last executing test programs: 11.548799128s ago: executing program 4: r0 = socket(0x10, 0x3, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) unshare(0x2000680) fsmount(0xffffffffffffffff, 0x0, 0x0) io_setup(0x1, &(0x7f0000000b80)=0x0) io_submit(r2, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) signalfd4(r1, &(0x7f0000000140), 0x8, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0x208e24b) sync() mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000300)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f0000000280), 0xb) sendfile(r4, r4, 0x0, 0x2) syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000000180)='./bus\x00', 0x84080, &(0x7f0000000540)=ANY=[@ANYBLOB="00e0c6e4d9182ec69e599fd4d32ba9c5146fbc43a33914b2b1a5ce8843b193dc82dbc512b6fabfe6fbdd2a8bdeeda78e17b18f1b6e80c81cd67046e6a85e7160112d613e4c6dcab2404d58291ec130b9fd2785ce8fd5538f70998f2d50005813ba6c65cd3c25a8e730e1cd7b11cf7f6cc0fba6b670c64374abd09518ffba0c5eb2e602b1a64ac897fc6ce9bee1d70bef22f10c7776c2f5077cb1de63832b1bab15c6caf549a1cd58106494d92d1159033b2e27eceae339414a62aca9cf6a00c07e2a181dd9668a64b5eefc8e5ebc6564442a8d322e89a2fbbade22dc834cff72c09dc653db003038d250e81aee10888e78a3677d68cc60de6f7d361115e53becaa81ee364dd85d11c2e56a01b87e0b194b2a5d3115f3b257fa54acf273f953e6be39e5b67fcd3a564e71fdbdf8b4ef42c07a9525ae4d7cfa9f5f0e74ce04932a598a451611d49a947372a7cce61ae680efb6812be1329e48a178c571c239ddaf00213691c7a8"], 0x1, 0x1506, &(0x7f0000003f80)="$eJzs3QnYjtX2MPC19t43L4knybzXXjdPMmySJEOSDEmSHEkyJSRJkoRkypSEJGROModkijeZ5ylzkhxJkoSEJPu7NBzn/Dvf1f9855zP/3/e9buu+3r2su+1772f5X2eZ9/XO3zdYXCVelUr1mFm+KfgLw/dASAFAPoBQBYAiACgZNaSWS/1Z9DY/Z+7iPjXemDalZ6BuJKk/mmb1D9tk/qnbVL/tE3qn7ZJ/dM2qX/aJvUXIi3bOj3XNXKk3eOfv/+f8suD3P//X0je/9M2qf9/mtMZ/pGzpf7/SS6GEP6xDKl/2ib1T9uk/mmb1D9tk/qnbVJ/IdKyK33/WY4re1zp/39CCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIdKGc+EyAwC/ta/0vIQQQgghhBBCCPGvE9Jf6RkIIYQQQgghhBDi3w9BgQYDEaSD9JACGSAjXAWZ4GrIDFkgAddAVrgWssF1kB1yQE7IBbkhD+QFCwQOGGLIB/khCddDAbgBCkIhKAxFwENRKAY3QnG4CUrAzVASboFScCuUhjJQFsrBbVAebocKcAdUhDuhElSGKlAV7oJqcDdUh3ugBtwLNeE+qAX3Q234E9SBB6AuPAj14CGoDw9DA2gIjaAxNPl/yn8eusAL0BW6QXfoAT3hRegFvaEP9IV+8BL0h5dhALwCA2EQDIZXYQi8BkPhdRgGw2EEvAEjYRSMhjEwFsbBeHgTJsBbMBHehkkwGabAVJgG02EGvAMzYRbMhndhDrwHc2EezIcFsBDeh0WwGFLhA1gCH8JSWAbLYQWshFWwGtbAWlgH62EDbIRNsBm2wFb4CLbBdtgBO2EX7IY98DHshU9gH3wK++GzfzD/7H/J74iAgAoVGjSYDtNhCqZgRsyImTATZsbMmMAEZsWsmA2zYXbMjjkxJ+bG3JgX8yIhISNjPsyHSUxiASyABbEgFsbC6NFjMSyGxfEmLIElsCSWxFJYCktjGSyD5bAclsfyWAErYEWsiJWwElbBKngX3oV3Y3WsjjWwBtbEmlgLa2FtrI11sA7WxbpYD+thfayPDbABNsJG2ASbYFNsis2wGbbAFtgSW2IrbIWtsTW2wTbYFtsawHbYHttjB+yAHbETdsLn8Xl8AV/AblhJ9cCe2BN7YS/sg32xL76E/fFlfBlfwYE4CAfjq/gqvoZD8QwOw+E4AkdgeTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4bs4B9/D93AezsMFuBAX4iJcjKmYikvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsGP8CPcjttxJ+7E3bgbP8aP8RP8BAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAEv4EW8eOmLX11ilFHpVDqVolJURpVRZVKZVGaVWSVUQmVVWVU2lU1lV9lVTpVT5Va5VV6VV5EixSpW+VQ+lVRJVUAVUAVVQVVYFVZeeVVMFVPFVXFVQpVQJdUtqpS6VZVWZVRzX06VU+VVC19B3aEqqoqqkqqsqqiqqqqqpqqp6qq6qqFqqJqqpqql7le1VQ/sgw+oS5WppwZhfTUYG6iGqpFqrF7DR1RTNRSbqeaqhXpMDcdh2Eo19a3Vk6qNGo1t1dNqDD6j2qtx2EE9pzqqTqqzel51Uc18V9VNTcIeqqeair1Ub9VH9VUzsbK6VLEq6hU1UA1Sg9WragG+poaq19UwNVyNUG+okWqUGq3GqLFqnBqv3lQT1FtqonpbTVKT1RQ1VU1T09UM9Y6aqWap2epdNUe9p+aqeWq+WqAWqvfVIrVYpaoP1BL1oVqqlqnlaoVaqVap1WqNWqvWqfVqg9qoNqnNaovaqj5S29R2tUPtVLvUbrVHfaz2qk/UPvWp2q8+UwfUn9VB9bk6pL5Qh9WX6oj6Sh1VX6tj6ht1XH2rTqiT6pT6Tp1W36sz6qw6p35Q59WP6oL6SV1UQYFGrbTWRkc6nU6vU3QGnVFfpTPpq3VmnUUn9DU6q75WZ9PX6ew6h86pc+ncOo/Oq60m7TTrWOfT+XVSX68L6Bt0QV1IF9ZFtNdFdTF9oy6ub9Il9M26pL5Fl9K36tK6jC6ry+nbdHl9u66g79AV9Z26kq6sq+iq+i5dTd+tq+t7dA19r66p79O19P26tv6TrqMf0HX1g7qefkjX1w/rBrqhbqQb6yb6Ed1UP6qb6ea6hX5Mt9SP61b6Cd1aP6nb6Kd0W/20bqef0e31s7qDfk531J10Z/2TvqiD7qq76e66h+6pX9S9dG/dR/fV/fRLur9+WQ/Qr+iBepAerF/VQ/Rreqh+XQ/Tw/UI/YYeqUfp0XqMHqvH6fH6TT1Bv6Un6rf1JD1ZT9EaAKbrPr+ONPu/kf/W3+RP1dP0dD3g56tv0Vv1R3qb3q536J16l96t9+g9eq/eq/fpfXq/3q8P6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvzwEYNMpoY0xk0pn0JsVkMBnNVSaTudpkNllMwlxjspprTTZznclucpicJpfJbfKYvMYaMs6wiU0+k98kzfWmgLnBFDSFTGFTxHhT1BQzN/7T+X80vyamiWlqmppmpplpYVqYlqalaWVamdamtWlj2pi2pq1pZ9qZ9qa96WA6mI6mo+lsOpsuposJANDddDc9zYuml+lt+pi+pp95yfQ3/c0AM8AMNAPNYDPYDDFDzFAz1Awzw8wIM8KMNCPNaDPajDVjzXgz3kwwE8xEM9FMMpPMFDPFTDPTzAwzw8w0M81sM9vMMXPMXDPXzDfzzUKz0Cwyi0yqSTVLzBKz1Cwzy8wKs8KsMqvMGrPGrDPrzAazwWwym8xS89s3aO4wO8wus8vsMXvMXrPX7DP7zH6z3xwwB8xBc9AcMofMYXPYHDFHzFFz1Bwzx8xxc9ycMCfMKXPKnDanzRlzxpwz58x5c95cMBfMRXPx0se+SEUqMpGJ0kXpopQoJcoYZYwyRZmizFHmKBEloqxR1ihbdF2UPcoR5YxyRbmjPFHeyEYUuYijOMoX5Y+S0fVRgeiGqGBUKCocFYl8VDQqFt0YFY9uikpEN0clo1uiUtGtUemoTFQ2KhfdFpWPbo8qRHdEFaM7o0pR5ahKVDW6K6oW3R1Vj+6JakT3RjWj+6Ja0f1R7ehPUZ3ogahu9GBUL3ooqh89HDWIGkaNosZRk3/p+CGcyfGo72q72e62h+1pX7S9bG/bx/a1/exLtr992Q6wr9iBdpAdbF+1Q+xrdqh93Q6zw+0I+4YdaUfZ0XaMHWvH2fH2TTvBvmUn2rftJDvZTrFT7TQ73c6w79iZdpadbd+1c+x7dq6dZ+fbBXahfd8usottqv3ALrEf2qV2mV1uV9iVdpVdbdfYtXadXW832I12k91st9it9iO7zW63O+xOu8vutnvsx3av/cTus5/a/fYze8D+2R60n9tD9gt72H5pj9iv7FH7tT1mv7HH7bf2hD1pT9nv7Gn7vT1jz9pz9gd73v5oL9if7EUbLn24v/T2ToYMpaN0lEIplJEyUibKRJkpMyUoQVkpK2WjbJSdslNOykm5KTflpbx0CRNTPspHSUpSASpABakgFabC5MlTMSpGxak4laASVJJKUikqRaWpNJWlS/uR2+h2up3uoDvoTrqTKlNlqkpVqRpVo+pUnWpQDapJNakW1aLaVJvqUB2qS3WpHtWj+lSfGlADakSNqAk1oabUlJpRM2pBLagltaRW1IpaU2tqQ22oLbWldtSO2lN76kAdqCN1pM7UmbpQF+pKXak7daee1JN6US/qQ32oH/Wj/tSfBtAAGkgDaTANpiE0hIbSUBpGw2kEvUEjaRSNpjE0lsbReBpPE2gCTaSJNIkm0RSaQtNoGs2gGTSTZtJsmk1zaA7Npbk0n+bTQlpIi2gRpVIqLaEltJSW0nJaTitpJa2m1bSW1tJ6Wk8baSNtps20lbbSNtpGO2gH7aJdtIf20F7aS/toH+2n/XSADtBBOkiH6BAdpsN0hI7QUTpKx+gYHafjdIJO4Ck6RafpNJ2hM3SOztF5+pEu0E90kQKluAwuo7vKZXJXu8wui0txGboBwF/inC6Xy+3yuLzOuuwux9/E5Jwr6Aq5wq6I866oK+Zu/F1c2pVxZV05d5sr7253FX4XV3N3u+ruHlfD3euqurv+Jq7p7nO13EOutnvY1XENXV3X2NVzD7n67mHXwDV0jVxj19I97lq5J1xr96Rr4576XbzILXZr3Tq33m1we90n7pz7wR11X7vz7kfX1XVz/dxLrr972Q1wr7iBbtDv4hHuDTfSjXKj3Rg31o37XTzFTXXT3HQ3w73jZrpZv4sXuvfdHJfq5rp5br5b8HN8aU6p7gO3xH3olrplbrlb4Va6VW61W/OXua5wm9xmt8XtcR+7bW672+F2ul1u98/xpXXsc5+6/e4zd8R95Q66z90hd8wddl/+HF9a3zH3jTvuvnUn3El3yn3nTrvv3Rl39uf1X1r7d+4nd9EFB4ysWLPhiNNxek7hDJyRr+JMfDVn5iyc4Gs4K1/L2fg6zs45OCfn4tych/OyZWLHzDHn4/yc5Ou5AN/ABbkQF+Yi7LkoF+MbuTjfxCX4Zi7Jt3ApvpVLcxkuy+X4Ni7Pt3MFvoMr8p1ciStzFa7Kd3E1vpur8z1cg+/lmnwf1+L7uTb/ievwA1yXH+R6/BDX54e5ATfkRtyYm/Aj3JQf5WbcnFvwY9ySH+dW/AS35ie5DT/FbflpbsfPcHt+ljvwc9yRO3Fnfp678Avclbtxd+7BPflF7sW9uQ/35X78Evfnl3kAv8IDeRAP5ld5CL/GQ/l1HsbDeQS/wSN5FI/mMTyWx/F4fpMn8Fs8kd/mSTyZp/BUnsbTeQa/wzN5Fs/md3kOv8dzeR7P5wW8kN/nRbyYU/kDXsIf8lJexst5Ba/kVbya1/BaXsfreQNv5E28mbfwVv6It/F23sE7eRfv5j38Me/lT3gff8r7+TM+wH/mg/w5H+Iv+DB/yUf4Kz7KX/Mx/oaP87d8gk/yKf6OT/P3fIbP8jn+gc/zj3yBf+KLHBhijFWsYxNHcbo4fZwSZ4gzxlfFmeKr48xxljgRXxNnja+Ns8XXxdnjHHHOOFecO84T541tTLGLOY7jfHH+OBlfHxeIb4gLxoXiwnGR2MdF42LxjXHx+Ka4RHxzXDK+JS4V3xqXjsvEZeNy8W1x+fj2uEJ8R1wxvjOuFFeOq8RV47viavHdcfX4nrhGfG9cIr4vrhXfH9eO/xTXiR+I68YPxvXih+L68cNxg7hh3ChuHDeJH4mbxo/GzeLmcYv4sbhl/HjcKn4ibh0/GbeJn/rD/u5xj7hn/GL8YhzCPXp+ckFyYfL95KLk4mRq8oPkkuSHyaXJZcnlyRXJlclVydXJNcm1yXXJ9ckNyY3JTcnNyS3JEKqmB49eee2Nj3w6n96n+Aw+o7/KZ/JX+8w+i0/4a3xWf63P5q/z2X0On9Pn8rl9Hp/XW0/eefaxz+fz+6S/3hfwN/iCvpAv7It474v6Yr6xb+Kb+Kb+Ud/MN/ct/GP+Mf+4f9w/4Z/wT/o2/inf1j/t2/lnfHv/rH/WP+c7+k6+s3/ed/Ev+K6+m+/uu/uevqfv5Xv5Pr6P7+f7+f6+vx/gB/iBfqAf7Af7IX6IH+qH+mF+mB/hR/iRfqQf7Uf7sX6sH+/H+wl+gp/oJ/pJfpKf4qf4aX6an+Fn+Jl+pp/tZ/s5fo6f6+f6+X6+X+gX+kV+kU/1qX6JX+KX+qV+uV/uV/qVfrVf7df6tX69X+83+o1+s9/st/qtfpvf5nf4HX6X3+X3+D1+r9/r9/l9fr/f7w/4A/6gP+gP+S/8Yf+lP+K/8kf91/6Y/8Yf99/6E/6kP+W/86f99/6MP+vP+R/8ef+jv+B/8hd98OMTbyYmJN5KTEy8nZiUmJyYkpiamJaYnpiReCcxMzErMTvxbmJO4r3E3MS8xPzEgsTCxPuJRYnFidTEB4kliQ8TSxPLEssTKxIrE6sSIeTZFod8IX9IhutDgXBDKBgKhcKhSPChaCgWbgzFw02hRLg5lAy3hFLh1lA6lAllw8OhQWgYGoXGoUl4JDQNj4ZmoXloER4LLcPjoVV4IrQOT4Y24anQNjwd2oVnQvvwbOgQngsdQ6fQOTwfuoQXQtfQLXQPPULP8GLoFXqHPqFv6BdeCv3Dy2FAeCUMDIPC4PBqGBJeC0PD62FYGB5GhDfCyDAqjA5jwtgwLowPb4YJ4a0wMbwdJoXJYUqYGqaF6WFGeCfMDLPC7PBumBPeC3PDvDA/LAgLw/thUVgcUsMHYUn4MCwNy8LysCKsDKvC6rAmrA3rwvqwIWwMm8LmsCVsDR+FbWF72BF2hl1hd9gTPg57wydhX/g07A+fhQPhz+Fg+DwcCl+Ew+HLcCR8FY6Gr8Ox8E04Hr4NJ8LJcCp8F06H78OZcDacCz+E8+HHcCH8FC7Kz6wJIYQQQvy36D/o7+H+fo76td0TAK7enuvwf+3fmP2Xdu/0uVsmAODJbh0e+O2oVKl79+6/nrtUQ5R/HgAkLueng8vxMmgBj0NraA7F/9Kf8lfX6q06nec/GD95C0DGv8q5lP9bfHn8m/7u+nurUXP+cPx5AAXzX87JAJfjy+OX+L+Mn6PpH4yf4fPxAM3+KicTXI4vj18MHoWnoPXfnCmEEEIIIYQQQvyityrb7o/2t5f257nN5Zz0cDn+e/tzIYQQQgghhBBC/M/yTKfOTzzSunXzdtL4dzVCll+e6v8p85GGNH5ppADAL//S49eXg78650q+KgkhhBBCCCH+HS7vB670TIQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiLTr/8dvGvvtWn/0twaFEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEKI/1T/JwAA//+sCjTX") mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) syz_mount_image$ext4(0x0, &(0x7f00000003c0)='./mnt\x00', 0x810, 0x0, 0x0, 0x0, &(0x7f0000000000)) chdir(&(0x7f0000000240)='./file0\x00') r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000340)='.\x00', 0xa50003d1) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@newqdisc={0x48, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x48}}, 0x0) 11.067433762s ago: executing program 4: sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) eventfd(0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x9}, 0x1c) bind$inet6(r2, &(0x7f00000001c0)={0xa, 0x4e22}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x200008d4, &(0x7f000072e000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="fc000000190001000000000000000000e0000001000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000668b649b8bdb9a5a00000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500ac141400000000000000000000000000000000003c000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b2771825ee1cc99f969f4a3b3432652e624d868398401859faee8ed783c6b13bb031916c2f7707ad7b6c810c576aaca58e3f83d26c1a3990712e03225961362e3172a17c343a3a4b59da46353dddffe7b79"], 0xfc}}, 0x0) sendto$inet6(r2, &(0x7f0000000080)='w', 0x1, 0x0, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x2}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x36, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kfree\x00'}, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'syz_tun\x00'}) socket$inet6_sctp(0xa, 0x0, 0x84) listen(r4, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0) 8.708058167s ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0xffffffffffffffff}], 0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 8.203675934s ago: executing program 4: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000980)={[{@nombcache}, {@sysvgroups}, {@norecovery}, {@grpid}, {@norecovery}]}, 0x9, 0x60b, &(0x7f00000001c0)="$eJzs3c1vVOUaAPDnTKcftPfeFnJz7+UupIkxkCgtLWCIMRHilhD82LmqtBCkUEJrtEhiSXCjMW5cmLhyIf4XSuLWhVsXblwZksYYFmJQxpzpmTofnTKdzkfb+f2SQ99zDnPe5ww8fd955z3nBNCzxtM/chEHI+J6EjFati8f2c7xtb/34NdbF9IliULhtV+SuPV+slJ+rCT7OZK9+M/RSL7PRRzoq613cfnmlZn5+bkb2frk0tXrk4vLN49evjpzae7S3LXp56dPnTxx8tTUsW2dX76sfPbOW++MfnjujS8/f5RMffXjuSROx+MstvS8ql87uK2a0/dsPAprHlbHdGqbx94pfhutfI9TSfUGdqyL2f/H/oj4b4xGX9m/5mh88EpXgwPaqpBEqY0Cek7SVP4PtT4QoMNK/YDSZ/uNPgfXyrW5VwJ0wuqZtQGAtdzvj4hS/ufXxgZjqDg2MPwgqRjnSSJieyNza9I6vvv23J10iTrjcEB7rNwujXJXt/9JMTfHYqi4NvwgV5H/ubIl3f5qk/WPV63Lf+icldsR8b+s/R+IpvP/zSbrl/8AAAAAAADQOvfORMRzG83/y63P/xnYYP7PSEScbkH9T/7+L3c/KyQtqA4os3om4sWa+b9/lM8OHuvLvuf/Z3E+QH/u4uX5uWMR8a+IOBL9g+n6VOVhKyYIH/34wGf16i+f/5cuaf2luYDZoe7nqy7EnZ1ZmmnN2UNvW70d8f/i/N9D2ZbK+T9p+5/UtP8fvZwm+PUG6zjwzN3z9fY9Of+Bdil8EXF4w+t//u5uJ5vfn2Oy2B+YLPUKaj313idf16tf/kP3pO3/8Ob5P5iU369ncWvHH4iI48v5Qr39zfb/B5LX+0rHT707s7R0YypiIDlbu316azHDXlXKh1K+pPl/5OnNx//W+/9lebgvIlYarPM/j0d+qrdP+w/dk+b/7Obt/1hl+7/VwlBM3x37JrvFWI3zDbX/J4pt+pFsi/E/KFd7P45GE7Qr4QIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADALpeLiH9EkptYL+dyExMRIxHx7xjOzS8sLj17ceHta7Ppvsrn/4+urSel5/+Pla1PV60fj4j9EfFp377i+sSFhfnZbp88AAAAAAAAAAAAAAAAAAAA7BAjxWv+C4PV1/+nfu7rdnRA2+Wzn/Idek++6VcWBlsaCNBxzec/sNs1nv/9bY0D6Lz6+f/wUaGoo+EAHaT/D72ryfz3dQHsAdp/6FUNjukNtTsOoBsabv9X2xsHAAAAAADQEvsP3fshiYiVF/YVl9RAts9kf9jbct0OAOgac3ihd+UXuh0B0C0+4wPJeun3DS/2rz/7P2lPQAAAAAAAAAAAAABAjcMHXf8PvSoXsckjvM3th71sk+v/N0p+twuAPaT+oz8aafsTPQTYxXzGB57Ujrv+HwAAAAAAAAAAAAB2gKGbV2bm5+duLC7vvsJLOyOMrRVWZnZEGC0tPG7PkfsjYmecYKcLpVtwdDGMLv9eAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1v0VAAD//wwXMFk=") r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) pipe(0x0) syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000402505a1a4400000000101090244"], 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2}) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) 6.173045867s ago: executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') fchdir(r0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r1, 0xfffffffffffffffd, 0x58) 6.150862521s ago: executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) read$FUSE(0xffffffffffffffff, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) open$dir(0x0, 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r1, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0x0) 6.087949651s ago: executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000e00)={&(0x7f0000000980)='sys_exit\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x1d, 0x0, 0x0) 6.031758699s ago: executing program 1: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xfa, 0xcf, 0x1, 0x40, 0x56e, 0x4010, 0x201c, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x91, 0x55, 0xe7}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000680)={0x0, 0x0, 0x1, '$'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000180)={0x0, 0x0, 0x2, "f252"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000a40)={0x44, &(0x7f0000000840)={0x0, 0x0, 0x1, "ca"}, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)={0x20, 0x83, 0x1, "b1"}, &(0x7f00000009c0)={0x20, 0x84, 0x1, "06"}, 0x0}) 5.969203009s ago: executing program 4: syz_emit_ethernet(0x3b8, 0x0, 0x0) shmat(0x0, &(0x7f0000001000/0x3000)=nil, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f0000000240)=ANY=[], 0xfd, 0x11f3, &(0x7f0000001b80)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) ftruncate(r0, 0x100c17a) syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902"], 0x0) truncate(&(0x7f0000000000)='./file2\x00', 0x0) 3.569301459s ago: executing program 4: bind$netlink(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) write$uinput_user_dev(r0, &(0x7f00000007c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_PROPBIT(r0, 0x5501, 0x0) write$input_event(r0, &(0x7f00000005c0), 0x200005d8) write$input_event(r0, &(0x7f0000000440), 0x18) timer_create(0x0, &(0x7f0000000780)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) r1 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) tkill(r1, 0x14) 2.988005319s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 2.91480681s ago: executing program 3: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0xffffffffffffffff}], 0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 2.846176771s ago: executing program 1: syz_emit_ethernet(0x3b8, 0x0, 0x0) shmat(0x0, &(0x7f0000001000/0x3000)=nil, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f0000000240)=ANY=[], 0xfd, 0x11f3, &(0x7f0000001b80)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) ftruncate(r0, 0x100c17a) syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902"], 0x0) truncate(&(0x7f0000000000)='./file2\x00', 0x0) 2.58738362s ago: executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) poll(0x0, 0x0, 0x1402) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) openat(0xffffffffffffffff, 0x0, 0x664001, 0x5) 2.209127879s ago: executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8) readv(r1, 0x0, 0x0) close(r1) openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TCGETS(0xffffffffffffffff, 0x5451, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_sigreturn() timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) semctl$IPC_SET(0x0, 0x0, 0x1, 0x0) 2.07335523s ago: executing program 0: timer_create(0x0, &(0x7f0000000080)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r0, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf32(r1, &(0x7f0000000240)=ANY=[], 0xfffffdb6) sendmmsg$unix(r1, &(0x7f0000000700)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000b80)="81", 0x1}], 0x1, 0xffffffffffffffff}}], 0x1, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system', 0x0, 0x0) r3 = socket(0x1, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) bind$unix(r4, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r4, 0x0) r5 = socket(0x1, 0x5, 0x0) dup3(r4, r5, 0x0) accept4$unix(r5, 0x0, 0x0, 0x0) recvmsg$inet_nvme(r3, &(0x7f00000014c0)={&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, 0x0}, 0x0) close(r6) rt_sigreturn() openat$urandom(0xffffffffffffff9c, &(0x7f0000001640), 0x0, 0x0) socketpair(0x1, 0x5, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000001640), 0x2, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r7, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x1c9c380}}, 0x0) ioctl$FIOCLEX(r2, 0x5451) 1.798211232s ago: executing program 0: eventfd(0x0) close(0xffffffffffffffff) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}, 0x0) close(r2) ioctl$sock_SIOCSPGRP(r0, 0x5450, 0x0) 1.173849469s ago: executing program 2: socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x5) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, 0x0, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) getsockopt$inet_pktinfo(r1, 0x0, 0x31, 0x0, &(0x7f0000000240)) 1.086632592s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = socket$inet6(0xa, 0x80002, 0x88) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6}]}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000000002100000002ff02000000000000000000000000000104004e20"], 0x0) 1.011426364s ago: executing program 2: setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 907.27272ms ago: executing program 0: r0 = memfd_create(&(0x7f0000000500)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90k\x96\x05\r\x84\x87\x1c\b\x8c`\xea)A\x90m\xb6&\xd0\x9d\xb8\x7f\xc6W\x81\xb7\xf9\xbd\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff\xd6\xf2\xfe\xf3]\x15&\x97]mC\v\f\n\x1f\xe2\t\x14\x84\xe0\xa4\xda\xe7\xe8\xd5ue\xf4\xf8\xde\xf3\x00q?[\xba=\x1a\xb2\xdf]\xc0\xeb\x16\xe4\x7f\x17o\x1b\xa4M\xafa\xc7tR?3hH\x18\xc9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcd\xe3\xb5\xd6\xed1\x10\x8d\x87N\x9c8\xfd\xd0t\xe6?\x9c\x95`\xfc_\'N\x90\xb7\xb5\x0f\xeb\x17{\x1fu\'\xb4=\xbcO@AP1\x9d\x1b\xba%\xca!\x0eRsGT\xdf\xd8;\x9ea\xd0\x01\x0eq~\x00\xfbh\xf7\xc8\x97\\\xc0\\\x17', 0x0) userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc020aa00, 0x0) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc018aa06, 0x0) tkill(0x0, 0x0) ftruncate(r0, 0x80079a0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x6, 0x2012, r0, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000001c0)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa07, &(0x7f0000000040)={{&(0x7f000030e000/0x2000)=nil, 0x2000}}) 666.285127ms ago: executing program 2: r0 = gettid() timer_create(0x1, &(0x7f0000004080)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_script(r1, &(0x7f0000000340), 0xffffff46) sendmsg$unix(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)}, 0x0) inotify_init() close(r1) rt_sigreturn() timer_settime(0x0, 0x1, &(0x7f0000000080)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) syz_socket_connect_nvme_tcp() r2 = signalfd(0xffffffffffffffff, 0x0, 0x0) readv(r2, 0x0, 0x0) fchmod(0xffffffffffffffff, 0xa) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0x5451, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r3, 0x5451, 0x0) eventfd2(0x0, 0x0) fchdir(0xffffffffffffffff) r4 = mq_open(&(0x7f0000000100)=',>\\#\x00Zs\xd4\x00'/25, 0x40, 0x0, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r4, 0x5451) r5 = mq_open(&(0x7f0000000040)='*.)\x00', 0x40, 0x0, 0x0) ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r5, 0x5451, 0x0) 551.618005ms ago: executing program 2: pipe(&(0x7f0000001300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) write$P9_RRENAMEAT(r1, 0x0, 0x0) 516.88594ms ago: executing program 1: futex(&(0x7f0000000700)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) rt_sigreturn() timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) syz_read_part_table(0x401f, &(0x7f0000000000)="$eJzs0DEOAUEUBuB/NqKgUbuERk2UjrKNTqLRuIrKMSQaB3EBJ9CMZElIVuv7mvlnMjMv741vp1WSMttu2l1eNJ28bJKSZF73Jf/nvedrsjgnGfX5pDvUtPcvNycfzveHGoZ96j4N6ro+Ti+/vAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAwAAACDM3zqP9gMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEsBAAD//4IoCls=") pipe2$9p(&(0x7f0000004080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r0, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838) write$P9_RSYMLINK(r0, 0x0, 0x0) 481.772806ms ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) 451.86874ms ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 307.497522ms ago: executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x989680}}, 0x0) pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r1, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838) r2 = dup(r1) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write$P9_RUNLINKAT(r2, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) close(r3) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/class/dmi', 0x0, 0x0) dup3(r3, r2, 0x0) 180.357332ms ago: executing program 3: futex(&(0x7f0000000700)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) rt_sigreturn() timer_create(0x0, &(0x7f0000004040)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000004080)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) syz_read_part_table(0x401f, &(0x7f0000000000)="$eJzs0DEOAUEUBuB/NqKgUbuERk2UjrKNTqLRuIrKMSQaB3EBJ9CMZElIVuv7mvlnMjMv741vp1WSMttu2l1eNJ28bJKSZF73Jf/nvedrsjgnGfX5pDvUtPcvNycfzveHGoZ96j4N6ro+Ti+/vAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAwAAACDM3zqP9gMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEsBAAD//4IoCls=") pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r0, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838) r1 = dup(r0) recvmmsg(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) write$FUSE_POLL(r1, 0x0, 0x0) 90.905206ms ago: executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) mount$tmpfs(0x0, 0x0, &(0x7f0000000100), 0x0, 0x0) open(0x0, 0x0, 0x0) setxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f00000003c0)={0x0, 0x22, 0x22, {[@global=@item_4={0x3, 0x1, 0x0, "d24467f9"}, @main=@item_012={0x2, 0x0, 0xa, "0be0"}, @global=@item_4={0x3, 0x1, 0x0, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x0, "9000"}, @local=@item_4={0x3, 0x2, 0x0, "8a8118af"}, @main=@item_012={0x0, 0x0, 0x1b}, @local=@item_4={0x3, 0x2, 0x0, "72479ad4"}, @local=@item_4={0x3, 0x2, 0x0, "e598a6ca"}, @main=@item_012={0x1, 0x0, 0x0, '}'}]}}, 0x0}, 0x0) 0s ago: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x5) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, 0x0, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) getsockopt$inet_pktinfo(r1, 0x0, 0x31, 0x0, &(0x7f0000000240)) kernel console output (not intermixed with test programs): ses=4294967295 subj=unconfined pid=4404 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3e6d6aaf69 code=0x7ffc0000 [ 104.559124][ T1290] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.671871][ T25] audit: type=1326 audit(1717664250.147:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4404 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e6d6aaf69 code=0x7ffc0000 [ 104.693381][ T1290] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.720549][ T1290] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 104.758852][ T1290] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 104.806113][ T25] audit: type=1326 audit(1717664250.147:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4404 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e6d6aaf69 code=0x7ffc0000 [ 104.833468][ T1290] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 104.881745][ T25] audit: type=1326 audit(1717664250.217:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4404 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3e6d6aaf69 code=0x7ffc0000 [ 104.896369][ T1290] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 104.942608][ T25] audit: type=1326 audit(1717664250.217:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4404 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e6d6aaf69 code=0x7ffc0000 [ 104.965652][ T1290] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 105.004832][ T25] audit: type=1326 audit(1717664250.217:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4404 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e6d6aaf69 code=0x7ffc0000 [ 105.028328][ T25] audit: type=1326 audit(1717664250.217:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4404 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f3e6d6aaf69 code=0x7ffc0000 [ 105.039143][ T1290] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 105.113174][ T1290] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 105.121301][ T1290] usb 5-1: SerialNumber: syz [ 105.180948][ T1290] cdc_acm: probe of 5-1:1.0 failed with error -12 [ 105.185294][ T4392] loop0: detected capacity change from 0 to 40427 [ 105.233449][ T4392] F2FS-fs (loop0): Invalid log blocks per segment (5) [ 105.242755][ T4392] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 105.262771][ T4414] loop2: detected capacity change from 0 to 1024 [ 105.298329][ T4392] F2FS-fs (loop0): Found nat_bits in checkpoint [ 105.332215][ T4414] EXT4-fs (loop2): Ignoring removed orlov option [ 105.364670][ T4414] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 105.437644][ T4392] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 105.448257][ T4392] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 105.485294][ T4414] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 105.531490][ T4392] attempt to access beyond end of device [ 105.531490][ T4392] loop0: rw=2049, want=53256, limit=40427 [ 105.544141][ T4392] attempt to access beyond end of device [ 105.544141][ T4392] loop0: rw=2049, want=78224, limit=40427 [ 105.587249][ T3538] attempt to access beyond end of device [ 105.587249][ T3538] loop0: rw=2049, want=45104, limit=40427 [ 105.683940][ T4410] loop3: detected capacity change from 0 to 32768 [ 105.844964][ T4410] XFS (loop3): Mounting V5 Filesystem [ 105.923359][ T4410] XFS (loop3): Ending clean mount [ 105.943931][ T4410] XFS (loop3): Quotacheck needed: Please wait. [ 106.015846][ T4410] XFS (loop3): Quotacheck: Done. [ 106.080918][ T3537] XFS (loop3): Unmounting Filesystem [ 106.281565][ T4440] loop0: detected capacity change from 0 to 512 [ 106.352561][ T4440] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 106.397823][ T4440] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 106.429137][ T4440] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 106.467323][ T4440] EXT4-fs (loop0): 1 truncate cleaned up [ 106.487682][ T3915] usb 5-1: USB disconnect, device number 3 [ 106.494419][ T4440] EXT4-fs (loop0): mounted filesystem without journal. Opts: nomblk_io_submit,usrjquota="errors=continue,noload,data_err=ignore,grpjquota="errors=continue,errors=remount-ro,jqfmt=vfsv1,. Quota mode: writeback. [ 106.553267][ T4444] loop4: detected capacity change from 0 to 2048 [ 106.577400][ T4440] EXT4-fs error (device loop0): ext4_map_blocks:601: inode #2: block 4: comm syz-executor.0: lblock 0 mapped to illegal pblock 4 (length 1) [ 106.652536][ T4440] EXT4-fs (loop0): Remounting filesystem read-only [ 106.683472][ T4444] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 106.849125][ T4431] loop2: detected capacity change from 0 to 40427 [ 106.900451][ T25] kauditd_printk_skb: 46 callbacks suppressed [ 106.900463][ T25] audit: type=1326 audit(1717664252.507:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000 [ 107.669182][ T4431] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 107.679151][ T4431] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 107.707744][ T4431] F2FS-fs (loop2): invalid crc value [ 107.828671][ T4431] F2FS-fs (loop2): Found nat_bits in checkpoint [ 107.855843][ T25] audit: type=1326 audit(1717664253.307:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000 [ 107.944770][ T25] audit: type=1326 audit(1717664253.307:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000 [ 107.967712][ T4431] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 107.976110][ T4431] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 108.044246][ T25] audit: type=1326 audit(1717664253.307:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000 [ 108.090578][ T4477] loop0: detected capacity change from 0 to 1024 [ 108.134641][ T25] audit: type=1326 audit(1717664253.307:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000 [ 108.189585][ T4474] loop1: detected capacity change from 0 to 4096 [ 108.212568][ T4477] EXT4-fs (loop0): Ignoring removed orlov option [ 108.244294][ T4477] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 108.272078][ T25] audit: type=1326 audit(1717664253.307:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000 [ 108.313574][ T4158] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 108.331824][ T4477] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 108.354328][ T4158] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 108.370286][ T25] audit: type=1326 audit(1717664253.307:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000 [ 108.563023][ T25] audit: type=1326 audit(1717664253.307:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000 [ 108.605607][ T25] audit: type=1326 audit(1717664253.307:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000 [ 108.786853][ T25] audit: type=1326 audit(1717664253.307:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efc8aef36e7 code=0x7ffc0000 [ 108.980355][ T4464] loop4: detected capacity change from 0 to 32768 [ 109.191787][ T4464] XFS (loop4): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 109.221592][ T4464] XFS (loop4): Quotacheck needed: Please wait. [ 109.944709][ T4464] XFS (loop4): Quotacheck: Done. [ 109.997651][ T3532] XFS (loop4): Unmounting Filesystem [ 110.063240][ T3916] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 110.349033][ T3916] usb 2-1: Using ep0 maxpacket: 16 [ 110.500497][ T3916] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 110.517414][ T3916] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 110.528368][ T3916] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 110.539089][ T4484] loop0: detected capacity change from 0 to 32768 [ 110.543176][ T3916] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 110.556006][ T3916] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 110.573282][ T3916] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 110.583828][ T3916] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 110.663108][ T4484] XFS (loop0): Mounting V5 Filesystem [ 110.709268][ T3916] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 110.737196][ T3916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 110.743546][ T4484] XFS (loop0): Ending clean mount [ 110.745934][ T3916] usb 2-1: SerialNumber: syz [ 110.771550][ T4484] XFS (loop0): Quotacheck needed: Please wait. [ 110.807799][ T3916] cdc_acm: probe of 2-1:1.0 failed with error -12 [ 110.836803][ T4484] XFS (loop0): Quotacheck: Done. [ 110.865076][ T4513] loop3: detected capacity change from 0 to 512 [ 110.916024][ T3538] XFS (loop0): Unmounting Filesystem [ 110.964718][ T4513] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 111.042412][ T4513] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 111.051143][ T4513] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 111.051213][ T4500] loop2: detected capacity change from 0 to 32768 [ 111.065442][ T4513] EXT4-fs (loop3): 1 truncate cleaned up [ 111.084691][ T4513] EXT4-fs (loop3): mounted filesystem without journal. Opts: nomblk_io_submit,usrjquota="errors=continue,noload,data_err=ignore,grpjquota="errors=continue,errors=remount-ro,jqfmt=vfsv1,. Quota mode: writeback. [ 111.142961][ T4500] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz-executor.2 (4500) [ 111.201812][ T4500] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 111.223164][ T4513] EXT4-fs error (device loop3): ext4_map_blocks:601: inode #2: block 4: comm syz-executor.3: lblock 0 mapped to illegal pblock 4 (length 1) [ 111.269470][ T4500] BTRFS info (device loop2): using free space tree [ 111.276013][ T4500] BTRFS info (device loop2): has skinny extents [ 111.300019][ T4513] EXT4-fs (loop3): Remounting filesystem read-only [ 111.436546][ T4521] loop4: detected capacity change from 0 to 2048 [ 111.475459][ T4529] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 111.546920][ T4500] BTRFS info (device loop2): enabling ssd optimizations [ 111.621094][ T4521] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 113.318895][ T25] kauditd_printk_skb: 68 callbacks suppressed [ 113.318909][ T25] audit: type=1326 audit(1717664258.917:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4525 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdd0086c3b9 code=0x7ffc0000 [ 113.369652][ T1290] usb 2-1: USB disconnect, device number 4 [ 113.477952][ T25] audit: type=1326 audit(1717664258.957:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4525 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd008a8f69 code=0x7ffc0000 [ 113.559058][ T25] audit: type=1326 audit(1717664258.957:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4525 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdd008a66e7 code=0x7ffc0000 [ 113.610161][ T4551] loop0: detected capacity change from 0 to 4096 [ 113.636355][ T25] audit: type=1326 audit(1717664258.957:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4525 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdd0086c3b9 code=0x7ffc0000 [ 113.647717][ T4555] loop4: detected capacity change from 0 to 1024 [ 113.688585][ T4553] loop3: detected capacity change from 0 to 4096 [ 113.694440][ T25] audit: type=1326 audit(1717664258.967:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4525 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd008a8f69 code=0x7ffc0000 [ 113.726769][ T4555] EXT4-fs (loop4): Ignoring removed orlov option [ 113.747548][ T4555] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 113.762503][ T4553] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512) [ 113.829968][ T4555] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 113.932824][ T25] audit: type=1800 audit(1717664259.537:147): pid=4555 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 114.047860][ T4549] loop1: detected capacity change from 0 to 40427 [ 114.190902][ T4574] loop3: detected capacity change from 0 to 128 [ 114.207380][ T4549] F2FS-fs (loop1): Found nat_bits in checkpoint [ 114.254158][ T4574] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 114.392800][ T4549] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 114.468185][ T4567] loop2: detected capacity change from 0 to 40427 [ 114.512674][ T4567] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 114.531647][ T4567] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 114.539476][ T4549] F2FS-fs (loop1): Inconsistent error blkaddr:5633, sit bitmap:0 [ 114.571537][ T4567] F2FS-fs (loop2): invalid crc value [ 114.585106][ T4549] CPU: 1 PID: 4549 Comm: syz-executor.1 Not tainted 5.15.160-syzkaller #0 [ 114.593623][ T4549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 114.603662][ T4549] Call Trace: [ 114.606941][ T4549] [ 114.609870][ T4549] dump_stack_lvl+0x1e3/0x2d0 [ 114.614549][ T4549] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 114.620165][ T4549] ? f2fs_get_next_page_offset+0x6c0/0x6c0 [ 114.625959][ T4549] ? unlock_page+0x188/0x200 [ 114.630531][ T4549] f2fs_is_valid_blkaddr+0xc61/0x1270 [ 114.635896][ T4549] f2fs_get_read_data_page+0x35a/0x6b0 [ 114.641346][ T4549] ? f2fs_get_block+0x310/0x310 [ 114.646199][ T4549] ? __lock_acquire+0x1295/0x1ff0 [ 114.651208][ T4549] f2fs_find_data_page+0x1d7/0x620 [ 114.656304][ T4549] f2fs_readdir+0x553/0xef0 [ 114.660811][ T4549] ? f2fs_fill_dentries+0xd60/0xd60 [ 114.666000][ T4549] ? __fdget_pos+0x2cb/0x380 [ 114.670574][ T4549] ? f2fs_fill_dentries+0xd60/0xd60 [ 114.675755][ T4549] ? iterate_dir+0x10a/0x570 [ 114.680325][ T4549] ? fsnotify_perm+0x438/0x5a0 [ 114.685071][ T4549] iterate_dir+0x224/0x570 [ 114.689471][ T4549] ? f2fs_fill_dentries+0xd60/0xd60 [ 114.694650][ T4549] __se_sys_getdents+0x1e8/0x4c0 [ 114.699674][ T4549] ? __x64_sys_getdents+0x80/0x80 [ 114.704684][ T4549] ? fillonedir+0x4b0/0x4b0 [ 114.709178][ T4549] ? syscall_enter_from_user_mode+0x2e/0x240 [ 114.715291][ T4549] ? lockdep_hardirqs_on+0x94/0x130 [ 114.720478][ T4549] ? syscall_enter_from_user_mode+0x2e/0x240 [ 114.726442][ T4549] do_syscall_64+0x3b/0xb0 [ 114.730840][ T4549] ? clear_bhb_loop+0x15/0x70 [ 114.735506][ T4549] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 114.741399][ T4549] RIP: 0033:0x7f3e6d6aaf69 [ 114.745797][ T4549] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 114.765382][ T4549] RSP: 002b:00007f3e6c2240c8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 114.773801][ T4549] RAX: ffffffffffffffda RBX: 00007f3e6d7e1f80 RCX: 00007f3e6d6aaf69 [ 114.781755][ T4549] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 114.789706][ T4549] RBP: 00007f3e6d7086fe R08: 0000000000000000 R09: 0000000000000000 [ 114.797661][ T4549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.805631][ T4549] R13: 000000000000000b R14: 00007f3e6d7e1f80 R15: 00007ffeec554158 [ 114.813601][ T4549] [ 114.840477][ T4567] F2FS-fs (loop2): Found nat_bits in checkpoint [ 114.968434][ T4567] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 114.975655][ T4567] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 115.089964][ T1485] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 115.206931][ T4158] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 115.235354][ T4158] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 115.534657][ T4589] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 115.587210][ T4570] loop0: detected capacity change from 0 to 32768 [ 115.703542][ T4570] XFS (loop0): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 115.808915][ T4570] XFS (loop0): Quotacheck needed: Please wait. [ 115.901028][ T4570] XFS (loop0): Quotacheck: Done. [ 115.929989][ T4605] loop1: detected capacity change from 0 to 128 [ 115.955502][ T3538] XFS (loop0): Unmounting Filesystem [ 116.050868][ T4605] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 116.102901][ T4605] ext4 filesystem being mounted at /root/syzkaller-testdir3280181984/syzkaller.kJjv93/70/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 116.172032][ T4610] loop2: detected capacity change from 0 to 2048 [ 116.257062][ T4610] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 118.369219][ T3582] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 118.780406][ T3582] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.959394][ T3582] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 118.974413][ T3582] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.996941][ T3582] usb 3-1: Product: syz [ 119.014256][ T3582] usb 3-1: Manufacturer: syz [ 119.036335][ T3582] usb 3-1: SerialNumber: syz [ 119.472135][ T4703] loop1: detected capacity change from 0 to 1024 [ 119.488529][ T4624] loop0: detected capacity change from 0 to 32768 [ 119.554683][ T4703] EXT4-fs (loop1): Ignoring removed orlov option [ 119.561343][ T4624] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor.0 (4624) [ 119.579395][ T4703] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 119.648044][ T4624] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 119.661496][ T4624] BTRFS info (device loop0): using free space tree [ 119.679589][ T4703] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 119.729529][ T4624] BTRFS info (device loop0): has skinny extents [ 119.813801][ T25] audit: type=1800 audit(1717664265.417:148): pid=4713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 119.934931][ T4624] BTRFS info (device loop0): enabling ssd optimizations [ 119.959398][ T4661] loop3: detected capacity change from 0 to 32768 [ 120.035812][ T4661] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 scanned by syz-executor.3 (4661) [ 120.111530][ T4661] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 120.124586][ T4661] BTRFS info (device loop3): using free space tree [ 120.132204][ T4661] BTRFS info (device loop3): has skinny extents [ 120.145071][ T4728] loop1: detected capacity change from 0 to 2048 [ 120.233316][ T4728] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 120.251236][ T25] audit: type=1804 audit(1717664265.857:149): pid=4624 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3265105875/syzkaller.hM9UpK/61/file1/bus" dev="loop0" ino=263 res=1 errno=0 [ 120.517069][ T4661] BTRFS info (device loop3): enabling ssd optimizations [ 121.289649][ T3582] cdc_ncm 3-1:1.0: failed GET_NTB_PARAMETERS [ 121.302745][ T3582] cdc_ncm 3-1:1.0: bind() failure [ 121.342098][ T3582] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 121.367834][ T3582] cdc_ncm 3-1:1.1: bind() failure [ 121.411507][ T3582] usb 3-1: USB disconnect, device number 2 [ 122.695451][ T4792] loop4: detected capacity change from 0 to 1024 [ 122.742868][ T4792] EXT4-fs (loop4): Ignoring removed orlov option [ 122.753505][ T4792] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 122.794833][ T4799] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 122.889890][ T4792] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 123.028532][ T4814] loop3: detected capacity change from 0 to 4096 [ 123.266059][ T4780] loop0: detected capacity change from 0 to 32768 [ 123.342773][ T4825] loop3: detected capacity change from 0 to 4096 [ 123.383005][ T4825] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512) [ 123.397992][ T4780] XFS (loop0): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 123.475733][ T4780] XFS (loop0): Quotacheck needed: Please wait. [ 123.580154][ T4780] XFS (loop0): Quotacheck: Done. [ 123.638302][ T3538] XFS (loop0): Unmounting Filesystem [ 123.762946][ T4823] loop4: detected capacity change from 0 to 32768 [ 123.811955][ T4823] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz-executor.4 (4823) [ 123.826623][ T4810] loop2: detected capacity change from 0 to 40427 [ 123.850834][ T4843] loop3: detected capacity change from 0 to 128 [ 123.914635][ T4843] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 123.924065][ T4823] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 123.936782][ T4810] F2FS-fs (loop2): Found nat_bits in checkpoint [ 123.955440][ T4823] BTRFS info (device loop4): using free space tree [ 123.981727][ T4823] BTRFS info (device loop4): has skinny extents [ 124.051299][ T4810] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 124.094768][ T4810] F2FS-fs (loop2): Inconsistent error blkaddr:5633, sit bitmap:0 [ 124.136025][ T4810] CPU: 0 PID: 4810 Comm: syz-executor.2 Not tainted 5.15.160-syzkaller #0 [ 124.144547][ T4810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 124.154203][ T4841] loop1: detected capacity change from 0 to 32768 [ 124.154592][ T4810] Call Trace: [ 124.154602][ T4810] [ 124.167165][ T4810] dump_stack_lvl+0x1e3/0x2d0 [ 124.171863][ T4810] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 124.177499][ T4810] ? f2fs_get_next_page_offset+0x6c0/0x6c0 [ 124.183310][ T4810] ? unlock_page+0x188/0x200 [ 124.187902][ T4810] f2fs_is_valid_blkaddr+0xc61/0x1270 [ 124.193283][ T4810] f2fs_get_read_data_page+0x35a/0x6b0 [ 124.198750][ T4810] ? f2fs_get_block+0x310/0x310 [ 124.203611][ T4810] ? __lock_acquire+0x1295/0x1ff0 [ 124.208643][ T4810] f2fs_find_data_page+0x1d7/0x620 [ 124.213760][ T4810] f2fs_readdir+0x553/0xef0 [ 124.218283][ T4810] ? f2fs_fill_dentries+0xd60/0xd60 [ 124.223484][ T4810] ? __fdget_pos+0x2cb/0x380 [ 124.228079][ T4810] ? f2fs_fill_dentries+0xd60/0xd60 [ 124.233274][ T4810] ? iterate_dir+0x10a/0x570 [ 124.237860][ T4810] ? fsnotify_perm+0x438/0x5a0 [ 124.242627][ T4810] iterate_dir+0x224/0x570 [ 124.247049][ T4810] ? f2fs_fill_dentries+0xd60/0xd60 [ 124.252250][ T4810] __se_sys_getdents+0x1e8/0x4c0 [ 124.257202][ T4810] ? __x64_sys_getdents+0x80/0x80 [ 124.262224][ T4810] ? fillonedir+0x4b0/0x4b0 [ 124.266730][ T4810] ? syscall_enter_from_user_mode+0x2e/0x240 [ 124.272709][ T4810] ? lockdep_hardirqs_on+0x94/0x130 [ 124.277912][ T4810] ? syscall_enter_from_user_mode+0x2e/0x240 [ 124.283898][ T4810] do_syscall_64+0x3b/0xb0 [ 124.288402][ T4810] ? clear_bhb_loop+0x15/0x70 [ 124.293079][ T4810] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 124.298967][ T4810] RIP: 0033:0x7f1bdffb2f69 [ 124.303376][ T4810] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 124.322972][ T4810] RSP: 002b:00007f1bdeb2c0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 124.331385][ T4810] RAX: ffffffffffffffda RBX: 00007f1be00e9f80 RCX: 00007f1bdffb2f69 [ 124.339351][ T4810] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 124.347314][ T4810] RBP: 00007f1be00106fe R08: 0000000000000000 R09: 0000000000000000 [ 124.355277][ T4810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 124.363243][ T4810] R13: 000000000000000b R14: 00007f1be00e9f80 R15: 00007ffe33eba138 [ 124.371229][ T4810] [ 124.413935][ T4823] BTRFS info (device loop4): enabling ssd optimizations [ 124.435978][ T4841] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (4841) [ 124.504513][ T4698] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 124.506004][ T4872] Cannot find add_set index 0 as target [ 124.538799][ T25] audit: type=1804 audit(1717664270.137:150): pid=4823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir1616127491/syzkaller.MZPKEp/54/file1/bus" dev="loop4" ino=263 res=1 errno=0 [ 124.571122][ T4841] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 124.581292][ T4841] BTRFS info (device loop1): using free space tree [ 124.587833][ T4841] BTRFS info (device loop1): has skinny extents [ 124.700477][ T4841] BTRFS info (device loop1): enabling ssd optimizations [ 124.812079][ T4896] loop3: detected capacity change from 0 to 128 [ 125.007049][ T4896] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 125.139157][ T4896] ext4 filesystem being mounted at /root/syzkaller-testdir147948912/syzkaller.KMlI2e/72/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 125.352784][ T4901] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 125.521865][ T4908] loop4: detected capacity change from 0 to 1024 [ 125.573458][ T4908] EXT4-fs (loop4): Ignoring removed orlov option [ 125.589118][ T4908] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 125.618170][ T4906] loop0: detected capacity change from 0 to 4096 [ 125.641076][ T4908] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 125.780413][ T4791] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 125.918923][ T4921] loop4: detected capacity change from 0 to 4096 [ 125.930831][ T4926] loop0: detected capacity change from 0 to 128 [ 125.976585][ T4921] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 125.985654][ T4926] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 126.039218][ T4791] usb 2-1: Using ep0 maxpacket: 8 [ 126.159914][ T4791] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 126.185211][ T4791] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.224866][ T4791] usb 2-1: New USB device found, idVendor=04e7, idProduct=0009, bcdDevice= 0.00 [ 126.262719][ T4791] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.281107][ T4791] usb 2-1: config 0 descriptor?? [ 126.314065][ T9] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 126.519390][ T4920] loop2: detected capacity change from 0 to 40427 [ 126.573120][ T4935] loop3: detected capacity change from 0 to 4096 [ 126.627377][ T4920] F2FS-fs (loop2): Found nat_bits in checkpoint [ 126.772211][ T4791] elo 0003:04E7:0009.0005: unknown main item tag 0x0 [ 126.779381][ T4773] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 126.804874][ T4791] elo 0003:04E7:0009.0005: unknown main item tag 0x0 [ 126.832589][ T4920] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 126.848106][ T4791] elo 0003:04E7:0009.0005: unknown main item tag 0x0 [ 126.875276][ T4791] elo 0003:04E7:0009.0005: unknown main item tag 0x0 [ 126.908125][ T4791] elo 0003:04E7:0009.0005: unknown main item tag 0x0 [ 126.950534][ T4920] F2FS-fs (loop2): Inconsistent error blkaddr:5633, sit bitmap:0 [ 126.970872][ T4791] elo 0003:04E7:0009.0005: unknown main item tag 0x0 [ 126.970958][ T4920] CPU: 1 PID: 4920 Comm: syz-executor.2 Not tainted 5.15.160-syzkaller #0 [ 126.986032][ T4920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 126.996068][ T4920] Call Trace: [ 126.999327][ T4920] [ 127.002239][ T4920] dump_stack_lvl+0x1e3/0x2d0 [ 127.006896][ T4920] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 127.012510][ T4920] ? f2fs_get_next_page_offset+0x6c0/0x6c0 [ 127.018299][ T4920] ? unlock_page+0x188/0x200 [ 127.022867][ T4920] f2fs_is_valid_blkaddr+0xc61/0x1270 [ 127.028223][ T4920] f2fs_get_read_data_page+0x35a/0x6b0 [ 127.033663][ T4920] ? f2fs_get_block+0x310/0x310 [ 127.038495][ T4920] ? __lock_acquire+0x1295/0x1ff0 [ 127.043522][ T4920] f2fs_find_data_page+0x1d7/0x620 [ 127.048616][ T4920] f2fs_readdir+0x553/0xef0 [ 127.053106][ T4920] ? f2fs_fill_dentries+0xd60/0xd60 [ 127.058280][ T4920] ? __fdget_pos+0x2cb/0x380 [ 127.062852][ T4920] ? f2fs_fill_dentries+0xd60/0xd60 [ 127.068033][ T4920] ? iterate_dir+0x10a/0x570 [ 127.072620][ T4920] ? fsnotify_perm+0x438/0x5a0 [ 127.077365][ T4920] iterate_dir+0x224/0x570 [ 127.081758][ T4920] ? f2fs_fill_dentries+0xd60/0xd60 [ 127.086942][ T4920] __se_sys_getdents+0x1e8/0x4c0 [ 127.091870][ T4920] ? __x64_sys_getdents+0x80/0x80 [ 127.096870][ T4920] ? fillonedir+0x4b0/0x4b0 [ 127.101369][ T4920] ? syscall_enter_from_user_mode+0x2e/0x240 [ 127.107328][ T4920] ? lockdep_hardirqs_on+0x94/0x130 [ 127.112501][ T4920] ? syscall_enter_from_user_mode+0x2e/0x240 [ 127.118455][ T4920] do_syscall_64+0x3b/0xb0 [ 127.122844][ T4920] ? clear_bhb_loop+0x15/0x70 [ 127.127492][ T4920] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 127.133364][ T4920] RIP: 0033:0x7f1bdffb2f69 [ 127.137757][ T4920] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 127.157335][ T4920] RSP: 002b:00007f1bdeb2c0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 127.165721][ T4920] RAX: ffffffffffffffda RBX: 00007f1be00e9f80 RCX: 00007f1bdffb2f69 [ 127.173669][ T4920] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 127.181615][ T4920] RBP: 00007f1be00106fe R08: 0000000000000000 R09: 0000000000000000 [ 127.189561][ T4920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.197504][ T4920] R13: 000000000000000b R14: 00007f1be00e9f80 R15: 00007ffe33eba138 [ 127.205456][ T4920] [ 127.264386][ T4791] elo 0003:04E7:0009.0005: unknown main item tag 0x0 [ 127.274851][ T4791] elo 0003:04E7:0009.0005: hidraw0: USB HID v0.00 Device [HID 04e7:0009] on usb-dummy_hcd.1-1/input0 [ 127.307345][ T4791] usb 2-1: USB disconnect, device number 5 [ 127.319114][ T4773] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 127.345250][ T4773] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 127.379159][ T4773] usb 1-1: New USB device found, idVendor=0471, idProduct=0329, bcdDevice=db.da [ 127.412743][ T4773] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.476130][ T4773] usb 1-1: config 0 descriptor?? [ 127.483427][ T4939] loop4: detected capacity change from 0 to 32768 [ 127.647430][ T4939] XFS (loop4): Mounting V5 Filesystem [ 127.787871][ T4939] XFS (loop4): Ending clean mount [ 127.812343][ T4939] XFS (loop4): Quotacheck needed: Please wait. [ 127.840940][ T4964] loop1: detected capacity change from 0 to 1024 [ 127.862019][ T4966] loop2: detected capacity change from 0 to 128 [ 127.882348][ T4939] XFS (loop4): Quotacheck: Done. [ 127.892553][ T4964] EXT4-fs (loop1): Ignoring removed orlov option [ 127.905779][ T4964] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 127.923172][ T4966] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 127.939701][ T4966] ext4 filesystem being mounted at /root/syzkaller-testdir2575364772/syzkaller.uNe6EY/61/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 127.994182][ T4964] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 127.997957][ T3532] XFS (loop4): Unmounting Filesystem [ 128.425628][ T4983] loop1: detected capacity change from 0 to 128 [ 128.503379][ T4984] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 128.514040][ T4983] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 128.692395][ T4987] loop4: detected capacity change from 0 to 764 [ 129.153599][ T144] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 129.518055][ T4764] usb 1-1: USB disconnect, device number 5 [ 129.901463][ T5009] loop1: detected capacity change from 0 to 1024 [ 129.973999][ T5009] EXT4-fs (loop1): Ignoring removed orlov option [ 130.005913][ T5009] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 130.130813][ T5009] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 130.216583][ T4994] loop2: detected capacity change from 0 to 40427 [ 130.257221][ T5026] loop0: detected capacity change from 0 to 2048 [ 130.306887][ T5026] NILFS (loop0): invalid segment: Sequence number mismatch [ 130.314458][ T5026] NILFS (loop0): trying rollback from an earlier position [ 130.324259][ T5030] loop4: detected capacity change from 0 to 64 [ 130.337586][ T5026] NILFS (loop0): recovery complete [ 130.348202][ T5031] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 130.473337][ T4994] F2FS-fs (loop2): Found nat_bits in checkpoint [ 131.286787][ T5028] loop3: detected capacity change from 0 to 512 [ 131.287062][ T4994] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 131.377012][ T5028] EXT4-fs (loop3): Ignoring removed oldalloc option [ 131.414745][ T5028] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor.3: casefold flag without casefold feature [ 131.432464][ T5028] EXT4-fs error (device loop3): __ext4_iget:4861: inode #12: block 2: comm syz-executor.3: invalid block [ 131.446228][ T5028] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 12 err=-117 [ 131.466249][ T5028] EXT4-fs (loop3): 1 orphan inode deleted [ 131.472762][ T5028] EXT4-fs (loop3): mounted filesystem without journal. Opts: oldalloc,usrquota,,errors=continue. Quota mode: writeback. [ 131.491868][ T4994] F2FS-fs (loop2): Inconsistent error blkaddr:5633, sit bitmap:0 [ 131.505200][ T4994] CPU: 0 PID: 4994 Comm: syz-executor.2 Not tainted 5.15.160-syzkaller #0 [ 131.513703][ T4994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 131.523745][ T4994] Call Trace: [ 131.527006][ T4994] [ 131.529926][ T4994] dump_stack_lvl+0x1e3/0x2d0 [ 131.534605][ T4994] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 131.540224][ T4994] ? f2fs_get_next_page_offset+0x6c0/0x6c0 [ 131.546024][ T4994] ? unlock_page+0x188/0x200 [ 131.550609][ T4994] f2fs_is_valid_blkaddr+0xc61/0x1270 [ 131.555977][ T4994] f2fs_get_read_data_page+0x35a/0x6b0 [ 131.561431][ T4994] ? f2fs_get_block+0x310/0x310 [ 131.566282][ T4994] ? __lock_acquire+0x1295/0x1ff0 [ 131.571302][ T4994] f2fs_find_data_page+0x1d7/0x620 [ 131.576399][ T4994] f2fs_readdir+0x553/0xef0 [ 131.580901][ T4994] ? f2fs_fill_dentries+0xd60/0xd60 [ 131.586084][ T4994] ? __fdget_pos+0x2cb/0x380 [ 131.590666][ T4994] ? f2fs_fill_dentries+0xd60/0xd60 [ 131.595850][ T4994] ? iterate_dir+0x10a/0x570 [ 131.600422][ T4994] ? fsnotify_perm+0x438/0x5a0 [ 131.605173][ T4994] iterate_dir+0x224/0x570 [ 131.609574][ T4994] ? f2fs_fill_dentries+0xd60/0xd60 [ 131.614760][ T4994] __se_sys_getdents+0x1e8/0x4c0 [ 131.619687][ T4994] ? __x64_sys_getdents+0x80/0x80 [ 131.624694][ T4994] ? fillonedir+0x4b0/0x4b0 [ 131.629182][ T4994] ? syscall_enter_from_user_mode+0x2e/0x240 [ 131.635148][ T4994] ? lockdep_hardirqs_on+0x94/0x130 [ 131.640326][ T4994] ? syscall_enter_from_user_mode+0x2e/0x240 [ 131.646289][ T4994] do_syscall_64+0x3b/0xb0 [ 131.650686][ T4994] ? clear_bhb_loop+0x15/0x70 [ 131.655353][ T4994] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 131.661231][ T4994] RIP: 0033:0x7f1bdffb2f69 [ 131.665630][ T4994] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 131.685213][ T4994] RSP: 002b:00007f1bdeb2c0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 131.693606][ T4994] RAX: ffffffffffffffda RBX: 00007f1be00e9f80 RCX: 00007f1bdffb2f69 [ 131.701558][ T4994] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 131.709510][ T4994] RBP: 00007f1be00106fe R08: 0000000000000000 R09: 0000000000000000 [ 131.717459][ T4994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 131.725409][ T4994] R13: 000000000000000b R14: 00007f1be00e9f80 R15: 00007ffe33eba138 [ 131.733373][ T4994] [ 131.861649][ T307] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.067887][ T307] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.148714][ T307] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.277658][ T307] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.342716][ T5046] dccp_close: ABORT with 76 bytes unread [ 132.590669][ T1376] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.596955][ T1376] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.845825][ T5060] chnl_net:caif_netlink_parms(): no params data found [ 132.865911][ T5066] loop0: detected capacity change from 0 to 1024 [ 132.949504][ T5066] EXT4-fs (loop0): Ignoring removed orlov option [ 132.970146][ T5066] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 133.055119][ T5066] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 133.078022][ C1] vkms_vblank_simulate: vblank timer overrun [ 133.214798][ T5060] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.226694][ T5060] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.242652][ T5060] device bridge_slave_0 entered promiscuous mode [ 133.249674][ T5063] loop3: detected capacity change from 0 to 32768 [ 133.275155][ T5060] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.330707][ T5060] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.384226][ T5060] device bridge_slave_1 entered promiscuous mode [ 133.419523][ T5063] XFS (loop3): Mounting V5 Filesystem [ 133.680778][ T5060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 133.707368][ T5063] XFS (loop3): Ending clean mount [ 133.749345][ T5063] XFS (loop3): Quotacheck needed: Please wait. [ 133.758314][ T5060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 133.825733][ T5063] XFS (loop3): Quotacheck: Done. [ 133.947062][ T5104] loop2: detected capacity change from 0 to 512 [ 133.965663][ T5103] loop1: detected capacity change from 0 to 512 [ 133.997831][ T5104] EXT4-fs (loop2): Ignoring removed oldalloc option [ 134.006168][ T3537] XFS (loop3): Unmounting Filesystem [ 134.021033][ T3916] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 134.029830][ T3916] Bluetooth: hci4: Injecting HCI hardware error event [ 134.044233][ T3544] Bluetooth: hci4: hardware error 0x00 [ 134.059877][ T5060] team0: Port device team_slave_0 added [ 134.103177][ T5103] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 134.117870][ T5104] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 134.160792][ T5104] EXT4-fs error (device loop2): __ext4_iget:4861: inode #12: block 2: comm syz-executor.2: invalid block [ 134.190980][ T5103] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 134.193597][ T5104] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117 [ 134.199610][ T5103] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 2683928664 (level 1) [ 134.234674][ T5104] EXT4-fs (loop2): 1 orphan inode deleted [ 134.253609][ T5104] EXT4-fs (loop2): mounted filesystem without journal. Opts: oldalloc,usrquota,,errors=continue. Quota mode: writeback. [ 134.258517][ T5060] team0: Port device team_slave_1 added [ 134.276865][ T3916] Bluetooth: hci1: command 0x0409 tx timeout [ 134.284065][ T5103] EXT4-fs (loop1): Remounting filesystem read-only [ 134.293192][ T5103] EXT4-fs (loop1): 1 truncate cleaned up [ 134.298907][ T5103] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,dioread_nolock,errors=remount-ro,minixdf,jqfmt=vfsv0,usrjquota=.". Quota mode: writeback. [ 134.386314][ T5060] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 134.414618][ T5060] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.444806][ T5060] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 134.495428][ T5060] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 134.513262][ T3531] EXT4-fs error (device loop1): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor.1: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 134.549044][ T5060] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.609568][ T3531] EXT4-fs (loop1): Remounting filesystem read-only [ 134.618646][ T3531] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.1: corrupted in-inode xattr [ 134.644338][ T3531] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.1: corrupted in-inode xattr [ 134.673146][ T5060] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 134.702192][ T25] audit: type=1326 audit(1717664280.307:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5110 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efc8aef5f69 code=0x0 [ 134.797817][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 134.816387][ T307] device hsr_slave_0 left promiscuous mode [ 134.828849][ T307] device hsr_slave_1 left promiscuous mode [ 134.835757][ T307] device bridge_slave_1 left promiscuous mode [ 134.843662][ T307] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.854069][ T307] device bridge_slave_0 left promiscuous mode [ 134.861389][ T307] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.885872][ T307] device veth1_macvtap left promiscuous mode [ 134.892113][ T26] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 134.900078][ T307] device veth0_macvtap left promiscuous mode [ 134.906107][ T307] device veth1_vlan left promiscuous mode [ 134.913093][ T307] device veth0_vlan left promiscuous mode [ 135.073854][ T307] team0 (unregistering): Port device team_slave_1 removed [ 135.087463][ T307] team0 (unregistering): Port device team_slave_0 removed [ 135.101271][ T307] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 135.118230][ T307] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 135.169201][ T26] usb 4-1: Using ep0 maxpacket: 8 [ 135.178373][ T307] bond0 (unregistering): Released all slaves [ 135.257356][ T5060] device hsr_slave_0 entered promiscuous mode [ 135.263991][ T5060] device hsr_slave_1 entered promiscuous mode [ 135.299307][ T26] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 135.308982][ T26] usb 4-1: config 0 has no interface number 0 [ 135.317778][ T26] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 135.329165][ T26] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 135.339231][ T26] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 135.351427][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.366320][ T26] usb 4-1: config 0 descriptor?? [ 135.435347][ T26] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 135.582266][ T5119] loop0: detected capacity change from 0 to 764 [ 135.645715][ T3916] usb 4-1: USB disconnect, device number 3 [ 135.684023][ T3916] iowarrior 4-1:0.1: I/O-Warror #0 now disconnected [ 135.693780][ T5119] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.0'. [ 135.781776][ T5129] binder: 5128:5129 ioctl 400c620e 0 returned -14 [ 135.834672][ T5116] chnl_net:caif_netlink_parms(): no params data found [ 135.981625][ T5060] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 136.007172][ T5138] loop2: detected capacity change from 0 to 1024 [ 136.016900][ T5060] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 136.140129][ T5060] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 136.214212][ T5060] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 136.276287][ T5116] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.291177][ T5116] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.309115][ T5116] device bridge_slave_0 entered promiscuous mode [ 136.349175][ T26] Bluetooth: hci1: command 0x041b tx timeout [ 136.431478][ T5116] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.444185][ T5116] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.477683][ T5116] device bridge_slave_1 entered promiscuous mode [ 136.501909][ T5147] loop0: detected capacity change from 0 to 512 [ 136.540529][ T5147] EXT4-fs (loop0): Ignoring removed oldalloc option [ 136.601824][ T5116] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 136.633371][ T5147] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz-executor.0: casefold flag without casefold feature [ 136.644607][ T5116] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 136.658433][ T5147] EXT4-fs error (device loop0): __ext4_iget:4861: inode #12: block 2: comm syz-executor.0: invalid block [ 136.673848][ T5147] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor.0: error while reading EA inode 12 err=-117 [ 136.690449][ T5147] EXT4-fs (loop0): 1 orphan inode deleted [ 136.697084][ T5147] EXT4-fs (loop0): mounted filesystem without journal. Opts: oldalloc,usrquota,,errors=continue. Quota mode: writeback. [ 136.747532][ T5116] team0: Port device team_slave_0 added [ 136.791689][ T5116] team0: Port device team_slave_1 added [ 136.856192][ T3745] hfsplus: b-tree write err: -5, ino 4 [ 136.883436][ T5060] 8021q: adding VLAN 0 to HW filter on device bond0 [ 136.892138][ T5116] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 136.903744][ T5116] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.948234][ T5116] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 136.972884][ T5116] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 136.988487][ T5116] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 137.023624][ T5116] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 137.069418][ T5060] 8021q: adding VLAN 0 to HW filter on device team0 [ 137.109513][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.126490][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.223715][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 137.247811][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 137.281692][ T3577] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.288780][ T3577] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.337838][ T5157] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.369268][ T5157] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.376538][ T5157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.449814][ T5157] team0: Port device bridge0 added [ 137.462873][ T5116] device hsr_slave_0 entered promiscuous mode [ 137.483096][ T5116] device hsr_slave_1 entered promiscuous mode [ 137.498656][ T5116] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 137.520034][ T5116] Cannot create hsr debugfs directory [ 137.549308][ T3916] Bluetooth: hci0: command 0x0409 tx timeout [ 137.565425][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 137.580993][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 137.609775][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 137.638791][ T3915] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.645916][ T3915] bridge0: port 2(bridge_slave_1) entered forwarding state [ 138.061149][ T5165] loop3: detected capacity change from 0 to 65536 [ 138.071820][ T5155] loop2: detected capacity change from 0 to 32768 [ 138.079046][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 138.087739][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 138.096798][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 138.109153][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 138.117522][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 138.127435][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 138.161136][ T5155] XFS: noikeep mount option is deprecated. [ 138.176673][ T4764] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 138.196132][ T4764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 138.221407][ T4764] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 138.246797][ T5060] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 138.290552][ T5165] XFS (loop3): Mounting V5 Filesystem [ 138.296333][ T5060] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 138.310303][ T5155] XFS (loop2): Mounting V5 Filesystem [ 138.419708][ T3917] Bluetooth: hci1: command 0x040f tx timeout [ 138.421065][ T5165] XFS (loop3): Ending clean mount [ 138.436157][ T5165] XFS (loop3): Quotacheck needed: Please wait. [ 138.470696][ T4796] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 138.488232][ T4796] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 138.548334][ T5155] XFS (loop2): Ending clean mount [ 138.559962][ T5155] XFS (loop2): Quotacheck needed: Please wait. [ 138.611069][ T5165] XFS (loop3): Quotacheck: Done. [ 138.837689][ T25] audit: type=1800 audit(1717664284.437:152): pid=5186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="cgroup.controllers" dev="loop3" ino=74 res=0 errno=0 [ 138.893153][ T5155] XFS (loop2): Quotacheck: Done. [ 138.976251][ T3533] XFS (loop2): Unmounting Filesystem [ 139.111351][ T5116] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.231068][ T5060] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 139.257573][ T4764] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 139.274154][ T4764] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 139.371178][ T5116] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.398683][ T5191] loop0: detected capacity change from 0 to 8192 [ 139.502304][ T5191] ntfs: (device loop0): parse_options(): Unrecognized mount option . [ 139.512617][ T5116] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.630716][ T5116] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.761722][ T3915] Bluetooth: hci0: command 0x041b tx timeout [ 139.802132][ T5201] loop0: detected capacity change from 0 to 64 [ 139.846276][ T5116] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 139.905382][ T5116] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 139.949313][ T5116] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 139.981841][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 139.991513][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 140.016263][ T5116] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 140.038428][ T5060] device veth0_vlan entered promiscuous mode [ 140.053127][ T5060] device veth1_vlan entered promiscuous mode [ 140.082388][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 140.087859][ T3537] XFS (loop3): Unmounting Filesystem [ 140.114501][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 140.130306][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 140.138468][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 140.180017][ T5060] device veth0_macvtap entered promiscuous mode [ 140.188538][ T4796] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 140.196829][ T4796] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 140.222245][ T4796] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 140.234363][ T4796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 140.271436][ T5060] device veth1_macvtap entered promiscuous mode [ 140.292801][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 140.301387][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 140.316909][ T5205] loop0: detected capacity change from 0 to 4096 [ 140.333779][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 140.353431][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 140.366574][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 140.383569][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 140.396377][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 140.414938][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 140.425822][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 140.443111][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 140.458284][ T5060] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 140.484009][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 140.496864][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 140.509276][ T3577] Bluetooth: hci1: command 0x0419 tx timeout [ 140.515266][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 140.515283][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 140.515292][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 140.556174][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 140.568748][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 140.586924][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 140.597090][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 140.612845][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 140.622390][ T5207] loop3: detected capacity change from 0 to 256 [ 140.625004][ T5060] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 140.640657][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 140.651581][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 140.670699][ T5207] exfat: Deprecated parameter 'namecase' [ 140.679226][ T5207] exfat: Deprecated parameter 'namecase' [ 140.687139][ T5207] exfat: Deprecated parameter 'namecase' [ 140.691431][ T5060] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.705229][ T5060] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.714961][ T5060] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.724092][ T5205] ntfs: volume version 3.1. [ 140.726556][ T5207] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d) [ 140.741219][ T5060] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.786047][ T5116] 8021q: adding VLAN 0 to HW filter on device bond0 [ 140.873805][ T5116] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.918120][ T5212] loop2: detected capacity change from 0 to 512 [ 140.929698][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 140.937483][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 140.961683][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 140.975147][ T5212] EXT4-fs (loop2): Ignoring removed oldalloc option [ 140.983238][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 141.000376][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.007462][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.047118][ T5212] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 141.067549][ T5212] EXT4-fs error (device loop2): __ext4_iget:4861: inode #12: block 2: comm syz-executor.2: invalid block [ 141.079404][ T5212] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117 [ 141.094611][ T5212] EXT4-fs (loop2): 1 orphan inode deleted [ 141.102250][ T5212] EXT4-fs (loop2): mounted filesystem without journal. Opts: oldalloc,usrquota,,errors=continue. Quota mode: writeback. [ 141.121223][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 141.155918][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 141.204656][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.211738][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.336977][ T4695] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.359733][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 141.368931][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 141.382442][ T4695] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.416189][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 141.434746][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 141.473204][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 141.485539][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 141.499594][ T4698] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.518433][ T5116] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 141.530869][ T4698] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.551858][ T5116] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 141.576975][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 141.589854][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 141.600173][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 141.613791][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 141.650602][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 141.667375][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 141.679222][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 141.697765][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 141.726539][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 141.797760][ T3577] Bluetooth: hci0: command 0x040f tx timeout [ 141.920274][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 141.927749][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 141.947538][ T5116] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.001625][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 142.021664][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 142.051008][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 142.059418][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 142.067914][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 142.075923][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 142.107819][ T5116] device veth0_vlan entered promiscuous mode [ 142.143690][ T5116] device veth1_vlan entered promiscuous mode [ 142.267920][ T5292] loop3: detected capacity change from 0 to 512 [ 142.276306][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 142.289600][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 142.319100][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 142.327670][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 142.344166][ T5292] EXT4-fs (loop3): Ignoring removed oldalloc option [ 142.348063][ T5116] device veth0_macvtap entered promiscuous mode [ 142.376136][ T5292] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor.3: casefold flag without casefold feature [ 142.391340][ T5292] EXT4-fs error (device loop3): __ext4_iget:4861: inode #12: block 2: comm syz-executor.3: invalid block [ 142.404191][ T5292] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 12 err=-117 [ 142.412777][ T5116] device veth1_macvtap entered promiscuous mode [ 142.431476][ T5292] EXT4-fs (loop3): 1 orphan inode deleted [ 142.437265][ T5292] EXT4-fs (loop3): mounted filesystem without journal. Opts: oldalloc,usrquota,,errors=continue. Quota mode: writeback. [ 142.489259][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 142.513683][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 142.567781][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.601259][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.637412][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.649973][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.660864][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.671656][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.681753][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.693400][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.715416][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.747196][ T5318] loop4: detected capacity change from 0 to 1024 [ 142.757325][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.779803][ T5116] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 142.796528][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 142.827517][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 142.839810][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.860097][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.871905][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.882600][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.893477][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.905625][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.916977][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.931584][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.963864][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.983184][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.012713][ T5116] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 143.049118][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 143.066846][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 143.112258][ T5116] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.130774][ T5116] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.146303][ T5116] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.158514][ T5116] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.174539][ T5322] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 143.197985][ T5313] loop0: detected capacity change from 0 to 40427 [ 143.201462][ T5322] device bridge0 entered promiscuous mode [ 143.210800][ T5322] device macsec1 entered promiscuous mode [ 143.281409][ T25] audit: type=1326 audit(1717664288.887:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000 [ 143.336357][ T5313] F2FS-fs (loop0): Found nat_bits in checkpoint [ 143.339384][ T25] audit: type=1326 audit(1717664288.887:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000 [ 143.367960][ T25] audit: type=1326 audit(1717664288.887:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000 [ 143.406143][ T25] audit: type=1326 audit(1717664288.887:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000 [ 143.455829][ T307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.476831][ T307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.517693][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 143.533894][ T307] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.543421][ T25] audit: type=1326 audit(1717664288.887:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000 [ 143.574924][ T5313] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 143.577943][ T307] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.606395][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 143.634738][ T25] audit: type=1326 audit(1717664288.887:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000 [ 143.686363][ T25] audit: type=1326 audit(1717664288.887:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000 [ 143.722138][ T25] audit: type=1326 audit(1717664288.887:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000 [ 143.741839][ T5338] loop1: detected capacity change from 0 to 1024 [ 143.749545][ T3538] attempt to access beyond end of device [ 143.749545][ T3538] loop0: rw=2049, want=45104, limit=40427 [ 143.762981][ T25] audit: type=1326 audit(1717664288.887:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000 [ 143.790944][ T25] audit: type=1326 audit(1717664288.887:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000 [ 143.813730][ C1] vkms_vblank_simulate: vblank timer overrun [ 143.838437][ T5338] EXT4-fs (loop1): Ignoring removed orlov option [ 143.850037][ T5338] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 143.859975][ T3577] Bluetooth: hci0: command 0x0419 tx timeout [ 143.889243][ T3915] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 143.932406][ T5338] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 144.121258][ T5354] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 144.132373][ T5354] netlink: 4608 bytes leftover after parsing attributes in process `syz-executor.0'. [ 144.344305][ T5359] loop1: detected capacity change from 0 to 32768 [ 144.441695][ T5359] XFS (loop1): Mounting V5 Filesystem [ 144.447587][ T3915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.473309][ T3915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 144.490842][ T3915] usb 5-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00 [ 144.500127][ T3915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.515085][ T3915] usb 5-1: config 0 descriptor?? [ 144.547058][ T5359] XFS (loop1): Ending clean mount [ 145.184950][ T5376] fuse: Unknown parameter '0xffffffffffffffff' [ 145.354837][ T3915] wacom 0003:056A:0016.0006: Unknown device_type for 'HID 056a:0016'. Assuming pen. [ 145.412726][ T5116] XFS (loop1): Unmounting Filesystem [ 145.418240][ T3915] wacom 0003:056A:0016.0006: hidraw0: USB HID v0.00 Device [HID 056a:0016] on usb-dummy_hcd.4-1/input0 [ 145.462940][ T3915] input: Wacom Graphire4 6x8 Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:0016.0006/input/input6 [ 145.568130][ T3915] usb 5-1: USB disconnect, device number 4 [ 145.823060][ T5395] loop2: detected capacity change from 0 to 1024 [ 145.859078][ T4791] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 145.873060][ T5395] EXT4-fs (loop2): Ignoring removed orlov option [ 145.893827][ T5395] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 145.940962][ T5395] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 145.963979][ C1] vkms_vblank_simulate: vblank timer overrun [ 146.205527][ T5407] loop4: detected capacity change from 0 to 8 [ 146.219261][ T4791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 146.232179][ T4791] usb 4-1: New USB device found, idVendor=056a, idProduct=f600, bcdDevice= 0.9c [ 146.241900][ T4791] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.260775][ T4791] usb 4-1: config 0 descriptor?? [ 146.311358][ T4791] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 146.352784][ T5407] unable to read inode lookup table [ 146.511759][ T5386] loop3: detected capacity change from 0 to 8 [ 146.605717][ T5386] SQUASHFS error: Failed to read block 0x260685: -5 [ 146.636149][ T5386] SQUASHFS error: Unable to read metadata cache entry [260685] [ 146.746979][ T5386] SQUASHFS error: Unable to read directory block [260685:0] [ 146.831562][ T4791] usb 4-1: USB disconnect, device number 4 [ 146.955267][ T5427] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 147.022936][ T5431] loop4: detected capacity change from 0 to 512 [ 147.130008][ T5431] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 147.199318][ T5431] ext4 filesystem being mounted at /root/syzkaller-testdir3504816620/syzkaller.gKyNK8/15/file0 supports timestamps until 2038 (0x7fffffff) [ 147.270006][ T5431] EXT4-fs error (device loop4): ext4_search_dir:1548: inode #2: block 3: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 147.452225][ T5443] loop4: detected capacity change from 0 to 1024 [ 147.533291][ T5443] EXT4-fs (loop4): Ignoring removed orlov option [ 147.543288][ T5443] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 147.591468][ T5443] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 147.614330][ C1] vkms_vblank_simulate: vblank timer overrun [ 147.625407][ T5453] loop1: detected capacity change from 0 to 8 [ 147.709241][ T5453] unable to read inode lookup table [ 147.769119][ T4773] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 147.789508][ T3914] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 148.051129][ T3914] usb 1-1: Using ep0 maxpacket: 16 [ 148.068740][ T5472] loop2: detected capacity change from 0 to 2048 [ 148.104678][ T5472] NILFS (loop2): invalid segment: Sequence number mismatch [ 148.112154][ T5472] NILFS (loop2): trying rollback from an earlier position [ 148.126221][ T5472] NILFS (loop2): recovery complete [ 148.139169][ T4773] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.154529][ T5474] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 148.258669][ T4773] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.280641][ T4773] usb 4-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00 [ 148.299237][ T3914] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 148.679374][ T4773] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.690090][ T3914] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 148.696900][ T4773] usb 4-1: config 0 descriptor?? [ 148.719698][ T3914] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 148.729743][ T3914] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 148.747325][ T3914] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 148.875695][ T3914] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 148.889116][ T3914] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 148.902746][ T3914] usb 1-1: Manufacturer: syz [ 148.914444][ T3914] usb 1-1: config 0 descriptor?? [ 148.916088][ T5485] loop1: detected capacity change from 0 to 1024 [ 148.921226][ T5483] loop4: detected capacity change from 0 to 1024 [ 148.988823][ T5485] EXT4-fs (loop1): Ignoring removed orlov option [ 148.996527][ T5485] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 149.021528][ T5485] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 149.029088][ T25] kauditd_printk_skb: 76 callbacks suppressed [ 149.029101][ T25] audit: type=1800 audit(1717664294.627:239): pid=5483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.4" name="file1" dev="loop4" ino=20 res=0 errno=0 [ 149.044418][ C1] vkms_vblank_simulate: vblank timer overrun [ 149.077147][ T144] hfsplus: b-tree write err: -5, ino 4 [ 149.169244][ T3917] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 149.192807][ T4773] wacom 0003:056A:0016.0007: Unknown device_type for 'HID 056a:0016'. Assuming pen. [ 149.205255][ T5490] loop4: detected capacity change from 0 to 8 [ 149.217380][ T4773] wacom 0003:056A:0016.0007: hidraw0: USB HID v0.00 Device [HID 056a:0016] on usb-dummy_hcd.3-1/input0 [ 149.250101][ T4773] input: Wacom Graphire4 6x8 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0016.0007/input/input9 [ 149.254703][ T5490] unable to read inode lookup table [ 149.319072][ T3914] rc_core: IR keymap rc-hauppauge not found [ 149.327542][ T3914] Registered IR keymap rc-empty [ 149.339857][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 149.371073][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 149.418821][ T3915] usb 4-1: USB disconnect, device number 5 [ 149.428536][ T3914] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 149.464794][ T5497] mmap: syz-executor.1 (5497) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 149.466808][ T3914] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input12 [ 149.518459][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 149.569822][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 149.619465][ T3917] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 149.629375][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 149.639244][ T3917] usb 3-1: New USB device found, idVendor=056a, idProduct=f600, bcdDevice= 0.9c [ 149.651806][ T3917] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.660184][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 149.669454][ T3917] usb 3-1: config 0 descriptor?? [ 149.699615][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 149.731980][ T3917] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 149.739509][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 149.779326][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 149.809050][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 149.849111][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 149.889683][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 149.950709][ T3914] mceusb 1-1:0.0: Registered with mce emulator interface version 1 [ 149.979115][ T3914] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 149.997662][ T5482] loop2: detected capacity change from 0 to 8 [ 150.013427][ T3914] usb 1-1: USB disconnect, device number 6 [ 150.106371][ T5482] SQUASHFS error: Failed to read block 0x260685: -5 [ 150.119172][ T5482] SQUASHFS error: Unable to read metadata cache entry [260685] [ 150.142500][ T5482] SQUASHFS error: Unable to read directory block [260685:0] [ 150.188216][ T5522] loop3: detected capacity change from 0 to 1024 [ 150.253782][ T5522] EXT4-fs (loop3): Ignoring removed orlov option [ 150.272973][ T5522] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 150.283079][ T4773] usb 3-1: USB disconnect, device number 3 [ 150.342676][ T5522] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 150.365544][ C1] vkms_vblank_simulate: vblank timer overrun [ 150.384630][ T5524] loop1: detected capacity change from 0 to 4096 [ 150.758799][ T5538] loop1: detected capacity change from 0 to 8 [ 150.815747][ T5538] unable to read inode lookup table [ 151.269109][ T4773] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 151.488818][ T5534] loop4: detected capacity change from 0 to 32768 [ 151.518587][ T5544] loop0: detected capacity change from 0 to 40427 [ 151.552345][ T5534] XFS (loop4): Mounting V5 Filesystem [ 151.606585][ T5534] XFS (loop4): Ending clean mount [ 151.613258][ T5534] XFS (loop4): Quotacheck needed: Please wait. [ 151.627778][ T3917] XFS (loop4): Metadata CRC error detected at xfs_agfl_read_verify+0x1ca/0x290, xfs_agfl block 0x3 [ 151.629174][ T4773] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.639526][ T3917] XFS (loop4): Unmount and run xfs_repair [ 151.650040][ T4773] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 151.662465][ T3917] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 151.666055][ T4773] usb 2-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00 [ 151.673298][ T3917] 00000000: 58 41 46 ff 07 00 00 00 bf dc 47 fc 10 d8 4e ed XAF.......G...N. [ 151.681945][ T4773] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.706458][ T3917] 00000010: a5 62 11 a8 31 b3 f7 91 00 00 00 00 00 00 00 00 .b..1........... [ 151.707685][ T4773] usb 2-1: config 0 descriptor?? [ 151.729095][ T3917] 00000020: a5 3b c8 8a ff ff ff ff 00 00 00 07 00 00 00 08 .;.............. [ 151.737959][ T3917] 00000030: 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c ................ [ 151.759359][ T3917] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 151.768667][ T3917] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 151.775408][ T5571] loop2: detected capacity change from 0 to 1024 [ 151.789595][ T3917] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 151.798463][ T3917] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 151.830821][ T4698] XFS (loop4): metadata I/O error in "xfs_alloc_read_agfl+0x224/0x3e0" at daddr 0x3 len 1 error 74 [ 151.847589][ T5571] EXT4-fs (loop2): Ignoring removed orlov option [ 151.855734][ T5534] XFS (loop4): Quotacheck: Unsuccessful (Error -117): Disabling quotas. [ 151.864259][ T4796] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 151.874145][ T5571] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 151.926204][ T5571] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 151.949086][ C1] vkms_vblank_simulate: vblank timer overrun [ 151.964562][ T5060] XFS (loop4): Unmounting Filesystem [ 152.232691][ T4773] wacom 0003:056A:0016.0008: Unknown device_type for 'HID 056a:0016'. Assuming pen. [ 152.242465][ T4796] usb 4-1: config 0 has no interfaces? [ 152.264109][ T4773] wacom 0003:056A:0016.0008: hidraw0: USB HID v0.00 Device [HID 056a:0016] on usb-dummy_hcd.1-1/input0 [ 152.286947][ T4773] input: Wacom Graphire4 6x8 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0016.0008/input/input13 [ 152.359236][ T4796] usb 4-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 152.377170][ T4796] usb 4-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 152.390847][ T4796] usb 4-1: Manufacturer: syz [ 152.396519][ T4796] usb 4-1: SerialNumber: syz [ 152.412476][ T4796] usb 4-1: config 0 descriptor?? [ 152.443007][ T4791] usb 2-1: USB disconnect, device number 6 [ 152.469408][ T3917] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 153.189328][ T3917] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 153.200982][ T3917] usb 3-1: New USB device found, idVendor=056a, idProduct=f600, bcdDevice= 0.9c [ 153.210440][ T3917] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.220565][ T3917] usb 3-1: config 0 descriptor?? [ 153.261557][ T3917] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 153.324586][ T4796] usb 4-1: USB disconnect, device number 6 [ 153.469873][ T5585] loop2: detected capacity change from 0 to 8 [ 153.493176][ T5612] loop3: detected capacity change from 0 to 1024 [ 153.522477][ T5585] SQUASHFS error: Failed to read block 0x260685: -5 [ 153.542058][ T5585] SQUASHFS error: Unable to read metadata cache entry [260685] [ 153.563468][ T5612] EXT4-fs (loop3): Ignoring removed orlov option [ 153.567907][ T5585] SQUASHFS error: Unable to read directory block [260685:0] [ 153.587135][ T5612] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 153.650907][ T5612] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 153.714727][ T4796] usb 3-1: USB disconnect, device number 4 [ 154.002059][ T5602] loop1: detected capacity change from 0 to 40427 [ 154.249750][ T4796] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 154.497829][ T5653] loop1: detected capacity change from 0 to 1024 [ 154.566039][ T5653] EXT4-fs (loop1): Ignoring removed orlov option [ 154.574278][ T5653] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 154.603006][ T5653] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 154.626897][ T4796] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.650126][ T4796] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.671441][ T4796] usb 5-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00 [ 154.686976][ T4796] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.737357][ T4796] usb 5-1: config 0 descriptor?? [ 155.139943][ T3914] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 155.150098][ T3914] Bluetooth: hci2: Injecting HCI hardware error event [ 155.157990][ T3544] Bluetooth: hci2: hardware error 0x00 [ 155.229141][ T3915] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 155.231920][ T4796] wacom 0003:056A:0016.0009: Unknown device_type for 'HID 056a:0016'. Assuming pen. [ 155.280895][ T4796] wacom 0003:056A:0016.0009: hidraw0: USB HID v0.00 Device [HID 056a:0016] on usb-dummy_hcd.4-1/input0 [ 155.320125][ T4796] input: Wacom Graphire4 6x8 Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:0016.0009/input/input16 [ 155.378591][ T5669] loop0: detected capacity change from 0 to 40427 [ 155.394707][ T5693] loop3: detected capacity change from 0 to 1024 [ 155.439660][ T4796] usb 5-1: USB disconnect, device number 5 [ 155.453157][ T5693] EXT4-fs (loop3): Ignoring removed orlov option [ 155.462541][ T5693] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 155.496993][ T5693] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 155.649338][ T3915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 155.675006][ T3915] usb 2-1: New USB device found, idVendor=056a, idProduct=f600, bcdDevice= 0.9c [ 155.693950][ T3915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.707346][ T3915] usb 2-1: config 0 descriptor?? [ 155.771178][ T3915] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 155.867550][ T5700] loop2: detected capacity change from 0 to 32768 [ 155.936902][ T5700] Dev loop2 SGI disklabel: csum bad, label corrupted [ 155.996947][ T5671] loop1: detected capacity change from 0 to 8 [ 156.086287][ T5671] SQUASHFS error: Failed to read block 0x260685: -5 [ 156.102291][ T5671] SQUASHFS error: Unable to read metadata cache entry [260685] [ 156.120954][ T5671] SQUASHFS error: Unable to read directory block [260685:0] [ 156.222660][ T4773] usb 2-1: USB disconnect, device number 7 [ 156.718371][ T5735] loop2: detected capacity change from 0 to 1024 [ 156.796714][ T5735] EXT4-fs (loop2): Ignoring removed orlov option [ 156.810065][ T5735] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 156.864382][ T5735] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 157.089515][ T4773] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 157.439157][ T3915] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 157.449204][ T4773] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.464835][ T4773] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 157.491429][ T4773] usb 4-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00 [ 157.504824][ T4773] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.518717][ T4773] usb 4-1: config 0 descriptor?? [ 157.664242][ T5770] loop1: detected capacity change from 0 to 32768 [ 157.713699][ T5770] Dev loop1 SGI disklabel: csum bad, label corrupted [ 157.829299][ T3915] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 157.844107][ T3915] usb 1-1: New USB device found, idVendor=056a, idProduct=f600, bcdDevice= 0.9c [ 157.853175][ T3915] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.864446][ T3915] usb 1-1: config 0 descriptor?? [ 157.921726][ T3915] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 158.002390][ T4773] wacom 0003:056A:0016.000A: Unknown device_type for 'HID 056a:0016'. Assuming pen. [ 158.017557][ T4773] wacom 0003:056A:0016.000A: hidraw0: USB HID v0.00 Device [HID 056a:0016] on usb-dummy_hcd.3-1/input0 [ 158.031023][ T4773] input: Wacom Graphire4 6x8 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0016.000A/input/input19 [ 158.064852][ T5781] loop2: detected capacity change from 0 to 1024 [ 158.102839][ T5781] EXT4-fs (loop2): Ignoring removed orlov option [ 158.119733][ T5781] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 158.148428][ T5767] loop0: detected capacity change from 0 to 8 [ 158.150383][ T5781] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 158.177368][ C1] vkms_vblank_simulate: vblank timer overrun [ 158.225306][ T5767] SQUASHFS error: Failed to read block 0x260685: -5 [ 158.234759][ T5767] SQUASHFS error: Unable to read metadata cache entry [260685] [ 158.248607][ T3577] usb 4-1: USB disconnect, device number 7 [ 158.259362][ T5767] SQUASHFS error: Unable to read directory block [260685:0] [ 158.356490][ T3915] usb 1-1: USB disconnect, device number 7 [ 158.461327][ T25] audit: type=1804 audit(1717664304.067:240): pid=5802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2575364772/syzkaller.uNe6EY/123/file0" dev="sda1" ino=1961 res=1 errno=0 [ 158.578899][ T5805] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.2'. [ 159.267366][ T5817] loop3: detected capacity change from 0 to 1024 [ 159.335100][ T5817] EXT4-fs (loop3): Ignoring removed orlov option [ 159.343519][ T5817] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 159.360975][ T5805] loop2: detected capacity change from 0 to 2048 [ 159.407957][ T5805] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 159.471858][ T5817] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 159.523981][ T5838] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 159.535145][ T5805] attempt to access beyond end of device [ 159.535145][ T5805] loop2: rw=524288, want=33554432, limit=2048 [ 161.776446][ T5850] loop4: detected capacity change from 0 to 256 [ 161.909668][ T5805] attempt to access beyond end of device [ 161.909668][ T5805] loop2: rw=0, want=9437256, limit=2048 [ 161.933842][ T5805] NILFS (loop2): I/O error reading meta-data file (ino=6, block-offset=0) [ 161.952497][ T5853] loop0: detected capacity change from 0 to 64 [ 161.968355][ T5850] FAT-fs (loop4): Directory bread(block 64) failed [ 161.968419][ T5850] FAT-fs (loop4): Directory bread(block 65) failed [ 161.968488][ T5850] FAT-fs (loop4): Directory bread(block 66) failed [ 161.968516][ T5850] FAT-fs (loop4): Directory bread(block 67) failed [ 161.968588][ T5850] FAT-fs (loop4): Directory bread(block 68) failed [ 161.968616][ T5850] FAT-fs (loop4): Directory bread(block 69) failed [ 161.968683][ T5850] FAT-fs (loop4): Directory bread(block 70) failed [ 161.968711][ T5850] FAT-fs (loop4): Directory bread(block 71) failed [ 161.973645][ T5850] FAT-fs (loop4): Directory bread(block 72) failed [ 161.973684][ T5850] FAT-fs (loop4): Directory bread(block 73) failed [ 162.132905][ T5842] attempt to access beyond end of device [ 162.132905][ T5842] loop4: rw=524288, want=1164, limit=256 [ 162.133076][ T5842] attempt to access beyond end of device [ 162.133076][ T5842] loop4: rw=0, want=1164, limit=256 [ 162.133476][ T25] audit: type=1800 audit(1717664307.737:241): pid=5842 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.4" name="file0" dev="loop4" ino=1048602 res=0 errno=0 [ 162.135093][ T25] audit: type=1800 audit(1717664307.737:242): pid=5860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1946 res=0 errno=0 [ 162.423100][ C1] vkms_vblank_simulate: vblank timer overrun [ 162.560325][ T25] audit: type=1800 audit(1717664308.167:243): pid=5865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1967 res=0 errno=0 [ 162.629675][ T5867] loop0: detected capacity change from 0 to 64 [ 162.764203][ T5867] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 162.986413][ T5867] capability: warning: `syz-executor.0' uses deprecated v2 capabilities in a way that may be insecure [ 163.416181][ T5885] loop3: detected capacity change from 0 to 1024 [ 163.483103][ T5885] EXT4-fs (loop3): Ignoring removed orlov option [ 163.491986][ T5885] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 163.613769][ T5891] loop1: detected capacity change from 0 to 64 [ 163.622689][ T5885] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 163.975754][ T5903] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.2'. [ 164.139902][ T25] audit: type=1804 audit(1717664309.747:244): pid=5913 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3504816620/syzkaller.gKyNK8/50/file0" dev="sda1" ino=1956 res=1 errno=0 [ 164.197007][ T5901] loop1: detected capacity change from 0 to 4096 [ 164.254538][ T5901] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 164.298916][ T25] audit: type=1804 audit(1717664309.897:245): pid=5916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir3504816620/syzkaller.gKyNK8/50/file0" dev="sda1" ino=1956 res=1 errno=0 [ 164.476822][ T5903] loop2: detected capacity change from 0 to 2048 [ 164.908678][ T5903] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 164.910322][ T25] audit: type=1800 audit(1717664310.507:246): pid=5918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1949 res=0 errno=0 [ 165.156738][ T5903] attempt to access beyond end of device [ 165.156738][ T5903] loop2: rw=524288, want=33554432, limit=2048 [ 165.174087][ T5926] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 165.255008][ T5903] attempt to access beyond end of device [ 165.255008][ T5903] loop2: rw=0, want=9437256, limit=2048 [ 165.267029][ T5903] NILFS (loop2): I/O error reading meta-data file (ino=6, block-offset=0) [ 166.215837][ T5931] loop1: detected capacity change from 0 to 1024 [ 166.283001][ T5931] EXT4-fs (loop1): Ignoring removed orlov option [ 166.307386][ T5931] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 166.382216][ T5931] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 166.870875][ T5959] loop2: detected capacity change from 0 to 512 [ 166.959236][ T4796] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 167.023131][ T5959] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 167.049161][ T5959] ext4 filesystem being mounted at /root/syzkaller-testdir2575364772/syzkaller.uNe6EY/132/bus supports timestamps until 2038 (0x7fffffff) [ 167.249331][ T4796] usb 5-1: Using ep0 maxpacket: 8 [ 167.659269][ T4796] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 167.674392][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 167.730640][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 167.750655][ T5970] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.0'. [ 167.763482][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 167.859913][ T4796] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 167.878391][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 167.920285][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 167.964711][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 168.062858][ T5970] loop0: detected capacity change from 0 to 2048 [ 168.080078][ T4796] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 168.096591][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 168.125080][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 168.142290][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 168.152951][ T5970] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 168.191453][ T5981] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 168.191739][ T5970] attempt to access beyond end of device [ 168.191739][ T5970] loop0: rw=524288, want=33554432, limit=2048 [ 168.252455][ T5970] attempt to access beyond end of device [ 168.252455][ T5970] loop0: rw=0, want=9437256, limit=2048 [ 168.263889][ T5970] NILFS (loop0): I/O error reading meta-data file (ino=6, block-offset=0) [ 168.433223][ T4796] usb 5-1: string descriptor 0 read error: -22 [ 168.440095][ T4796] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 168.491545][ T5983] loop3: detected capacity change from 0 to 1024 [ 168.507537][ T4796] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.585634][ T5985] loop1: detected capacity change from 0 to 1024 [ 168.603388][ T5983] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 168.631766][ T4796] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 168.642819][ T5985] EXT4-fs (loop1): Ignoring removed orlov option [ 168.664063][ T5983] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,sysvgroups,norecovery,grpid,norecovery,,errors=continue. Quota mode: writeback. [ 168.689372][ T5985] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 168.768534][ T5985] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 168.835991][ T4764] usb 5-1: USB disconnect, device number 6 [ 169.039218][ T4796] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 169.429265][ T4796] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 169.462795][ T4796] usb 4-1: config 0 has no interfaces? [ 169.559150][ T4796] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 170.197952][ T4796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 170.226147][ T4796] usb 4-1: SerialNumber: syz [ 170.243948][ T4796] usb 4-1: config 0 descriptor?? [ 170.419128][ T3915] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 170.442295][ T3915] Bluetooth: hci3: Injecting HCI hardware error event [ 170.443685][ T6012] loop1: detected capacity change from 0 to 512 [ 170.501139][ T5983] Disabled LAPIC found during irq injection [ 170.512452][ T3539] Bluetooth: hci3: hardware error 0x00 [ 170.527997][ T3915] Bluetooth: hci3: command 0x0406 tx timeout [ 170.565008][ T3915] usb 4-1: USB disconnect, device number 8 [ 170.571068][ T25] audit: type=1800 audit(1717664316.167:247): pid=6021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1967 res=0 errno=0 [ 170.623560][ T6012] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 170.644272][ T6012] ext4 filesystem being mounted at /root/syzkaller-testdir2414412749/syzkaller.0a1N6O/54/bus supports timestamps until 2038 (0x7fffffff) [ 171.427849][ T6034] loop3: detected capacity change from 0 to 1024 [ 171.501353][ T6034] EXT4-fs (loop3): Ignoring removed orlov option [ 171.524700][ T6034] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 171.642554][ T6034] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 171.750481][ T6052] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'. [ 171.927520][ T6058] loop2: detected capacity change from 0 to 256 [ 172.031547][ T6058] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x396d2d3b, utbl_chksum : 0xe619d30d) [ 172.131142][ T6058] attempt to access beyond end of device [ 172.131142][ T6058] loop2: rw=524288, want=34359738491, limit=256 [ 172.168007][ T6058] attempt to access beyond end of device [ 172.168007][ T6058] loop2: rw=0, want=34359738491, limit=256 [ 172.206824][ T6052] loop1: detected capacity change from 0 to 2048 [ 172.247990][ T25] audit: type=1800 audit(1717664317.847:248): pid=6058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="loop2" ino=1048605 res=0 errno=0 [ 172.282395][ T6052] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 172.332302][ T6065] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 172.349966][ T4796] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 172.368904][ T6052] attempt to access beyond end of device [ 172.368904][ T6052] loop1: rw=524288, want=33554432, limit=2048 [ 172.425228][ T6052] attempt to access beyond end of device [ 172.425228][ T6052] loop1: rw=0, want=9437256, limit=2048 [ 172.442236][ T6052] NILFS (loop1): I/O error reading meta-data file (ino=6, block-offset=0) [ 172.599117][ T4796] usb 4-1: Using ep0 maxpacket: 16 [ 172.719276][ T4796] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 172.777462][ T6067] loop2: detected capacity change from 0 to 512 [ 172.783862][ T4796] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 172.805092][ T4796] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 172.821656][ T6069] loop0: detected capacity change from 0 to 1024 [ 172.829322][ T4796] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 172.847480][ T4796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.872755][ T4796] usb 4-1: config 0 descriptor?? [ 172.888717][ T6069] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 172.905235][ T6067] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 172.953281][ T6067] ext4 filesystem being mounted at /root/syzkaller-testdir2575364772/syzkaller.uNe6EY/139/bus supports timestamps until 2038 (0x7fffffff) [ 172.973713][ T6069] EXT4-fs (loop0): mounted filesystem without journal. Opts: nombcache,sysvgroups,norecovery,grpid,norecovery,,errors=continue. Quota mode: writeback. [ 173.456901][ T4796] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 173.655953][ T4796] microsoft 0003:045E:07DA.000B: unbalanced collection at end of report description [ 173.695846][ T4796] microsoft 0003:045E:07DA.000B: parse failed [ 173.713855][ T4796] microsoft: probe of 0003:045E:07DA.000B failed with error -22 [ 173.757176][ T4796] usb 4-1: USB disconnect, device number 9 [ 174.059114][ T4797] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 174.199099][ T4773] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 174.439384][ T4797] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 174.449815][ T4773] usb 2-1: Using ep0 maxpacket: 32 [ 174.468693][ T6094] loop3: detected capacity change from 0 to 1024 [ 174.478548][ T4797] usb 1-1: config 0 has no interfaces? [ 174.535618][ T6094] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 174.548119][ T6096] loop4: detected capacity change from 0 to 256 [ 174.552815][ T6094] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 174.563984][ T4797] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 174.575861][ T4797] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 174.587499][ T6094] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 174.605693][ T4797] usb 1-1: SerialNumber: syz [ 174.614897][ T4797] usb 1-1: config 0 descriptor?? [ 174.635345][ T6094] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 174.648764][ T6094] System zones: 0-1, 3-36 [ 174.658318][ T6094] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,debug,dioread_nolock,jqfmt=vfsold,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 174.759197][ T4773] usb 2-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 174.785180][ T4773] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.794183][ T4773] usb 2-1: Product: syz [ 174.798504][ T4773] usb 2-1: Manufacturer: syz [ 174.804588][ T4773] usb 2-1: SerialNumber: syz [ 174.818938][ T4773] usb 2-1: config 0 descriptor?? [ 174.889013][ T6069] Disabled LAPIC found during irq injection [ 174.934443][ T6103] loop3: detected capacity change from 0 to 1024 [ 174.946076][ T4797] usb 1-1: USB disconnect, device number 8 [ 174.957508][ T6107] loop2: detected capacity change from 0 to 512 [ 174.987711][ T6103] EXT4-fs (loop3): Ignoring removed orlov option [ 174.997206][ T6103] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 175.021888][ T6103] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 175.069460][ T6107] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 175.103483][ T25] audit: type=1800 audit(1717664320.707:249): pid=6115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1949 res=0 errno=0 [ 175.150358][ T6107] ext4 filesystem being mounted at /root/syzkaller-testdir2575364772/syzkaller.uNe6EY/143/bus supports timestamps until 2038 (0x7fffffff) [ 175.714849][ T4773] (unnamed net_device) (uninitialized): Assigned a random MAC address: 22:db:69:8c:d2:6a [ 175.757504][ T4773] rtl8150 2-1:0.0: eth1: rtl8150 is detected [ 175.763883][ T6121] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'. [ 175.784781][ T4773] usb 2-1: USB disconnect, device number 8 [ 176.189221][ T4797] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 176.225506][ T6121] loop3: detected capacity change from 0 to 2048 [ 176.285027][ T6121] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 176.349326][ T6138] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 176.350947][ T6121] attempt to access beyond end of device [ 176.350947][ T6121] loop3: rw=524288, want=33554432, limit=2048 [ 176.449159][ T4797] usb 3-1: Using ep0 maxpacket: 16 [ 176.560230][ T6121] attempt to access beyond end of device [ 176.560230][ T6121] loop3: rw=0, want=9437256, limit=2048 [ 176.572906][ T6121] NILFS (loop3): I/O error reading meta-data file (ino=6, block-offset=0) [ 176.585257][ T6143] input: syz0 as /devices/virtual/input/input22 [ 176.589190][ T4797] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.648798][ T4797] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.700815][ T4797] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 176.757805][ T4797] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 176.807102][ T4797] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.883161][ T4797] usb 3-1: config 0 descriptor?? [ 177.337627][ T6147] loop4: detected capacity change from 0 to 1024 [ 177.381244][ T4797] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0 [ 177.390825][ T4797] microsoft 0003:045E:07DA.000C: unbalanced collection at end of report description [ 177.408846][ T6147] EXT4-fs (loop4): Ignoring removed orlov option [ 177.424564][ T6147] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 177.427089][ T4797] microsoft 0003:045E:07DA.000C: parse failed [ 177.444897][ T4797] microsoft: probe of 0003:045E:07DA.000C failed with error -22 [ 177.508488][ T6147] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 177.587950][ T4797] usb 3-1: USB disconnect, device number 5 [ 177.985958][ T6153] loop4: detected capacity change from 0 to 1024 [ 178.064173][ T6153] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 178.140214][ T6153] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,sysvgroups,norecovery,grpid,norecovery,,errors=continue. Quota mode: writeback. [ 178.481056][ T6172] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 178.609121][ T3916] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 178.775907][ T6182] loop2: detected capacity change from 0 to 1024 [ 178.854950][ T6182] EXT4-fs (loop2): Ignoring removed orlov option [ 178.867753][ T6182] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 178.944771][ T6182] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 179.009245][ T3916] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 179.019709][ T3916] usb 5-1: config 0 has no interfaces? [ 179.099247][ T3916] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 179.110522][ T3916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 179.118868][ T3916] usb 5-1: SerialNumber: syz [ 179.139634][ T3916] usb 5-1: config 0 descriptor?? [ 179.396310][ T6153] Disabled LAPIC found during irq injection [ 179.448114][ T4764] usb 5-1: USB disconnect, device number 7 [ 179.649270][ T4797] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 179.940155][ T4797] usb 3-1: Using ep0 maxpacket: 16 [ 179.965635][ T6212] loop3: detected capacity change from 0 to 1024 [ 180.013385][ T6212] EXT4-fs (loop3): Ignoring removed orlov option [ 180.024474][ T6212] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 180.074075][ T6212] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 180.109156][ T4797] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.153034][ T4797] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 180.160480][ T6214] loop4: detected capacity change from 0 to 8192 [ 180.187449][ T4797] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 180.209324][ T4797] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 180.218679][ T4797] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.227444][ T4764] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 180.247216][ T6214] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 180.268121][ T4797] usb 3-1: config 0 descriptor?? [ 180.635617][ T4773] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 180.659437][ T4764] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 180.672035][ T4764] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.693214][ T4764] usb 2-1: config 0 descriptor?? [ 180.780805][ T4797] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0 [ 180.788034][ T4797] microsoft 0003:045E:07DA.000D: unbalanced collection at end of report description [ 180.823794][ T4797] microsoft 0003:045E:07DA.000D: parse failed [ 180.836689][ T4797] microsoft: probe of 0003:045E:07DA.000D failed with error -22 [ 181.008081][ T4797] usb 3-1: USB disconnect, device number 6 [ 181.059431][ T4773] usb 5-1: config 0 has no interfaces? [ 181.154933][ T6223] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 181.163458][ T6223] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 181.236313][ T6228] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 181.310374][ T4773] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 181.337148][ T4773] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.364223][ T4773] usb 5-1: Product: syz [ 181.368624][ T4773] usb 5-1: Manufacturer: syz [ 181.375680][ T4773] usb 5-1: SerialNumber: syz [ 181.386983][ T4773] usb 5-1: config 0 descriptor?? [ 181.854242][ T3577] usb 5-1: USB disconnect, device number 8 [ 182.194841][ T6249] loop3: detected capacity change from 0 to 1024 [ 182.255728][ T6249] EXT4-fs (loop3): Ignoring removed orlov option [ 182.269023][ T6249] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 182.329639][ T6249] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 182.589466][ T4764] pegasus 2-1:0.0: can't reset MAC [ 182.599199][ T4764] pegasus: probe of 2-1:0.0 failed with error -5 [ 182.640522][ T4764] usb 2-1: USB disconnect, device number 9 [ 182.696964][ T6261] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 182.701393][ T6272] input: syz0 as /devices/virtual/input/input23 [ 182.714844][ T6261] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 183.011339][ T3577] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 183.077395][ T6289] loop3: detected capacity change from 0 to 1024 [ 183.151754][ T6289] EXT4-fs (loop3): Ignoring removed orlov option [ 183.158347][ T6289] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 183.207312][ T6289] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 183.279111][ T3577] usb 3-1: Using ep0 maxpacket: 16 [ 183.377839][ T6291] loop1: detected capacity change from 0 to 8192 [ 183.399451][ T3577] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 183.424259][ T3577] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 183.451867][ T3577] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 183.475587][ T6291] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 183.487506][ T3577] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 183.507179][ T3577] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.525132][ T3577] usb 3-1: config 0 descriptor?? [ 183.889054][ T4773] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 184.010886][ T3577] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 184.027769][ T3577] microsoft 0003:045E:07DA.000E: unbalanced collection at end of report description [ 184.050208][ T3577] microsoft 0003:045E:07DA.000E: parse failed [ 184.064348][ T3577] microsoft: probe of 0003:045E:07DA.000E failed with error -22 [ 184.237064][ T3917] usb 3-1: USB disconnect, device number 7 [ 184.269148][ T4773] usb 2-1: config 0 has no interfaces? [ 184.449181][ T4773] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 184.458263][ T4773] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.485647][ T4773] usb 2-1: Product: syz [ 184.495988][ T4773] usb 2-1: Manufacturer: syz [ 184.509531][ T4773] usb 2-1: SerialNumber: syz [ 184.524923][ T4773] usb 2-1: config 0 descriptor?? [ 184.909369][ T3577] usb 2-1: USB disconnect, device number 10 [ 185.134647][ T6317] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 185.157718][ T6317] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 185.557734][ T6327] loop0: detected capacity change from 0 to 1024 [ 185.649375][ T6327] EXT4-fs (loop0): Ignoring removed orlov option [ 185.671984][ T6327] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 185.742379][ T6327] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 185.976449][ T3538] ================================================================== [ 185.984829][ T3538] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 185.992809][ T3538] Read of size 4 at addr ffff88805c380000 by task syz-executor.0/3538 [ 186.001124][ T3538] [ 186.003448][ T3538] CPU: 1 PID: 3538 Comm: syz-executor.0 Not tainted 5.15.160-syzkaller #0 [ 186.011939][ T3538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 186.022017][ T3538] Call Trace: 2024/06/06 08:58:51 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 186.025295][ T3538] [ 186.028219][ T3538] dump_stack_lvl+0x1e3/0x2d0 [ 186.032900][ T3538] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 186.038534][ T3538] ? _printk+0xd1/0x120 [ 186.042700][ T3538] ? __wake_up_klogd+0xcc/0x100 [ 186.047552][ T3538] ? panic+0x860/0x860 [ 186.051614][ T3538] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 186.057086][ T3538] print_address_description+0x63/0x3b0 [ 186.062643][ T3538] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 186.068278][ T3538] kasan_report+0x16b/0x1c0 [ 186.072783][ T3538] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 186.078414][ T3538] ext4_xattr_delete_inode+0xcd0/0xce0 [ 186.083876][ T3538] ? ext4_blocks_for_truncate+0x270/0x270 [ 186.089601][ T3538] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 186.095661][ T3538] ? rcu_read_lock_any_held+0xb3/0x160 [ 186.101128][ T3538] ? ext4_inode_is_fast_symlink+0x262/0x390 [ 186.107026][ T3538] ext4_evict_inode+0xcb7/0x1100 [ 186.111955][ T3538] ? _raw_spin_unlock+0x24/0x40 [ 186.116812][ T3538] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 186.122704][ T3538] ? do_raw_spin_unlock+0x137/0x8b0 [ 186.127895][ T3538] ? _raw_spin_unlock+0x24/0x40 [ 186.132740][ T3538] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 186.138635][ T3538] evict+0x2a4/0x620 [ 186.142533][ T3538] vfs_rmdir+0x33c/0x460 [ 186.146803][ T3538] do_rmdir+0x368/0x670 [ 186.150957][ T3538] ? d_delete_notify+0x150/0x150 [ 186.155885][ T3538] ? strncpy_from_user+0x209/0x370 [ 186.160997][ T3538] ? syscall_enter_from_user_mode+0x2e/0x240 [ 186.166976][ T3538] __x64_sys_unlinkat+0xdc/0xf0 [ 186.171829][ T3538] do_syscall_64+0x3b/0xb0 [ 186.176237][ T3538] ? clear_bhb_loop+0x15/0x70 [ 186.180908][ T3538] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 186.186799][ T3538] RIP: 0033:0x7efc8aef5747 [ 186.191213][ T3538] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 186.210821][ T3538] RSP: 002b:00007ffd96acff68 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 186.219233][ T3538] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007efc8aef5747 [ 186.227200][ T3538] RDX: 0000000000000200 RSI: 00007ffd96ad1110 RDI: 00000000ffffff9c [ 186.235164][ T3538] RBP: 00007efc8af52636 R08: 0000000000000000 R09: 0000000000000000 [ 186.243133][ T3538] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffd96ad1110 [ 186.251097][ T3538] R13: 00007efc8af52636 R14: 000000000002d477 R15: 0000000000000008 [ 186.259092][ T3538] [ 186.262107][ T3538] [ 186.264421][ T3538] The buggy address belongs to the page: [ 186.270067][ T3538] page:ffffea000170e000 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x5c380 [ 186.280315][ T3538] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 186.280998][ T4773] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 186.287429][ T3538] raw: 00fff00000000000 ffffea000170e048 ffffea00017179c8 0000000000000000 [ 186.303562][ T3538] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 186.312132][ T3538] page dumped because: kasan: bad access detected [ 186.318540][ T3538] page_owner tracks the page as freed [ 186.323899][ T3538] page last allocated via o