last executing test programs: 29.038651139s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x7, 0x2, 0x4}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfde0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000180)={0x24, r3, 0x62c21a4ade68aba1, 0x0, 0x0, {{0x32}, {@val={0x8, 0x117}, @val={0x8}, @void}}}, 0x24}}, 0x0) 28.978724948s ago: executing program 1: ppoll(&(0x7f0000000140), 0x368, &(0x7f0000000180)={0x0, 0x989680}, &(0x7f00000001c0), 0x8) 28.96979504s ago: executing program 1: ptrace(0x10, 0x1) r0 = inotify_init1(0x0) select(0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, 0x0}) ptrace$getenv(0x4204, r1, 0x0, 0x0) 3.656626714s ago: executing program 3: unshare(0x42000000) syz_mount_image$vfat(&(0x7f0000008140), &(0x7f0000008180)='./file0\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0049403de15840e6e4bf5fdcbf9b6cb78e187804be6112373ae32ad0304a3daf808db418c959ef06005855aa36679056a5901ededc367aa893be0e31ea492ec3a8dae06c918f69d4b0f607e38f2cab141a31c9ee3b477dc26f38ff5b"], 0x1, 0x8130, &(0x7f0000008200)="$eJzs3D+LY1UcBuCfbnTjyG6mEEFBPGijzWUzhZVNkFmQDSi7G2FHEO44NxpyTYbcMBARZzoLG7HxO4ilnSB+gWnEj2A3jeUUYmQSnX/EQpS5LPM8TV44eeGc5nLh3HOO3vzqk2G/yvr5NJ5sNqNxEBHHKVI04kaceCIO4vWvv/zlpQePtu51ut3N+ynd7Txsv5FSuv3yj+9/9t0rP02ffe/72z/cjMP1D45+2/j18PnDF47+ePjxoEqDKo3G05Sn7fF4mm+XRdoZVMMspXfLIq+KNBhVxeTCeL8c7+7OUj7aubW2OymqKuWjWRoWszQdp+lklvKP8sEoZVmWbq0F/0Xv27pnAAAAwNU4ns/nEfOFm9FcpLrnBAAAAAAAAAAAAAAAAAAAANeN8/8AAAAAAAAAAAAAAAAAAABQP+f/AQAAAAAAAAAAAAAAAAAAoH7O/wMAAAAAAAAAAAAAAAAAAED9Hjzautfpdjfvp9SMKL/Y6+31lr/L8U4/BlFGEXeiFb//fVPA/PTWgLtvdzfvpIX1+Kbc/6u/v9e7cbHfjlasr+63l/10sf9UrJ3vb0Qrnlvd31jZfzpee/VcP4tW/PxhjKOMnTjpnvU/b6f01jvdS/1nFv8DAAAAAAAAgMdBlk6t3L/Psn8aX/b/xfcBl/bXG/Fio961AwAAwHVRzT4d5mVZTARBEE5D3U8mAADg/3b20l/3TAAAAAAAAAAAAAAAAAAAAOD6uorrxOpeIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAACC/K1XGKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgKgAA///5cu/6") r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @remote}, {0x2, 0x0, @multicast1}, 0xaf}) 3.536424233s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000e27b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r1}, 0x10) socketpair(0x0, 0x0, 0x0, &(0x7f00000006c0)) 2.106837237s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r1}, 0x10) mknodat(0xffffffffffffff9c, &(0x7f0000004a80)='./file0\x00', 0x1000, 0x0) open$dir(&(0x7f0000000680)='./file0\x00', 0x0, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0xc4a00, 0x0) 2.011117063s ago: executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0) linkat(r1, &(0x7f0000001180)='./file1\x00', r1, &(0x7f00000002c0)='./file0\x00', 0x0) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r3, &(0x7f00000003c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') r4 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) renameat2(r3, &(0x7f0000000500)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', r4, &(0x7f0000000580)='./file0\x00', 0x2) 1.969215899s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x2, 0x2}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x2208050, &(0x7f0000000140)=ANY=[], 0x1, 0x1516, &(0x7f0000003140)="$eJzs3Am4T+X2OPC13vfdHDJ8k8x7vWvzTYaXJMmQJEOSJCGZE5IkSZLEIVMSkpDxJJlD5nTSMc9D5qSTK0mSkJDk/T+n4e823H/33l/3r9896/M8+znv2nu/a6991vmePTzPOV90HVa9UY0q9ZkZ/h365wH++CURABIAYCAAZAeAAADK5CiTI217Jo2J/9ZBxH9IgxmXuwJxOUn/0zfpf/om/U/fpP/pm/Q/fZP+p2/S//RN+i9EujYr75WypN9F3v//L6f+J5Pl+v/fB/G3q/7RvtL//zb6X9pb+p9uZPi9ldL/9OL3LwHS//RN+p+eBZe7AHGZyec/fZP+C5Gu/envlDecu9zvtGX5FxYhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEOL/g3P+EgMAP48vd11CCCGEEEIIIYT48/i3LncFQgghhBBCCCGE+M9DUKDBQAAZICMkQCbIDFdAFsgK2SA7xOBKyAFXQU64GnJBbsgDeSEf5IcCEAKBBYYICkIhiMM1UBiuhSJQFIpBcXBQAkrCdVAKrofScAOUgRuhLNwE5aA8VICKcDNUglugMtwKVeA2qArVoDrUgNuhJtwBteBOqA13QR24G+rCPVAP7oX60AAawn3QCO6HxtAEmkIzaA4toOUfzE/K/nvzn4Ee8Cz0hF6QCL2hDzwHfaEf9IcBMBCeh0HwAgyGF2EIDIVh8BIMh5dhBLwCI2EUjIZXYQyMhXEwHibAREiC12ASvA6T4Y37s8JUmAbTYQbMhFnwJsyGOTAX3oJ5MB8WQFKmRbAYlsDbsBTegWR4F5bBe5ACy2EFrIRVsBrWwFpYB+thA2yETbAZtsBW2Abvw3bYATthF+yGPbAXPoB98CHsh48gFT/+F+ef/eV86IaAgAoVGjSYATNgAiZgZsyMWTALZsNsGMMY5sAcmBNzYi7MhXkwD+bDfFgACyAhISNjQSyIcYxjYSyMRbAIFsNi6NBhSSyJpfB6LI2lsQyWwbJYFstheSyPFbEiVsJKWBkrYxWsglWxKlbH6ng73o53YC2shbWxNtbBOlgX62I9rIf1sT42xIbYCBthY2yMTbEpNsfm2BJbYitsha2xNbbFttgO22F7bI8dsAN2xI7YCTthZ+yMXbALdsWu2A2fxqfxGXwGn8VnsRdWVb2xD/bBvtgX++MAHIDP4yB8AV/AF3EIDsVh+BK+hC/jCDyDI3EUjsbRWEmNxXE4HllNxCRMwowwCSfjZJyCU3EqTscZOBNn4SycjXNwDr6F83A+zseFuBAX4xJcgkvxHUzGZFyGZzEFl+MKXImrcDWuwrW4DtfiBtyIG3AzbsatuBXfx/dxB+7AXbgL9+Ae/AA/wA/xQxyCqZiKB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5wDgPJ7HC3gBL+LFtA+/SmOUURlUBpWgElRmlVllUVlUNpVNxVRM5VA5VE6VU+VSuVQelUflU/lUAVVAkSLFKlIFVUEVV3FVWBVWRVQRVUwVU045VVKVVKVUKVValVZl1I2qrLpJlVPlVRtXUVVUlVRbV1ndqqqoKqqqqqaqqxqqhqqpaqpaqpaqrWqrOqqOqqvuUfVUb+yPDVRaZxqpodhYDcOmqplqrlqol/EB1UqNwNaqjWqrHlKjcCS2V61cB/Wo6qjGYSf1uBqPT6guaiJ2VU+pbupp1V09o3qo1q6n6qWmYG/VR03Hvqqf6q8GqNlYTaV1rLp6UQ1RQ9Uw9ZJajC+rEeoVNVKNUqPVq2qMGqvGqfFqgpqoktRrapJ6XU1Wb6gpaqqapqarGWqmmqXeVLPVHDVXvaXmqflqgVqoFqnFaol6Wy1V76hk9a5apt5TKWq5WqFWqlVqtVqj1qp1ar3aoDaqTWqz2qK2qm3qfbVd7VA71S61W+1Re9UHap/6UO1XH6lU9bE6oP6mDqpP1CH1qTqsPlNH1OfqqPpCHVNfquPqK3VCnVSn1NfqtPpGnVFn1Tn1rTqvvlMX1PfqovIKNGqltTY60Bl0Rp2gM+nM+gqdRWfV2XR2HdNX6hz6Kp1TX61z6dw6j8mr8+n8uoAONWmrWUe6oC6k4/oaXVhfq4voorqYLq6dLqFL6ut0KX29Lq1v0GX0jbqsvkmX0+V1BQ/6Zl1J36Ir61t1FX2brqqr6eq6hr5d19R36Fr6Tl1b36Xr6Lt1XX2Prqfv1fV1A91Q36cb6ft1Y91EN9XNdHPdQrfUD+hW+kHdWrfRbfVDup1+WLfXj+gO+lHdUT+mO+nHdWf9hO6in9Rd9VO6m35ad9ff64va6566l07UvXUf/Zzuq/vp/nqAHqif14P0C3qwflEP0UP1MP2SHq5f1iP0K3qkHqVH61f1GD1Wj9Pj9QQ9USfp1/Qk/bqerN/QU/RUPU1P1zP0TN3/p0xz/4n5r//O/ME/HH2r3qbf19v1Dr1T79K79R69V+/V+/Q+vV/v16k6VR/QB/RBfVAf0of0YX1YH9FH9FF9VB/Tx/RxfVyf0Cf1t/prfVp/o8/os/qs/laf1+f1hZ++B2DQKKONMYHJYDKaBJPJZDZXmCwmq8lmspuYudLkMFeZnOZqk8vkNnlMXpPP5DcFTGjIWMMmMgVNIRM315jC5lpTxBQ1xUxx40wJU9Jc9z+e/0f1tTQtTSvTyrQ2rU1b09a0M+1Me9PedDAdTEfT0XQynUxn09l0MV1MV9PVdDPdTHfT3fQwPUxP09MkmkTTxzxn+pp+pr8ZYAaa580gM8gMNoPNEDPEDDPDzHAz3IwwI8xIM9KMNqPNGDPGjDPjzAQzwST57GaSmWQmm8lmiplipg3MbmaYGWaWmWVmm9lmrplr5pl5ZoFZYBaZRWaJWWKWmqUm2SSbZWaZSTHLzXKz0qw0q81qs9asNevNerPRbDSbzWaTYraZbWa72W52mp1mt9lt9pq9Zp/ZZ/ab/SbVpJoD5oA5aA6aQ+aQOWwOmyPmiDlqjppj5pg5bo6bE+aEOWVOmdPmtDljzphz5pw5b86bC+aCuWgupt32BSpQgQlMkCHIECQECUHmIHOQJcgSZAuyBbEgFuQIcgQ5g6uDXEHuIE+QN8gX5A8KBGFAgQ04iIKCQaEgHlwTFA6uDYoERYNiQfHABSWCksF1Qang+qB0cENQJrgxKBvcFJQLygcVgorBzUGl4JagcnBrUCW4LagaVAuqBzWC24OawR1BreDOoHZwV1AnuDuoG9wT1AvuDeoHDYKGwX1Bo+D+oHHQJGgaNAuaBy2Cln9qfu/P5H7Q9Qx7hYlh77BP+FzYN+wX9g8HhAPD58NB4Qvh4PDFcEg4NBwWvhQOD18OR4SvhCPDUeHo8NVwTDg2HBeODyeEE8Ok8LVwUvh6ODl8I5wSTg2nBdPDGeHMcFb4Zjg7nBPODd8K54XzwwXhwnBRuDhE/PFuPDl8N1wWvhemhMvDFeHKcFW4OlwTrg3XhevDDeHGcFO4ucygH3cNt4c7wp3hrnB3uCfcG34Q7gs/DPeHH4Wp4cfhgfBv4cHwk/BQ+Gl4OPwsPBJ+Hh4NvwiPhV+Gx8OvwhPhyUwQfh2eDr8Jz4Rnw3Pht+H58LvwQvh9eDH0aTf3aZd3MmQoA2WgBEqgzJSZslAWykbZKEYxykE5KCflpFyUi/JQHspH+agAFaA0TEwFqSDFKU6FqTAVoSJUjIqRI0clqSSVolJUmkpTGSpDZakslSNLFagC3Uw30y10C91Kt9JtdBtVo2pUg2oQYk2qRbWoNtWmOlSH6lJdqkf1qD7Vp4bUkBpRI2pMjakpNaXm1JxaUktqRa2oNbWmttSW2lE7ak/tqQN1oI7UkTpRJ+pMnakLdaGu1JW6UTfqTt2pB/WgntSTEimR+lAf6kt9qT/1p4E0kAbRIBpMg2kIDaFhNIyG03AaQSNoJI2i0fQqjaGxNI7G0wSaSEmURJNoEk2myTSFptA0mkYzaAbNolk0m2bTXJpL82geLaAFtIgW0RJaQktpKSVTMi2jZZRCKbSCVtAqWkVraA2to3W0gTbQJtpEW2gLbaNttJ22007aSbtpN+2lvbSP9tF+2k+plEoH6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifoBJ2iU3SaTtMZOkPn6Bydp+/oAn1PF8lTgs1kM9srbBab1Waz2e2v4zw2r81n89sCNrS5bO5fxGStLWKL2mK2uHW2hC1pr/tNXM6WtxVsRXuzrWRvsZVtOZsJ/j6uae+wteydtra9y9awt/8irmPvtnXt/baebWLr22a2oW1hG9n7bWPbxDa1zWxz28K2sw/b9vYR28E+ajvax34TL7Xv2HV2vd1gN9p99kN7zn5rj9ov7Hn7ne1pe9mB9nk7yL5gB9sX7RA79JcxgB1tX7Vj7Fg7zo63E+zE38TT7HQ7w860s+ybdrad85t4iX3bzrPJdoFdaBfZxT/EaTUl23ftMvueTbHL7Qq70q6yq+0au/b/1rrSbrZb7Fa7135gt9sddqfdZXfbPT/Eaeex335kU+3H9oj93B60n9hD9pg9bD/7IU47v2P2S3vcfmVP2JP2lP3anrbf2DP27A/nn3buX9vv7UXrLTCyYs2GA87AGTmBM3FmvoKzcFbOxtk5xldyDr6Kc/LVnItzcx7Oy/k4PxfgkIktM0dckAtxnK/hwnwtF+GiXIyLs+MSXJKv41J8PZfmG7gM38hl+SYux+W5Alfkm7kS38KV+VauwrdxVa7G1bkG3841+Q6uxXdybb6L6/DdXJfv4Xp8L9fnBtyQ7+NGfD835ibclJtxc27BLfkBbsUPcmtuw235IW7HD3N7foQ78KPckR/jTvw4d+YnuAs/yV35Ke7GT3N3foZ78LPck3txIvfmPvwc9+V+3J8H8EB+ngfxCzyYX+QhPJSH8Us8nF/mEfwKj+RRPJpf5TE8lsfxeJ7AEzmJX+NJ/DpP5jd4Ck/laTydZ/BMnsVv8myew3P5LZ7H83kBL+RFvJiX8Nu8lN/hZH6Xl/F7nMLLeQWv5FW8mtfwWl7H63kDb+RNvJm38Fbexu/zdt7BO3kX7+Y9vJc/4H38Ie/njziVP+YD/Dc+yJ/wIf6UD/NnfIQ/56P8BR/jL/k4f8Un+CSf4q/5NH/DZ/gsn+Nv+Tx/xxf4e77IniHCSEU6MlEQZYgyRglRpihzdEWUJcoaZYuyR7HoyihHdFWUM7o6yhXljvJEeaN8Uf6oQBRGFNmIoygqGBWK4tE1UeHo2qhIVDQqFhWPXFQiKhldF5WKro9KRzdEZaIbo7LRTVG5qHxUIaoY3RxVim6JKke3RlWi26KqUbWoelQjuj2qGd0R1YrujGpHd0Wlo7ujutE9Ub3o3qh+1CBqGN0XNYrujxpHTaKmUbOoedQiahk9ELWKHoxaR22ittFDUbvo4ah99EjUIXo06hg9dml70eDHq+mvtidGvSP90xuyO/Wi+OL4kvjb8aXxd+LJ8Xfjy+LvxVPiy+Mr4ivjq+Kr42via+Pr4uvjG+Ib45vim+Nb4lvj3tfICA7THoTBuMBlcBldgsvkMrsrXBaX1WVz2V3MXelyuKtcTne1y+Vyuzwur8vn8rsCLnTkrGMXuYKukIu7a1xhd60r4oq6Yq64c66EK+lauJaupWvlHnStXRvX1j3kHnIPu4fdI+4R96jr6B5zndzjrrN7wnVxT7on3VOum3vadXfPuB7uWdfT9XKJLtH1cX1cX9fX9Xf93UA30A1yg9xgN9gNcUPcMDfMDXfD3Qg3wo10I91oN9qNcWPcODfOTXATXJJLcpPcJDfZTXZT3BQ3zU1zM9wMN8vNcrPdbDfXzXXz3Dy3wC1wi9wit8QtcUvdUpfskt0yt8yluBS3wq1wq9wqt8atcevcOrfBbXCb3Ca3xW1x29w2t91tdzvdTrfb7XZ73V63z+1z+91+l+pS3QF3wB10B90h96k77D5zR9zn7qj7wh1zX7rj7it3wp10p9zX7rT7xp1xZ9059607775zF9z37qLzLin2WmxS7PXY5NgbsSmxqbFpsemxGbGZsVmxN2OzY3Nic2NvxebF5scWxBbGFsUWx5bE3o4tjb0TS469G1sWey+WElseWxFbGVsVWx3zPv/2yBf0hXzcX+ML+2t9EV/UF/PFvfMlfEl/nS/lr/el/Q2+jL/Rl/U3+XK+vK/gm/imvplv7lv4lv4B38o/6Fv7Nr6tf8i38w/79v4R38E/6jv6x3wn/7jv7J/wXfyTvqt/av5PP56+h3/W9/S9fKLv7fv453xf38/39wP8QP+8H+Rf8IP9i36IH+qH+Zf8cP+yH+Ff8SP9KD/av+rH+LF+nB/vJ/iJPsm/5if51/1k/4af4qf6aX66n+Fn+ln+TT/bz/Fz/Vt+np/vF/iFfpFf7Jf4t/1S/45P9u/6Zf49n+KX+xV+pV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mM8J2v8Pv9Lv8br/H7/Uf+H3+Q7/ff+RT/cf+gP+bP+g/8Yf8p/6w/8wf8Z/7o/4Lf8x/6Y/7r/wJf9Kf8l/70/4bf8af9ef8t/68/85f8N/7i/I3a0IIIYQQ/xT9B9t7/8469dNiAKAPAGTdkffwr3NuyvXjuJ/a1zEGAI/26trg56VBg8TExJ/2TdEQFFoIALFL8zPApXg5tIWHoQO0gVK/W18/VQH5V/mDv9uelj9+I0BmgEw/r0uAH+Jf5b/+H+Rv8vav8/+6/vhCgCKFLs1JO9DP8aX8pf9B/j3t/iB/pk+SAFr/3ZwscCm+lL8kPAiPQYdf7CmEEEIIIYQQQvyonzrf7Y+eb9Oez/OZS3MywqX4j57P/0DlP+MchBBCCCGEEEII8f/2xNPdH3mgQ4c2nf+bBxn/GmX8BQYIAH+BMmTw1x9c7t9MQgghhBBCiD/bpZv+y12JEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgiRfv37/yFM/dM7X+5zFEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIS63/xMAAP//gUVOqg==") r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x107042, 0x0) write(r2, &(0x7f0000000400)="6f88b2a60614ef91a3f8ef9e1220b2675bce0f59b2336b1e3eb222ffa77b91bd642da8472b07a5059831e5c03734ccff6480db993a9be5198f428be1838bef5847f8452dab06605676dc879a87d9c28bf128eb784296078f4a28e8a2595743bd65e4e6a9e5ced66e5524edc432ceaab8552a2c2f179d91122a961061343c8695c39084b2370dae938e8d43b6d6fbd905eff6c6360e26d2ef525c6a46357a0f26061ba8da82c8c39b6ec93cea456c8ed747b85fa822136714ad8bdb0d36d7c9c75354e5d73d216e45cb24fc975e092c08bd1bfb1102952f580acce4909b84036801c1f0b88c7508aa2bf5999b5f8b0da1b6d5a83203cf784ce1e8a562c75310eea1c28d9f650073742c8e9311718b35acee6a272bd76b7e547c06b9b9c461163e18f48033a79c7f3a6574c234d84fa9c569100e6c088070010175611c6643b7cd4eb643ab300fa1e46fb4027fe48882975fcfd5a5295ead29b97cb0e86af8a0b4beb400d3b54774eafac72f7d222a4248662afdd0072963aef817701d5fc445f61d563c3ed0992670002289a555f7bebfcc91b5c75e9222b17ed54aff16a3d6a0cfab24f8bffcaef7c61f2be13411eb800853f37dd2d0efc25abc246e833d350206539d5160991f02e4b0201f14ed8fdc814c4034ed7e438934b250352ece17f1145ba3ea72c698adfeeb89e4e1338fd7598d83f70137a83ef553d770193c4738", 0x353c00) ftruncate(r2, 0x0) 1.794268567s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) pipe2$9p(&(0x7f0000001900), 0x0) 1.13730921s ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 1.125619592s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000700850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) quotactl_fd$Q_QUOTAON(0xffffffffffffffff, 0x0, 0x0, 0x0) 1.112538984s ago: executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="82000000000000009b000040"]) 1.072306581s ago: executing program 2: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0}, 0x90) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000000240)='syzkaller\x00'}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r1, r0, 0x1, 0x0, @void}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', 0x0}) sendto$packet(r2, &(0x7f0000000180)="10030600e0ff020002004788aa96a13bb100001100007fca1a00", 0x1000a, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0x14) 1.029740967s ago: executing program 2: r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000001c0)=@base={0x5, 0x16, 0x8, 0x7f}, 0x48) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1f, 0x8, &(0x7f0000000240)=@framed={{0x18, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x19}, 0x90) 992.102943ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x8, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8c18cffb703000008000000b704000000000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48) 966.103027ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) pipe2$9p(&(0x7f0000001900), 0x0) 950.95431ms ago: executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000340), 0x74, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0) 827.144909ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e01f3440cee51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cad32b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337602d3e5a815232f5e16c1b30c3a6abc85018e5ff2c91018afc9ffc2cc788bee1b47683db012469398685211dfbbae3e2ed0a50e7393bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d300006aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7af22e30d46a9d26d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977fb536a9caab37d9ac4cfc1c7b400000000000007ffc826b956ba859ac8e3c177b91bd7d5e41ff83ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d000069a16203a967c1bbe09315c29877a308bcc87dc3addb08142bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8240000e3428d2129369ee1b85af9ffffff0d0df414b315f651c8412392191fa83ee830548f11be359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92000000000f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb74d4ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905de328c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a978ee56c83a3466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342e0eaf6f330e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea95ec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf81700cd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be3827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f969369de47422604e2fc5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293b6c833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b612272d40f522d8c98c879aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbe71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd46dbd61627a2e0a74b5e6aefb7eee403502734137ff47a57f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a125e3af1130d66a7b66837ae7e7123dde7404a067ad0a6a2d6bec9411b61cad4121be3c72ff3a04713042253d438e7becf8120de3895b8ce974958bde39cb8da3427a2e9e2de936431e67fed5ab5684db07de39083d8948cc4c8a2608100000000000000000000aecb8b0b7941088f971ce17427eec32a012295cc0cdd32955176b6ad5a4bb953e58ccfa9428f452cfb5a48a9fda26db3985c8be3c2f99827da074825b01c4a3a71fb59d5798100000000000000c76b05a45d2dd8c20d971e2f3e4369168f5cb83d6ff3a18733fec726034fbfa95624135bee374414b2c8c61f52357a520efd6a10aff244bc8a62ed367981fb4d5d77f7bc093958ff46527499957da4934cd4b370cf76f72dd05fa80cdfb68c836fd81be7a58532e041a87f9222f157610a4bcdc05b2a55308c8e7568b90f7a338557e816a16972aea79dff5becefa6f9c5ce6c58fb38da9e7532dc53cfdc2e789b76f7d32aca1bfea2aa62621b78dded30fc07171866bf3d552900000000a32dda61eeda1750e157c2d569b9d08f583c0ee28daec2e8bb85f3c8e91c4448096ee953def18dc73e55cb30f9cd069d8780b00eaba382f0c3ae391c30a5f1b0f36dd0c2193b791995d2890327a10d7abac76d1202f72e97f0105184d7aaaab8d3e29c9a8d263f076b55cf53c5bb9c0662a3d19a6722d7f83ae4331d3256f90af0857788b380ccc3b266c418e66d1d756d5df6423dd0cea67bc235d3776d22270fc19301ead09f156893e9"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r2}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x24, 0x60000000}, 0x2c) 752.942481ms ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10) mincore(&(0x7f0000f0c000/0x3000)=nil, 0x0, &(0x7f0000afaf0a)=""/246) 673.935493ms ago: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2749baca85309be96d5a45bbb29ea06f9cbc7eea15bc1ee369d2707231280f0415df341ab76de90db5ff7ffffffd075b373f51be98db7efbbe8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c1f870adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcc2635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eacb4389adbb47efb7b3f19046c7f1bd1bf56e58555d96137f95b3aacd74ed1c8a8676468cf2405e48723c6b1ff3698422f88ffed8617dd64330f4c38ba86e3b50da03f4b1e4808aa5c9e9546d7190747c6abc5beab28cec4ff7faa3fab48cdb3d64cfd5d698416752a16f32a54ccef577832e4cf684fce2cb0bab7f6a5821b26483322000000000000596c6e1ac996b8a0924948750b6e52c09d53950e5c8143db8669f8a5bf6511df822532e3c78d019149651255048aab0399e5d6e317b6f3fbc2600ffc3c66c7244b7bcf6b78b5e8c0ee04ce344ceb084b4f2ef09b59a36a92b3874edc559e5bf58a567d385ba92df9121dfa257e60655dcbff581c75107b01b5baaf29ebaf24861c538fefcaecb52a6b69fc450e10645df60a9d50131466113c6aac5abbcf9e9f2f0384da3f9892af413bd87f51f7f0cf61096fd79327fa66effe89a72d7a75d40f0c1ad299f55eafcd52a39649ab6021e30f901933f11092"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106}, 0x18) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b8008000100", @ANYRES32=r2, @ANYBLOB="08001b"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) 542.313904ms ago: executing program 2: ioperm(0x0, 0x0, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) 489.896642ms ago: executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x4, 0x8, 0x8, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000bf080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x2a) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) 439.69319ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000001c0)=@base={0x5, 0x16, 0x8, 0x7f}, 0x48) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1f, 0x8, &(0x7f0000000240)=@framed={{0x18, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x19}, 0x90) 385.870078ms ago: executing program 0: mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x3, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) mount$binder(0x0, &(0x7f0000000700)='./file0\x00', &(0x7f0000000740), 0x0, 0x0) 370.307381ms ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 113.727601ms ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000e27b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r1}, 0x10) socketpair(0x0, 0x0, 0x0, &(0x7f00000006c0)) 108.886122ms ago: executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="82000000000000009b000040"]) 85.765866ms ago: executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000300)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56e, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0xff, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x0, "4db07630"}]}}, 0x0}, 0x0) 46.481212ms ago: executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0) linkat(r1, &(0x7f0000001180)='./file1\x00', r1, &(0x7f00000002c0)='./file0\x00', 0x0) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r3, &(0x7f00000003c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') r4 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) renameat2(r3, &(0x7f0000000500)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', r4, &(0x7f0000000580)='./file0\x00', 0x2) 0s ago: executing program 0: socket$can_bcm(0x1d, 0x2, 0x2) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0), 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_elf32(r0, &(0x7f0000000440)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3e, 0x0, 0x0, 0x38}}, 0x38) close(r0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) kernel console output (not intermixed with test programs): T1901] EXT4-fs error (device loop0): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.0: lblock 0 mapped to illegal pblock 16 (length 1) [ 87.137189][ T1901] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 87.147651][ T1901] EXT4-fs error (device loop0): ext4_dirty_inode:6074: inode #18: comm syz-executor.0: mark_inode_dirty error [ 87.161590][ T1901] EXT4-fs (loop0): unmounting filesystem. [ 87.212390][ T60] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 87.221681][ T60] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.242117][ T60] usb 5-1: Product: syz [ 87.251599][ T60] usb 5-1: Manufacturer: syz [ 87.260700][ T60] usb 5-1: SerialNumber: syz [ 87.276618][ T375] usb 4-1: USB disconnect, device number 5 [ 87.282848][ T375] ftdi_sio 4-1:0.0: device disconnected [ 87.372127][ T24] usb 2-1: descriptor type invalid, skip [ 87.377772][ T24] usb 2-1: descriptor type invalid, skip [ 87.383274][ T24] usb 2-1: descriptor type invalid, skip [ 87.445677][ T2366] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.452881][ T2366] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.454581][ T2364] loop2: detected capacity change from 0 to 40427 [ 87.460425][ T2366] device bridge_slave_0 entered promiscuous mode [ 87.468156][ T2364] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 87.474371][ T2366] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.480159][ T24] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 87.487247][ T2366] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.506765][ T2364] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 87.511419][ T6] usb 5-1: USB disconnect, device number 9 [ 87.518831][ T2366] device bridge_slave_1 entered promiscuous mode [ 87.528617][ T2364] F2FS-fs (loop2): Found nat_bits in checkpoint [ 87.573377][ T2364] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 87.580536][ T2364] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 87.644318][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 87.654799][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 87.672185][ T24] usb 2-1: New USB device found, idVendor=16c0, idProduct=05e1, bcdDevice= 0.40 [ 87.672789][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 87.682215][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.689640][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 87.697749][ T24] usb 2-1: Product: syz [ 87.705394][ T375] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.709101][ T24] usb 2-1: Manufacturer: syz [ 87.715818][ T375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.717395][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 87.732174][ T24] usb 2-1: SerialNumber: syz [ 87.735893][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 87.747998][ T375] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.754903][ T375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.761665][ T28] audit: type=1400 audit(1717639837.950:1873): avc: denied { connect } for pid=2377 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 87.762547][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 87.802008][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 87.802574][ T24] usbhid 2-1:1.0: couldn't find an input interrupt endpoint [ 87.813138][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 87.829361][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 87.838011][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 87.854059][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 87.862623][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 87.870947][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 87.879085][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 87.888318][ T43] device bridge_slave_1 left promiscuous mode [ 87.894817][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.903013][ T43] device bridge_slave_0 left promiscuous mode [ 87.909268][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.917465][ T43] device veth1_macvtap left promiscuous mode [ 87.923567][ T43] device veth0_vlan left promiscuous mode [ 87.995806][ T2385] overlayfs: unrecognized mount option "\group" or missing value [ 88.029503][ T39] usb 2-1: USB disconnect, device number 5 [ 88.039796][ T2366] device veth0_vlan entered promiscuous mode [ 88.047820][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 88.048179][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 88.062169][ T60] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 88.087660][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 88.099162][ T2366] device veth1_macvtap entered promiscuous mode [ 88.112352][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 88.123622][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 88.138613][ T2396] loop4: detected capacity change from 0 to 1024 [ 88.149272][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 88.157822][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 88.182521][ T2396] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 88.191044][ T2396] ext4 filesystem being mounted at /root/syzkaller-testdir2770912557/syzkaller.4VJuWR/90/file1 supports timestamps until 2038 (0x7fffffff) [ 88.207883][ T2396] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 88.235829][ T784] EXT4-fs (loop4): unmounting filesystem. [ 88.383332][ T28] audit: type=1326 audit(1717639838.580:1874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2423 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f039587cf69 code=0x0 [ 88.422110][ T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 88.433006][ T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 88.443222][ T60] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 88.452760][ T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.461748][ T60] usb 3-1: config 0 descriptor?? [ 88.533793][ T2437] device pim6reg1 entered promiscuous mode [ 88.943880][ T60] isku 0003:1E7D:319C.0006: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.2-1/input0 [ 89.042024][ T39] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 89.172101][ T60] isku 0003:1E7D:319C.0006: couldn't init struct isku_device [ 89.179562][ T60] isku 0003:1E7D:319C.0006: couldn't install keyboard [ 89.187880][ T60] isku: probe of 0003:1E7D:319C.0006 failed with error -32 [ 89.402073][ T39] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 89.413180][ T39] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 89.424097][ T39] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 89.433109][ T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.443301][ T39] usb 1-1: config 0 descriptor?? [ 89.792406][ T60] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 89.831552][ T591] usb 3-1: USB disconnect, device number 7 [ 89.914153][ T2492] loop3: detected capacity change from 0 to 512 [ 89.921632][ T28] kauditd_printk_skb: 26 callbacks suppressed [ 89.921649][ T28] audit: type=1326 audit(1717639840.110:1901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2489 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb7c387cf69 code=0x0 [ 89.928608][ T2492] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 89.958867][ T2492] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 89.967052][ T2492] System zones: 0-1, 15-15, 18-18, 34-34 [ 89.973064][ T2492] EXT4-fs (loop3): orphan cleanup on readonly fs [ 89.979369][ T2492] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 89.983936][ T39] hid-led 0003:27B8:01ED.0007: unbalanced delimiter at end of report description [ 89.988854][ T2492] EXT4-fs warning (device loop3): ext4_enable_quotas:6987: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 90.011856][ T2492] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 90.018559][ T2492] EXT4-fs error (device loop3): ext4_orphan_get:1422: comm syz-executor.3: bad orphan inode 16 [ 90.018819][ T39] hid-led: probe of 0003:27B8:01ED.0007 failed with error -22 [ 90.029175][ T2492] ext4_test_bit(bit=15, block=18) = 1 [ 90.041314][ T2492] is_bad_inode(inode)=0 [ 90.045223][ T2492] NEXT_ORPHAN(inode)=0 [ 90.049138][ T2492] max_ino=32 [ 90.052162][ T2492] i_nlink=2 [ 90.055147][ T2492] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 90.074426][ T333] EXT4-fs (loop3): unmounting filesystem. [ 90.101677][ T28] audit: type=1326 audit(1717639840.290:1902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2498 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f039587cf69 code=0x7ffc0000 [ 90.125717][ T28] audit: type=1326 audit(1717639840.300:1903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2498 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f039587cf69 code=0x7ffc0000 [ 90.149885][ T28] audit: type=1326 audit(1717639840.300:1904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2498 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f039587cf69 code=0x7ffc0000 [ 90.174558][ T28] audit: type=1326 audit(1717639840.300:1905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2498 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f039587cf69 code=0x7ffc0000 [ 90.182113][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 90.205416][ T6] usb 1-1: USB disconnect, device number 6 [ 90.216470][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 90.216928][ T28] audit: type=1326 audit(1717639840.370:1906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2498 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f039587cf69 code=0x7ffc0000 [ 90.227240][ T60] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 90.252099][ T28] audit: type=1326 audit(1717639840.370:1907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2498 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f039587a6e7 code=0x7ffc0000 [ 90.272626][ T60] usb 2-1: New USB device found, idVendor=11c2, idProduct=2208, bcdDevice= 0.00 [ 90.286113][ T28] audit: type=1326 audit(1717639840.370:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2498 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f03958403b9 code=0x7ffc0000 [ 90.310144][ T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.318761][ T28] audit: type=1326 audit(1717639840.370:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2498 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f039587a6e7 code=0x7ffc0000 [ 90.350761][ T60] usb 2-1: config 0 descriptor?? [ 90.373661][ T2504] device pim6reg1 entered promiscuous mode [ 90.722051][ T60] usbhid 2-1:0.0: can't add hid device: -71 [ 90.729298][ T60] usbhid: probe of 2-1:0.0 failed with error -71 [ 90.737326][ T60] usb 2-1: USB disconnect, device number 6 [ 90.795257][ T2533] netlink: 277 bytes leftover after parsing attributes in process `syz-executor.2'. [ 90.910589][ T2543] loop0: detected capacity change from 0 to 8192 [ 90.962527][ T2543] loop0: p1 p2 p3 p4 [ 90.966572][ T2543] loop0: p1 size 108922248 extends beyond EOD, truncated [ 90.975508][ T2543] loop0: p2 start 861536256 is beyond EOD, truncated [ 90.982206][ T2543] loop0: p3 start 851968 is beyond EOD, truncated [ 90.988786][ T2543] loop0: p4 size 65536 extends beyond EOD, truncated [ 91.000321][ C0] operation not supported error, dev loop0, sector 0 op 0x9:(WRITE_ZEROES) flags 0x8000800 phys_seg 0 prio class 2 [ 91.252193][ T354] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 91.334943][ T2570] loop0: detected capacity change from 0 to 1024 [ 91.384356][ T2570] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 91.541983][ T354] usb 4-1: Using ep0 maxpacket: 16 [ 91.662769][ T354] usb 4-1: config 0 has no interfaces? [ 91.745864][ T2582] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 91.757030][ T2582] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 91.900019][ T354] usb 4-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=7d.f9 [ 91.921492][ T354] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.965969][ T354] usb 4-1: Product: syz [ 91.988551][ T354] usb 4-1: Manufacturer: syz [ 92.012876][ T354] usb 4-1: SerialNumber: syz [ 92.040820][ T354] usb 4-1: config 0 descriptor?? [ 92.065460][ T2584] loop2: detected capacity change from 0 to 8192 [ 92.102468][ T2584] loop2: p1 p2 p3 p4 [ 92.106529][ T2584] loop2: p1 size 108922248 extends beyond EOD, truncated [ 92.118144][ T2584] loop2: p2 start 861536256 is beyond EOD, truncated [ 92.126637][ T2584] loop2: p3 start 851968 is beyond EOD, truncated [ 92.142325][ T2584] loop2: p4 size 65536 extends beyond EOD, truncated [ 92.154845][ C0] operation not supported error, dev loop2, sector 0 op 0x9:(WRITE_ZEROES) flags 0x8000800 phys_seg 0 prio class 2 [ 92.205371][ T2366] EXT4-fs (loop0): unmounting filesystem. [ 92.218872][ T2596] loop0: detected capacity change from 0 to 16 [ 92.227448][ T2596] erofs: (device loop0): mounted with root inode @ nid 36. [ 92.236177][ T47] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000] [ 92.253426][ T2596] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 92.255974][ T2598] loop2: detected capacity change from 0 to 256 [ 92.282805][ T2598] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 93.394042][ T2622] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.0'. [ 93.419840][ T2624] loop0: detected capacity change from 0 to 512 [ 93.430472][ T2624] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz-executor.0: invalid indirect mapped block 256 (level 2) [ 93.444453][ T2624] EXT4-fs (loop0): Remounting filesystem read-only [ 93.451084][ T2624] EXT4-fs (loop0): 2 truncates cleaned up [ 93.457091][ T2624] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 93.474654][ T2366] EXT4-fs (loop0): unmounting filesystem. [ 93.483671][ T354] usb 4-1: USB disconnect, device number 6 [ 93.588387][ T2612] exFAT-fs (loop2): hint_cluster is invalid (17) [ 93.595346][ T2612] exFAT-fs (loop2): error, invalid access to FAT (entry 0xffffffff) [ 93.603279][ T2612] exFAT-fs (loop2): Filesystem has been set read-only [ 93.609993][ T2612] exFAT-fs (loop2): error, invalid access to FAT (entry 0xffffffff) [ 93.624664][ T2631] loop0: detected capacity change from 0 to 512 [ 93.642970][ T2631] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 93.650695][ T2631] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 93.658803][ T2631] System zones: 0-1, 15-15, 18-18, 34-34 [ 93.664903][ T2631] EXT4-fs (loop0): orphan cleanup on readonly fs [ 93.671325][ T2631] EXT4-fs warning (device loop0): ext4_enable_quotas:6987: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 93.686180][ T2631] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 93.693014][ T2631] EXT4-fs error (device loop0): ext4_orphan_get:1422: comm syz-executor.0: bad orphan inode 16 [ 93.703699][ T2631] ext4_test_bit(bit=15, block=18) = 1 [ 93.709050][ T2631] is_bad_inode(inode)=0 [ 93.713076][ T2631] NEXT_ORPHAN(inode)=0 [ 93.716939][ T2631] max_ino=32 [ 93.719955][ T2631] i_nlink=2 [ 93.723001][ T2631] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 93.739286][ T2366] EXT4-fs (loop0): unmounting filesystem. [ 93.748852][ T60] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 94.027448][ T2662] loop3: detected capacity change from 0 to 512 [ 94.033703][ T39] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 94.052927][ T2662] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 94.060775][ T2662] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 94.068909][ T2662] System zones: 0-1, 15-15, 18-18, 34-34 [ 94.079451][ T2662] EXT4-fs (loop3): orphan cleanup on readonly fs [ 94.085899][ T2662] EXT4-fs warning (device loop3): ext4_enable_quotas:6987: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 94.100386][ T2662] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 94.107503][ T2662] EXT4-fs error (device loop3): ext4_orphan_get:1422: comm syz-executor.3: bad orphan inode 16 [ 94.118323][ T2662] ext4_test_bit(bit=15, block=18) = 1 [ 94.122091][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 94.123749][ T2662] is_bad_inode(inode)=0 [ 94.138414][ T2662] NEXT_ORPHAN(inode)=0 [ 94.142675][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 94.142690][ T2662] max_ino=32 [ 94.142709][ T2662] i_nlink=2 [ 94.142755][ T2662] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 94.152550][ T60] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 94.180053][ T60] usb 2-1: New USB device found, idVendor=11c2, idProduct=2208, bcdDevice= 0.00 [ 94.180386][ T333] EXT4-fs (loop3): unmounting filesystem. [ 94.189013][ T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.211213][ T60] usb 2-1: config 0 descriptor?? [ 94.287413][ T2687] loop2: detected capacity change from 0 to 256 [ 94.296898][ T2687] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 94.392116][ T39] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 94.403025][ T39] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 94.414970][ T39] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 94.436027][ T39] usb 1-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10 [ 94.452843][ T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.468320][ T39] usb 1-1: config 0 descriptor?? [ 94.503796][ T2708] loop2: detected capacity change from 0 to 16 [ 94.511598][ T2708] erofs: (device loop2): mounted with root inode @ nid 36. [ 94.521844][ T46] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000] [ 94.538976][ T2708] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 94.552511][ T375] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 94.603196][ T2717] loop4: detected capacity change from 0 to 1024 [ 94.611437][ T2717] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 94.620892][ T2717] EXT4-fs (loop4): orphan cleanup on readonly fs [ 94.628332][ T2717] EXT4-fs error (device loop4): ext4_map_blocks:721: inode #3: block 3: comm syz-executor.4: lblock 3 mapped to illegal pblock 3 (length 1) [ 94.643199][ T2717] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #3: block 3: comm syz-executor.4: lblock 3 mapped to illegal pblock 3 (length 1) [ 94.657808][ T2717] EXT4-fs error (device loop4): ext4_free_blocks:6197: comm syz-executor.4: Freeing blocks not in datazone - block = 0, count = 4096 [ 94.672351][ T2717] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #3: block 3: comm syz-executor.4: lblock 3 mapped to illegal pblock 3 (length 1) [ 94.687140][ T2717] EXT4-fs (loop4): 1 orphan inode deleted [ 94.699407][ T2717] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 94.716514][ T784] EXT4-fs (loop4): unmounting filesystem. [ 94.774794][ T2734] loop4: detected capacity change from 0 to 512 [ 94.792940][ T2734] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 94.800969][ T2734] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 94.808933][ T375] usb 4-1: Using ep0 maxpacket: 16 [ 94.814307][ T2734] System zones: 0-1, 15-15, 18-18, 34-34 [ 94.820504][ T2734] EXT4-fs (loop4): orphan cleanup on readonly fs [ 94.826930][ T2734] EXT4-fs warning (device loop4): ext4_enable_quotas:6987: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 94.841483][ T2734] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 94.848278][ T2734] EXT4-fs error (device loop4): ext4_orphan_get:1422: comm syz-executor.4: bad orphan inode 16 [ 94.859037][ T2734] ext4_test_bit(bit=15, block=18) = 1 [ 94.864428][ T2734] is_bad_inode(inode)=0 [ 94.868471][ T2734] NEXT_ORPHAN(inode)=0 [ 94.872501][ T2734] max_ino=32 [ 94.875583][ T2734] i_nlink=2 [ 94.878599][ T2734] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 94.896467][ T784] EXT4-fs (loop4): unmounting filesystem. [ 94.942072][ T375] usb 4-1: config 0 has no interfaces? [ 95.003339][ T39] prodikeys 0003:041E:2801.0008: unknown main item tag 0x0 [ 95.014924][ T39] prodikeys 0003:041E:2801.0008: unknown main item tag 0x0 [ 95.029915][ T39] prodikeys 0003:041E:2801.0008: unknown main item tag 0x0 [ 95.044758][ T39] prodikeys 0003:041E:2801.0008: unknown main item tag 0x0 [ 95.051836][ T39] prodikeys 0003:041E:2801.0008: unknown main item tag 0x0 [ 95.074038][ T39] prodikeys 0003:041E:2801.0008: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.0-1/input0 [ 95.399488][ T375] usb 4-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=7d.f9 [ 95.408555][ T375] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.415476][ T39] usb 1-1: USB disconnect, device number 7 [ 95.416443][ T375] usb 4-1: Product: syz [ 95.426295][ T375] usb 4-1: Manufacturer: syz [ 95.430922][ T375] usb 4-1: SerialNumber: syz [ 95.436267][ T375] usb 4-1: config 0 descriptor?? [ 95.530329][ T2752] SELinux: Context system_u:object_r:systemd_notify_exec_t:s0 is not valid (left unmapped). [ 95.540838][ T28] kauditd_printk_skb: 111 callbacks suppressed [ 95.540871][ T28] audit: type=1400 audit(1717639845.730:2013): avc: denied { relabelto } for pid=2751 comm="syz-executor.1" name="file0" dev="sda1" ino=1968 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_notify_exec_t:s0" [ 95.574685][ T60] usbhid 2-1:0.0: can't add hid device: -71 [ 95.581250][ T60] usbhid: probe of 2-1:0.0 failed with error -71 [ 95.595483][ T60] usb 2-1: USB disconnect, device number 7 [ 95.660500][ T28] audit: type=1400 audit(1717639845.850:2014): avc: denied { rmdir } for pid=1998 comm="syz-executor.1" name="file0" dev="sda1" ino=1968 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_notify_exec_t:s0" [ 96.000551][ T28] audit: type=1400 audit(1717639846.190:2015): avc: denied { bind } for pid=2758 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 96.020709][ T28] audit: type=1400 audit(1717639846.190:2016): avc: denied { write } for pid=2758 comm="syz-executor.0" path="socket:[26185]" dev="sockfs" ino=26185 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 96.052106][ T60] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 96.060519][ T375] usb 4-1: USB disconnect, device number 7 [ 96.292010][ T60] usb 2-1: Using ep0 maxpacket: 8 [ 96.412088][ T60] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 96.422981][ T60] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 96.432181][ T60] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 96.450042][ T60] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 96.467579][ T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.501157][ T2771] loop2: detected capacity change from 0 to 256 [ 96.510401][ T2771] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 96.522719][ T60] hub 2-1:1.0: bad descriptor, ignoring hub [ 96.528427][ T60] hub: probe of 2-1:1.0 failed with error -5 [ 96.537380][ T60] cdc_wdm 2-1:1.0: skipping garbage [ 96.547134][ T60] cdc_wdm 2-1:1.0: skipping garbage [ 96.554437][ T60] cdc_wdm: probe of 2-1:1.0 failed with error -22 [ 96.653597][ T2782] loop3: detected capacity change from 0 to 16 [ 96.660676][ T2782] erofs: (device loop3): mounted with root inode @ nid 36. [ 96.669427][ T46] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000] [ 96.686217][ T2782] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 96.832053][ T591] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 96.842288][ T60] usb 2-1: USB disconnect, device number 8 [ 96.992069][ T39] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 97.072059][ T591] usb 3-1: Using ep0 maxpacket: 32 [ 97.192132][ T591] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.202950][ T591] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 97.352205][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.363059][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 97.372795][ T39] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 97.382027][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.390509][ T39] usb 4-1: config 0 descriptor?? [ 97.452076][ T591] usb 3-1: string descriptor 0 read error: -22 [ 97.458261][ T591] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.40 [ 97.467284][ T591] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.513057][ T591] usbhid 3-1:1.0: can't add hid device: -22 [ 97.518987][ T591] usbhid: probe of 3-1:1.0 failed with error -22 [ 97.715254][ T591] usb 3-1: USB disconnect, device number 8 [ 97.839730][ T2799] loop0: detected capacity change from 0 to 256 [ 97.848889][ T2799] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 97.862393][ T39] isku 0003:1E7D:319C.0009: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.3-1/input0 [ 97.905235][ T2805] loop0: detected capacity change from 0 to 2048 [ 97.924222][ T2805] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 97.935941][ T2805] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 136: padding at end of block bitmap is not set [ 98.072073][ T39] isku 0003:1E7D:319C.0009: couldn't init struct isku_device [ 98.079530][ T39] isku 0003:1E7D:319C.0009: couldn't install keyboard [ 98.086667][ T39] isku: probe of 0003:1E7D:319C.0009 failed with error -32 [ 98.568166][ T591] usb 4-1: USB disconnect, device number 8 [ 98.591335][ T2830] loop3: detected capacity change from 0 to 256 [ 98.600972][ T2830] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 98.737145][ T2366] EXT4-fs (loop0): unmounting filesystem. [ 99.022030][ T591] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 99.052015][ T375] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 99.189915][ T2853] loop2: detected capacity change from 0 to 16 [ 99.217141][ T2853] erofs: (device loop2): mounted with root inode @ nid 36. [ 99.226518][ T46] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000] [ 99.242445][ T2853] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 99.262068][ T591] usb 4-1: Using ep0 maxpacket: 16 [ 99.382112][ T591] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 99.442250][ T375] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.453367][ T375] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.462958][ T375] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 99.472135][ T375] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.480500][ T375] usb 1-1: config 0 descriptor?? [ 99.485327][ T354] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 99.552096][ T591] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 99.561072][ T591] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.568992][ T591] usb 4-1: Product: syz [ 99.572971][ T591] usb 4-1: Manufacturer: syz [ 99.577357][ T591] usb 4-1: SerialNumber: syz [ 99.825780][ T19] usb 4-1: USB disconnect, device number 9 [ 99.882097][ T354] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.892962][ T354] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.902553][ T354] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 99.911346][ T354] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.919844][ T354] usb 5-1: config 0 descriptor?? [ 100.137123][ T2863] loop2: detected capacity change from 0 to 2048 [ 100.153865][ T2863] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 100.165225][ T2863] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 136: padding at end of block bitmap is not set [ 100.222132][ T375] usb 1-1: string descriptor 0 read error: -71 [ 100.242106][ T375] uclogic 0003:256C:006D.000A: failed retrieving string descriptor #200: -71 [ 100.251148][ T375] uclogic 0003:256C:006D.000A: failed retrieving pen parameters: -71 [ 100.259040][ T375] uclogic 0003:256C:006D.000A: failed probing pen v2 parameters: -71 [ 100.266940][ T375] uclogic 0003:256C:006D.000A: failed probing parameters: -71 [ 100.274201][ T375] uclogic: probe of 0003:256C:006D.000A failed with error -71 [ 100.282276][ T375] usb 1-1: USB disconnect, device number 8 [ 100.403903][ T354] isku 0003:1E7D:319C.000B: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.4-1/input0 [ 100.622883][ T354] isku 0003:1E7D:319C.000B: couldn't init struct isku_device [ 100.630130][ T354] isku 0003:1E7D:319C.000B: couldn't install keyboard [ 100.637824][ T354] isku: probe of 0003:1E7D:319C.000B failed with error -32 [ 100.971594][ T2325] EXT4-fs (loop2): unmounting filesystem. [ 101.109640][ T354] usb 5-1: USB disconnect, device number 10 [ 101.141663][ T2899] loop4: detected capacity change from 0 to 256 [ 101.151080][ T2899] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 101.412037][ T375] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 101.642030][ T354] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 101.662142][ T375] usb 1-1: Using ep0 maxpacket: 8 [ 101.782075][ T375] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 101.792020][ T375] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 101.800662][ T375] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 101.810230][ T375] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 101.819084][ T375] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.862542][ T375] hub 1-1:1.0: bad descriptor, ignoring hub [ 101.868281][ T375] hub: probe of 1-1:1.0 failed with error -5 [ 101.874261][ T375] cdc_wdm 1-1:1.0: skipping garbage [ 101.879275][ T375] cdc_wdm 1-1:1.0: skipping garbage [ 101.884359][ T375] cdc_wdm: probe of 1-1:1.0 failed with error -22 [ 101.945760][ T2913] loop2: detected capacity change from 0 to 2048 [ 101.963613][ T2913] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 101.974914][ T2913] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 136: padding at end of block bitmap is not set [ 102.012177][ T354] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 102.023120][ T354] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.032686][ T354] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10 [ 102.043561][ T354] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 102.053060][ T354] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 102.065747][ T354] usb 5-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 102.074642][ T354] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.083084][ T354] usb 5-1: config 0 descriptor?? [ 102.182099][ T39] usb 1-1: USB disconnect, device number 9 [ 102.562881][ T354] ntrig 0003:1B96:000A.000C: unknown main item tag 0x0 [ 102.569679][ T354] ntrig 0003:1B96:000A.000C: unknown main item tag 0x0 [ 102.576533][ T354] ntrig 0003:1B96:000A.000C: unknown main item tag 0x0 [ 102.583537][ T354] ntrig 0003:1B96:000A.000C: unknown main item tag 0x0 [ 102.590273][ T354] ntrig 0003:1B96:000A.000C: unknown main item tag 0x0 [ 102.598013][ T354] ntrig 0003:1B96:000A.000C: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.4-1/input0 [ 102.780465][ T2325] EXT4-fs (loop2): unmounting filesystem. [ 102.904471][ T354] usb 5-1: USB disconnect, device number 11 [ 103.785103][ T2952] loop0: detected capacity change from 0 to 512 [ 103.803924][ T28] audit: type=1326 audit(1717639854.000:2017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2953 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb7c387cf69 code=0x0 [ 103.804716][ T2944] loop4: detected capacity change from 0 to 40427 [ 103.829871][ T2952] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 103.837037][ T2944] F2FS-fs (loop4): Found nat_bits in checkpoint [ 103.842759][ T2952] ext4 filesystem being mounted at /root/syzkaller-testdir3478134992/syzkaller.ZRKv4P/53/file0 supports timestamps until 2038 (0x7fffffff) [ 103.879847][ T2944] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 103.891674][ T2366] EXT4-fs (loop0): unmounting filesystem. [ 103.899619][ T2944] syz-executor.4: attempt to access beyond end of device [ 103.899619][ T2944] loop4: rw=10241, sector=53248, nr_sectors = 8 limit=40427 [ 103.918132][ T784] syz-executor.4: attempt to access beyond end of device [ 103.918132][ T784] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 103.932025][ T39] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 103.995907][ T2969] loop0: detected capacity change from 0 to 512 [ 104.009624][ T2971] loop4: detected capacity change from 0 to 512 [ 104.015713][ T2969] Quota error (device loop0): do_check_range: Getting dqdh_entries 1536 out of range 0-14 [ 104.016888][ T2971] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities [ 104.026002][ T2969] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 104.044832][ T2969] EXT4-fs (loop0): 1 truncate cleaned up [ 104.050361][ T2969] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 104.059259][ T2969] ext4 filesystem being mounted at /root/syzkaller-testdir3478134992/syzkaller.ZRKv4P/57/file0 supports timestamps until 2038 (0x7fffffff) [ 104.084285][ T2366] EXT4-fs (loop0): unmounting filesystem. [ 104.112780][ T28] audit: type=1400 audit(1717639854.310:2018): avc: denied { listen } for pid=2970 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 104.116230][ T2971] loop4: detected capacity change from 0 to 128 [ 104.143747][ T28] audit: type=1400 audit(1717639854.340:2019): avc: denied { nnp_transition } for pid=2970 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process2 permissive=1 [ 104.164743][ T28] audit: type=1400 audit(1717639854.340:2020): avc: denied { transition } for pid=2970 comm="syz-executor.4" path="/root/syzkaller-testdir2770912557/syzkaller.4VJuWR/130/file2" dev="sda1" ino=1961 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1 [ 104.193574][ T28] audit: type=1400 audit(1717639854.340:2021): avc: denied { entrypoint } for pid=2970 comm="syz-executor.4" path="/root/syzkaller-testdir2770912557/syzkaller.4VJuWR/130/file2" dev="sda1" ino=1961 scontext=system_u:object_r:hugetlbfs_t tcontext=root:object_r:user_home_t tclass=file permissive=1 [ 104.222233][ T28] audit: type=1400 audit(1717639854.340:2022): avc: denied { noatsecure } for pid=2970 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1 [ 104.322137][ T39] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 104.333032][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.343793][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.353369][ T39] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 104.366661][ T39] usb 4-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 104.375877][ T60] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 104.383514][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.425829][ T39] usb 4-1: config 0 descriptor?? [ 104.752065][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 104.770187][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.791990][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10 [ 104.809369][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 104.818932][ T60] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 104.831624][ T60] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 104.840433][ T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.848823][ T60] usb 1-1: config 0 descriptor?? [ 104.982959][ T39] elecom 0003:056E:00FE.000D: unknown main item tag 0x0 [ 104.990571][ T39] elecom 0003:056E:00FE.000D: hidraw0: USB HID v0.00 Device [HID 056e:00fe] on usb-dummy_hcd.3-1/input0 [ 105.183658][ T354] usb 4-1: USB disconnect, device number 10 [ 105.183965][ T2992] loop4: detected capacity change from 0 to 512 [ 105.203865][ T2992] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 105.212900][ T2992] ext4 filesystem being mounted at /root/syzkaller-testdir2770912557/syzkaller.4VJuWR/135/file0 supports timestamps until 2038 (0x7fffffff) [ 105.243194][ T784] EXT4-fs (loop4): unmounting filesystem. [ 105.333080][ T60] ntrig 0003:1B96:000A.000E: unknown main item tag 0x0 [ 105.339837][ T60] ntrig 0003:1B96:000A.000E: unknown main item tag 0x0 [ 105.346675][ T60] ntrig 0003:1B96:000A.000E: unknown main item tag 0x0 [ 105.353504][ T60] ntrig 0003:1B96:000A.000E: unknown main item tag 0x0 [ 105.360314][ T60] ntrig 0003:1B96:000A.000E: unknown main item tag 0x0 [ 105.374289][ T60] ntrig 0003:1B96:000A.000E: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.0-1/input0 [ 105.377942][ T2996] loop4: detected capacity change from 0 to 40427 [ 105.395227][ T2996] F2FS-fs (loop4): Found nat_bits in checkpoint [ 105.420393][ T2996] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 105.436914][ T2996] syz-executor.4: attempt to access beyond end of device [ 105.436914][ T2996] loop4: rw=10241, sector=53248, nr_sectors = 8 limit=40427 [ 105.456391][ T784] syz-executor.4: attempt to access beyond end of device [ 105.456391][ T784] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 105.552306][ T3009] loop4: detected capacity change from 0 to 256 [ 105.561530][ T3009] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 105.643320][ T60] usb 1-1: USB disconnect, device number 10 [ 105.653537][ T3016] loop2: detected capacity change from 0 to 512 [ 105.661726][ T3016] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 105.936142][ T3017] exFAT-fs (loop4): hint_cluster is invalid (17) [ 105.942882][ T3017] exFAT-fs (loop4): error, invalid access to FAT (entry 0xffffffff) [ 105.950749][ T3017] exFAT-fs (loop4): Filesystem has been set read-only [ 105.957402][ T3017] exFAT-fs (loop4): error, invalid access to FAT (entry 0xffffffff) [ 106.001427][ T3016] loop2: detected capacity change from 0 to 128 [ 106.465872][ T28] audit: type=1400 audit(1717639856.660:2023): avc: denied { getopt } for pid=3032 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 106.525709][ T3044] loop0: detected capacity change from 0 to 512 [ 106.533394][ T3044] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 106.544277][ T3044] EXT4-fs (loop0): orphan cleanup on readonly fs [ 106.551300][ T3044] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 248: padding at end of block bitmap is not set [ 106.566438][ T3044] Quota error (device loop0): write_blk: dquota write failed [ 106.569627][ T3047] loop2: detected capacity change from 0 to 512 [ 106.574560][ T3044] EXT4-fs (loop0): 1 truncate cleaned up [ 106.595530][ T3047] EXT4-fs (loop2): 1 truncate cleaned up [ 106.599646][ T3044] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 106.601255][ T3047] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 106.632801][ T3047] EXT4-fs warning (device loop2): ext4_rename_delete:3735: inode #2: comm syz-executor.2: Deleting old file: nlink 5, error=-2 [ 106.637939][ T3044] EXT4-fs error (device loop0): __ext4_remount:6412: comm syz-executor.0: Abort forced by user [ 106.672539][ T3044] syz-executor.0 (3044) used greatest stack depth: 20008 bytes left [ 106.680881][ T2325] EXT4-fs (loop2): unmounting filesystem. [ 106.700805][ T2366] EXT4-fs (loop0): unmounting filesystem. [ 106.740008][ T3058] loop0: detected capacity change from 0 to 256 [ 106.749958][ T3058] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 107.182133][ T3062] exFAT-fs (loop0): hint_cluster is invalid (17) [ 107.188820][ T3062] exFAT-fs (loop0): error, invalid access to FAT (entry 0xffffffff) [ 107.196808][ T3062] exFAT-fs (loop0): Filesystem has been set read-only [ 107.203462][ T3062] exFAT-fs (loop0): error, invalid access to FAT (entry 0xffffffff) [ 107.227481][ T3077] loop2: detected capacity change from 0 to 512 [ 107.242289][ T3077] EXT4-fs (loop2): 1 truncate cleaned up [ 107.247843][ T3077] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 107.260582][ T3077] EXT4-fs warning (device loop2): ext4_rename_delete:3735: inode #2: comm syz-executor.2: Deleting old file: nlink 5, error=-2 [ 107.279823][ T2325] EXT4-fs (loop2): unmounting filesystem. [ 107.305506][ T3080] loop2: detected capacity change from 0 to 512 [ 107.326866][ T3080] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 107.335822][ T3080] ext4 filesystem being mounted at /root/syzkaller-testdir1115516532/syzkaller.74J6Nh/86/file0 supports timestamps until 2038 (0x7fffffff) [ 107.359236][ T3086] incfs: Can't find or create .index dir in ./file0 [ 107.366001][ T3086] incfs: mount failed -14 [ 107.432364][ T2325] EXT4-fs (loop2): unmounting filesystem. [ 107.804203][ T3102] request_module fs-rpc_pipefs succeeded, but still no fs? [ 108.293020][ T3119] incfs: Can't find or create .index dir in ./file0 [ 108.309510][ T3119] incfs: mount failed -14 [ 108.339942][ T3123] loop4: detected capacity change from 0 to 256 [ 108.367994][ T3123] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 109.010244][ T3113] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 109.359197][ T3113] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 109.383516][ T3126] exFAT-fs (loop4): hint_cluster is invalid (17) [ 109.390606][ T3126] exFAT-fs (loop4): error, invalid access to FAT (entry 0xffffffff) [ 109.398889][ T3126] exFAT-fs (loop4): Filesystem has been set read-only [ 109.405791][ T3126] exFAT-fs (loop4): error, invalid access to FAT (entry 0xffffffff) [ 109.414075][ T3121] loop3: detected capacity change from 0 to 40427 [ 109.423909][ T3121] F2FS-fs (loop3): Found nat_bits in checkpoint [ 109.436900][ T3129] device pim6reg1 entered promiscuous mode [ 109.456788][ T3121] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 109.476368][ T3121] syz-executor.3: attempt to access beyond end of device [ 109.476368][ T3121] loop3: rw=10241, sector=53248, nr_sectors = 8 limit=40427 [ 109.517693][ T333] syz-executor.3: attempt to access beyond end of device [ 109.517693][ T333] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 109.635731][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 109.635750][ T28] audit: type=1400 audit(1717639859.830:2029): avc: denied { write } for pid=3152 comm="syz-executor.2" path="socket:[29063]" dev="sockfs" ino=29063 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 109.672942][ T28] audit: type=1326 audit(1717639859.860:2030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3142 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7feb3827a6e7 code=0x7ffc0000 [ 109.705127][ T28] audit: type=1326 audit(1717639859.860:2031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3142 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feb382403b9 code=0x7ffc0000 [ 109.731063][ T28] audit: type=1326 audit(1717639859.860:2032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3142 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb3827cf69 code=0x7ffc0000 [ 109.755741][ T3157] loop4: detected capacity change from 0 to 512 [ 109.762166][ T28] audit: type=1326 audit(1717639859.860:2033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3142 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7feb3827a6e7 code=0x7ffc0000 [ 109.787561][ T3157] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 109.796353][ T28] audit: type=1326 audit(1717639859.860:2034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3142 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feb382403b9 code=0x7ffc0000 [ 109.821351][ T3157] EXT4-fs (loop4): orphan cleanup on readonly fs [ 109.828471][ T3157] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 248: padding at end of block bitmap is not set [ 109.842652][ T28] audit: type=1326 audit(1717639859.860:2035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3142 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7feb3827cf69 code=0x7ffc0000 [ 109.843535][ T3157] Quota error (device loop4): write_blk: dquota write failed [ 109.874162][ T3157] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 109.886736][ T3157] EXT4-fs (loop4): 1 truncate cleaned up [ 109.905355][ T28] audit: type=1326 audit(1717639859.860:2036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3142 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7feb3827a6e7 code=0x7ffc0000 [ 110.407980][ T3160] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 110.419081][ T3160] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 110.422127][ T3157] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 110.456533][ T3157] EXT4-fs error (device loop4): __ext4_remount:6412: comm syz-executor.4: Abort forced by user [ 110.473237][ T3155] loop2: detected capacity change from 0 to 40427 [ 110.482434][ T784] EXT4-fs (loop4): unmounting filesystem. [ 110.494098][ T3155] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 110.502755][ T3155] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 110.513226][ T3168] loop4: detected capacity change from 0 to 256 [ 110.521336][ T3155] F2FS-fs (loop2): invalid crc value [ 110.541901][ T3168] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 110.548873][ T3170] device pim6reg1 entered promiscuous mode [ 110.578693][ T3155] F2FS-fs (loop2): Found nat_bits in checkpoint [ 110.687627][ T3155] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 110.699753][ T3155] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 110.704310][ T3166] loop0: detected capacity change from 0 to 40427 [ 110.980044][ T3174] exFAT-fs (loop4): hint_cluster is invalid (17) [ 110.983486][ T3166] F2FS-fs (loop0): Found nat_bits in checkpoint [ 110.994502][ T3174] exFAT-fs (loop4): error, invalid access to FAT (entry 0xffffffff) [ 111.002920][ T3174] exFAT-fs (loop4): Filesystem has been set read-only [ 111.009617][ T3174] exFAT-fs (loop4): error, invalid access to FAT (entry 0xffffffff) [ 111.029165][ T3155] syz-executor.2: attempt to access beyond end of device [ 111.029165][ T3155] loop2: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 111.043535][ T3166] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 111.066075][ T372] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 111.076853][ T3166] syz-executor.0: attempt to access beyond end of device [ 111.076853][ T3166] loop0: rw=10241, sector=53248, nr_sectors = 8 limit=40427 [ 111.077649][ T372] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 111.101148][ T2366] syz-executor.0: attempt to access beyond end of device [ 111.101148][ T2366] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 111.402364][ T3207] device pim6reg1 entered promiscuous mode [ 111.461996][ T524] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 112.015786][ T24] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 112.091981][ T524] usb 4-1: Using ep0 maxpacket: 16 [ 112.100715][ T3214] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=3214 comm=syz-executor.4 [ 112.114221][ T3214] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2571 sclass=netlink_route_socket pid=3214 comm=syz-executor.4 [ 112.131267][ T3214] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 112.242090][ T524] usb 4-1: config 0 has no interfaces? [ 112.382057][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 112.392067][ T24] usb 3-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 112.401056][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.409744][ T24] usb 3-1: config 0 descriptor?? [ 112.422104][ T524] usb 4-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=7d.f9 [ 112.430973][ T524] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.438834][ T524] usb 4-1: Product: syz [ 112.442771][ T524] usb 4-1: Manufacturer: syz [ 112.447378][ T524] usb 4-1: SerialNumber: syz [ 112.452454][ T24] usb-storage 3-1:0.0: USB Mass Storage device detected [ 112.452690][ T524] usb 4-1: config 0 descriptor?? [ 112.465178][ T24] usb-storage 3-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 112.488340][ T3232] loop4: detected capacity change from 0 to 512 [ 112.496924][ T3232] EXT4-fs (loop4): 1 truncate cleaned up [ 112.502606][ T3232] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 112.516189][ T3232] EXT4-fs warning (device loop4): ext4_rename_delete:3735: inode #2: comm syz-executor.4: Deleting old file: nlink 5, error=-2 [ 112.529553][ T19] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 112.542154][ T784] EXT4-fs (loop4): unmounting filesystem. [ 112.571349][ T3240] loop4: detected capacity change from 0 to 512 [ 112.578366][ T3240] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities [ 112.629026][ T3240] loop4: detected capacity change from 0 to 128 [ 112.952155][ T19] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 112.962390][ T19] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 113.042122][ T19] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 113.051078][ T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 113.058975][ T19] usb 1-1: SerialNumber: syz [ 113.083095][ T524] usb 4-1: USB disconnect, device number 11 [ 113.332713][ T19] usb 1-1: 0:2 : does not exist [ 113.337507][ T19] usb 1-1: unit 5: unexpected type 0x03 [ 113.344161][ T19] usb 1-1: USB disconnect, device number 11 [ 113.604297][ T3248] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=3248 comm=syz-executor.3 [ 113.617261][ T3248] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2571 sclass=netlink_route_socket pid=3248 comm=syz-executor.3 [ 113.634098][ T3248] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 113.941994][ T24] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 114.291911][ T60] usb 3-1: USB disconnect, device number 9 [ 114.302065][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.325217][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.355301][ T24] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 114.372662][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.392462][ T24] usb 4-1: config 0 descriptor?? [ 114.867834][ T3294] netlink: 'syz-executor.2': attribute type 5 has an invalid length. [ 114.876974][ T24] hid-led 0003:27B8:01ED.000F: unbalanced delimiter at end of report description [ 114.886365][ T3294] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 114.894536][ T24] hid-led: probe of 0003:27B8:01ED.000F failed with error -22 [ 114.902001][ T3294] netlink: 'syz-executor.2': attribute type 5 has an invalid length. [ 114.910636][ T3294] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 114.918599][ T3294] netlink: 328 bytes leftover after parsing attributes in process `syz-executor.2'. [ 114.937789][ T3296] loop2: detected capacity change from 0 to 512 [ 114.944645][ T3296] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 114.972046][ T19] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 115.008639][ T3296] loop2: detected capacity change from 0 to 128 [ 115.080022][ T375] usb 4-1: USB disconnect, device number 12 [ 115.352105][ T19] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 115.366567][ T19] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 115.380697][ T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.396022][ T19] usb 1-1: config 0 descriptor?? [ 115.442565][ T19] usb-storage 1-1:0.0: USB Mass Storage device detected [ 115.462437][ T19] usb-storage 1-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 115.598947][ T3315] kvm [3314]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0x10df00000800 [ 116.395771][ T3335] loop2: detected capacity change from 0 to 512 [ 116.417671][ T3335] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 116.465785][ T28] kauditd_printk_skb: 7510 callbacks suppressed [ 116.465803][ T28] audit: type=1326 audit(1717639866.660:9547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3342 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb6d007cf69 code=0x0 [ 116.535122][ T3335] loop2: detected capacity change from 0 to 128 [ 116.610418][ T28] audit: type=1326 audit(1717639866.800:9548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb7c387a6e7 code=0x7ffc0000 [ 116.635581][ T28] audit: type=1326 audit(1717639866.800:9549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb7c38403b9 code=0x7ffc0000 [ 116.659473][ T28] audit: type=1326 audit(1717639866.800:9550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7c387cf69 code=0x7ffc0000 [ 116.683568][ T28] audit: type=1326 audit(1717639866.800:9551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb7c387a6e7 code=0x7ffc0000 [ 116.707565][ T28] audit: type=1326 audit(1717639866.800:9552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb7c38403b9 code=0x7ffc0000 [ 116.731438][ T28] audit: type=1326 audit(1717639866.800:9553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fb7c387cf69 code=0x7ffc0000 [ 116.755245][ T28] audit: type=1326 audit(1717639866.800:9554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb7c387a6e7 code=0x7ffc0000 [ 116.779748][ T28] audit: type=1326 audit(1717639866.800:9555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb7c38403b9 code=0x7ffc0000 [ 116.803645][ T28] audit: type=1326 audit(1717639866.800:9556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7c387cf69 code=0x7ffc0000 [ 116.828248][ T24] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 117.202052][ T24] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 117.219760][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.241453][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.261226][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 117.287748][ T24] usb 4-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 117.310075][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.326793][ T24] usb 4-1: config 0 descriptor?? [ 117.650658][ T19] usb 1-1: USB disconnect, device number 12 [ 117.708853][ T3359] kvm [3358]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0x10df00000800 [ 117.813142][ T24] elecom 0003:056E:00FE.0010: unknown main item tag 0x0 [ 117.824776][ T24] elecom 0003:056E:00FE.0010: hidraw0: USB HID v0.00 Device [HID 056e:00fe] on usb-dummy_hcd.3-1/input0 [ 118.015838][ T524] usb 4-1: USB disconnect, device number 13 [ 118.539609][ T3378] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3378 comm=syz-executor.3 [ 118.653984][ T3382] loop4: detected capacity change from 0 to 256 [ 118.664357][ T3382] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 119.060739][ T3386] exFAT-fs (loop4): hint_cluster is invalid (17) [ 119.067852][ T3386] exFAT-fs (loop4): error, invalid access to FAT (entry 0xffffffff) [ 119.075770][ T3386] exFAT-fs (loop4): Filesystem has been set read-only [ 119.082337][ T3386] exFAT-fs (loop4): error, invalid access to FAT (entry 0xffffffff) [ 119.333198][ T3391] incfs: Can't find or create .index dir in ./file0 [ 119.339777][ T3391] incfs: mount failed -14 [ 119.832064][ T19] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 120.232071][ T19] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 120.248500][ T19] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 120.268076][ T19] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10 [ 120.307194][ T19] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 120.336440][ T19] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 120.351520][ T3410] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 120.362386][ T3410] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 120.380126][ T19] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 120.399342][ T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.416278][ T19] usb 1-1: config 0 descriptor?? [ 120.541389][ T3419] netlink: 'syz-executor.2': attribute type 5 has an invalid length. [ 120.569965][ T3419] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 120.591515][ T3419] netlink: 'syz-executor.2': attribute type 5 has an invalid length. [ 120.606351][ T3419] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 120.620101][ T3419] netlink: 328 bytes leftover after parsing attributes in process `syz-executor.2'. [ 120.893049][ T19] ntrig 0003:1B96:000A.0011: unknown main item tag 0x0 [ 120.899803][ T19] ntrig 0003:1B96:000A.0011: unknown main item tag 0x0 [ 120.909441][ T3428] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3428 comm=syz-executor.4 [ 120.913194][ T19] ntrig 0003:1B96:000A.0011: unknown main item tag 0x0 [ 120.937491][ T19] ntrig 0003:1B96:000A.0011: unknown main item tag 0x0 [ 120.949396][ T19] ntrig 0003:1B96:000A.0011: unknown main item tag 0x0 [ 120.963955][ T19] ntrig 0003:1B96:000A.0011: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.0-1/input0 [ 121.243826][ T19] usb 1-1: USB disconnect, device number 13 [ 121.289139][ T3439] loop2: detected capacity change from 0 to 256 [ 121.309104][ T3439] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 122.133191][ T3450] fuse: Bad value for 'fd' [ 123.256837][ T3458] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 123.269879][ T3458] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 123.278038][ T3458] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 123.286668][ T3458] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 123.294809][ T3458] netlink: 328 bytes leftover after parsing attributes in process `syz-executor.4'. [ 123.592972][ T3462] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 123.746944][ T3460] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 123.932118][ T28] kauditd_printk_skb: 3461 callbacks suppressed [ 123.932135][ T28] audit: type=1400 audit(1717639874.120:13018): avc: denied { mounton } for pid=3471 comm="syz-executor.1" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 124.111286][ T3471] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.129172][ T3471] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.154771][ T3471] device bridge_slave_0 entered promiscuous mode [ 124.174040][ T3471] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.196159][ T3471] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.218792][ T3471] device bridge_slave_1 entered promiscuous mode [ 124.352043][ T375] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 124.431848][ T3475] loop0: detected capacity change from 0 to 40427 [ 124.441879][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 124.449487][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 124.458657][ T3475] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 124.478060][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 124.487553][ T3475] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 124.496030][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 124.504965][ T3475] F2FS-fs (loop0): invalid crc value [ 124.510540][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.517433][ T354] bridge0: port 1(bridge_slave_0) entered forwarding state [ 124.525355][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 124.533786][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 124.534290][ T3475] F2FS-fs (loop0): Found nat_bits in checkpoint [ 124.542022][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.554545][ T354] bridge0: port 2(bridge_slave_1) entered forwarding state [ 124.573871][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 124.581569][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 124.589626][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 124.614931][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 124.624189][ T3490] loop2: detected capacity change from 0 to 512 [ 124.633011][ T3471] device veth0_vlan entered promiscuous mode [ 124.641493][ T3490] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 124.642229][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 124.670600][ T3475] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 124.678313][ T3475] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 124.688050][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 124.695746][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 124.705217][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 124.727486][ T3471] device veth1_macvtap entered promiscuous mode [ 124.742312][ T375] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.744583][ T3490] loop2: detected capacity change from 0 to 128 [ 124.753825][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 124.769008][ T3475] syz-executor.0: attempt to access beyond end of device [ 124.769008][ T3475] loop0: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 124.783872][ T375] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 124.794098][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 124.802155][ T375] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 124.811832][ T375] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.822368][ T821] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 124.823792][ T375] usb 4-1: config 0 descriptor?? [ 124.832712][ T821] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 125.092013][ T591] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 125.133077][ T43] device bridge_slave_1 left promiscuous mode [ 125.139100][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.146682][ T43] device bridge_slave_0 left promiscuous mode [ 125.152863][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.160923][ T43] device veth1_macvtap left promiscuous mode [ 125.167030][ T43] device veth0_vlan left promiscuous mode [ 125.242026][ T354] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 125.353697][ T375] hid-led 0003:27B8:01ED.0012: unbalanced delimiter at end of report description [ 125.372315][ T375] hid-led: probe of 0003:27B8:01ED.0012 failed with error -22 [ 125.452084][ T591] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 125.465522][ T591] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.476476][ T591] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.486195][ T591] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 125.499181][ T591] usb 3-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 125.508294][ T591] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.518784][ T591] usb 3-1: config 0 descriptor?? [ 125.565089][ T24] usb 4-1: USB disconnect, device number 14 [ 125.572366][ T3504] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 125.580985][ T3504] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 125.589924][ T3504] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 125.597962][ T3504] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 125.606287][ T3504] netlink: 328 bytes leftover after parsing attributes in process `syz-executor.4'. [ 125.622099][ T354] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 125.635366][ T354] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.649591][ T354] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10 [ 125.661172][ T354] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 125.673755][ T354] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 125.691499][ T354] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 125.711867][ T354] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.723906][ T354] usb 1-1: config 0 descriptor?? [ 126.003029][ T591] elecom 0003:056E:00FE.0013: unknown main item tag 0x0 [ 126.019171][ T591] elecom 0003:056E:00FE.0013: hidraw0: USB HID v0.00 Device [HID 056e:00fe] on usb-dummy_hcd.2-1/input0 [ 126.127108][ T3520] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 126.147875][ T3520] loop4: detected capacity change from 0 to 2048 [ 126.171407][ T3522] loop3: detected capacity change from 0 to 512 [ 126.178786][ T3522] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities [ 126.203328][ T354] ntrig 0003:1B96:000A.0014: unknown main item tag 0x0 [ 126.205886][ T591] usb 3-1: USB disconnect, device number 10 [ 126.210052][ T354] ntrig 0003:1B96:000A.0014: unknown main item tag 0x0 [ 126.220385][ T3520] loop4: p1 p2 p3 [ 126.222731][ T354] ntrig 0003:1B96:000A.0014: unknown main item tag 0x0 [ 126.240860][ T354] ntrig 0003:1B96:000A.0014: unknown main item tag 0x0 [ 126.248060][ T354] ntrig 0003:1B96:000A.0014: unknown main item tag 0x0 [ 126.256483][ T354] ntrig 0003:1B96:000A.0014: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.0-1/input0 [ 126.270107][ T3522] loop3: detected capacity change from 0 to 128 [ 126.296934][ T3530] loop3: detected capacity change from 0 to 512 [ 126.303661][ T3530] EXT4-fs: Ignoring removed mblk_io_submit option [ 126.310469][ T3530] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 126.323588][ T3530] EXT4-fs (loop3): 1 truncate cleaned up [ 126.329148][ T3530] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 126.340609][ T3530] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 126.357103][ T333] EXT4-fs (loop3): unmounting filesystem. [ 126.603967][ T354] usb 1-1: USB disconnect, device number 14 [ 127.522021][ T354] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 127.523938][ T3549] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 127.546055][ T3549] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 127.751342][ T3563] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 127.785521][ T3563] loop2: detected capacity change from 0 to 2048 [ 127.812181][ T3567] loop0: detected capacity change from 0 to 512 [ 127.818946][ T3567] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities [ 127.823279][ T3563] loop2: p1 p2 p3 [ 127.851835][ T3567] loop0: detected capacity change from 0 to 128 [ 127.912103][ T354] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.922919][ T354] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 127.932540][ T354] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 127.941305][ T354] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.949680][ T354] usb 5-1: config 0 descriptor?? [ 128.102015][ T19] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 128.151195][ T24] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 128.172159][ T591] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 128.362182][ T19] usb 4-1: Using ep0 maxpacket: 8 [ 128.391991][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 128.423119][ T354] hid-led 0003:27B8:01ED.0015: unbalanced delimiter at end of report description [ 128.432294][ T354] hid-led: probe of 0003:27B8:01ED.0015 failed with error -22 [ 128.482091][ T19] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 128.492060][ T19] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 128.500846][ T19] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.509192][ T19] usb 4-1: config 0 descriptor?? [ 128.512156][ T24] usb 1-1: config 0 has no interfaces? [ 128.532073][ T591] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 128.542842][ T591] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 128.553671][ T591] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 128.563301][ T591] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 128.576083][ T591] usb 3-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 128.585001][ T591] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.593484][ T591] usb 3-1: config 0 descriptor?? [ 128.626040][ T2354] usb 5-1: USB disconnect, device number 12 [ 128.672086][ T24] usb 1-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=7d.f9 [ 128.681009][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.689114][ T24] usb 1-1: Product: syz [ 128.693138][ T24] usb 1-1: Manufacturer: syz [ 128.697559][ T24] usb 1-1: SerialNumber: syz [ 128.702636][ T24] usb 1-1: config 0 descriptor?? [ 128.764679][ T24] usb 4-1: USB disconnect, device number 15 [ 129.072605][ T591] elecom 0003:056E:00FE.0016: unknown main item tag 0x0 [ 129.080063][ T591] elecom 0003:056E:00FE.0016: hidraw0: USB HID v0.00 Device [HID 056e:00fe] on usb-dummy_hcd.2-1/input0 [ 129.286138][ T24] usb 3-1: USB disconnect, device number 11 [ 129.309213][ T591] usb 1-1: USB disconnect, device number 15 [ 129.325433][ T3583] loop4: detected capacity change from 0 to 512 [ 129.332325][ T3583] EXT4-fs: Ignoring removed mblk_io_submit option [ 129.338922][ T3583] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 129.350923][ T3583] EXT4-fs (loop4): 1 truncate cleaned up [ 129.356675][ T3583] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 129.368081][ T3583] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 129.381616][ T784] EXT4-fs (loop4): unmounting filesystem. [ 129.451527][ T3589] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 129.478262][ T3589] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 129.546613][ T3591] incfs: Options parsing error. -22 [ 129.552110][ T3591] incfs: mount failed -22 [ 129.986750][ T3599] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 130.003146][ T3599] loop2: detected capacity change from 0 to 2048 [ 130.060728][ T3599] loop2: p1 p2 p3 [ 130.432701][ T3617] device veth0_vlan left promiscuous mode [ 130.444594][ T3617] device veth0_vlan entered promiscuous mode [ 130.530572][ T28] audit: type=1400 audit(1717639880.720:13019): avc: denied { create } for pid=3607 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 130.597115][ T3622] incfs: Options parsing error. -22 [ 130.602574][ T3622] incfs: mount failed -22 [ 130.765011][ T3629] kvm [3628]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0x10df00000800 [ 131.060290][ T3643] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3643 comm=syz-executor.4 [ 131.303102][ T3660] incfs: Options parsing error. -22 [ 131.308344][ T3660] incfs: mount failed -22 [ 131.524562][ T3665] fuse: Bad value for 'fd' [ 132.065750][ T3671] device veth0_vlan left promiscuous mode [ 132.074796][ T3671] device veth0_vlan entered promiscuous mode [ 132.208176][ T3676] loop0: detected capacity change from 0 to 512 [ 132.215813][ T3676] EXT4-fs: Ignoring removed mblk_io_submit option [ 132.222681][ T3676] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 132.239404][ T3676] EXT4-fs (loop0): 1 truncate cleaned up [ 132.244987][ T3676] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 132.257082][ T3676] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 132.272675][ T2366] EXT4-fs (loop0): unmounting filesystem. [ 132.555242][ T3695] kvm [3693]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0x10df00000800 [ 133.258675][ T3707] fuse: Bad value for 'fd' [ 133.496669][ T3716] loop2: detected capacity change from 0 to 512 [ 133.503399][ T3716] EXT4-fs: Ignoring removed mblk_io_submit option [ 133.510391][ T3716] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 133.523819][ T3716] EXT4-fs (loop2): 1 truncate cleaned up [ 133.529675][ T3716] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 133.543597][ T3716] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 133.559830][ T2325] EXT4-fs (loop2): unmounting filesystem. [ 133.851438][ T3736] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3736 comm=syz-executor.0 [ 134.321743][ T3753] 9pnet_fd: Insufficient options for proto=fd [ 134.329182][ T3753] bridge0: port 3(ip6gretap0) entered blocking state [ 134.336035][ T3753] bridge0: port 3(ip6gretap0) entered disabled state [ 134.343604][ T3753] device ip6gretap0 entered promiscuous mode [ 134.349706][ T3753] bridge0: port 3(ip6gretap0) entered blocking state [ 134.356385][ T3753] bridge0: port 3(ip6gretap0) entered forwarding state [ 134.468836][ T3765] netlink: 'syz-executor.4': attribute type 27 has an invalid length. [ 134.498879][ T3765] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.506088][ T3765] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.211993][ T375] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 135.451979][ T375] usb 4-1: Using ep0 maxpacket: 8 [ 135.590985][ T3778] fuse: Bad value for 'fd' [ 135.592066][ T375] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 135.607434][ T3787] 9pnet_fd: Insufficient options for proto=fd [ 135.613684][ T375] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 135.624171][ T3787] bridge0: port 3(ip6gretap0) entered blocking state [ 135.631349][ T3787] bridge0: port 3(ip6gretap0) entered disabled state [ 135.638927][ T375] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.647555][ T3787] device ip6gretap0 entered promiscuous mode [ 135.654180][ T375] usb 4-1: config 0 descriptor?? [ 135.656271][ T3787] bridge0: port 3(ip6gretap0) entered blocking state [ 135.665501][ T3787] bridge0: port 3(ip6gretap0) entered forwarding state [ 135.671248][ T3791] loop4: detected capacity change from 0 to 512 [ 135.684130][ T3791] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 135.694688][ T3791] ext4 filesystem being mounted at /root/syzkaller-testdir2770912557/syzkaller.4VJuWR/215/file0 supports timestamps until 2038 (0x7fffffff) [ 135.710555][ T3791] EXT4-fs error (device loop4): ext4_search_dir:1548: inode #2: block 3: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 135.739127][ T784] EXT4-fs (loop4): unmounting filesystem. [ 135.784197][ T3799] netlink: 'syz-executor.4': attribute type 27 has an invalid length. [ 135.855700][ T3802] syz-executor.0[3802] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 135.856173][ T3802] syz-executor.0[3802] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 136.034790][ T375] usb 4-1: USB disconnect, device number 16 [ 136.346155][ T3812] kvm [3811]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0x10df00000800 [ 136.670734][ T3826] 9pnet_fd: Insufficient options for proto=fd [ 136.693572][ T3826] bridge0: port 3(ip6gretap0) entered blocking state [ 136.711390][ T3826] bridge0: port 3(ip6gretap0) entered disabled state [ 136.728421][ T3826] device ip6gretap0 entered promiscuous mode [ 136.733001][ T3830] loop0: detected capacity change from 0 to 512 [ 136.742189][ T3826] bridge0: port 3(ip6gretap0) entered blocking state [ 136.748727][ T3826] bridge0: port 3(ip6gretap0) entered forwarding state [ 136.770313][ T3830] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 136.794098][ T3830] ext4 filesystem being mounted at /root/syzkaller-testdir3478134992/syzkaller.ZRKv4P/125/file0 supports timestamps until 2038 (0x7fffffff) [ 136.817517][ T3835] netlink: 'syz-executor.3': attribute type 27 has an invalid length. [ 136.842220][ T3830] EXT4-fs error (device loop0): ext4_search_dir:1548: inode #2: block 3: comm syz-executor.0: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 136.907109][ T3835] bridge0: port 3(ip6gretap0) entered disabled state [ 136.915535][ T3835] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.922600][ T3835] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.933702][ T2366] EXT4-fs (loop0): unmounting filesystem. [ 137.017480][ T3841] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3841 comm=syz-executor.0 [ 137.439367][ T3863] syz-executor.4[3863] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 137.439828][ T3863] syz-executor.4[3863] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 137.579716][ T3865] 9pnet_fd: Insufficient options for proto=fd [ 137.612344][ T3867] loop2: detected capacity change from 0 to 512 [ 137.624427][ T3867] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 137.633412][ T3867] ext4 filesystem being mounted at /root/syzkaller-testdir1115516532/syzkaller.74J6Nh/171/file0 supports timestamps until 2038 (0x7fffffff) [ 137.649810][ T3867] EXT4-fs error (device loop2): ext4_search_dir:1548: inode #2: block 3: comm syz-executor.2: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 137.677814][ T2325] EXT4-fs (loop2): unmounting filesystem. [ 137.741664][ T3874] netlink: 'syz-executor.2': attribute type 27 has an invalid length. [ 137.752742][ T354] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 137.769993][ T3874] bridge0: port 3(ip6gretap0) entered disabled state [ 137.777110][ T3874] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.784130][ T3874] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.989642][ T3879] kvm [3878]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0x10df00000800 [ 138.122182][ T354] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 138.139148][ T354] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.167370][ T354] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 138.193781][ T354] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 138.239331][ T354] usb 4-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 138.259263][ T354] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.272024][ T354] usb 4-1: config 0 descriptor?? [ 138.745700][ T3895] device veth0_vlan left promiscuous mode [ 138.755122][ T3895] device veth0_vlan entered promiscuous mode [ 138.802973][ T354] elecom 0003:056E:00FE.0017: unknown main item tag 0x0 [ 138.813624][ T354] elecom 0003:056E:00FE.0017: hidraw0: USB HID v0.00 Device [HID 056e:00fe] on usb-dummy_hcd.3-1/input0 [ 139.005956][ T354] usb 4-1: USB disconnect, device number 17 [ 139.038130][ T3904] loop2: detected capacity change from 0 to 40427 [ 139.045332][ T3904] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 139.053148][ T3904] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 139.062390][ T3904] F2FS-fs (loop2): invalid crc value [ 139.069173][ T3904] F2FS-fs (loop2): Found nat_bits in checkpoint [ 139.095399][ T3904] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 139.102486][ T3904] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 139.124119][ T372] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 139.133379][ T372] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 139.191178][ T3910] netlink: 'syz-executor.2': attribute type 27 has an invalid length. [ 139.516667][ T3926] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 139.552050][ T28] audit: type=1400 audit(1717639889.690:13020): avc: denied { mount } for pid=3923 comm="syz-executor.4" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 139.562345][ T3920] syz-executor.2[3920] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 139.574355][ T3920] syz-executor.2[3920] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 139.629226][ T3919] kvm [3918]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0x10df00000800 [ 140.521431][ T28] audit: type=1400 audit(1717639890.710:13021): avc: denied { create } for pid=3953 comm="syz-executor.0" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 140.552325][ T3954] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 140.567497][ T28] audit: type=1400 audit(1717639890.740:13022): avc: denied { mounton } for pid=3953 comm="syz-executor.0" path="/root/syzkaller-testdir3478134992/syzkaller.ZRKv4P/136/file0" dev="sda1" ino=1965 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 140.595640][ T3954] FAT-fs (loop1): unable to read boot sector [ 140.609002][ T3941] loop3: detected capacity change from 0 to 40427 [ 140.618044][ T28] audit: type=1400 audit(1717639890.810:13023): avc: denied { unlink } for pid=2366 comm="syz-executor.0" name="file0" dev="sda1" ino=1965 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 140.621884][ T3941] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 140.648641][ T3941] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 140.657549][ T3941] F2FS-fs (loop3): invalid crc value [ 140.665146][ T3941] F2FS-fs (loop3): Found nat_bits in checkpoint [ 140.702592][ T3941] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 140.709555][ T3941] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 140.734891][ T372] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 140.744174][ T372] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 140.892046][ T375] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 140.933223][ T3970] kvm [3969]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0x10df00000800 [ 141.302046][ T375] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 141.313178][ T375] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 141.323910][ T375] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 141.333467][ T375] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 141.346277][ T375] usb 1-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 141.355765][ T375] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.364401][ T375] usb 1-1: config 0 descriptor?? [ 141.740187][ T3983] syz-executor.4[3983] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 141.740556][ T3983] syz-executor.4[3983] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 141.942952][ T375] elecom 0003:056E:00FE.0018: unknown main item tag 0x0 [ 141.962297][ T375] elecom 0003:056E:00FE.0018: hidraw0: USB HID v0.00 Device [HID 056e:00fe] on usb-dummy_hcd.0-1/input0 [ 142.146226][ T375] usb 1-1: USB disconnect, device number 16 [ 142.292013][ T3995] loop3: detected capacity change from 0 to 40427 [ 142.299284][ T3995] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 142.306985][ T3995] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 142.316001][ T3995] F2FS-fs (loop3): invalid crc value [ 142.322916][ T3995] F2FS-fs (loop3): Found nat_bits in checkpoint [ 142.348759][ T3995] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 142.355873][ T3995] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 142.377212][ T43] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 142.386573][ T43] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 142.483269][ T4011] loop3: detected capacity change from 0 to 512 [ 142.493762][ T4011] EXT4-fs error (device loop3): ext4_orphan_get:1422: comm syz-executor.3: bad orphan inode 768 [ 142.504702][ T4011] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 142.514103][ T4011] ext4 filesystem being mounted at /root/syzkaller-testdir3898919845/syzkaller.LzdSPb/284/file1 supports timestamps until 2038 (0x7fffffff) [ 142.529329][ T28] audit: type=1400 audit(1717639892.720:13024): avc: denied { setattr } for pid=4010 comm="syz-executor.3" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 142.529545][ T4011] Quota error (device loop3): find_block_dqentry: Quota for id 0 referenced but not present [ 142.562168][ T4011] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 142.579702][ T333] EXT4-fs (loop3): unmounting filesystem. [ 142.712179][ T375] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 142.871818][ T4030] loop0: detected capacity change from 0 to 40427 [ 142.879179][ T4030] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 142.886886][ T4030] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 142.895967][ T4030] F2FS-fs (loop0): invalid crc value [ 142.902967][ T4030] F2FS-fs (loop0): Found nat_bits in checkpoint [ 142.941598][ T4030] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 142.948665][ T4030] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 142.974779][ T372] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 142.983996][ T372] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 143.072111][ T375] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 143.083885][ T375] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.093767][ T375] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10 [ 143.105152][ T375] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 143.115126][ T375] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 143.128165][ T375] usb 5-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 143.137245][ T375] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.146006][ T375] usb 5-1: config 0 descriptor?? [ 143.311375][ T4041] syz-executor.0[4041] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 143.311797][ T4041] syz-executor.0[4041] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 143.528599][ T4046] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4046 comm=syz-executor.2 [ 143.673178][ T375] ntrig 0003:1B96:000A.0019: unknown main item tag 0x0 [ 143.680234][ T375] ntrig 0003:1B96:000A.0019: unknown main item tag 0x0 [ 143.687192][ T375] ntrig 0003:1B96:000A.0019: unknown main item tag 0x0 [ 143.698433][ T375] ntrig 0003:1B96:000A.0019: unknown main item tag 0x0 [ 143.706984][ T375] ntrig 0003:1B96:000A.0019: unknown main item tag 0x0 [ 143.714592][ T375] ntrig 0003:1B96:000A.0019: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.4-1/input0 [ 143.861988][ T24] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 144.003345][ T375] usb 5-1: USB disconnect, device number 13 [ 144.065432][ T4065] loop0: detected capacity change from 0 to 40427 [ 144.072869][ T4065] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 144.080476][ T4065] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 144.089349][ T4065] F2FS-fs (loop0): invalid crc value [ 144.096152][ T4065] F2FS-fs (loop0): Found nat_bits in checkpoint [ 144.120975][ T4065] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 144.127966][ T4065] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 144.148495][ T43] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 144.157539][ T43] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 144.222039][ T24] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 144.232846][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.243639][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 144.253252][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 144.265990][ T24] usb 4-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 144.274862][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.283893][ T24] usb 4-1: config 0 descriptor?? [ 144.373171][ T4073] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 144.382316][ T4073] FAT-fs (loop5): unable to read boot sector [ 144.397801][ T4075] Zero length message leads to an empty skb [ 144.677812][ T4087] loop4: detected capacity change from 0 to 512 [ 144.694273][ T4087] EXT4-fs error (device loop4): ext4_orphan_get:1422: comm syz-executor.4: bad orphan inode 768 [ 144.705401][ T4087] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 144.714295][ T4087] ext4 filesystem being mounted at /root/syzkaller-testdir2770912557/syzkaller.4VJuWR/237/file1 supports timestamps until 2038 (0x7fffffff) [ 144.731196][ T4087] Quota error (device loop4): find_block_dqentry: Quota for id 0 referenced but not present [ 144.741277][ T4087] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 144.759688][ T784] EXT4-fs (loop4): unmounting filesystem. [ 145.017007][ T24] elecom 0003:056E:00FE.001A: unknown main item tag 0x0 [ 145.029913][ T24] elecom 0003:056E:00FE.001A: hidraw0: USB HID v0.00 Device [HID 056e:00fe] on usb-dummy_hcd.3-1/input0 [ 145.134305][ T4096] syz-executor.4[4096] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 145.134707][ T4096] syz-executor.4[4096] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 145.338915][ T375] usb 4-1: USB disconnect, device number 18 [ 145.376750][ T4102] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4102 comm=syz-executor.2 [ 145.848515][ T4106] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 145.857700][ T4106] FAT-fs (loop9): unable to read boot sector [ 145.961587][ T4118] loop4: detected capacity change from 0 to 512 [ 145.973816][ T4118] EXT4-fs error (device loop4): ext4_orphan_get:1422: comm syz-executor.4: bad orphan inode 768 [ 145.984575][ T4118] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 145.993548][ T4118] ext4 filesystem being mounted at /root/syzkaller-testdir2770912557/syzkaller.4VJuWR/244/file1 supports timestamps until 2038 (0x7fffffff) [ 146.008305][ T43] device ip6gretap0 left promiscuous mode [ 146.010188][ T4118] Quota error (device loop4): find_block_dqentry: Quota for id 0 referenced but not present [ 146.014634][ T43] bridge0: port 3(ip6gretap0) entered disabled state [ 146.023946][ T4118] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 146.059875][ T784] EXT4-fs (loop4): unmounting filesystem. [ 146.175803][ T4121] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.182819][ T4121] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.190492][ T4121] device bridge_slave_0 entered promiscuous mode [ 146.198586][ T4121] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.206025][ T4121] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.214348][ T4121] device bridge_slave_1 entered promiscuous mode [ 146.498699][ T4133] syz-executor.0[4133] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 146.498776][ T4133] syz-executor.0[4133] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 146.763037][ T4121] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.781355][ T4121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.789094][ T4121] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.795864][ T4121] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.818845][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 146.826481][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.834363][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.845532][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 146.853581][ T375] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.860857][ T375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.869928][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 146.878150][ T591] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.885029][ T591] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.898538][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 146.909510][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 146.926084][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 146.958671][ T4121] device veth0_vlan entered promiscuous mode [ 146.966054][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 146.974533][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 146.988639][ T4141] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 146.998013][ T4141] FAT-fs (loop9): unable to read boot sector [ 147.011603][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 147.028680][ T4121] device veth1_macvtap entered promiscuous mode [ 147.036460][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 147.044301][ T591] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 147.053564][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 147.064767][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 147.073868][ T43] device bridge_slave_1 left promiscuous mode [ 147.079838][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.087737][ T43] device bridge_slave_0 left promiscuous mode [ 147.094687][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.397737][ T4157] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.405692][ T4157] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.412962][ T591] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 147.414483][ T4157] device bridge_slave_0 entered promiscuous mode [ 147.423807][ T591] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 147.431709][ T4157] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.440958][ T591] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 147.447749][ T4157] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.457232][ T591] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 147.464853][ T4157] device bridge_slave_1 entered promiscuous mode [ 147.477050][ T591] usb 3-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 147.492032][ T591] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.500743][ T591] usb 3-1: config 0 descriptor?? [ 147.542331][ T4157] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.549223][ T4157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 147.556323][ T4157] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.563090][ T4157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.587222][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 147.594929][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.602459][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.612203][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 147.620214][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.627098][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.641348][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 147.649484][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.656363][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 147.673560][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 147.682508][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 147.690370][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 147.702190][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 147.710464][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 147.718037][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 147.726966][ T4157] device veth0_vlan entered promiscuous mode [ 147.737801][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 147.748113][ T4157] device veth1_macvtap entered promiscuous mode [ 147.758728][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 147.770691][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 147.907922][ T4170] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 147.917154][ T4170] FAT-fs (loop1): unable to read boot sector [ 148.406135][ T591] elecom 0003:056E:00FE.001B: unknown main item tag 0x0 [ 148.415252][ T591] elecom 0003:056E:00FE.001B: hidraw0: USB HID v0.00 Device [HID 056e:00fe] on usb-dummy_hcd.2-1/input0 [ 148.482005][ T4180] syz-executor.0[4180] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 148.482514][ T4180] syz-executor.0[4180] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 148.572505][ T43] device bridge_slave_1 left promiscuous mode [ 148.644977][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.659168][ T43] device bridge_slave_0 left promiscuous mode [ 148.670057][ T24] usb 3-1: USB disconnect, device number 12 [ 148.678812][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.845042][ T4189] overlayfs: failed to get inode (-116) [ 148.850995][ T4189] overlayfs: failed to get inode (-116) [ 148.936645][ T28] audit: type=1326 audit(1717639899.130:13025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4196 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb3827cf69 code=0x7ffc0000 [ 148.963231][ T28] audit: type=1326 audit(1717639899.130:13026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4196 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb3827cf69 code=0x7ffc0000 [ 148.997652][ T28] audit: type=1326 audit(1717639899.160:13027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4196 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feb3827cf69 code=0x7ffc0000 [ 149.023355][ T28] audit: type=1326 audit(1717639899.160:13028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4196 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb3827cf69 code=0x7ffc0000 [ 149.047447][ T28] audit: type=1326 audit(1717639899.160:13029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4196 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb3827cf69 code=0x7ffc0000 [ 149.072115][ T28] audit: type=1326 audit(1717639899.180:13030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4196 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feb3827cf69 code=0x7ffc0000 [ 149.116695][ T4203] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.124093][ T4203] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.131535][ T4203] device bridge_slave_0 entered promiscuous mode [ 149.139316][ T4203] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.146312][ T4203] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.154120][ T4203] device bridge_slave_1 entered promiscuous mode [ 149.524016][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 149.533576][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 149.557628][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 149.569347][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 149.587027][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.593966][ T354] bridge0: port 1(bridge_slave_0) entered forwarding state [ 149.617429][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 149.635339][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 149.652702][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.659619][ T354] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.691455][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 149.707867][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 149.727040][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 149.735540][ T28] kauditd_printk_skb: 2837 callbacks suppressed [ 149.735560][ T28] audit: type=1326 audit(1717639899.930:15868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4196 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb3827cf69 code=0x7ffc0000 [ 149.779038][ T28] audit: type=1326 audit(1717639899.960:15869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4196 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7feb3827a6e7 code=0x7ffc0000 [ 149.783624][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 149.803353][ T28] audit: type=1326 audit(1717639899.960:15870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4196 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feb382403b9 code=0x7ffc0000 [ 149.816433][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 149.851877][ T4203] device veth0_vlan entered promiscuous mode [ 149.868753][ T4203] device veth1_macvtap entered promiscuous mode [ 149.888882][ T28] audit: type=1326 audit(1717639899.960:15871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4196 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7feb3827a6e7 code=0x7ffc0000 [ 149.933357][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 149.938418][ T28] audit: type=1326 audit(1717639899.960:15872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4196 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feb382403b9 code=0x7ffc0000 [ 149.965704][ T28] audit: type=1326 audit(1717639899.960:15873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4196 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb3827cf69 code=0x7ffc0000 [ 149.965990][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 150.053429][ T4225] syz-executor.4[4225] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 150.053839][ T4225] syz-executor.4[4225] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 150.245378][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 150.265099][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 150.272877][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 150.280697][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 150.288777][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 150.296985][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 150.305210][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 150.319664][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 150.327175][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 150.368769][ T4229] loop3: detected capacity change from 0 to 1024 [ 150.376181][ T4229] EXT4-fs: Ignoring removed orlov option [ 150.388978][ T4229] EXT4-fs: Ignoring removed nomblk_io_submit option [ 150.404463][ T4229] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 150.406078][ T4240] mmap: syz-executor.0 (4240): VmData 29007872 exceed data ulimit 7. Update limits or use boot option ignore_rlimit_data. [ 150.419868][ T4229] EXT4-fs error (device loop3): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.3: corrupt xattr in inline inode [ 150.425906][ T28] audit: type=1400 audit(1717639900.610:15874): avc: denied { map } for pid=4228 comm="syz-executor.3" path="/root/syzkaller-testdir3194542428/syzkaller.dyu2oO/2/file1/file0/bus" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 150.439150][ T4229] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.3: corrupted in-inode xattr [ 150.493604][ T28] audit: type=1400 audit(1717639900.690:15875): avc: denied { rmdir } for pid=4203 comm="syz-executor.3" name="lost+found" dev="loop3" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 150.516569][ T28] audit: type=1400 audit(1717639900.690:15876): avc: denied { unlink } for pid=4203 comm="syz-executor.3" name="file0" dev="loop3" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 150.539423][ T28] audit: type=1400 audit(1717639900.690:15877): avc: denied { unlink } for pid=4203 comm="syz-executor.3" name="file1" dev="loop3" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 150.540331][ T4203] EXT4-fs (loop3): unmounting filesystem. [ 150.587001][ T4243] loop0: detected capacity change from 0 to 2048 [ 150.603625][ T4243] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 151.560705][ T2366] EXT4-fs (loop0): unmounting filesystem. [ 151.728396][ T43] device bridge_slave_1 left promiscuous mode [ 151.731330][ T4290] loop0: detected capacity change from 0 to 1024 [ 151.739760][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.741148][ T4290] EXT4-fs: Ignoring removed orlov option [ 151.753131][ T4290] EXT4-fs: Ignoring removed nomblk_io_submit option [ 151.760530][ T43] device bridge_slave_0 left promiscuous mode [ 151.766898][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.775564][ T43] device veth1_macvtap left promiscuous mode [ 151.856961][ T43] device veth0_vlan left promiscuous mode [ 151.886620][ T4290] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 151.934131][ T4290] EXT4-fs error (device loop0): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.0: corrupt xattr in inline inode [ 151.961881][ T4290] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.0: corrupted in-inode xattr [ 152.006577][ T2366] EXT4-fs (loop0): unmounting filesystem. [ 152.101449][ T4299] loop4: detected capacity change from 0 to 2048 [ 152.102303][ T4297] syz-executor.2[4297] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 152.107714][ T4297] syz-executor.2[4297] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 152.130916][ T4299] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 152.231049][ T4282] loop3: detected capacity change from 0 to 65536 [ 153.181390][ T4157] EXT4-fs (loop4): unmounting filesystem. [ 153.299744][ T4295] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.306654][ T4295] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.314355][ T4295] device bridge_slave_0 entered promiscuous mode [ 153.321546][ T4295] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.328847][ T4295] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.336445][ T4295] device bridge_slave_1 entered promiscuous mode [ 153.374236][ T4332] loop4: detected capacity change from 0 to 256 [ 153.400228][ T4332] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 153.413137][ T4332] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 153.433894][ T4332] exFAT-fs (loop4): hint_cluster is invalid (17) [ 153.441378][ T4332] exFAT-fs (loop4): error, invalid access to FAT (entry 0xffffffff) [ 153.449570][ T4332] exFAT-fs (loop4): Filesystem has been set read-only [ 153.498574][ T4295] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.505505][ T4295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.512712][ T4295] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.519570][ T4295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.083331][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 154.090952][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 154.100033][ T591] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.144292][ T4337] loop4: detected capacity change from 0 to 1024 [ 154.152872][ T4337] EXT4-fs: Ignoring removed orlov option [ 154.172142][ T4337] EXT4-fs: Ignoring removed nomblk_io_submit option [ 154.181667][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 154.196236][ T591] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.203125][ T591] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.215452][ T4337] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 154.217590][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 154.240938][ T4337] EXT4-fs error (device loop4): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.4: corrupt xattr in inline inode [ 154.246220][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 154.257282][ T4337] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.4: corrupted in-inode xattr [ 154.289655][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 154.300280][ T4157] EXT4-fs (loop4): unmounting filesystem. [ 154.302444][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 154.393533][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 154.401535][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 154.414835][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 154.436175][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 154.707823][ T4295] device veth0_vlan entered promiscuous mode [ 154.723136][ T4377] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 154.732413][ T4377] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 154.751069][ T4380] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check. [ 154.773094][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 154.781067][ T28] kauditd_printk_skb: 1816 callbacks suppressed [ 154.781088][ T28] audit: type=1326 audit(1717639904.970:17694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4378 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7c387cf69 code=0x7ffc0000 [ 154.811518][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 154.813085][ T28] audit: type=1326 audit(1717639904.970:17695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4378 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb7c387cf69 code=0x7ffc0000 [ 154.824617][ T4295] device veth1_macvtap entered promiscuous mode [ 154.849268][ T28] audit: type=1326 audit(1717639904.970:17696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4378 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7c387cf69 code=0x7ffc0000 [ 154.875356][ T28] audit: type=1326 audit(1717639904.970:17697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4378 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb7c387cf69 code=0x7ffc0000 [ 154.900779][ T28] audit: type=1326 audit(1717639904.980:17698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4378 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7c387cf69 code=0x7ffc0000 [ 154.903295][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 154.930563][ T4389] loop0: detected capacity change from 0 to 1024 [ 154.933101][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 154.939393][ T4389] EXT4-fs: Ignoring removed orlov option [ 154.946448][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 154.960040][ T4389] EXT4-fs: Ignoring removed nomblk_io_submit option [ 154.960687][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 154.966610][ T28] audit: type=1326 audit(1717639904.990:17699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4378 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb7c387a6e7 code=0x7ffc0000 [ 154.974828][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 154.999057][ T28] audit: type=1326 audit(1717639904.990:17700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4378 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb7c38403b9 code=0x7ffc0000 [ 155.012126][ T4389] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 155.032555][ T28] audit: type=1326 audit(1717639904.990:17701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4378 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7c387cf69 code=0x7ffc0000 [ 155.061227][ T4389] EXT4-fs error (device loop0): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.0: corrupt xattr in inline inode [ 155.064416][ T28] audit: type=1326 audit(1717639904.990:17702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4378 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb7c387a6e7 code=0x7ffc0000 [ 155.101658][ T28] audit: type=1326 audit(1717639904.990:17703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4378 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb7c38403b9 code=0x7ffc0000 [ 155.102838][ T4389] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.0: corrupted in-inode xattr [ 155.264530][ T2366] ================================================================== [ 155.272418][ T2366] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 155.280461][ T2366] Read of size 4 at addr ffff88813545c000 by task syz-executor.0/2366 [ 155.288446][ T2366] [ 155.290620][ T2366] CPU: 1 PID: 2366 Comm: syz-executor.0 Not tainted 6.1.78-syzkaller-00145-ge4622d460ed8 #0 [ 155.300504][ T2366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 155.310400][ T2366] Call Trace: [ 155.313522][ T2366] [ 155.316302][ T2366] dump_stack_lvl+0x151/0x1b7 [ 155.320830][ T2366] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 155.326197][ T2366] ? _printk+0xd1/0x111 [ 155.330279][ T2366] ? __virt_addr_valid+0x242/0x2f0 [ 155.335233][ T2366] print_report+0x158/0x4e0 [ 155.339564][ T2366] ? __virt_addr_valid+0x242/0x2f0 [ 155.344508][ T2366] ? kasan_addr_to_slab+0xd/0x80 [ 155.349370][ T2366] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 155.354835][ T2366] kasan_report+0x13c/0x170 [ 155.359175][ T2366] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 155.364646][ T2366] __asan_report_load4_noabort+0x14/0x20 [ 155.370134][ T2366] ext4_xattr_delete_inode+0xcd0/0xce0 [ 155.377876][ T2366] ? sb_end_intwrite+0x130/0x130 [ 155.382612][ T2366] ? ext4_expand_extra_isize_ea+0x1c40/0x1c40 [ 155.388521][ T2366] ? __kasan_check_read+0x11/0x20 [ 155.393372][ T2366] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 155.399106][ T2366] ? ext4_evict_inode+0xbc2/0x1550 [ 155.404053][ T2366] ext4_evict_inode+0xef9/0x1550 [ 155.408822][ T2366] ? _raw_spin_unlock+0x4c/0x70 [ 155.413514][ T2366] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 155.419246][ T2366] ? _raw_spin_unlock+0x4c/0x70 [ 155.423934][ T2366] ? inode_io_list_del+0x18b/0x1a0 [ 155.428874][ T2366] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 155.434599][ T2366] evict+0x2a3/0x630 [ 155.438434][ T2366] iput+0x642/0x870 [ 155.442063][ T2366] vfs_rmdir+0x3c2/0x500 [ 155.446231][ T2366] do_rmdir+0x3ab/0x630 [ 155.450223][ T2366] ? d_delete_notify+0x160/0x160 [ 155.455006][ T2366] __x64_sys_unlinkat+0xdf/0xf0 [ 155.459683][ T2366] do_syscall_64+0x3d/0xb0 [ 155.463937][ T2366] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 155.469673][ T2366] RIP: 0033:0x7feb3827c747 [ 155.473917][ T2366] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 155.495522][ T2366] RSP: 002b:00007fff69040008 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 155.504194][ T2366] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007feb3827c747 [ 155.512092][ T2366] RDX: 0000000000000200 RSI: 00007fff690411b0 RDI: 00000000ffffff9c [ 155.520158][ T2366] RBP: 00007feb382d9636 R08: 0000000000000000 R09: 0000000000000000 [ 155.527977][ T2366] R10: 0000000000000100 R11: 0000000000000207 R12: 00007fff690411b0 [ 155.535782][ T2366] R13: 00007feb382d9636 R14: 0000000000025cfb R15: 0000000000000009 [ 155.543781][ T2366] [ 155.546749][ T2366] [ 155.549094][ T2366] The buggy address belongs to the physical page: [ 155.556177][ T2366] page:ffffea0004d51700 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x1 pfn:0x13545c [ 155.567090][ T2366] flags: 0x4000000000000000(zone=1) [ 155.572156][ T2366] raw: 4000000000000000 ffffea0005195e08 ffffea00048ecc08 0000000000000000 [ 155.580552][ T2366] raw: 0000000000000001 0000000000000002 00000000ffffff7f 0000000000000000 [ 155.588970][ T2366] page dumped because: kasan: bad access detected [ 155.595606][ T2366] page_owner tracks the page as freed [ 155.600902][ T2366] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 4286, tgid 4285 (syz-executor.2), ts 151656663228, free_ts 153211699115 [ 155.619224][ T2366] post_alloc_hook+0x213/0x220 [ 155.623812][ T2366] prep_new_page+0x1b/0x110 [ 155.628231][ T2366] get_page_from_freelist+0x27ea/0x2870 [ 155.633622][ T2366] __alloc_pages+0x3a1/0x780 [ 155.638038][ T2366] __folio_alloc+0x15/0x40 [ 155.642293][ T2366] shmem_alloc_and_acct_folio+0x78c/0xa50 [ 155.648021][ T2366] shmem_get_folio_gfp+0x12d4/0x24b0 [ 155.653131][ T2366] shmem_fault+0x1f7/0x840 [ 155.657394][ T2366] do_fault+0xdb6/0x1cd0 [ 155.661482][ T2366] handle_mm_fault+0x184a/0x2f40 [ 155.666383][ T2366] __get_user_pages+0x377/0xf20 [ 155.671038][ T2366] __mm_populate+0x375/0x570 [ 155.675463][ T2366] vm_mmap_pgoff+0x290/0x430 [ 155.679885][ T2366] ksys_mmap_pgoff+0xed/0x1e0 [ 155.684385][ T2366] __x64_sys_mmap+0x103/0x120 [ 155.688899][ T2366] do_syscall_64+0x3d/0xb0 [ 155.693155][ T2366] page last free stack trace: [ 155.697841][ T2366] free_unref_page_prepare+0x83d/0x850 [ 155.703135][ T2366] free_unref_page_list+0xf1/0x7b0 [ 155.708098][ T2366] release_pages+0xf7f/0xfe0 [ 155.712510][ T2366] __pagevec_release+0x84/0x100 [ 155.717192][ T2366] shmem_undo_range+0x5fc/0x1660 [ 155.721968][ T2366] shmem_evict_inode+0x25f/0xa30 [ 155.726743][ T2366] evict+0x2a3/0x630 [ 155.730471][ T2366] iput+0x642/0x870 [ 155.734119][ T2366] dentry_unlink_inode+0x34f/0x440 [ 155.739065][ T2366] __dentry_kill+0x447/0x650 [ 155.743554][ T2366] dentry_kill+0xc0/0x2a0 [ 155.747658][ T2366] dput+0x40/0x80 [ 155.751129][ T2366] __fput+0x5f0/0x870 [ 155.754950][ T2366] ____fput+0x15/0x20 [ 155.758770][ T2366] task_work_run+0x24d/0x2e0 [ 155.763196][ T2366] do_exit+0xbd5/0x2b80 [ 155.767206][ T2366] [ 155.769356][ T2366] Memory state around the buggy address: [ 155.774833][ T2366] ffff88813545bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 155.782727][ T2366] ffff88813545bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 155.790624][ T2366] >ffff88813545c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 155.798695][ T2366] ^ [ 155.802604][ T2366] ffff88813545c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 2024/06/06 02:11:46 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 155.810587][ T2366] ffff88813545c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 155.818494][ T2366] ================================================================== [ 155.826788][ T2366] Disabling lock debugging due to kernel taint [ 155.971977][ T2354] usb 2-1: new high-speed USB device number 9 using dummy_hcd