736728][T10629] netlink: 1057 bytes leftover after parsing attributes in process `syz.1.13490'. [ 1512.903956][T20908] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 1513.060832][T10644] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1513.071617][T10643] netlink: 'syz.4.13495': attribute type 21 has an invalid length. [ 1513.106974][T10643] netlink: 128 bytes leftover after parsing attributes in process `syz.4.13495'. [ 1513.132488][T20908] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1513.138435][T10643] netlink: 'syz.4.13495': attribute type 5 has an invalid length. [ 1513.150788][T20908] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1513.171069][T10643] netlink: 'syz.4.13495': attribute type 6 has an invalid length. [ 1513.179414][T10643] netlink: 3 bytes leftover after parsing attributes in process `syz.4.13495'. [ 1513.214036][T20908] usb 6-1: Product: syz [ 1513.224745][T20908] usb 6-1: Manufacturer: syz [ 1513.239655][T20908] usb 6-1: SerialNumber: syz [ 1513.247694][T10686] comedi comedi4: bad chanlist[0]=0x00006c7f chan=27775 range length=2 [ 1513.290840][T20908] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1513.369995][T20908] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1513.500038][T10696] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 1513.513737][T10700] netlink: 'syz.3.13502': attribute type 21 has an invalid length. [ 1513.521917][T10700] netlink: 'syz.3.13502': attribute type 6 has an invalid length. [ 1513.561372][T10700] netlink: 132 bytes leftover after parsing attributes in process `syz.3.13502'. [ 1513.793163][T10712] netlink: 'syz.4.13505': attribute type 2 has an invalid length. [ 1513.842560][T19774] usb 6-1: USB disconnect, device number 14 [ 1514.170534][T10730] device bridge5 entered promiscuous mode [ 1514.518336][T20908] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 1514.539617][T20908] ath9k_htc: Failed to initialize the device [ 1514.546362][T19774] usb 6-1: ath9k_htc: USB layer deinitialized [ 1514.714548][T10726] loop1: detected capacity change from 0 to 32768 [ 1514.786134][T10726] JBD2: Ignoring recovery information on journal [ 1515.026613][T10726] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1515.260374][T10726] OCFS2: ERROR (device loop1): int ocfs2_validate_gd_parent(struct super_block *, struct ocfs2_dinode *, struct buffer_head *, int): Group descriptor #32 has bit count of 1024 [ 1515.331079][T10726] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 1515.372433][T10726] OCFS2: File system is now read-only. [ 1515.394835][T10726] (syz.1.13511,10726,0):ocfs2_search_chain:1761 ERROR: status = -30 [ 1515.403056][T10726] (syz.1.13511,10726,0):ocfs2_search_chain:1871 ERROR: status = -30 [ 1515.458915][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1515.501673][T10726] (syz.1.13511,10726,0):ocfs2_claim_suballoc_bits:1950 ERROR: status = -30 [ 1515.528122][T10726] (syz.1.13511,10726,0):ocfs2_claim_suballoc_bits:1993 ERROR: status = -30 [ 1515.560563][T10726] (syz.1.13511,10726,0):__ocfs2_claim_clusters:2365 ERROR: status = -30 [ 1515.587118][T10726] (syz.1.13511,10726,0):__ocfs2_claim_clusters:2373 ERROR: status = -30 [ 1515.607562][T10726] (syz.1.13511,10726,0):ocfs2_local_alloc_new_window:1203 ERROR: status = -30 [ 1515.627981][T10726] (syz.1.13511,10726,0):ocfs2_local_alloc_new_window:1228 ERROR: status = -30 [ 1515.643263][T10800] ip6t_srh: unknown srh match flags 4000 [ 1515.678672][T10726] (syz.1.13511,10726,0):ocfs2_local_alloc_slide_window:1302 ERROR: status = -30 [ 1515.706252][T10726] (syz.1.13511,10726,0):ocfs2_local_alloc_slide_window:1321 ERROR: status = -30 [ 1515.745235][T10726] (syz.1.13511,10726,0):ocfs2_reserve_local_alloc_bits:671 ERROR: status = -30 [ 1515.762853][T10726] (syz.1.13511,10726,0):ocfs2_reserve_local_alloc_bits:709 ERROR: status = -30 [ 1515.786211][T10726] (syz.1.13511,10726,0):ocfs2_reserve_clusters_with_limit:1166 ERROR: status = -30 [ 1515.840922][T10726] (syz.1.13511,10726,0):ocfs2_reserve_clusters_with_limit:1215 ERROR: status = -30 [ 1515.877524][T10726] (syz.1.13511,10726,0):ocfs2_symlink:1911 ERROR: status = -30 [ 1515.919097][T10726] (syz.1.13511,10726,0):ocfs2_symlink:2065 ERROR: status = -30 [ 1516.024381][ T4268] ocfs2: Unmounting device (7,1) on (node local) [ 1516.936207][T10870] nfs: Unknown parameter 'ntext' [ 1517.243101][T10891] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 1517.714628][ T6807] usb 4-1: new high-speed USB device number 118 using dummy_hcd [ 1517.930716][ T6807] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 1517.949765][ T6807] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1517.982697][ T6807] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1517.991867][ T6807] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1518.030881][ T6807] usb 4-1: Manufacturer: syz [ 1518.048754][ T6807] usb 4-1: config 0 descriptor?? [ 1518.068855][ T6807] igorplugusb 4-1:0.0: endpoint incorrect [ 1518.278475][T19774] usb 4-1: USB disconnect, device number 118 [ 1518.957221][T19774] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 1519.200762][T19774] usb 3-1: Using ep0 maxpacket: 16 [ 1519.209863][T19774] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1519.268480][T11018] loop3: detected capacity change from 0 to 64 [ 1519.274824][T19774] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1519.329221][T19774] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1519.335934][T19774] usb 3-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice= 2.eb [ 1519.357238][T19774] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1519.397381][T19774] usb 3-1: config 0 descriptor?? [ 1519.405604][ T4408] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1519.864497][ T6807] usb 3-1: USB disconnect, device number 14 [ 1519.889190][T11054] loop3: detected capacity change from 0 to 512 [ 1519.926806][T11054] /dev/loop3: Can't open blockdev [ 1519.976922][T11045] loop4: detected capacity change from 0 to 4096 [ 1520.005719][ T4408] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1520.025398][T11045] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 1520.147154][T11045] ntfs3: loop4: failed to convert "c46c" to cp850 [ 1520.213408][T11075] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13619'. [ 1520.247029][T11079] sctp: [Deprecated]: syz.3.13620 (pid 11079) Use of int in max_burst socket option. [ 1520.247029][T11079] Use struct sctp_assoc_value instead [ 1520.631745][T11094] netlink: 20 bytes leftover after parsing attributes in process `syz.2.13626'. [ 1520.935451][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 1520.940885][T11114] netlink: 129384 bytes leftover after parsing attributes in process `syz.4.13632'. [ 1520.941833][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 1521.683564][T11154] sock: sock_timestamping_bind_phc: sock not bind to device [ 1521.772372][T11148] loop1: detected capacity change from 0 to 4096 [ 1521.930487][T11167] netlink: 32 bytes leftover after parsing attributes in process `syz.2.13651'. [ 1522.698871][T11206] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13663'. [ 1522.845431][T11211] loop5: detected capacity change from 0 to 16 [ 1522.895587][T11211] erofs: (device loop5): mounted with root inode @ nid 36. [ 1522.962645][T11211] erofs: (device loop5): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 86 [ 1523.021227][T11211] erofs: (device loop5): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 86 [ 1523.525407][T11243] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check. [ 1523.637402][ T6807] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 1523.769024][T11253] loop3: detected capacity change from 0 to 512 [ 1523.789907][T11253] /dev/loop3: Can't open blockdev [ 1523.830412][ T4408] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1523.861749][ T6807] usb 6-1: Using ep0 maxpacket: 8 [ 1523.886514][ T6807] usb 6-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb [ 1523.919909][ T6807] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1523.952294][ T6807] usb 6-1: Product: syz [ 1523.956545][ T6807] usb 6-1: Manufacturer: syz [ 1523.983862][ T6807] usb 6-1: SerialNumber: syz [ 1524.309672][T11242] loop4: detected capacity change from 0 to 32768 [ 1524.395484][T11242] JBD2: Ignoring recovery information on journal [ 1524.447127][ T6807] mxuport 6-1:254.0: mxuport_recv_ctrl_urb - usb_control_msg failed (-71) [ 1524.453209][T19774] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 1524.490612][ T6807] mxuport: probe of 6-1:254.0 failed with error -5 [ 1524.539485][T11242] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 1524.579043][ T6807] usb 6-1: USB disconnect, device number 15 [ 1524.663720][T19774] usb 3-1: Using ep0 maxpacket: 8 [ 1524.679777][T19774] usb 3-1: config 6 has an invalid interface number: 64 but max is 0 [ 1524.690608][T11242] OCFS2: ERROR (device loop4): int ocfs2_validate_gd_parent(struct super_block *, struct ocfs2_dinode *, struct buffer_head *, int): Group descriptor #32 has bit count of 1024 [ 1524.717437][T11242] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 1524.727568][T19774] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 1524.754579][T11242] OCFS2: File system is now read-only. [ 1524.762652][T19774] usb 3-1: config 6 has no interface number 0 [ 1524.769180][T19774] usb 3-1: too many endpoints for config 6 interface 64 altsetting 21: 207, using maximum allowed: 30 [ 1524.772191][T11242] (syz.4.13672,11242,1):ocfs2_search_chain:1761 ERROR: status = -30 [ 1524.813132][T11242] (syz.4.13672,11242,0):ocfs2_search_chain:1871 ERROR: status = -30 [ 1524.825155][T19774] usb 3-1: config 6 interface 64 altsetting 21 has 0 endpoint descriptors, different from the interface descriptor's value: 207 [ 1524.853544][T19774] usb 3-1: config 6 interface 64 has no altsetting 0 [ 1524.860809][T11242] (syz.4.13672,11242,0):ocfs2_claim_suballoc_bits:1950 ERROR: status = -30 [ 1524.884950][T19774] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 1524.909365][T11242] (syz.4.13672,11242,1):ocfs2_claim_suballoc_bits:1993 ERROR: status = -30 [ 1524.911978][T19774] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1524.919447][T11242] (syz.4.13672,11242,1):__ocfs2_claim_clusters:2365 ERROR: status = -30 [ 1524.938621][T19774] usb 3-1: Product: syz [ 1524.952079][T19774] usb 3-1: Manufacturer: syz [ 1524.956766][T19774] usb 3-1: SerialNumber: syz [ 1524.983238][T11242] (syz.4.13672,11242,1):__ocfs2_claim_clusters:2373 ERROR: status = -30 [ 1525.004641][T11242] (syz.4.13672,11242,1):ocfs2_local_alloc_new_window:1203 ERROR: status = -30 [ 1525.020064][T11242] (syz.4.13672,11242,1):ocfs2_local_alloc_new_window:1228 ERROR: status = -30 [ 1525.035938][T11242] (syz.4.13672,11242,1):ocfs2_local_alloc_slide_window:1302 ERROR: status = -30 [ 1525.046476][T11242] (syz.4.13672,11242,1):ocfs2_local_alloc_slide_window:1321 ERROR: status = -30 [ 1525.056443][T11242] (syz.4.13672,11242,1):ocfs2_reserve_local_alloc_bits:671 ERROR: status = -30 [ 1525.066534][T11242] (syz.4.13672,11242,1):ocfs2_reserve_local_alloc_bits:709 ERROR: status = -30 [ 1525.075987][T11302] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 1525.088190][T11242] (syz.4.13672,11242,1):ocfs2_reserve_clusters_with_limit:1166 ERROR: status = -30 [ 1525.102398][T11307] netlink: 'syz.1.13688': attribute type 10 has an invalid length. [ 1525.110413][T11307] wlan1: mtu less than device minimum [ 1525.130784][T11242] (syz.4.13672,11242,1):ocfs2_reserve_clusters_with_limit:1215 ERROR: status = -30 [ 1525.144632][T11242] (syz.4.13672,11242,1):ocfs2_symlink:1911 ERROR: status = -30 [ 1525.175194][T11242] (syz.4.13672,11242,1):ocfs2_symlink:2065 ERROR: status = -30 [ 1525.225938][ T6807] usb 3-1: USB disconnect, device number 15 [ 1525.276107][ T4279] ocfs2: Unmounting device (7,4) on (node local) [ 1526.195348][T11370] xt_connbytes: Forcing CT accounting to be enabled [ 1527.272507][T11438] netlink: 24 bytes leftover after parsing attributes in process `syz.4.13731'. [ 1527.357054][T11436] loop5: detected capacity change from 0 to 4096 [ 1527.380719][T11436] EXT4-fs: inline encryption not supported [ 1527.444546][T11436] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1527.477647][T11480] overlayfs: bad mount option "redirect_dir=nofollow:/" [ 1527.508204][T11436] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=885ec019, mo2=0002] [ 1527.569042][T11436] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 1527.810525][T31961] EXT4-fs (loop5): unmounting filesystem. [ 1528.268711][T11478] loop3: detected capacity change from 0 to 32768 [ 1528.288363][T11478] /dev/loop3: Can't open blockdev [ 1528.298441][T19763] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 1528.459417][T20908] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 1528.503416][T19763] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1528.535948][T19763] usb 5-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 1528.554749][T19763] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1528.585023][T19763] usb 5-1: Product: syz [ 1528.599978][T19763] usb 5-1: Manufacturer: syz [ 1528.604647][T19763] usb 5-1: SerialNumber: syz [ 1528.639414][T19763] usb 5-1: config 0 descriptor?? [ 1528.657916][T19763] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 1528.672608][T20908] usb 6-1: Using ep0 maxpacket: 16 [ 1528.685214][T20908] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1528.726130][T11542] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 1528.734633][T20908] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1528.768804][T20908] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 95 [ 1528.823389][T20908] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1528.847869][T20908] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1528.869271][T20908] usb 6-1: SerialNumber: syz [ 1528.890463][T11517] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1528.912167][T20908] cdc_acm 6-1:1.0: skipping garbage [ 1528.918051][T20908] cdc_acm: probe of 6-1:1.0 failed with error -12 [ 1529.073695][T11556] loop3: detected capacity change from 0 to 512 [ 1529.088977][T19763] gspca_pac7302: reg_w() failed i: 78 v: 00 error -71 [ 1529.107962][T19763] gspca_pac7302: probe of 5-1:0.0 failed with error -71 [ 1529.140475][T19763] usb 5-1: USB disconnect, device number 15 [ 1529.193313][T19774] usb 6-1: USB disconnect, device number 16 [ 1529.671690][T11601] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.13766'. [ 1530.076556][T11624] netlink: 28 bytes leftover after parsing attributes in process `syz.4.13774'. [ 1530.265527][T20908] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 1530.471271][T20908] usb 6-1: config 220 has an invalid interface number: 76 but max is 2 [ 1530.491117][T20908] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 1530.510928][T20908] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1530.556085][T20908] usb 6-1: config 220 has no interface number 2 [ 1530.562462][T20908] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1530.585048][T20908] usb 6-1: config 220 interface 0 has no altsetting 0 [ 1530.637220][T20908] usb 6-1: config 220 interface 76 has no altsetting 0 [ 1530.668996][T20908] usb 6-1: config 220 interface 1 has no altsetting 0 [ 1530.684537][T20908] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1530.703609][T20908] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1530.714568][T20908] usb 6-1: Product: syz [ 1530.718785][T20908] usb 6-1: Manufacturer: syz [ 1530.734498][T20908] usb 6-1: SerialNumber: syz [ 1530.967455][T20908] usb 6-1: selecting invalid altsetting 0 [ 1530.987933][T20908] usb 6-1: Found UVC 7.01 device syz (8086:0b07) [ 1531.007607][T20908] usb 6-1: No valid video chain found. [ 1531.050293][T11682] comedi comedi0: driver 'ni_daq_700' does not support attach using comedi_config [ 1531.064866][T20908] usb 6-1: selecting invalid altsetting 0 [ 1531.071595][T20908] usbtest: probe of 6-1:220.1 failed with error -22 [ 1531.102703][T20908] usb 6-1: USB disconnect, device number 17 [ 1531.110024][ T6807] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 1531.277766][T11700] SET target dimension over the limit! [ 1531.334486][ T6807] usb 5-1: Using ep0 maxpacket: 16 [ 1531.344045][ T6807] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 4.00 [ 1531.354764][T11703] trusted_key: encrypted_key: master key parameter '' is invalid [ 1531.366259][ T6807] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1531.375349][ T6807] usb 5-1: Product: syz [ 1531.380134][ T6807] usb 5-1: Manufacturer: syz [ 1531.384774][ T6807] usb 5-1: SerialNumber: syz [ 1531.399568][ T6807] usb 5-1: config 0 descriptor?? [ 1531.418609][ T6807] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 1531.448697][ T6807] usb 5-1: Detected FT232B [ 1531.629117][ T6807] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1531.647406][ T6807] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1531.687595][ T6807] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1531.729976][ T6807] usb 5-1: USB disconnect, device number 16 [ 1531.761121][ T6807] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1531.782405][ T6807] ftdi_sio 5-1:0.0: device disconnected [ 1532.296580][T19763] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1532.436332][T11770] netlink: 16 bytes leftover after parsing attributes in process `syz.3.13813'. [ 1532.499613][T19763] usb 2-1: Using ep0 maxpacket: 16 [ 1532.509456][T19763] usb 2-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1532.529454][T19763] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1532.585219][T19763] usb 2-1: Product: syz [ 1532.611338][T19763] usb 2-1: Manufacturer: syz [ 1532.632952][T19763] usb 2-1: SerialNumber: syz [ 1532.665007][T19763] usb 2-1: config 0 descriptor?? [ 1532.704959][T19763] visor 2-1:0.0: Sony Clie 3.5 converter detected [ 1533.108418][T19763] usb 2-1: clie_3_5_startup: get interface number failed: -71 [ 1533.125993][T19763] visor: probe of 2-1:0.0 failed with error -71 [ 1533.156011][T19763] usb 2-1: USB disconnect, device number 25 [ 1533.586315][T11830] loop3: detected capacity change from 0 to 64 [ 1533.862445][T11844] netlink: 'syz.1.13836': attribute type 10 has an invalid length. [ 1533.896600][T11842] device geneve3 entered promiscuous mode [ 1534.508537][T11828] loop4: detected capacity change from 0 to 40427 [ 1534.509734][ T4558] usb 4-1: new high-speed USB device number 119 using dummy_hcd [ 1534.563321][T11828] F2FS-fs (loop4): invalid crc value [ 1534.605017][T11828] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1534.747209][ T4558] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1534.785238][ T4558] usb 4-1: config 66 has an invalid descriptor of length 0, skipping remainder of the config [ 1534.800550][T11828] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1 [ 1534.807062][ T4558] usb 4-1: config 66 has 1 interface, different from the descriptor's value: 2 [ 1534.816500][ T4558] usb 4-1: config 66 has no interface number 0 [ 1534.833309][ T4558] usb 4-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=a4.95 [ 1534.842656][T11828] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1534.861788][ T4558] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1534.904882][ T4558] usb 4-1: Product: syz [ 1534.909320][ T4558] usb 4-1: Manufacturer: syz [ 1534.913966][ T4558] usb 4-1: SerialNumber: syz [ 1535.187037][ T4558] usb 4-1: USB disconnect, device number 119 [ 1535.248810][T11871] loop5: detected capacity change from 0 to 32768 [ 1535.260749][T11871] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop5 scanned by syz.5.13844 (11871) [ 1535.276846][T11871] BTRFS info (device loop5): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 1535.289369][T11871] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 1535.335461][T11871] BTRFS info (device loop5): turning on async discard [ 1535.364048][T11871] BTRFS info (device loop5): using free space tree [ 1535.644823][T11871] BTRFS info (device loop5): enabling ssd optimizations [ 1535.864023][T31961] BTRFS info (device loop5): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 1536.325896][T11971] netlink: 'syz.1.13865': attribute type 5 has an invalid length. [ 1536.658564][T19763] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 1536.861378][T19763] usb 5-1: Using ep0 maxpacket: 8 [ 1536.868391][T19763] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1536.905025][T19763] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 1536.940328][T19763] usb 5-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 1536.957627][T19763] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1536.976670][T19763] usb 5-1: Product: syz [ 1536.981048][T19763] usb 5-1: Manufacturer: syz [ 1536.985689][T19763] usb 5-1: SerialNumber: syz [ 1537.036907][T19763] usb 5-1: config 0 descriptor?? [ 1537.501339][ T5040] usb 5-1: USB disconnect, device number 17 [ 1537.734842][T12003] loop3: detected capacity change from 0 to 32768 [ 1537.803061][ T4408] I/O error, dev loop3, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1538.285770][T12067] loop4: detected capacity change from 0 to 64 [ 1538.579398][ T27] kauditd_printk_skb: 22 callbacks suppressed [ 1538.579414][ T27] audit: type=1326 audit(1777443968.942:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12084 comm="syz.4.13899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb8299cdd9 code=0x7ffc0000 [ 1538.612435][T12083] loop3: detected capacity change from 0 to 1024 [ 1538.685577][T12088] netlink: 24 bytes leftover after parsing attributes in process `syz.2.13900'. [ 1538.741260][ T27] audit: type=1326 audit(1777443968.998:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12084 comm="syz.4.13899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb8299cdd9 code=0x7ffc0000 [ 1538.873474][ T27] audit: type=1326 audit(1777443969.007:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12084 comm="syz.4.13899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7feb8299cdd9 code=0x7ffc0000 [ 1538.972263][ T27] audit: type=1326 audit(1777443969.007:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12084 comm="syz.4.13899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb8299cdd9 code=0x7ffc0000 [ 1539.054800][ T27] audit: type=1326 audit(1777443969.007:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12084 comm="syz.4.13899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb8299cdd9 code=0x7ffc0000 [ 1539.427212][T20908] usb 3-1: new full-speed USB device number 16 using dummy_hcd [ 1539.632188][T20908] usb 3-1: config 0 has an invalid interface number: 214 but max is 0 [ 1539.658998][T12143] (unnamed net_device) (uninitialized): option mode: invalid value (254) [ 1539.670525][T20908] usb 3-1: config 0 has no interface number 0 [ 1539.683880][T20908] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 22765, setting to 64 [ 1539.719142][T20908] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 1539.758599][T20908] usb 3-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 1539.812163][T20908] usb 3-1: Manufacturer: syz [ 1539.816846][T20908] usb 3-1: SerialNumber: syz [ 1539.887832][T20908] usb 3-1: config 0 descriptor?? [ 1539.893572][T12111] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1540.140794][T20908] usbtouchscreen 3-1:0.214: Failed to read FW rev: -71 [ 1540.161434][T20908] usbtouchscreen: probe of 3-1:0.214 failed with error -71 [ 1540.203052][T20908] usb 3-1: USB disconnect, device number 16 [ 1540.556990][T19763] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 1540.639672][T19763] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1540.949607][T12225] xt_TCPMSS: Only works on TCP SYN packets [ 1541.070374][T12218] loop5: detected capacity change from 0 to 4096 [ 1541.165687][T12218] ntfs: (device loop5): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1541.201954][T12218] ntfs: (device loop5): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1541.252333][T12217] fido_id[12217]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1541.269619][T12218] ntfs: (device loop5): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1541.309790][T12218] ntfs: (device loop5): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1541.409702][T12218] ntfs: (device loop5): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1541.473062][T12218] ntfs: volume version 3.1. [ 1541.800950][T12256] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 1542.049879][T12269] netlink: 12 bytes leftover after parsing attributes in process `syz.5.13951'. [ 1542.196856][T12273] loop4: detected capacity change from 0 to 2048 [ 1542.272600][T12273] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1542.623791][T20908] usb 4-1: new high-speed USB device number 120 using dummy_hcd [ 1542.837659][T20908] usb 4-1: Using ep0 maxpacket: 32 [ 1542.844951][T20908] usb 4-1: config 1 has an invalid interface number: 108 but max is 0 [ 1542.869571][T20908] usb 4-1: config 1 has no interface number 0 [ 1542.895420][T20908] usb 4-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b [ 1542.912458][T20908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1542.931517][T20908] usb 4-1: Product: syz [ 1542.938997][T20908] usb 4-1: Manufacturer: syz [ 1542.944077][T20908] usb 4-1: SerialNumber: syz [ 1542.960745][T20908] hub 4-1:1.108: bad descriptor, ignoring hub [ 1542.978154][T20908] hub: probe of 4-1:1.108 failed with error -5 [ 1543.074755][T12329] loop5: detected capacity change from 0 to 16 [ 1543.110240][T12329] erofs: (device loop5): mounted with root inode @ nid 36. [ 1543.124119][T12332] netlink: 'syz.2.13970': attribute type 1 has an invalid length. [ 1543.178378][T20908] usb 4-1: palm_os_4_probe - error -71 getting connection info [ 1543.193693][T20908] visor 4-1:1.108: Handspring Visor / Palm OS converter detected [ 1543.239479][T20908] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 1543.264481][T20908] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 1543.308587][T20908] usb 4-1: USB disconnect, device number 120 [ 1543.345795][T20908] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 1543.388494][T20908] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 1543.437430][T20908] visor 4-1:1.108: device disconnected [ 1544.309283][T12416] loop3: detected capacity change from 0 to 8 [ 1544.372228][T12418] loop5: detected capacity change from 0 to 256 [ 1544.414143][T12416] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 1544.418660][T12418] FAT-fs (loop5): Directory bread(block 64) failed [ 1544.466517][T12418] FAT-fs (loop5): Directory bread(block 65) failed [ 1544.479400][ T5396] udevd[5396]: incorrect cramfs checksum on /dev/loop3 [ 1544.486555][T12418] FAT-fs (loop5): Directory bread(block 66) failed [ 1544.486598][T12418] FAT-fs (loop5): Directory bread(block 67) failed [ 1544.486766][T12418] FAT-fs (loop5): Directory bread(block 68) failed [ 1544.516024][T12416] /dev/loop3: Can't open blockdev [ 1544.578382][ T5396] udevd[5396]: incorrect cramfs checksum on /dev/loop3 [ 1544.592838][T12418] FAT-fs (loop5): Directory bread(block 69) failed [ 1544.599584][T12418] FAT-fs (loop5): Directory bread(block 70) failed [ 1544.641961][T12418] FAT-fs (loop5): Directory bread(block 71) failed [ 1544.687405][T12418] FAT-fs (loop5): Directory bread(block 72) failed [ 1544.694027][T12418] FAT-fs (loop5): Directory bread(block 73) failed [ 1544.903155][ T27] kauditd_printk_skb: 12 callbacks suppressed [ 1544.903171][ T27] audit: type=1326 audit(1777443974.863:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12439 comm="syz.1.13996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b1d9cdd9 code=0x7ffc0000 [ 1544.970034][ T27] audit: type=1326 audit(1777443974.891:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12439 comm="syz.1.13996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7fc2b1d9cdd9 code=0x7ffc0000 [ 1545.087287][ T27] audit: type=1326 audit(1777443974.891:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12439 comm="syz.1.13996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b1d9cdd9 code=0x7ffc0000 [ 1545.187675][ T27] audit: type=1326 audit(1777443974.891:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12439 comm="syz.1.13996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b1d9cdd9 code=0x7ffc0000 [ 1545.517063][T12472] loop4: detected capacity change from 0 to 1024 [ 1546.653370][T12527] netlink: 20 bytes leftover after parsing attributes in process `syz.1.14024'. [ 1546.901359][T12537] delete_channel: no stack [ 1547.013954][T12505] loop5: detected capacity change from 0 to 32768 [ 1547.069071][T12505] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.14018 (12505) [ 1547.131787][T12505] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1547.188864][T12505] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 1547.197721][T12505] BTRFS info (device loop5): using free space tree [ 1547.562728][T12505] BTRFS info (device loop5): enabling ssd optimizations [ 1547.791939][T12597] loop3: detected capacity change from 0 to 256 [ 1547.878455][ T4408] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1547.901817][T31961] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1548.178296][T12614] netlink: 'syz.3.14049': attribute type 5 has an invalid length. [ 1548.530861][T12636] loop1: detected capacity change from 0 to 1024 [ 1549.093216][T12665] netlink: 20 bytes leftover after parsing attributes in process `syz.4.14064'. [ 1549.193595][T12672] device vlan0 entered promiscuous mode [ 1549.518929][T12690] sctp: [Deprecated]: syz.5.14082 (pid 12690) Use of int in max_burst socket option. [ 1549.518929][T12690] Use struct sctp_assoc_value instead [ 1550.012174][T12721] device vlan0 entered promiscuous mode [ 1550.520795][T12742] loop3: detected capacity change from 0 to 4096 [ 1550.534385][T12751] netlink: 20 bytes leftover after parsing attributes in process `syz.4.14092'. [ 1550.536297][T12742] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 1550.723495][T12742] ntfs3: loop3: failed to convert "c46c" to cp850 [ 1551.281665][T12788] loop5: detected capacity change from 0 to 4096 [ 1551.350363][T12799] netlink: 'syz.1.14109': attribute type 5 has an invalid length. [ 1552.496303][T12852] loop5: detected capacity change from 0 to 4096 [ 1552.781174][T12872] netlink: 129384 bytes leftover after parsing attributes in process `syz.1.14132'. [ 1553.126468][T12881] loop3: detected capacity change from 0 to 4096 [ 1553.153135][T12881] /dev/loop3: Can't open blockdev [ 1553.294417][T12901] sock: sock_timestamping_bind_phc: sock not bind to device [ 1553.606741][T12920] netlink: 32 bytes leftover after parsing attributes in process `syz.1.14146'. [ 1553.772125][T12928] loop4: detected capacity change from 0 to 512 [ 1553.862752][T12928] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1553.929700][T12928] ext4 filesystem being mounted at /2735/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1554.061993][T12944] netlink: 16 bytes leftover after parsing attributes in process `syz.3.14153'. [ 1554.121689][T12946] loop5: detected capacity change from 0 to 256 [ 1554.162137][T12946] exFAT-fs (loop5): failed to load upcase table (idx : 0x0001e4a3, chksum : 0xe65d9f0a, utbl_chksum : 0x7319d30d) [ 1554.269500][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 1555.502110][T13031] loop5: detected capacity change from 0 to 512 [ 1555.665119][T13031] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 1555.679558][T13041] loop4: detected capacity change from 0 to 4096 [ 1555.697581][T13041] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 1555.738775][T13031] ext4 filesystem being mounted at /617/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1555.742344][T13047] device netdevsim0 entered promiscuous mode [ 1555.785163][T13047] netlink: 12 bytes leftover after parsing attributes in process `syz.1.14188'. [ 1555.794975][T13041] ntfs3: loop4: failed to convert "c46c" to cp1251 [ 1556.093958][T19778] usb 6-1: new full-speed USB device number 18 using dummy_hcd [ 1556.177378][T13066] loop4: detected capacity change from 0 to 256 [ 1556.223170][T13069] netlink: 8 bytes leftover after parsing attributes in process `syz.3.14194'. [ 1556.263539][T13066] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001e4a3, chksum : 0xe65d9f0a, utbl_chksum : 0x7319d30d) [ 1556.300656][T19778] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1556.322059][T19778] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 200, setting to 64 [ 1556.363501][T19778] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 10 [ 1556.385609][T19778] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1556.418710][T19778] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1556.469498][T19778] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1556.481845][T13078] netlink: 'syz.1.14197': attribute type 21 has an invalid length. [ 1556.490412][T19778] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1556.509426][T19778] usb 6-1: config 0 descriptor?? [ 1556.515485][T13031] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1556.532410][T13078] IPv6: NLM_F_CREATE should be specified when creating new route [ 1556.567246][T13078] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1556.574594][T13078] IPv6: NLM_F_CREATE should be set when creating new route [ 1556.581943][T13078] IPv6: NLM_F_CREATE should be set when creating new route [ 1556.589222][T13078] IPv6: NLM_F_CREATE should be set when creating new route [ 1556.779196][T19778] usb 6-1: USB disconnect, device number 18 [ 1557.109418][ T4911] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 1557.314500][ T4911] usb 2-1: Using ep0 maxpacket: 8 [ 1557.324408][ T4911] usb 2-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb [ 1557.344559][ T4911] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1557.352636][ T4911] usb 2-1: Product: syz [ 1557.376634][ T4911] usb 2-1: Manufacturer: syz [ 1557.387632][ T4911] usb 2-1: SerialNumber: syz [ 1557.458482][T31961] EXT4-fs (loop5): unmounting filesystem. [ 1557.653354][T13113] loop3: detected capacity change from 0 to 32768 [ 1557.682259][T13113] /dev/loop3: Can't open blockdev [ 1557.742754][ T5396] I/O error, dev loop3, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1557.777972][T13140] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 1557.847664][ T4911] mxuport 2-1:254.0: mxuport_recv_ctrl_urb - usb_control_msg failed (-71) [ 1557.880372][ T4911] mxuport: probe of 2-1:254.0 failed with error -5 [ 1557.903728][ T4911] usb 2-1: USB disconnect, device number 26 [ 1558.050932][T13156] netlink: 'syz.2.14213': attribute type 10 has an invalid length. [ 1558.093392][T13156] team0: Port device wlan1 added [ 1558.133073][T13151] loop5: detected capacity change from 0 to 4096 [ 1558.155655][T13151] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512) [ 1558.285672][T13151] ntfs3: loop5: failed to convert "c46c" to cp1251 [ 1558.587883][T13175] xt_cluster: node mask cannot exceed total number of nodes [ 1559.044760][ T4909] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 1559.250394][ T4909] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 1559.279754][ T4909] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 106, changing to 7 [ 1559.321640][ T4909] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16591, setting to 1024 [ 1559.355929][ T4909] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1559.386502][ T4909] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1559.436546][ T4909] usb 3-1: Manufacturer: syz [ 1559.446849][ T4909] usb 3-1: config 0 descriptor?? [ 1559.485517][ T4909] igorplugusb 3-1:0.0: endpoint incorrect [ 1559.707456][ T4911] usb 3-1: USB disconnect, device number 17 [ 1559.938034][T13263] loop4: detected capacity change from 0 to 512 [ 1559.955782][T13262] netlink: 24 bytes leftover after parsing attributes in process `syz.1.14245'. [ 1559.983996][T13263] EXT4-fs (loop4): Test dummy encryption mode enabled [ 1560.077278][T13263] EXT4-fs error (device loop4): __ext4_iget:5102: inode #11: block 1: comm syz.4.14246: invalid block [ 1560.094739][T13263] EXT4-fs error (device loop4): ext4_orphan_get:1410: comm syz.4.14246: couldn't read orphan inode 11 (err -117) [ 1560.107705][T13263] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1560.168166][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 1560.326098][T13298] loop3: detected capacity change from 0 to 4096 [ 1560.355587][T13298] EXT4-fs: inline encryption not supported [ 1560.375523][T13298] /dev/loop3: Can't open blockdev [ 1561.104823][T13343] loop3: detected capacity change from 0 to 4096 [ 1561.147162][T13343] /dev/loop3: Can't open blockdev [ 1561.833477][T13334] loop5: detected capacity change from 0 to 32768 [ 1561.917959][T13334] XFS (loop5): Mounting V5 Filesystem [ 1562.033460][T13334] XFS (loop5): Ending clean mount [ 1562.110648][T13334] XFS (loop5): Quotacheck needed: Please wait. [ 1562.134371][ T4909] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 1562.237579][T13334] XFS (loop5): Quotacheck: Done. [ 1562.296038][T31961] XFS (loop5): Unmounting Filesystem [ 1562.358483][ T4909] usb 2-1: Using ep0 maxpacket: 8 [ 1562.365574][ T4909] usb 2-1: config 6 has an invalid interface number: 64 but max is 0 [ 1562.397663][ T4909] usb 2-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 1562.443572][ T4909] usb 2-1: config 6 has no interface number 0 [ 1562.476073][ T4909] usb 2-1: too many endpoints for config 6 interface 64 altsetting 21: 207, using maximum allowed: 30 [ 1562.508274][ T4909] usb 2-1: config 6 interface 64 altsetting 21 has 0 endpoint descriptors, different from the interface descriptor's value: 207 [ 1562.550974][ T4909] usb 2-1: config 6 interface 64 has no altsetting 0 [ 1562.572880][ T4909] usb 2-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 1562.593006][T13405] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 1562.602478][ T4909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1562.625750][ T4909] usb 2-1: Product: syz [ 1562.630074][ T4909] usb 2-1: Manufacturer: syz [ 1562.656384][ T4909] usb 2-1: SerialNumber: syz [ 1562.944911][T19770] usb 2-1: USB disconnect, device number 27 [ 1563.303975][T13445] netlink: 28 bytes leftover after parsing attributes in process `syz.2.14285'. [ 1563.426108][T13453] netlink: 'syz.3.14290': attribute type 10 has an invalid length. [ 1563.464119][T13453] team0: Port device wlan1 added [ 1564.085205][T13490] SET target dimension over the limit! [ 1564.179131][T13493] trusted_key: encrypted_key: master key parameter '' is invalid [ 1564.250927][T13500] netlink: 'syz.4.14305': attribute type 10 has an invalid length. [ 1564.299292][T13500] device wlan1 entered promiscuous mode [ 1564.356291][T13500] team0: Port device wlan1 added [ 1564.377734][T13505] netlink: 28 bytes leftover after parsing attributes in process `syz.3.14307'. [ 1564.533940][T13512] netlink: 16 bytes leftover after parsing attributes in process `syz.1.14320'. [ 1564.689383][ T4911] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 1564.805619][T13526] loop1: detected capacity change from 0 to 2048 [ 1564.833617][T13526] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1564.903961][ T4911] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 1564.912319][ T4911] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 1564.977242][ T4911] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1565.010074][ T4911] usb 3-1: config 220 has no interface number 2 [ 1565.016450][ T4911] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1565.070257][ T4911] usb 3-1: config 220 interface 0 has no altsetting 0 [ 1565.104154][ T4911] usb 3-1: config 220 interface 76 has no altsetting 0 [ 1565.149886][ T4911] usb 3-1: config 220 interface 1 has no altsetting 0 [ 1565.172315][ T4911] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1565.235092][ T4911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1565.256944][ T4911] usb 3-1: Product: syz [ 1565.261212][ T4911] usb 3-1: Manufacturer: syz [ 1565.286498][ T4911] usb 3-1: SerialNumber: syz [ 1565.501699][T19778] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 1565.533374][ T4911] usb 3-1: selecting invalid altsetting 0 [ 1565.544617][ T4911] usb 3-1: Found UVC 7.01 device syz (8086:0b07) [ 1565.551059][ T4911] usb 3-1: No valid video chain found. [ 1565.581877][ T4911] usb 3-1: selecting invalid altsetting 0 [ 1565.588640][ T4911] usbtest: probe of 3-1:220.1 failed with error -22 [ 1565.599379][ T4911] usb 3-1: USB disconnect, device number 18 [ 1565.704669][T19778] usb 6-1: Using ep0 maxpacket: 16 [ 1565.713363][T19778] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 4.00 [ 1565.728813][T19778] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1565.739767][T19778] usb 6-1: Product: syz [ 1565.743952][T19778] usb 6-1: Manufacturer: syz [ 1565.752141][T19778] usb 6-1: SerialNumber: syz [ 1565.764315][T19778] usb 6-1: config 0 descriptor?? [ 1565.778057][T19778] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 1565.789663][T19778] usb 6-1: Detected FT232B [ 1565.994919][T19778] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1566.012825][T19778] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1566.021334][T19778] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1566.034969][T19778] usb 6-1: USB disconnect, device number 19 [ 1566.054302][T19778] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1566.071963][T19778] ftdi_sio 6-1:0.0: device disconnected [ 1566.676021][T13593] netlink: 'syz.5.14321': attribute type 10 has an invalid length. [ 1566.704508][T13593] team0: Port device wlan1 added [ 1567.035098][T13610] SET target dimension over the limit! [ 1567.198837][T13624] netlink: 'syz.2.14335': attribute type 10 has an invalid length. [ 1567.297841][ T4911] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 1567.502755][ T4911] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1567.533764][ T4911] usb 2-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 1567.543475][T19778] usb 4-1: new high-speed USB device number 121 using dummy_hcd [ 1567.559251][ T4911] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1567.580475][ T4911] usb 2-1: Product: syz [ 1567.584749][ T4911] usb 2-1: Manufacturer: syz [ 1567.589907][ T4911] usb 2-1: SerialNumber: syz [ 1567.610198][ T4911] usb 2-1: config 0 descriptor?? [ 1567.626231][T13648] netlink: 16 bytes leftover after parsing attributes in process `syz.2.14341'. [ 1567.646383][ T4911] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 1567.791799][T19778] usb 4-1: Using ep0 maxpacket: 16 [ 1567.851099][T19778] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 4.00 [ 1567.866837][T19778] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1567.893860][T19778] usb 4-1: Product: syz [ 1567.906981][T19778] usb 4-1: Manufacturer: syz [ 1567.911668][T19778] usb 4-1: SerialNumber: syz [ 1567.937528][T19778] usb 4-1: config 0 descriptor?? [ 1567.966499][T19778] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1567.997619][T19778] usb 4-1: Detected FT232B [ 1568.064495][ T4911] gspca_pac7302: reg_w() failed i: 78 v: 00 error -71 [ 1568.082446][ T4911] gspca_pac7302: probe of 2-1:0.0 failed with error -71 [ 1568.112347][ T4911] usb 2-1: USB disconnect, device number 28 [ 1568.184683][T19778] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1568.199877][T19778] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1568.221966][T19778] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1568.254085][T19778] usb 4-1: USB disconnect, device number 121 [ 1568.282218][T19778] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1568.309394][T19778] ftdi_sio 4-1:0.0: device disconnected [ 1570.248575][ T4911] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 1570.312469][T13808] netlink: 'syz.3.14386': attribute type 21 has an invalid length. [ 1570.342238][T13808] IPv6: NLM_F_CREATE should be specified when creating new route [ 1570.363780][T13808] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1570.371144][T13808] IPv6: NLM_F_CREATE should be set when creating new route [ 1570.378514][T13808] IPv6: NLM_F_CREATE should be set when creating new route [ 1570.385800][T13808] IPv6: NLM_F_CREATE should be set when creating new route [ 1570.472647][ T4911] usb 3-1: Using ep0 maxpacket: 16 [ 1570.481757][ T4911] usb 3-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1570.502848][T13810] loop5: detected capacity change from 0 to 4096 [ 1570.512905][ T4911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1570.530152][T13810] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512) [ 1570.539359][ T4911] usb 3-1: Product: syz [ 1570.543570][ T4911] usb 3-1: Manufacturer: syz [ 1570.564509][ T4911] usb 3-1: SerialNumber: syz [ 1570.584236][ T4911] usb 3-1: config 0 descriptor?? [ 1570.610250][ T4911] visor 3-1:0.0: Sony Clie 3.5 converter detected [ 1570.627726][T13810] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 1570.688538][T13810] ntfs3: loop5: ino=0, attr_set_size [ 1570.923043][T13827] loop4: detected capacity change from 0 to 1024 [ 1571.003431][T13827] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 1571.039852][ T4911] usb 3-1: clie_3_5_startup: get interface number failed: -71 [ 1571.048266][ T4911] visor: probe of 3-1:0.0 failed with error -71 [ 1571.058094][T13803] loop1: detected capacity change from 0 to 32768 [ 1571.101468][ T4911] usb 3-1: USB disconnect, device number 19 [ 1571.183324][T13803] XFS (loop1): Mounting V5 Filesystem [ 1571.258036][T13861] netlink: 'syz.4.14396': attribute type 5 has an invalid length. [ 1571.340890][T13803] XFS (loop1): Ending clean mount [ 1571.394538][T13803] XFS (loop1): Quotacheck needed: Please wait. [ 1571.486867][T13803] XFS (loop1): Quotacheck: Done. [ 1571.632832][ T4268] XFS (loop1): Unmounting Filesystem [ 1572.097775][ T4911] usb 4-1: new high-speed USB device number 122 using dummy_hcd [ 1572.333109][ T4911] usb 4-1: Using ep0 maxpacket: 8 [ 1572.355288][ T4911] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1572.397378][ T4911] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 1572.423931][ T4911] usb 4-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 1572.457798][ T4911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1572.487300][ T4911] usb 4-1: Product: syz [ 1572.491681][ T4911] usb 4-1: Manufacturer: syz [ 1572.513363][ T4911] usb 4-1: SerialNumber: syz [ 1572.521622][T13915] loop4: detected capacity change from 0 to 1024 [ 1572.549158][ T4911] usb 4-1: config 0 descriptor?? [ 1573.100374][T13937] loop1: detected capacity change from 0 to 1024 [ 1573.144897][T13937] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 1573.175077][ T4909] usb 4-1: USB disconnect, device number 122 [ 1573.370028][ T4911] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 1573.583660][ T4911] usb 6-1: Using ep0 maxpacket: 16 [ 1573.593057][ T4911] usb 6-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1573.636404][ T4911] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1573.658031][ T4911] usb 6-1: Product: syz [ 1573.668808][ T4911] usb 6-1: Manufacturer: syz [ 1573.690983][ T4911] usb 6-1: SerialNumber: syz [ 1573.716150][ T4911] usb 6-1: config 0 descriptor?? [ 1573.738135][ T4911] visor 6-1:0.0: Sony Clie 3.5 converter detected [ 1574.179631][ T4911] usb 6-1: clie_3_5_startup: get interface number failed: -71 [ 1574.188719][ T4911] visor: probe of 6-1:0.0 failed with error -71 [ 1574.212866][ T4911] usb 6-1: USB disconnect, device number 20 [ 1574.309037][T20908] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1574.353346][T20908] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1574.627451][T14028] fido_id[14028]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1574.962277][T14056] loop5: detected capacity change from 0 to 1024 [ 1575.059923][T14063] netlink: 24 bytes leftover after parsing attributes in process `syz.1.14459'. [ 1575.254003][T14073] xt_TCPMSS: Only works on TCP SYN packets [ 1575.519411][ T27] audit: type=1326 audit(1777444003.505:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14089 comm="syz.2.14456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ec179cdd9 code=0x7ffc0000 [ 1575.579272][ T27] audit: type=1326 audit(1777444003.523:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14089 comm="syz.2.14456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ec179cdd9 code=0x7ffc0000 [ 1575.645543][ T27] audit: type=1326 audit(1777444003.533:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14089 comm="syz.2.14456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f6ec179cdd9 code=0x7ffc0000 [ 1575.682439][ T27] audit: type=1326 audit(1777444003.533:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14089 comm="syz.2.14456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ec179cdd9 code=0x7ffc0000 [ 1575.740781][ T27] audit: type=1326 audit(1777444003.533:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14089 comm="syz.2.14456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ec179cdd9 code=0x7ffc0000 [ 1576.143389][T14077] loop3: detected capacity change from 0 to 32768 [ 1576.168363][T14077] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop3 scanned by syz.3.14449 (14077) [ 1576.200745][T14114] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 1576.256538][T14077] BTRFS info (device loop3): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 1576.309399][T14077] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 1576.354723][T14077] BTRFS info (device loop3): turning on async discard [ 1576.361587][T14077] BTRFS info (device loop3): using free space tree [ 1576.825796][T14077] BTRFS info (device loop3): enabling ssd optimizations [ 1577.009010][T14172] loop5: detected capacity change from 0 to 512 [ 1577.028092][ T4274] BTRFS info (device loop3): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 1577.138305][T14172] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 1577.198401][T14172] ext4 filesystem being mounted at /670/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1577.445767][T14172] EXT4-fs error (device loop5): ext4_xattr_delete_inode:2916: inode #15: comm syz.5.14476: corrupted xattr block 33 [ 1577.452186][T14172] EXT4-fs warning (device loop5): ext4_evict_inode:301: xattr delete (err -74) [ 1577.769500][T31961] EXT4-fs (loop5): unmounting filesystem. [ 1577.931999][T19774] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1577.978926][T19774] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1578.170152][T14227] (unnamed net_device) (uninitialized): option mode: invalid value (254) [ 1578.205694][T14219] fido_id[14219]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1578.286755][T14232] loop1: detected capacity change from 0 to 16 [ 1578.331186][T14232] erofs: (device loop1): mounted with root inode @ nid 36. [ 1578.468787][T14245] netlink: 'syz.5.14496': attribute type 1 has an invalid length. [ 1578.495920][T14236] loop4: detected capacity change from 0 to 4096 [ 1578.536861][T14236] ntfs: (device loop4): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1578.660525][T14236] ntfs: (device loop4): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1578.752391][T14236] ntfs: (device loop4): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1578.804705][T14236] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1578.850159][T14236] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1578.888011][T14236] ntfs: volume version 3.1. [ 1579.058386][T14270] netlink: 12 bytes leftover after parsing attributes in process `syz.1.14506'. [ 1579.266019][T14275] loop1: detected capacity change from 0 to 2048 [ 1579.323547][T14275] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1579.388801][T14285] xt_TCPMSS: Only works on TCP SYN packets [ 1580.642154][T14357] netlink: 20 bytes leftover after parsing attributes in process `syz.3.14544'. [ 1580.884172][T14370] loop3: detected capacity change from 0 to 512 [ 1580.922766][T14364] loop4: detected capacity change from 0 to 4096 [ 1580.933661][T14370] /dev/loop3: Can't open blockdev [ 1580.970162][T14364] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 1581.091149][T14364] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 1581.179146][T14364] ntfs3: loop4: ino=0, attr_set_size [ 1581.259519][T19770] usb 4-1: new full-speed USB device number 123 using dummy_hcd [ 1581.496737][T19770] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1581.515025][T19770] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 200, setting to 64 [ 1581.574549][T19770] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 10 [ 1581.627099][T19770] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1581.655128][T19770] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1581.697835][T19770] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1581.706996][T19770] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1581.747119][T19770] usb 4-1: config 0 descriptor?? [ 1581.760753][T14360] loop5: detected capacity change from 0 to 32768 [ 1581.772237][T14370] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1581.870938][T14360] XFS (loop5): Mounting V5 Filesystem [ 1582.013529][T14360] XFS (loop5): Ending clean mount [ 1582.055060][T19774] usb 4-1: USB disconnect, device number 123 [ 1582.062740][T14360] XFS (loop5): Quotacheck needed: Please wait. [ 1582.121934][T14402] loop4: detected capacity change from 0 to 32768 [ 1582.185452][T14360] XFS (loop5): Quotacheck: Done. [ 1582.203619][T14402] JBD2: Ignoring recovery information on journal [ 1582.335755][T31961] XFS (loop5): Unmounting Filesystem [ 1582.338519][T14402] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 1582.360385][T14432] netlink: 20 bytes leftover after parsing attributes in process `syz.2.14550'. [ 1582.565843][T14402] OCFS2: ERROR (device loop4): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #1792 has bad signature [ 1582.605376][T14402] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 1582.634605][T14402] OCFS2: Returning error to the calling process. [ 1582.641195][T14402] (syz.4.14547,14402,1):ocfs2_search_chain:1785 ERROR: status = -5 [ 1582.652595][T14402] (syz.4.14547,14402,1):ocfs2_search_chain:1871 ERROR: status = -5 [ 1582.692571][T14441] delete_channel: no stack [ 1582.725370][T14402] (syz.4.14547,14402,1):ocfs2_claim_suballoc_bits:1950 ERROR: status = -5 [ 1582.733994][T14402] (syz.4.14547,14402,1):ocfs2_claim_suballoc_bits:1993 ERROR: status = -5 [ 1582.779808][T14402] (syz.4.14547,14402,1):ocfs2_claim_new_inode:2226 ERROR: status = -5 [ 1582.832589][T14402] (syz.4.14547,14402,1):ocfs2_claim_new_inode:2241 ERROR: status = -5 [ 1582.840837][T14402] (syz.4.14547,14402,1):ocfs2_mknod_locked:639 ERROR: status = -5 [ 1582.899144][T14402] (syz.4.14547,14402,1):ocfs2_mknod:385 ERROR: status = -5 [ 1582.906942][T14446] delete_channel: no stack [ 1582.920997][T14402] (syz.4.14547,14402,1):ocfs2_mknod:502 ERROR: status = -5 [ 1582.962414][T14402] (syz.4.14547,14402,1):ocfs2_create:676 ERROR: status = -5 [ 1583.101702][ T4279] ocfs2: Unmounting device (7,4) on (node local) [ 1583.628353][T14474] loop1: detected capacity change from 0 to 4096 [ 1583.677915][T14474] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 1583.773259][T14474] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1583.829740][T14474] ntfs3: loop1: ino=0, attr_set_size [ 1583.881273][T19774] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 1584.083795][T19774] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1584.091850][T14505] loop5: detected capacity change from 0 to 256 [ 1584.109335][T19774] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 200, setting to 64 [ 1584.144119][T19774] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 10 [ 1584.220833][T19774] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1584.266243][T19774] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1584.296778][T14517] loop4: detected capacity change from 0 to 256 [ 1584.319790][T19774] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1584.372816][T19774] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1584.428531][T14517] FAT-fs (loop4): Directory bread(block 64) failed [ 1584.436420][T19774] usb 3-1: config 0 descriptor?? [ 1584.442075][T14481] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1584.488196][T14517] FAT-fs (loop4): Directory bread(block 65) failed [ 1584.494897][T14517] FAT-fs (loop4): Directory bread(block 66) failed [ 1584.538966][T14517] FAT-fs (loop4): Directory bread(block 67) failed [ 1584.551717][T14517] FAT-fs (loop4): Directory bread(block 68) failed [ 1584.559355][T14517] FAT-fs (loop4): Directory bread(block 69) failed [ 1584.595126][T14517] FAT-fs (loop4): Directory bread(block 70) failed [ 1584.616391][T14517] FAT-fs (loop4): Directory bread(block 71) failed [ 1584.623171][T14517] FAT-fs (loop4): Directory bread(block 72) failed [ 1584.648463][T14517] FAT-fs (loop4): Directory bread(block 73) failed [ 1584.712073][T19774] usb 3-1: USB disconnect, device number 20 [ 1585.001627][T14557] loop3: detected capacity change from 0 to 256 [ 1585.049564][ T4408] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1585.357253][T14577] loop3: detected capacity change from 0 to 1024 [ 1585.676679][T14596] loop4: detected capacity change from 0 to 256 [ 1585.802306][T14604] netlink: 20 bytes leftover after parsing attributes in process `syz.3.14599'. [ 1586.141524][T14623] xt_cluster: node mask cannot exceed total number of nodes [ 1586.283429][T14631] loop1: detected capacity change from 0 to 64 [ 1586.314392][T14631] hfs: unable to locate alternate MDB [ 1586.333857][T14635] loop4: detected capacity change from 0 to 256 [ 1586.340647][T14631] hfs: continuing without an alternate MDB [ 1586.366951][T14635] exfat: Deprecated parameter 'namecase' [ 1586.437956][T14635] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 1586.586922][T14645] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1586.619034][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 1586.633584][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 1586.992693][T14669] netlink: 20 bytes leftover after parsing attributes in process `syz.1.14616'. [ 1587.065440][T14670] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1587.075361][T14670] ext4 filesystem being mounted at /2845/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1587.267116][T14670] EXT4-fs error (device loop4): ext4_validate_inode_bitmap:106: comm syz.4.14615: Corrupt inode bitmap - block_group = 0, inode_bitmap = 20 [ 1587.374728][T14670] EXT4-fs error (device loop4) in ext4_free_inode:362: Filesystem failed CRC [ 1587.580558][T14693] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1587.597737][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 1588.007710][T14715] set_capacity_and_notify: 2 callbacks suppressed [ 1588.007728][T14715] loop5: detected capacity change from 0 to 64 [ 1588.048047][T14715] hfs: unable to locate alternate MDB [ 1588.066859][T14715] hfs: continuing without an alternate MDB [ 1588.666567][T14758] loop5: detected capacity change from 0 to 512 [ 1588.734179][T14758] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 1588.759942][T14758] ext4 filesystem being mounted at /702/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1588.797031][T14768] loop3: detected capacity change from 0 to 256 [ 1588.879271][T14758] EXT4-fs error (device loop5): ext4_validate_inode_bitmap:106: comm syz.5.14644: Corrupt inode bitmap - block_group = 0, inode_bitmap = 20 [ 1588.940387][T14758] EXT4-fs error (device loop5) in ext4_free_inode:362: Filesystem failed CRC [ 1589.100653][T31961] EXT4-fs (loop5): unmounting filesystem. [ 1589.130400][T14780] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1589.364485][T14753] loop4: detected capacity change from 0 to 32768 [ 1589.387171][T14794] blktrace: Concurrent blktraces are not allowed on loop7 [ 1589.430918][T14753] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.14645 (14753) [ 1589.486823][T14753] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1589.506956][T14753] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 1589.543662][T14753] BTRFS info (device loop4): using free space tree [ 1589.773213][T14753] BTRFS info (device loop4): enabling ssd optimizations [ 1589.788834][T14832] loop1: detected capacity change from 0 to 512 [ 1589.898711][T14832] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1589.940544][T14832] ext4 filesystem being mounted at /2932/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1589.988113][T14832] EXT4-fs error (device loop1): ext4_validate_inode_bitmap:106: comm syz.1.14665: Corrupt inode bitmap - block_group = 0, inode_bitmap = 20 [ 1590.006946][T14832] EXT4-fs error (device loop1) in ext4_free_inode:362: Filesystem failed CRC [ 1590.069849][ T4279] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1590.136407][ T4268] EXT4-fs (loop1): unmounting filesystem. [ 1590.151829][T14838] loop3: detected capacity change from 0 to 4096 [ 1590.215180][T14838] /dev/loop3: Can't open blockdev [ 1590.649238][T14862] blktrace: Concurrent blktraces are not allowed on loop7 [ 1590.992274][T14885] loop4: detected capacity change from 0 to 64 [ 1591.029230][T14885] hfs: unable to locate alternate MDB [ 1591.050027][T14885] hfs: continuing without an alternate MDB [ 1591.180279][ T4408] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1591.316089][T14890] loop1: detected capacity change from 0 to 4096 [ 1591.961312][T14929] loop5: detected capacity change from 0 to 256 [ 1591.984239][T14929] exfat: Deprecated parameter 'namecase' [ 1592.033618][T14929] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 1592.366352][T14903] loop3: detected capacity change from 0 to 32768 [ 1592.708816][ T4408] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by udevd (4408) [ 1593.243869][ T6807] usb 4-1: new high-speed USB device number 124 using dummy_hcd [ 1593.393152][T14998] netlink: 8 bytes leftover after parsing attributes in process `syz.4.14711'. [ 1593.447099][ T6807] usb 4-1: Using ep0 maxpacket: 16 [ 1593.470365][ T6807] usb 4-1: config 254 has an invalid interface number: 235 but max is 0 [ 1593.524003][ T6807] usb 4-1: config 254 has no interface number 0 [ 1593.530378][ T6807] usb 4-1: config 254 interface 235 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 32 [ 1593.561551][ T6807] usb 4-1: config 254 interface 235 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1593.589355][ T6807] usb 4-1: config 254 interface 235 has no altsetting 0 [ 1593.624051][ T6807] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1 [ 1593.671402][ T6807] usb 4-1: New USB device strings: Mfr=1, Product=251, SerialNumber=3 [ 1593.681959][ T6807] usb 4-1: Product: syz [ 1593.686323][ T6807] usb 4-1: Manufacturer: syz [ 1593.690957][ T6807] usb 4-1: SerialNumber: syz [ 1593.725470][T14974] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1593.958499][T14974] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1593.972095][ T6807] usbtest 4-1:254.235: Linux gadget zero [ 1593.977850][ T6807] usbtest 4-1:254.235: high-speed {control in/out bulk-out int-in} tests (+alt) [ 1594.191507][ T6807] usb 4-1: USB disconnect, device number 124 [ 1594.230556][T15046] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14727'. [ 1594.531759][T15069] set_capacity_and_notify: 1 callbacks suppressed [ 1594.531777][T15069] loop4: detected capacity change from 0 to 64 [ 1594.813559][T15081] loop1: detected capacity change from 0 to 64 [ 1594.947333][T15094] loop5: detected capacity change from 0 to 512 [ 1595.127646][T15094] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 1595.146686][T15094] ext4 filesystem being mounted at /723/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 1595.195174][T15106] loop4: detected capacity change from 0 to 1024 [ 1595.268241][T15094] __quota_error: 12 callbacks suppressed [ 1595.268261][T15094] Quota error (device loop5): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 1595.366564][T15094] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 1595.409038][T15094] EXT4-fs error (device loop5): ext4_acquire_dquot:6841: comm syz.5.14739: Failed to acquire dquot type 0 [ 1595.640848][T31961] EXT4-fs (loop5): unmounting filesystem. [ 1595.691882][T15130] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1596.402311][T15163] netlink: 'syz.1.14761': attribute type 28 has an invalid length. [ 1596.716620][T15175] loop1: detected capacity change from 0 to 1024 [ 1596.788002][T15175] hfsplus: inconsistency in B*Tree (128,1,255,1,0) [ 1597.184530][T15203] netlink: 'syz.2.14774': attribute type 1 has an invalid length. [ 1597.193715][T15203] netlink: 12 bytes leftover after parsing attributes in process `syz.2.14774'. [ 1597.248686][T15204] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1597.392094][T15212] netlink: 'syz.5.14778': attribute type 28 has an invalid length. [ 1597.554715][T15221] ieee802154 phy0 wpan0: encryption failed: -22 [ 1597.776265][T15232] loop4: detected capacity change from 0 to 512 [ 1597.893462][T15232] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1597.932205][T15232] ext4 filesystem being mounted at /2874/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 1598.059221][T15232] Quota error (device loop4): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 1598.142233][T15232] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 1598.179518][T15232] EXT4-fs error (device loop4): ext4_acquire_dquot:6841: comm syz.4.14785: Failed to acquire dquot type 0 [ 1598.321333][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 1598.375130][T19778] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 1598.460898][T15257] netlink: 'syz.2.14794': attribute type 28 has an invalid length. [ 1598.619750][T19778] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1598.653346][T19778] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1598.687976][T19778] usb 2-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf [ 1598.708001][T19778] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1598.725071][T19778] usb 2-1: Product: syz [ 1598.729791][T19778] usb 2-1: Manufacturer: syz [ 1598.734437][T19778] usb 2-1: SerialNumber: syz [ 1598.765826][T19778] usb 2-1: config 0 descriptor?? [ 1598.780122][T19778] usb 2-1: Found UVC 0.00 device syz (18ec:3288) [ 1598.798026][T19778] usb 2-1: No valid video chain found. [ 1598.845836][ T4562] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 1598.972933][T15283] loop5: detected capacity change from 0 to 1024 [ 1599.001518][T19778] usb 2-1: USB disconnect, device number 29 [ 1599.051005][ T4562] usb 5-1: Using ep0 maxpacket: 16 [ 1599.078843][ T4562] usb 5-1: config 254 has an invalid interface number: 235 but max is 0 [ 1599.092272][ T4562] usb 5-1: config 254 has no interface number 0 [ 1599.101557][T15283] hfsplus: inconsistency in B*Tree (128,1,255,1,0) [ 1599.132603][ T4562] usb 5-1: config 254 interface 235 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 32 [ 1599.174260][ T4562] usb 5-1: config 254 interface 235 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1599.190192][ T4562] usb 5-1: config 254 interface 235 has no altsetting 0 [ 1599.210321][ T4562] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1 [ 1599.219454][ T4562] usb 5-1: New USB device strings: Mfr=1, Product=251, SerialNumber=3 [ 1599.232580][ T4562] usb 5-1: Product: syz [ 1599.236807][ T4562] usb 5-1: Manufacturer: syz [ 1599.241858][ T4562] usb 5-1: SerialNumber: syz [ 1599.261628][T15261] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1599.505507][T15261] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1599.514436][ T4562] usbtest 5-1:254.235: Linux gadget zero [ 1599.520184][ T4562] usbtest 5-1:254.235: high-speed {control in/out bulk-out int-in} tests (+alt) [ 1599.624814][T15300] netlink: 28 bytes leftover after parsing attributes in process `syz.3.14802'. [ 1599.634381][T15300] netlink: 28 bytes leftover after parsing attributes in process `syz.3.14802'. [ 1599.668027][T15304] netlink: 'syz.5.14812': attribute type 3 has an invalid length. [ 1599.687114][T15304] netlink: 232 bytes leftover after parsing attributes in process `syz.5.14812'. [ 1599.800343][ T4562] usb 5-1: USB disconnect, device number 18 [ 1599.904733][T15318] loop3: detected capacity change from 0 to 1024 [ 1599.912192][T15323] loop5: detected capacity change from 0 to 256 [ 1600.003504][T15323] FAT-fs (loop5): Directory bread(block 64) failed [ 1600.053900][T15323] FAT-fs (loop5): Directory bread(block 65) failed [ 1600.072026][T15323] FAT-fs (loop5): Directory bread(block 66) failed [ 1600.107166][T15323] FAT-fs (loop5): Directory bread(block 67) failed [ 1600.136494][T15323] FAT-fs (loop5): Directory bread(block 68) failed [ 1600.157009][T15323] FAT-fs (loop5): Directory bread(block 69) failed [ 1600.175193][T15323] FAT-fs (loop5): Directory bread(block 70) failed [ 1600.188308][T15323] FAT-fs (loop5): Directory bread(block 71) failed [ 1600.203325][T15323] FAT-fs (loop5): Directory bread(block 72) failed [ 1600.224665][T15323] FAT-fs (loop5): Directory bread(block 73) failed [ 1600.404869][ T27] audit: type=1800 audit(1777444026.777:448): pid=15323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.14805" name="file1" dev="loop5" ino=1048675 res=0 errno=0 [ 1600.621765][T15352] netlink: 12 bytes leftover after parsing attributes in process `syz.4.14816'. [ 1600.639308][T15357] loop3: detected capacity change from 0 to 1024 [ 1600.727473][ T4408] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1601.157018][T15390] delete_channel: no stack [ 1601.169372][T15392] loop3: detected capacity change from 0 to 256 [ 1601.297772][T15396] netlink: 28 bytes leftover after parsing attributes in process `syz.1.14833'. [ 1601.324897][T15396] netlink: 28 bytes leftover after parsing attributes in process `syz.1.14833'. [ 1601.521272][T15408] netlink: 12 bytes leftover after parsing attributes in process `syz.3.14835'. [ 1601.611279][T15418] netlink: 2072 bytes leftover after parsing attributes in process `syz.5.14838'. [ 1601.651938][T15415] loop1: detected capacity change from 0 to 1764 [ 1601.658235][T15418] netlink: 108 bytes leftover after parsing attributes in process `syz.5.14838'. [ 1601.702452][T15415] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 1601.714967][T15418] netlink: 108 bytes leftover after parsing attributes in process `syz.5.14838'. [ 1601.839091][T15428] delete_channel: no stack [ 1602.106154][T15445] comedi comedi3: comedi_config --init_data is deprecated [ 1602.517779][T15474] delete_channel: no stack [ 1602.779850][ T4562] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 1602.867425][T15494] comedi comedi3: comedi_config --init_data is deprecated [ 1603.004490][T15502] device netdevsim0 left promiscuous mode [ 1603.010537][T15502] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1603.020390][ T4562] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1603.057066][ T4562] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1603.132026][ T4562] usb 6-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf [ 1603.148830][ T4562] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1603.154826][T15506] netlink: 'syz.2.14868': attribute type 1 has an invalid length. [ 1603.197269][ T4562] usb 6-1: Product: syz [ 1603.201559][ T4562] usb 6-1: Manufacturer: syz [ 1603.206192][ T4562] usb 6-1: SerialNumber: syz [ 1603.248898][ T4562] usb 6-1: config 0 descriptor?? [ 1603.284380][ T4562] usb 6-1: Found UVC 0.00 device syz (18ec:3288) [ 1603.301767][ T4562] usb 6-1: No valid video chain found. [ 1603.501512][T20908] usb 6-1: USB disconnect, device number 21 [ 1603.722460][T15544] comedi comedi3: comedi_config --init_data is deprecated [ 1603.851615][T15549] loop3: detected capacity change from 0 to 16 [ 1603.858788][T15549] /dev/loop3: Can't open blockdev [ 1604.081776][T15561] loop4: detected capacity change from 0 to 1764 [ 1604.202200][T15561] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 1604.577186][T15591] CIFS mount error: No usable UNC path provided in device string! [ 1604.577186][T15591] [ 1604.650752][T15591] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1605.002720][T15616] __nla_validate_parse: 1 callbacks suppressed [ 1605.002739][T15616] netlink: 2072 bytes leftover after parsing attributes in process `syz.4.14900'. [ 1605.047993][T15616] netlink: 108 bytes leftover after parsing attributes in process `syz.4.14900'. [ 1605.080612][T15616] netlink: 108 bytes leftover after parsing attributes in process `syz.4.14900'. [ 1605.139265][T15616] netlink: 24 bytes leftover after parsing attributes in process `syz.4.14900'. [ 1605.722526][T15646] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1605.787016][T15608] loop1: detected capacity change from 0 to 32768 [ 1605.799663][T15649] loop4: detected capacity change from 0 to 2048 [ 1605.883855][T15608] JBD2: Ignoring recovery information on journal [ 1605.925091][T15649] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1605.981254][T15608] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1606.101272][ T27] audit: type=1800 audit(1777444032.100:449): pid=15608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.14897" name="file1" dev="loop1" ino=17058 res=0 errno=0 [ 1606.226634][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 1606.342424][T15680] overlayfs: conflicting options: nfs_export=on,index=off [ 1606.351221][ T4268] ocfs2: Unmounting device (7,1) on (node local) [ 1606.738953][T15703] xt_bpf: check failed: parse error [ 1606.938621][T15717] netlink: 'syz.5.14932': attribute type 2 has an invalid length. [ 1606.989896][T15717] netlink: 10 bytes leftover after parsing attributes in process `syz.5.14932'. [ 1607.025283][T15720] netlink: 'syz.1.14933': attribute type 1 has an invalid length. [ 1607.033183][T15720] netlink: 192 bytes leftover after parsing attributes in process `syz.1.14933'. [ 1607.074319][T15723] loop3: detected capacity change from 0 to 1024 [ 1607.109937][T15726] loop4: detected capacity change from 0 to 128 [ 1607.144131][T15723] /dev/loop3: Can't open blockdev [ 1607.164752][T15726] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 1607.267719][T15726] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1607.654935][T19778] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 1607.809885][T15766] loop5: detected capacity change from 0 to 1024 [ 1607.882761][T19778] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00 [ 1607.903100][T19778] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 1607.935523][T19778] usb 3-1: Product: syz [ 1607.953871][T19778] usb 3-1: SerialNumber: syz [ 1607.960784][ T46] hfsplus: b-tree write err: -5, ino 25 [ 1607.967353][ T46] hfsplus: b-tree write err: -5, ino 4 [ 1607.972946][ T46] hfsplus: b-tree write err: -5, ino 2 [ 1607.981018][T19778] usb 3-1: config 0 descriptor?? [ 1608.222391][T19778] hso 3-1:0.0: Can't find BULK IN endpoint [ 1608.464791][T19778] usb 3-1: USB disconnect, device number 21 [ 1610.177747][ T6807] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 1610.383031][ T6807] usb 5-1: config 0 has an invalid interface number: 214 but max is 0 [ 1610.403665][ T6807] usb 5-1: config 0 has no interface number 0 [ 1610.409846][ T6807] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1610.479990][ T6807] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 1610.498667][ T6807] usb 5-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 1610.529142][ T6807] usb 5-1: Manufacturer: syz [ 1610.539234][ T6807] usb 5-1: SerialNumber: syz [ 1610.574109][ T6807] usb 5-1: config 0 descriptor?? [ 1610.967229][T15933] netlink: 'syz.3.14994': attribute type 4 has an invalid length. [ 1611.028045][ T6807] usbtouchscreen: probe of 5-1:0.214 failed with error -71 [ 1611.075334][ T6807] usb 5-1: USB disconnect, device number 19 [ 1611.634136][T15978] netlink: 148 bytes leftover after parsing attributes in process `syz.2.15008'. [ 1612.003410][T15978] netlink: 148 bytes leftover after parsing attributes in process `syz.2.15008'. [ 1612.092958][T16023] __vm_enough_memory: pid: 16023, comm: syz.1.15017, no enough memory for the allocation [ 1612.522566][ T6807] kernel write not supported for file /input/mice (pid: 6807 comm: kworker/1:1) [ 1612.555637][T16045] netlink: 'syz.3.15024': attribute type 1 has an invalid length. [ 1613.195034][T16088] ubi0: attaching mtd0 [ 1613.199202][T16088] ubi0 error: ubi_attach_mtd_dev: bad VID header (2097410) or data offsets (2097474) [ 1614.046323][T16139] nftables ruleset with unbound chain [ 1614.061668][T16142] overlayfs: failed to resolve './file0': -2 [ 1614.541089][T16164] ptrace attach of "./syz-executor exec"[4267] was attempted by "./syz-executor exec"[16164] [ 1615.011372][T16132] loop3: detected capacity change from 0 to 32768 [ 1615.119348][T16132] XFS (loop3): Mounting V5 Filesystem [ 1615.270638][T16211] usb usb8: usbfs: process 16211 (syz.5.15079) did not claim interface 0 before use [ 1615.294337][T16132] XFS (loop3): Ending clean mount [ 1615.369490][T16214] netlink: 'syz.1.15081': attribute type 1 has an invalid length. [ 1615.405678][T16214] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1615.467590][ T4274] XFS (loop3): Unmounting Filesystem [ 1616.412897][T16262] loop1: detected capacity change from 0 to 1764 [ 1616.488795][T16268] overlayfs: failed to resolve './file0': -2 [ 1616.557890][T16262] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 1616.727123][T16282] loop4: detected capacity change from 0 to 512 [ 1616.839003][T16282] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802c018, mo2=0002] [ 1616.847071][T16282] System zones: 1-20 [ 1616.877129][T16282] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1616.980456][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 1617.225552][T16315] netlink: 32 bytes leftover after parsing attributes in process `syz.5.15114'. [ 1617.297995][T16315] netlink: 32 bytes leftover after parsing attributes in process `syz.5.15114'. [ 1617.343725][T16322] overlayfs: failed to resolve './file0': -2 [ 1617.775741][T16349] usb usb8: usbfs: process 16349 (syz.1.15125) did not claim interface 0 before use [ 1618.101631][T16372] loop4: detected capacity change from 0 to 512 [ 1618.142259][ T6807] usb 6-1: new full-speed USB device number 22 using dummy_hcd [ 1618.273220][T16372] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1618.282999][T16372] ext4 filesystem being mounted at /2938/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1618.359988][ T6807] usb 6-1: config 0 has an invalid interface number: 214 but max is 0 [ 1618.370048][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 1618.399627][ T6807] usb 6-1: config 0 has no interface number 0 [ 1618.405827][ T6807] usb 6-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1618.435299][ T6807] usb 6-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 1618.476941][ T6807] usb 6-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 1618.485312][ T6807] usb 6-1: Manufacturer: syz [ 1618.490055][ T6807] usb 6-1: SerialNumber: syz [ 1618.517073][ T6807] usb 6-1: config 0 descriptor?? [ 1618.591365][ T5040] usb 4-1: new high-speed USB device number 125 using dummy_hcd [ 1618.826389][ T5040] usb 4-1: Using ep0 maxpacket: 32 [ 1618.841024][ T5040] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe [ 1618.880193][ T5040] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1618.888297][ T5040] usb 4-1: Product: syz [ 1618.911795][ T5040] usb 4-1: Manufacturer: syz [ 1618.916514][ T5040] usb 4-1: SerialNumber: syz [ 1618.945962][ T5040] usb 4-1: config 0 descriptor?? [ 1618.960211][ T6807] usbtouchscreen: probe of 6-1:0.214 failed with error -71 [ 1618.966572][T19774] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 1618.997588][ T6807] usb 6-1: USB disconnect, device number 22 [ 1619.172212][ T5040] snd-usb-6fire 4-1:0.0: unknown device firmware state received from device: [ 1619.189712][ T5040] 00 00 00 00 00 00 00 00 [ 1619.194299][ T5040] snd-usb-6fire: probe of 4-1:0.0 failed with error -5 [ 1619.214014][T19774] usb 3-1: config 0 has an invalid interface number: 0 but max is -1 [ 1619.243889][T19774] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 1619.276565][T19774] usb 3-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice=f5.01 [ 1619.289495][T19774] usb 3-1: New USB device strings: Mfr=192, Product=0, SerialNumber=0 [ 1619.298415][T19774] usb 3-1: Manufacturer: syz [ 1619.305778][T19774] usb 3-1: config 0 descriptor?? [ 1619.317132][T19774] usb-storage 3-1:0.0: USB Mass Storage device detected [ 1619.403070][ T6807] usb 4-1: USB disconnect, device number 125 [ 1619.548250][T19778] usb 3-1: USB disconnect, device number 22 [ 1619.590277][T16416] loop4: detected capacity change from 0 to 32768 [ 1619.710944][T16416] XFS (loop4): Mounting V5 Filesystem [ 1619.875977][T16416] XFS (loop4): Ending clean mount [ 1619.964207][ T4279] XFS (loop4): Unmounting Filesystem [ 1620.111215][T16495] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15158'. [ 1620.186944][T16495] netlink: zone id is out of range [ 1620.207357][T16495] netlink: zone id is out of range [ 1620.212647][T16495] netlink: zone id is out of range [ 1620.221298][T16495] netlink: zone id is out of range [ 1620.259693][T16495] netlink: zone id is out of range [ 1620.264981][T16495] netlink: zone id is out of range [ 1620.313013][T16495] netlink: zone id is out of range [ 1620.323806][T16495] netlink: zone id is out of range [ 1620.328983][T16495] netlink: zone id is out of range [ 1620.365687][T16495] netlink: zone id is out of range [ 1620.440731][ T6807] usb 4-1: new high-speed USB device number 126 using dummy_hcd [ 1620.654634][ T6807] usb 4-1: Using ep0 maxpacket: 8 [ 1620.661599][ T6807] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1620.703141][ T6807] usb 4-1: New USB device found, idVendor=2801, idProduct=0201, bcdDevice=2a.d5 [ 1620.734057][ T6807] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1620.766325][ T6807] usb 4-1: config 0 descriptor?? [ 1620.787090][ T6807] usb 4-1: Found UVC 0.00 device (2801:0201) [ 1620.818065][ T6807] usb 4-1: No valid video chain found. [ 1620.947696][T20908] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 1621.005181][T16539] netlink: 68 bytes leftover after parsing attributes in process `syz.5.15170'. [ 1621.015361][ T6807] usb 4-1: USB disconnect, device number 126 [ 1621.170312][T20908] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1621.198563][T20908] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1621.220377][T20908] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1621.240705][T20908] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1621.251529][T20908] usb 5-1: SerialNumber: syz [ 1621.287396][T20908] usb 5-1: 0:2 : does not exist [ 1621.452041][T16533] loop1: detected capacity change from 0 to 32768 [ 1621.590322][T16533] XFS (loop1): Mounting V5 Filesystem [ 1621.728948][T19778] usb 5-1: USB disconnect, device number 20 [ 1621.739780][T16583] __vm_enough_memory: pid: 16583, comm: syz.5.15178, no enough memory for the allocation [ 1621.752637][T16533] XFS (loop1): Ending clean mount [ 1621.980806][ T4268] XFS (loop1): Unmounting Filesystem [ 1622.247370][T20908] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 1622.482460][T20908] usb 6-1: Using ep0 maxpacket: 8 [ 1622.489571][T20908] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1622.552780][T20908] usb 6-1: New USB device found, idVendor=2801, idProduct=0201, bcdDevice=2a.d5 [ 1622.584948][T20908] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1622.608943][T20908] usb 6-1: config 0 descriptor?? [ 1622.631889][T20908] usb 6-1: Found UVC 0.00 device (2801:0201) [ 1622.655142][T20908] usb 6-1: No valid video chain found. [ 1622.819795][T16651] netlink: 148 bytes leftover after parsing attributes in process `syz.4.15195'. [ 1622.853875][T19778] usb 6-1: USB disconnect, device number 23 [ 1623.003891][T16651] netlink: 148 bytes leftover after parsing attributes in process `syz.4.15195'. [ 1623.755996][T19778] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 1623.903842][T16722] netlink: 68 bytes leftover after parsing attributes in process `syz.2.15219'. [ 1624.001204][T19778] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 1624.018839][T19778] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 1624.068528][T19778] usb 2-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice=f5.01 [ 1624.095024][T19778] usb 2-1: New USB device strings: Mfr=192, Product=0, SerialNumber=0 [ 1624.114486][T19778] usb 2-1: Manufacturer: syz [ 1624.137064][T19778] usb 2-1: config 0 descriptor?? [ 1624.154328][T19778] usb-storage 2-1:0.0: USB Mass Storage device detected [ 1624.370527][ T4562] usb 2-1: USB disconnect, device number 30 [ 1625.181752][T16753] loop5: detected capacity change from 0 to 32768 [ 1625.307133][T16804] netlink: 'syz.1.15250': attribute type 5 has an invalid length. [ 1625.316522][T16767] loop3: detected capacity change from 0 to 32768 [ 1625.335954][T19778] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 1625.378975][T16753] XFS (loop5): Mounting V5 Filesystem [ 1625.502503][T16753] XFS (loop5): Ending clean mount [ 1625.584382][T19778] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00 [ 1625.615624][T19778] usb 5-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 1625.623852][T19778] usb 5-1: Product: syz [ 1625.660631][T19778] usb 5-1: SerialNumber: syz [ 1625.683127][T19778] usb 5-1: config 0 descriptor?? [ 1625.764638][T31961] XFS (loop5): Unmounting Filesystem [ 1625.908772][T19778] hso 5-1:0.0: Can't find BULK IN endpoint [ 1626.136562][T19778] usb 5-1: USB disconnect, device number 21 [ 1627.167564][T16859] loop1: detected capacity change from 0 to 32768 [ 1627.271281][T16859] JBD2: Ignoring recovery information on journal [ 1627.297066][T16859] jbd2_journal_bmap: journal block not found at offset 32 on loop1-75 [ 1627.327006][T16859] JBD2: bad block at offset 32 [ 1627.351148][T16859] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1627.440275][T16859] ocfs2: Unmounting device (7,1) on (node local) [ 1627.649870][T16912] netlink: 'syz.4.15271': attribute type 5 has an invalid length. [ 1627.971544][T16933] UBIFS error (pid: 16933): cannot open "(null)", error -22 [ 1628.001125][T16938] device gre0 left promiscuous mode [ 1628.111808][T16938] netlink: 148 bytes leftover after parsing attributes in process `syz.3.15277'. [ 1628.219365][T16944] loop1: detected capacity change from 0 to 128 [ 1628.245902][T16944] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 1628.268133][T16951] CIFS mount error: No usable UNC path provided in device string! [ 1628.268133][T16951] [ 1628.282943][T16944] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1628.298617][T16951] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1628.533596][T16961] netlink: 'syz.5.15288': attribute type 1 has an invalid length. [ 1629.538594][T17016] netlink: 'syz.3.15315': attribute type 2 has an invalid length. [ 1629.546497][T17016] netlink: 10 bytes leftover after parsing attributes in process `syz.3.15315'. [ 1629.562613][T17020] netlink: 'syz.5.15305': attribute type 1 has an invalid length. [ 1629.589244][T17020] netlink: 192 bytes leftover after parsing attributes in process `syz.5.15305'. [ 1629.648232][T17023] net_ratelimit: 42 callbacks suppressed [ 1629.648252][T17023] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1629.773683][T17029] xt_bpf: check failed: parse error [ 1630.242923][T17062] CIFS mount error: No usable UNC path provided in device string! [ 1630.242923][T17062] [ 1630.275031][T17062] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1630.504579][T17076] netlink: 'syz.4.15323': attribute type 6 has an invalid length. [ 1630.551277][T17076] netlink: 168 bytes leftover after parsing attributes in process `syz.4.15323'. [ 1631.102504][T17114] loop5: detected capacity change from 0 to 512 [ 1631.120939][T17114] EXT4-fs: Ignoring removed nobh option [ 1631.215387][T17114] EXT4-fs error (device loop5): ext4_do_update_inode:5279: inode #3: comm syz.5.15338: corrupted inode contents [ 1631.238279][T17114] EXT4-fs error (device loop5): ext4_dirty_inode:6156: inode #3: comm syz.5.15338: mark_inode_dirty error [ 1631.277548][T17114] EXT4-fs error (device loop5): ext4_do_update_inode:5279: inode #3: comm syz.5.15338: corrupted inode contents [ 1631.310097][T17114] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #3: comm syz.5.15338: mark_inode_dirty error [ 1631.390637][T17114] Quota error (device loop5): write_blk: dquota write failed [ 1631.406418][T17114] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 1631.434301][T17114] EXT4-fs error (device loop5): ext4_acquire_dquot:6841: comm syz.5.15338: Failed to acquire dquot type 0 [ 1631.474110][T17114] EXT4-fs error (device loop5): ext4_do_update_inode:5279: inode #16: comm syz.5.15338: corrupted inode contents [ 1631.501427][T17114] EXT4-fs error (device loop5): ext4_dirty_inode:6156: inode #16: comm syz.5.15338: mark_inode_dirty error [ 1631.557762][T17114] EXT4-fs error (device loop5): ext4_do_update_inode:5279: inode #16: comm syz.5.15338: corrupted inode contents [ 1631.598633][T17143] netlink: 24 bytes leftover after parsing attributes in process `syz.3.15357'. [ 1631.608254][T17143] netlink: 24 bytes leftover after parsing attributes in process `syz.3.15357'. [ 1631.618189][T17143] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15357'. [ 1631.634116][T17114] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #16: comm syz.5.15338: mark_inode_dirty error [ 1631.659161][T17145] netlink: 148 bytes leftover after parsing attributes in process `syz.4.15347'. [ 1631.685704][T17114] EXT4-fs error (device loop5): ext4_do_update_inode:5279: inode #16: comm syz.5.15338: corrupted inode contents [ 1631.699248][T17114] EXT4-fs error (device loop5) in ext4_orphan_del:303: Corrupt filesystem [ 1631.708212][T17114] EXT4-fs error (device loop5): ext4_do_update_inode:5279: inode #16: comm syz.5.15338: corrupted inode contents [ 1631.716931][T20908] usb 2-1: new full-speed USB device number 31 using dummy_hcd [ 1631.745181][T17114] EXT4-fs error (device loop5): ext4_truncate:4325: inode #16: comm syz.5.15338: mark_inode_dirty error [ 1631.792644][T17114] EXT4-fs error (device loop5) in ext4_process_orphan:345: Corrupt filesystem [ 1631.816777][T17114] EXT4-fs (loop5): 1 truncate cleaned up [ 1631.822527][T17114] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 1631.839089][T17114] ext4 filesystem being mounted at /834/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1631.924023][T31961] EXT4-fs (loop5): unmounting filesystem. [ 1631.933890][T27771] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1631.956370][T20908] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1631.965226][T27771] EXT4-fs error (device loop5): ext4_release_dquot:6877: comm kworker/u4:2: Failed to release dquot type 1 [ 1631.979473][T17157] loop3: detected capacity change from 0 to 764 [ 1631.997181][T20908] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1632.051753][T20908] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1632.060973][T20908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1632.088419][T17157] rock: directory entry would overflow storage [ 1632.091327][T20908] usb 2-1: SerialNumber: syz [ 1632.114755][T17157] rock: sig=0x4654, size=5, remaining=4 [ 1632.143524][T20908] usb 2-1: 0:2 : does not exist [ 1632.250273][T17169] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1632.593561][T20908] usb 2-1: USB disconnect, device number 31 [ 1632.653794][T17206] ieee802154 phy0 wpan0: encryption failed: -22 [ 1632.764777][T17213] SET target dimension over the limit! [ 1633.080521][ T27] audit: type=1326 audit(1777444057.346:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17230 comm="syz.5.15372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2234b9cdd9 code=0x7ffc0000 [ 1633.150680][ T27] audit: type=1326 audit(1777444057.346:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17230 comm="syz.5.15372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2234b9cdd9 code=0x7ffc0000 [ 1633.233009][ T27] audit: type=1326 audit(1777444057.393:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17230 comm="syz.5.15372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7f2234b9cdd9 code=0x7ffc0000 [ 1633.305893][ T27] audit: type=1326 audit(1777444057.393:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17230 comm="syz.5.15372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2234b9cdd9 code=0x7ffc0000 [ 1633.363770][ T27] audit: type=1326 audit(1777444057.393:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17230 comm="syz.5.15372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2234b9cdd9 code=0x7ffc0000 [ 1633.828894][T17270] xt_policy: output policy not valid in PREROUTING and INPUT [ 1633.863379][T17274] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1634.532664][T17299] loop1: detected capacity change from 0 to 4096 [ 1634.939985][T17326] netlink: 766 bytes leftover after parsing attributes in process `syz.1.15402'. [ 1635.304931][ T27] audit: type=1326 audit(1777444059.423:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17350 comm="syz.4.15410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb8299cdd9 code=0x7ffc0000 [ 1635.414497][ T27] audit: type=1326 audit(1777444059.442:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17350 comm="syz.4.15410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7feb8299cdd9 code=0x7ffc0000 [ 1635.450294][T19778] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 1635.693632][T19778] usb 6-1: Using ep0 maxpacket: 32 [ 1635.700988][T19778] usb 6-1: too many configurations: 17, using maximum allowed: 8 [ 1635.720614][T19778] usb 6-1: config 0 has an invalid interface number: 2 but max is 0 [ 1635.741589][T19778] usb 6-1: config 0 has no interface number 0 [ 1635.758174][T17375] xt_policy: output policy not valid in PREROUTING and INPUT [ 1635.784911][T19778] usb 6-1: config 0 has an invalid interface number: 2 but max is 0 [ 1635.808882][T19778] usb 6-1: config 0 has no interface number 0 [ 1635.868081][T19778] usb 6-1: config 0 has an invalid interface number: 2 but max is 0 [ 1635.876179][T19778] usb 6-1: config 0 has no interface number 0 [ 1635.935181][T19778] usb 6-1: config 0 has an invalid interface number: 2 but max is 0 [ 1635.953079][T19778] usb 6-1: config 0 has no interface number 0 [ 1635.960707][T19778] usb 6-1: config 0 has an invalid interface number: 2 but max is 0 [ 1635.975006][T19778] usb 6-1: config 0 has no interface number 0 [ 1635.992976][T19778] usb 6-1: config 0 has an invalid interface number: 2 but max is 0 [ 1636.024264][T19778] usb 6-1: config 0 has no interface number 0 [ 1636.046170][T19778] usb 6-1: config 0 has an invalid interface number: 2 but max is 0 [ 1636.081160][T19778] usb 6-1: config 0 has no interface number 0 [ 1636.107426][T19778] usb 6-1: config 0 has an invalid interface number: 2 but max is 0 [ 1636.155296][T19778] usb 6-1: config 0 has no interface number 0 [ 1636.222706][T19778] usb 6-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 1636.252107][T19778] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1636.262670][T19778] usb 6-1: Product: syz [ 1636.266934][T19778] usb 6-1: Manufacturer: syz [ 1636.284304][T19778] usb 6-1: SerialNumber: syz [ 1636.345334][T17403] i2c i2c-0: Invalid block read size 255 [ 1636.356545][T19778] usb 6-1: config 0 descriptor?? [ 1636.364440][T19778] etas_es58x 6-1:0.2: Starting syz syz (Serial Number syz) [ 1636.603891][T19778] etas_es58x 6-1:0.2: Product info:  [ 1636.853368][T20908] usb 6-1: USB disconnect, device number 24 [ 1636.860199][T20908] etas_es58x 6-1:0.2: Disconnecting syz syz [ 1637.080815][T17437] loop1: detected capacity change from 0 to 4096 [ 1637.117905][T17437] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 1637.255971][T17437] ntfs3: loop1: ino=0, attr_set_size [ 1637.289731][T17437] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1637.637275][T17468] netlink: 'syz.4.15436': attribute type 6 has an invalid length. [ 1637.857016][T17441] loop3: detected capacity change from 0 to 32768 [ 1637.944477][ T4408] I/O error, dev loop3, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1638.147820][T17491] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1638.211626][T17494] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15444'. [ 1638.717498][T17471] loop5: detected capacity change from 0 to 32768 [ 1638.790274][T17471] [ 1638.790274][T17471] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1638.790274][T17471] [ 1638.854756][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 1638.854773][ T27] audit: type=1326 audit(1777444062.743:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17520 comm="syz.3.15450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f8799cdd9 code=0x7ffc0000 [ 1638.913998][T17521] netlink: 766 bytes leftover after parsing attributes in process `syz.2.15449'. [ 1638.994314][ T27] audit: type=1326 audit(1777444062.743:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17520 comm="syz.3.15450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f8799cdd9 code=0x7ffc0000 [ 1639.083805][T31961] [ 1639.083805][T31961] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1639.083805][T31961] [ 1639.126142][ T27] audit: type=1326 audit(1777444062.772:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17520 comm="syz.3.15450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=445 compat=0 ip=0x7f1f8799cdd9 code=0x7ffc0000 [ 1639.160871][T31961] [ 1639.160871][T31961] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1639.160871][T31961] [ 1639.210823][ T27] audit: type=1326 audit(1777444062.772:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17520 comm="syz.3.15450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f8799cdd9 code=0x7ffc0000 [ 1639.328793][ T27] audit: type=1326 audit(1777444062.772:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17520 comm="syz.3.15450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f8799cdd9 code=0x7ffc0000 [ 1639.580342][T17555] i2c i2c-0: Invalid block read size 255 [ 1639.725815][T17550] loop3: detected capacity change from 0 to 4096 [ 1639.802244][T17550] /dev/loop3: Can't open blockdev [ 1639.874070][ T5396] I/O error, dev loop3, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1640.760356][T17609] loop3: detected capacity change from 0 to 128 [ 1640.833586][T17609] fuse: Bad value for 'fd' [ 1641.112771][T17627] loop5: detected capacity change from 0 to 1024 [ 1641.152733][T17627] EXT4-fs: Ignoring removed orlov option [ 1641.257979][T17627] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 1641.296023][T17627] ext4 filesystem being mounted at /854/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1641.410609][T17582] loop1: detected capacity change from 0 to 32768 [ 1641.488669][T17582] [ 1641.488669][T17582] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1641.488669][T17582] [ 1641.523468][T31961] EXT4-fs (loop5): unmounting filesystem. [ 1641.559431][T17642] loop3: detected capacity change from 0 to 4096 [ 1641.600634][T17642] EXT4-fs: Ignoring removed mblk_io_submit option [ 1641.607232][T17642] /dev/loop3: Can't open blockdev [ 1641.721241][ T4268] [ 1641.721241][ T4268] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1641.721241][ T4268] [ 1641.764910][ T4268] [ 1641.764910][ T4268] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1641.764910][ T4268] [ 1641.857409][T17659] loop4: detected capacity change from 0 to 128 [ 1642.013657][T17666] loop1: detected capacity change from 0 to 256 [ 1642.077836][T17666] exfat: Deprecated parameter 'utf8' [ 1642.099767][T17666] exfat: Deprecated parameter 'utf8' [ 1642.105434][T17666] exfat: Deprecated parameter 'namecase' [ 1642.186595][T17666] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 1642.549286][ T4909] usb 4-1: new high-speed USB device number 127 using dummy_hcd [ 1642.695015][T17702] loop4: detected capacity change from 0 to 4096 [ 1642.731283][T17702] EXT4-fs: Ignoring removed mblk_io_submit option [ 1642.751954][ T4909] usb 4-1: Using ep0 maxpacket: 8 [ 1642.759016][ T4909] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xEE, skipping [ 1642.807269][T17702] EXT4-fs (loop4): Test dummy encryption mode enabled [ 1642.814413][ T4909] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1642.838439][ T4909] usb 4-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad [ 1642.850780][T17702] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1642.859013][ T4909] usb 4-1: New USB device strings: Mfr=55, Product=237, SerialNumber=3 [ 1642.868004][ T4909] usb 4-1: Product: syz [ 1642.880173][ T4909] usb 4-1: Manufacturer: syz [ 1642.885007][ T4909] usb 4-1: SerialNumber: syz [ 1642.904851][ T4909] usb 4-1: config 0 descriptor?? [ 1642.916211][ T4909] smsusb:smsusb_probe: board id=2, interface number 0 [ 1642.924723][ T4909] smsusb:smsusb_probe: Device initialized with return code -19 [ 1642.947261][T17714] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15502'. [ 1642.986897][T17711] loop5: detected capacity change from 0 to 4096 [ 1643.079875][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 1643.093965][T17711] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512) [ 1643.257831][ T4909] usb 4-1: USB disconnect, device number 127 [ 1643.354215][T17711] ntfs3: loop5: ino=0, attr_set_size [ 1643.359675][T17711] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 1643.704412][T17736] loop4: detected capacity change from 0 to 512 [ 1643.762300][T17736] EXT4-fs: Ignoring removed nobh option [ 1643.857444][T17736] EXT4-fs error (device loop4): ext4_do_update_inode:5279: inode #3: comm syz.4.15508: corrupted inode contents [ 1643.882522][T17736] EXT4-fs error (device loop4): ext4_dirty_inode:6156: inode #3: comm syz.4.15508: mark_inode_dirty error [ 1643.975133][T17736] EXT4-fs error (device loop4): ext4_do_update_inode:5279: inode #3: comm syz.4.15508: corrupted inode contents [ 1644.065977][T17736] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #3: comm syz.4.15508: mark_inode_dirty error [ 1644.103470][T17736] Quota error (device loop4): write_blk: dquota write failed [ 1644.103582][T17736] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 1644.103623][T17736] EXT4-fs error (device loop4): ext4_acquire_dquot:6841: comm syz.4.15508: Failed to acquire dquot type 0 [ 1644.105592][T17736] EXT4-fs error (device loop4): ext4_do_update_inode:5279: inode #16: comm syz.4.15508: corrupted inode contents [ 1644.105974][T17736] EXT4-fs error (device loop4): ext4_dirty_inode:6156: inode #16: comm syz.4.15508: mark_inode_dirty error [ 1644.106410][T17736] EXT4-fs error (device loop4): ext4_do_update_inode:5279: inode #16: comm syz.4.15508: corrupted inode contents [ 1644.106728][T17736] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #16: comm syz.4.15508: mark_inode_dirty error [ 1644.107055][T17736] EXT4-fs error (device loop4): ext4_do_update_inode:5279: inode #16: comm syz.4.15508: corrupted inode contents [ 1644.107503][T17736] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 1644.107834][T17736] EXT4-fs error (device loop4): ext4_do_update_inode:5279: inode #16: comm syz.4.15508: corrupted inode contents [ 1644.108162][T17736] EXT4-fs error (device loop4): ext4_truncate:4325: inode #16: comm syz.4.15508: mark_inode_dirty error [ 1644.108475][T17736] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 1644.109559][T17736] EXT4-fs (loop4): 1 truncate cleaned up [ 1644.109592][T17736] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1644.109694][T17736] ext4 filesystem being mounted at /3024/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1644.350739][T17770] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15517'. [ 1644.360490][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 1644.360918][T27771] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1644.360984][T27771] EXT4-fs error (device loop4): ext4_release_dquot:6877: comm kworker/u4:2: Failed to release dquot type 1 [ 1644.680585][T17784] loop1: detected capacity change from 0 to 512 [ 1644.716819][T17784] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1645.017321][T17784] EXT4-fs error (device loop1): ext4_orphan_get:1405: inode #15: comm syz.1.15521: iget: bad i_size value: 38620345925642 [ 1645.180775][T17784] EXT4-fs error (device loop1): ext4_orphan_get:1410: comm syz.1.15521: couldn't read orphan inode 15 (err -117) [ 1645.210368][T17784] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1645.242715][T17735] syz.2.15507 (17735): drop_caches: 3 [ 1645.416445][ T4268] EXT4-fs (loop1): unmounting filesystem. [ 1645.608231][T17826] ipt_CLUSTERIP: Please specify an interface name [ 1645.809562][ T6807] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 1646.025458][ T6807] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 128, changing to 4 [ 1646.050777][ T6807] usb 4-1: New USB device found, idVendor=1235, idProduct=8014, bcdDevice= 0.40 [ 1646.078919][ T6807] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1646.141314][ T6807] usb 4-1: Product: syz [ 1646.164713][ T6807] usb 4-1: Manufacturer: syz [ 1646.180377][ T6807] usb 4-1: SerialNumber: syz [ 1646.211990][T17854] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1646.292290][T17813] loop5: detected capacity change from 0 to 32768 [ 1646.350159][T17813] JBD2: Ignoring recovery information on journal [ 1646.428119][ T6807] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 1646.470616][T17813] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 1646.486562][T17869] loop1: detected capacity change from 0 to 128 [ 1646.717646][T17879] netlink: 'syz.2.15546': attribute type 1 has an invalid length. [ 1646.843880][ T6807] snd-usb-audio: probe of 4-1:1.0 failed with error -71 [ 1646.903761][ T6807] usb 4-1: USB disconnect, device number 2 [ 1646.920308][ T4408] udevd[4408]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1646.979301][T31961] ocfs2: Unmounting device (7,5) on (node local) [ 1647.128404][T17907] loop4: detected capacity change from 0 to 164 [ 1647.875696][T17955] netlink: 28 bytes leftover after parsing attributes in process `syz.1.15565'. [ 1647.936973][T17955] netlink: 40 bytes leftover after parsing attributes in process `syz.1.15565'. [ 1648.057733][T17970] binder: BC_ACQUIRE_RESULT not supported [ 1648.063556][T17970] binder: 17969:17970 ioctl c0306201 200000000500 returned -22 [ 1648.236378][T19778] usb 5-1: new low-speed USB device number 22 using dummy_hcd [ 1648.452042][T19778] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 1648.464788][T19778] usb 5-1: config 0 has no interface number 0 [ 1648.470968][T19778] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1648.526948][T19778] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1648.547992][T19778] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1648.578272][T19778] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1648.610950][T19778] usb 5-1: config 0 descriptor?? [ 1648.710658][T19778] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1648.872054][T17960] iowarrior 5-1:0.1: Error -90 while submitting URB [ 1648.901919][T19778] usb 5-1: USB disconnect, device number 22 [ 1648.981592][T18022] netlink: 'syz.1.15583': attribute type 10 has an invalid length. [ 1649.000646][T18022] netlink: 40 bytes leftover after parsing attributes in process `syz.1.15583'. [ 1649.031440][T18022] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 1649.052641][T18022] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1649.140431][T17981] loop3: detected capacity change from 0 to 32768 [ 1649.157483][T17981] /dev/loop3: Can't open blockdev [ 1649.246904][ T4408] I/O error, dev loop3, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1649.540517][T18043] netlink: 12 bytes leftover after parsing attributes in process `syz.2.15590'. [ 1649.549637][T18043] netlink: 20 bytes leftover after parsing attributes in process `syz.2.15590'. [ 1649.588497][T18043] netlink: 20 bytes leftover after parsing attributes in process `syz.2.15590'. [ 1649.794440][T18057] netlink: 20 bytes leftover after parsing attributes in process `syz.5.15593'. [ 1649.890366][T18057] netlink: 8 bytes leftover after parsing attributes in process `syz.5.15593'. [ 1650.091141][T18073] xt_nat: multiple ranges no longer supported [ 1650.442110][ T6807] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 1650.511572][T18096] loop5: detected capacity change from 0 to 4096 [ 1650.533801][T18096] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512) [ 1650.568351][T18096] ntfs3: loop5: ntfs_evict_inode r=6 failed, -22. [ 1650.574974][T18096] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 1650.652394][ T6807] usb 5-1: Using ep0 maxpacket: 16 [ 1650.672203][ T6807] usb 5-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 1650.678073][T18096] ntfs3: loop5: ino=1e, "file1" attr_set_size [ 1650.717714][ T6807] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1650.759478][ T6807] usb 5-1: Product: syz [ 1650.763734][ T6807] usb 5-1: Manufacturer: syz [ 1650.790181][ T6807] usb 5-1: SerialNumber: syz [ 1650.810664][ T6807] usb 5-1: config 0 descriptor?? [ 1651.056360][ T6807] speedtch 5-1:0.0: speedtch_bind: data interface not found! [ 1651.074734][ T6807] speedtch 5-1:0.0: usbatm_usb_probe: bind failed: -19! [ 1651.286698][ T6807] usb 5-1: USB disconnect, device number 23 [ 1651.604904][T18126] loop1: detected capacity change from 0 to 32768 [ 1651.691224][T18126] JBD2: Ignoring recovery information on journal [ 1651.776072][T18126] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1652.029654][ T4268] ocfs2: Unmounting device (7,1) on (node local) [ 1652.301146][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 1652.307575][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 1652.440595][T18176] netlink: 'syz.1.15630': attribute type 2 has an invalid length. [ 1652.491153][T18176] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.15630'. [ 1652.531547][T18182] netlink: 'syz.4.15631': attribute type 28 has an invalid length. [ 1652.555481][T18182] netlink: 'syz.4.15631': attribute type 29 has an invalid length. [ 1652.608639][T18182] netlink: 132 bytes leftover after parsing attributes in process `syz.4.15631'. [ 1654.370811][T18283] kernel profiling enabled (shift: 63) [ 1654.426258][T18283] profiling shift: 63 too large [ 1654.627312][T18297] loop1: detected capacity change from 0 to 1024 [ 1654.753978][T18297] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 1654.945302][ T4268] EXT4-fs (loop1): unmounting filesystem. [ 1655.021561][T18322] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15675'. [ 1655.070446][T18322] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15675'. [ 1655.099890][T18322] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15675'. [ 1655.114282][T18322] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15675'. [ 1655.124025][T18322] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15675'. [ 1655.133276][T18322] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15675'. [ 1655.142570][T18322] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15675'. [ 1655.151784][T18322] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15675'. [ 1655.161193][T18322] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15675'. [ 1655.171127][T18322] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15675'. [ 1655.419860][T18347] loop5: detected capacity change from 0 to 16 [ 1655.468287][T18347] erofs: (device loop5): mounted with root inode @ nid 36. [ 1656.182036][T18390] netlink: 'syz.5.15695': attribute type 2 has an invalid length. [ 1656.200101][T18381] loop4: detected capacity change from 0 to 4096 [ 1656.210788][T18391] loop3: detected capacity change from 0 to 1024 [ 1656.299763][T18390] netlink: 'syz.5.15695': attribute type 1 has an invalid length. [ 1656.353991][T18391] EXT4-fs: Ignoring removed mblk_io_submit option [ 1656.382231][ T4279] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 1656.389982][T18391] EXT4-fs: inline encryption not supported [ 1656.418487][T18391] /dev/loop3: Can't open blockdev [ 1656.426697][ T4279] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 1656.606838][T19778] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 1656.671754][T18417] netlink: 'syz.3.15702': attribute type 21 has an invalid length. [ 1656.833725][T19778] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1656.854655][T19778] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 185, changing to 7 [ 1656.890953][T19778] usb 3-1: string descriptor 0 read error: -22 [ 1656.917158][T19778] usb 3-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40 [ 1656.942811][T19778] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1657.004191][T19778] usb 3-1: selecting invalid altsetting 1 [ 1657.010449][T19778] usb 3-1: unit 3 not found! [ 1657.112910][T18436] loop4: detected capacity change from 0 to 128 [ 1657.145415][T18436] EXT4-fs (loop4): Test dummy encryption mode enabled [ 1657.166411][T18436] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1657.184934][T18436] ext4 filesystem being mounted at /3059/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1657.216485][T19778] usb 3-1: cannot request logical cluster ID: 35217 (err: -5) [ 1657.224090][T19778] usb 3-1: invalid MIXER UNIT descriptor 6 [ 1657.237873][T19778] snd-usb-audio: probe of 3-1:1.0 failed with error -5 [ 1657.247886][T19778] usb 3-1: selecting invalid altsetting 1 [ 1657.255158][T19778] usb 3-1: unit 3 not found! [ 1657.315069][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 1657.445092][T19778] usb 3-1: cannot request logical cluster ID: 35217 (err: -71) [ 1657.457467][T19778] usb 3-1: invalid MIXER UNIT descriptor 6 [ 1657.473189][T19778] snd-usb-audio: probe of 3-1:1.1 failed with error -71 [ 1657.497724][T19778] usb 3-1: selecting invalid altsetting 1 [ 1657.514893][T19778] usb 3-1: unit 3 not found! [ 1657.520087][T18451] libceph: resolve '400' (ret=-3): failed [ 1657.527220][T19778] usb 3-1: cannot request logical cluster ID: 35217 (err: -71) [ 1657.534840][T19778] usb 3-1: invalid MIXER UNIT descriptor 6 [ 1657.639830][T19778] snd-usb-audio: probe of 3-1:1.2 failed with error -71 [ 1657.683763][T19778] usb 3-1: USB disconnect, device number 23 [ 1657.728795][ T4408] udevd[4408]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1657.772318][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1658.102355][T18433] loop1: detected capacity change from 0 to 32768 [ 1658.162261][T18484] loop4: detected capacity change from 0 to 4096 [ 1658.237881][T18433] JBD2: Ignoring recovery information on journal [ 1658.249375][T18484] NILFS (loop4): unsupported revision (superblock rev.=0.0, current rev.=2.0). Please check the version of mkfs.nilfs(2). [ 1658.477966][T18433] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1658.694803][T18489] loop3: detected capacity change from 0 to 32768 [ 1658.780596][ T4268] ocfs2: Unmounting device (7,1) on (node local) [ 1658.789279][T18489] ocfs2: Readonly device (7,3) detected. Cluster services will not be used for this mount. Recovery will be skipped. [ 1658.845499][T18489] ocfs2: Mounting device (7,3) on (node local, slot 65535) with ordered data mode. [ 1659.051023][ T4274] INFO: trying to register non-static key. [ 1659.056997][ T4274] The code is fine but needs lockdep annotation, or maybe [ 1659.064135][ T4274] you didn't initialize this object before use? [ 1659.070426][ T4274] turning off the locking correctness validator. [ 1659.076795][ T4274] CPU: 0 PID: 4274 Comm: syz-executor Not tainted syzkaller #0 [ 1659.084384][ T4274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1659.094472][ T4274] Call Trace: [ 1659.097773][ T4274] [ 1659.100736][ T4274] dump_stack_lvl+0x188/0x24e [ 1659.105463][ T4274] ? show_regs_print_info+0x12/0x12 [ 1659.110703][ T4274] ? load_image+0x400/0x400 [ 1659.115245][ T4274] ? _find_next_bit+0x11e/0x130 [ 1659.120141][ T4274] ? __is_module_percpu_address+0x279/0x3b0 [ 1659.126075][ T4274] ? is_kernel_percpu_address+0x18f/0x1b0 [ 1659.131846][ T4274] assign_lock_key+0x201/0x230 [ 1659.136663][ T4274] ? SOFTIRQ_verbose+0x10/0x10 [ 1659.141473][ T4274] ? verify_lock_unused+0x140/0x140 [ 1659.146719][ T4274] ? deref_stack_reg+0x19f/0x230 [ 1659.151701][ T4274] register_lock_class+0x21d/0x870 [ 1659.156951][ T4274] ? mark_lock+0x94/0x320 [ 1659.161318][ T4274] ? is_dynamic_key+0x260/0x260 [ 1659.166217][ T4274] ? __lock_acquire+0x13cf/0x7d10 [ 1659.171284][ T4274] ? __lock_acquire+0x7d10/0x7d10 [ 1659.176352][ T4274] __lock_acquire+0x16f/0x7d10 [ 1659.181164][ T4274] ? is_bpf_text_address+0x28b/0x2a0 [ 1659.186483][ T4274] ? kernel_text_address+0x9c/0xd0 [ 1659.191642][ T4274] ? verify_lock_unused+0x140/0x140 [ 1659.196893][ T4274] ? stack_trace_save+0xf0/0xf0 [ 1659.201788][ T4274] ? arch_stack_walk+0xf2/0x140 [ 1659.206682][ T4274] ? verify_lock_unused+0x140/0x140 [ 1659.211942][ T4274] ? stack_trace_save+0xa6/0xf0 [ 1659.216875][ T4274] lock_acquire+0x1bb/0x4a0 [ 1659.221423][ T4274] ? ocfs2_mark_lockres_freeing+0x159/0x600 [ 1659.227368][ T4274] ? memset+0x1e/0x40 [ 1659.231386][ T4274] ? read_lock_is_recursive+0x10/0x10 [ 1659.236798][ T4274] ? seqcount_lockdep_reader_access+0x127/0x1d0 [ 1659.243111][ T4274] ? lockdep_hardirqs_on+0x94/0x140 [ 1659.248362][ T4274] _raw_spin_lock_irqsave+0xb0/0x100 [ 1659.253720][ T4274] ? ocfs2_mark_lockres_freeing+0x159/0x600 [ 1659.259667][ T4274] ? _raw_spin_lock+0x40/0x40 [ 1659.264476][ T4274] ? ktime_get+0x247/0x270 [ 1659.268946][ T4274] ocfs2_mark_lockres_freeing+0x159/0x600 [ 1659.274717][ T4274] ? kasan_quarantine_put+0xd4/0x220 [ 1659.280046][ T4274] ? ocfs2_dlm_shutdown+0x240/0x240 [ 1659.285415][ T4274] ? ocfs2_journal_shutdown+0x673/0xc20 [ 1659.291015][ T4274] ? ocfs2_journal_init+0xdb0/0xdb0 [ 1659.296261][ T4274] ? __kmem_cache_free+0xb6/0x1f0 [ 1659.301338][ T4274] ocfs2_dlm_shutdown+0x36/0x240 [ 1659.306331][ T4274] ocfs2_dismount_volume+0x47f/0x940 [ 1659.311661][ T4274] ? ocfs2_enable_quotas+0x490/0x490 [ 1659.316988][ T4274] ? clear_inode+0x150/0x150 [ 1659.321627][ T4274] ? ocfs2_free_inode+0x20/0x20 [ 1659.326524][ T4274] generic_shutdown_super+0x130/0x340 [ 1659.332038][ T4274] kill_block_super+0x7c/0xe0 [ 1659.336775][ T4274] deactivate_locked_super+0x93/0xf0 [ 1659.342103][ T4274] cleanup_mnt+0x42c/0x4b0 [ 1659.346564][ T4274] ? lockdep_hardirqs_on+0x94/0x140 [ 1659.351800][ T4274] task_work_run+0x1d0/0x260 [ 1659.356434][ T4274] ? task_work_cancel+0x220/0x220 [ 1659.361501][ T4274] ? exit_to_user_mode_loop+0x3b/0x110 [ 1659.367009][ T4274] exit_to_user_mode_loop+0xe6/0x110 [ 1659.372348][ T4274] exit_to_user_mode_prepare+0xee/0x180 [ 1659.377949][ T4274] syscall_exit_to_user_mode+0x16/0x40 [ 1659.383445][ T4274] do_syscall_64+0x58/0xa0 [ 1659.387933][ T4274] ? clear_bhb_loop+0x60/0xb0 [ 1659.392668][ T4274] ? clear_bhb_loop+0x60/0xb0 [ 1659.397417][ T4274] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1659.403352][ T4274] RIP: 0033:0x7f1f8799e017 [ 1659.407796][ T4274] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 1659.427440][ T4274] RSP: 002b:00007ffc6ae585a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1659.435909][ T4274] RAX: 0000000000000000 RBX: 00007f1f87a32120 RCX: 00007f1f8799e017 [ 1659.443934][ T4274] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6ae58660 [ 1659.451958][ T4274] RBP: 00007ffc6ae58660 R08: 00007ffc6ae59660 R09: 00000000ffffffff [ 1659.460059][ T4274] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc6ae596f0 [ 1659.468067][ T4274] R13: 00007f1f87a32120 R14: 000000000017af6a R15: 00007ffc6ae59730 [ 1659.476091][ T4274] [ 1659.512223][ T4274] ocfs2: Unmounting device (7,3) on (node local)