last executing test programs:

11.548799128s ago: executing program 4:
r0 = socket(0x10, 0x3, 0x4)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
unshare(0x2000680)
fsmount(0xffffffffffffffff, 0x0, 0x0)
io_setup(0x1, &(0x7f0000000b80)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
signalfd4(r1, &(0x7f0000000140), 0x8, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0x208e24b)
sync()
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f0000000300)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000280), 0xb)
sendfile(r4, r4, 0x0, 0x2)
syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000000180)='./bus\x00', 0x84080, &(0x7f0000000540)=ANY=[@ANYBLOB="00e0c6e4d9182ec69e599fd4d32ba9c5146fbc43a33914b2b1a5ce8843b193dc82dbc512b6fabfe6fbdd2a8bdeeda78e17b18f1b6e80c81cd67046e6a85e7160112d613e4c6dcab2404d58291ec130b9fd2785ce8fd5538f70998f2d50005813ba6c65cd3c25a8e730e1cd7b11cf7f6cc0fba6b670c64374abd09518ffba0c5eb2e602b1a64ac897fc6ce9bee1d70bef22f10c7776c2f5077cb1de63832b1bab15c6caf549a1cd58106494d92d1159033b2e27eceae339414a62aca9cf6a00c07e2a181dd9668a64b5eefc8e5ebc6564442a8d322e89a2fbbade22dc834cff72c09dc653db003038d250e81aee10888e78a3677d68cc60de6f7d361115e53becaa81ee364dd85d11c2e56a01b87e0b194b2a5d3115f3b257fa54acf273f953e6be39e5b67fcd3a564e71fdbdf8b4ef42c07a9525ae4d7cfa9f5f0e74ce04932a598a451611d49a947372a7cce61ae680efb6812be1329e48a178c571c239ddaf00213691c7a8"], 0x1, 0x1506, &(0x7f0000003f80)="$eJzs3QnYjtX2MPC19t43L4knybzXXjdPMmySJEOSDEmSHEkyJSRJkoRkypSEJGROModkijeZ5ylzkhxJkoSEJPu7NBzn/Dvf1f9855zP/3/e9buu+3r2su+1772f5X2eZ9/XO3zdYXCVelUr1mFm+KfgLw/dASAFAPoBQBYAiACgZNaSWS/1Z9DY/Z+7iPjXemDalZ6BuJKk/mmb1D9tk/qnbVL/tE3qn7ZJ/dM2qX/aJvUXIi3bOj3XNXKk3eOfv/+f8suD3P//X0je/9M2qf9/mtMZ/pGzpf7/SS6GEP6xDKl/2ib1T9uk/mmb1D9tk/qnbVJ/IdKyK33/WY4re1zp/39CCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIdKGc+EyAwC/ta/0vIQQQgghhBBCCPGvE9Jf6RkIIYQQQgghhBDi3w9BgQYDEaSD9JACGSAjXAWZ4GrIDFkgAddAVrgWssF1kB1yQE7IBbkhD+QFCwQOGGLIB/khCddDAbgBCkIhKAxFwENRKAY3QnG4CUrAzVASboFScCuUhjJQFsrBbVAebocKcAdUhDuhElSGKlAV7oJqcDdUh3ugBtwLNeE+qAX3Q234E9SBB6AuPAj14CGoDw9DA2gIjaAxNPl/yn8eusAL0BW6QXfoAT3hRegFvaEP9IV+8BL0h5dhALwCA2EQDIZXYQi8BkPhdRgGw2EEvAEjYRSMhjEwFsbBeHgTJsBbMBHehkkwGabAVJgG02EGvAMzYRbMhndhDrwHc2EezIcFsBDeh0WwGFLhA1gCH8JSWAbLYQWshFWwGtbAWlgH62EDbIRNsBm2wFb4CLbBdtgBO2EX7IY98DHshU9gH3wK++GzfzD/7H/J74iAgAoVGjSYDtNhCqZgRsyImTATZsbMmMAEZsWsmA2zYXbMjjkxJ+bG3JgX8yIhISNjPsyHSUxiASyABbEgFsbC6NFjMSyGxfEmLIElsCSWxFJYCktjGSyD5bAclsfyWAErYEWsiJWwElbBKngX3oV3Y3WsjjWwBtbEmlgLa2FtrI11sA7WxbpYD+thfayPDbABNsJG2ASbYFNsis2wGbbAFtgSW2IrbIWtsTW2wTbYFtsawHbYHttjB+yAHbETdsLn8Xl8AV/AblhJ9cCe2BN7YS/sg32xL76E/fFlfBlfwYE4CAfjq/gqvoZD8QwOw+E4AkdgeTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4bs4B9/D93AezsMFuBAX4iJcjKmYikvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsGP8CPcjttxJ+7E3bgbP8aP8RP8BAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAEv4EW8eOmLX11ilFHpVDqVolJURpVRZVKZVGaVWSVUQmVVWVU2lU1lV9lVTpVT5Va5VV6VV5EixSpW+VQ+lVRJVUAVUAVVQVVYFVZeeVVMFVPFVXFVQpVQJdUtqpS6VZVWZVRzX06VU+VVC19B3aEqqoqqkqqsqqiqqqqqpqqp6qq6qqFqqJqqpqql7le1VQ/sgw+oS5WppwZhfTUYG6iGqpFqrF7DR1RTNRSbqeaqhXpMDcdh2Eo19a3Vk6qNGo1t1dNqDD6j2qtx2EE9pzqqTqqzel51Uc18V9VNTcIeqqeair1Ub9VH9VUzsbK6VLEq6hU1UA1Sg9WragG+poaq19UwNVyNUG+okWqUGq3GqLFqnBqv3lQT1FtqonpbTVKT1RQ1VU1T09UM9Y6aqWap2epdNUe9p+aqeWq+WqAWqvfVIrVYpaoP1BL1oVqqlqnlaoVaqVap1WqNWqvWqfVqg9qoNqnNaovaqj5S29R2tUPtVLvUbrVHfaz2qk/UPvWp2q8+UwfUn9VB9bk6pL5Qh9WX6oj6Sh1VX6tj6ht1XH2rTqiT6pT6Tp1W36sz6qw6p35Q59WP6oL6SV1UQYFGrbTWRkc6nU6vU3QGnVFfpTPpq3VmnUUn9DU6q75WZ9PX6ew6h86pc+ncOo/Oq60m7TTrWOfT+XVSX68L6Bt0QV1IF9ZFtNdFdTF9oy6ub9Il9M26pL5Fl9K36tK6jC6ry+nbdHl9u66g79AV9Z26kq6sq+iq+i5dTd+tq+t7dA19r66p79O19P26tv6TrqMf0HX1g7qefkjX1w/rBrqhbqQb6yb6Ed1UP6qb6ea6hX5Mt9SP61b6Cd1aP6nb6Kd0W/20bqef0e31s7qDfk531J10Z/2TvqiD7qq76e66h+6pX9S9dG/dR/fV/fRLur9+WQ/Qr+iBepAerF/VQ/Rreqh+XQ/Tw/UI/YYeqUfp0XqMHqvH6fH6TT1Bv6Un6rf1JD1ZT9EaAKbrPr+ONPu/kf/W3+RP1dP0dD3g56tv0Vv1R3qb3q536J16l96t9+g9eq/eq/fpfXq/3q8P6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvzwEYNMpoY0xk0pn0JsVkMBnNVSaTudpkNllMwlxjspprTTZznclucpicJpfJbfKYvMYaMs6wiU0+k98kzfWmgLnBFDSFTGFTxHhT1BQzN/7T+X80vyamiWlqmppmpplpYVqYlqalaWVamdamtWlj2pi2pq1pZ9qZ9qa96WA6mI6mo+lsOpsuposJANDddDc9zYuml+lt+pi+pp95yfQ3/c0AM8AMNAPNYDPYDDFDzFAz1Awzw8wIM8KMNCPNaDPajDVjzXgz3kwwE8xEM9FMMpPMFDPFTDPTzAwzw8w0M81sM9vMMXPMXDPXzDfzzUKz0Cwyi0yqSTVLzBKz1Cwzy8wKs8KsMqvMGrPGrDPrzAazwWwym8xS89s3aO4wO8wus8vsMXvMXrPX7DP7zH6z3xwwB8xBc9AcMofMYXPYHDFHzFFz1Bwzx8xxc9ycMCfMKXPKnDanzRlzxpwz58x5c95cMBfMRXPx0se+SEUqMpGJ0kXpopQoJcoYZYwyRZmizFHmKBEloqxR1ihbdF2UPcoR5YxyRbmjPFHeyEYUuYijOMoX5Y+S0fVRgeiGqGBUKCocFYl8VDQqFt0YFY9uikpEN0clo1uiUtGtUemoTFQ2KhfdFpWPbo8qRHdEFaM7o0pR5ahKVDW6K6oW3R1Vj+6JakT3RjWj+6Ja0f1R7ehPUZ3ogahu9GBUL3ooqh89HDWIGkaNosZRk3/p+CGcyfGo72q72e62h+1pX7S9bG/bx/a1/exLtr992Q6wr9iBdpAdbF+1Q+xrdqh93Q6zw+0I+4YdaUfZ0XaMHWvH2fH2TTvBvmUn2rftJDvZTrFT7TQ73c6w79iZdpadbd+1c+x7dq6dZ+fbBXahfd8usottqv3ALrEf2qV2mV1uV9iVdpVdbdfYtXadXW832I12k91st9it9iO7zW63O+xOu8vutnvsx3av/cTus5/a/fYze8D+2R60n9tD9gt72H5pj9iv7FH7tT1mv7HH7bf2hD1pT9nv7Gn7vT1jz9pz9gd73v5oL9if7EUbLn24v/T2ToYMpaN0lEIplJEyUibKRJkpMyUoQVkpK2WjbJSdslNOykm5KTflpbx0CRNTPspHSUpSASpABakgFabC5MlTMSpGxak4laASVJJKUikqRaWpNJWlS/uR2+h2up3uoDvoTrqTKlNlqkpVqRpVo+pUnWpQDapJNakW1aLaVJvqUB2qS3WpHtWj+lSfGlADakSNqAk1oabUlJpRM2pBLagltaRW1IpaU2tqQ22oLbWldtSO2lN76kAdqCN1pM7UmbpQF+pKXak7daee1JN6US/qQ32oH/Wj/tSfBtAAGkgDaTANpiE0hIbSUBpGw2kEvUEjaRSNpjE0lsbReBpPE2gCTaSJNIkm0RSaQtNoGs2gGTSTZtJsmk1zaA7Npbk0n+bTQlpIi2gRpVIqLaEltJSW0nJaTitpJa2m1bSW1tJ6Wk8baSNtps20lbbSNtpGO2gH7aJdtIf20F7aS/toH+2n/XSADtBBOkiH6BAdpsN0hI7QUTpKx+gYHafjdIJO4Ck6RafpNJ2hM3SOztF5+pEu0E90kQKluAwuo7vKZXJXu8wui0txGboBwF/inC6Xy+3yuLzOuuwux9/E5Jwr6Aq5wq6I866oK+Zu/F1c2pVxZV05d5sr7253FX4XV3N3u+ruHlfD3euqurv+Jq7p7nO13EOutnvY1XENXV3X2NVzD7n67mHXwDV0jVxj19I97lq5J1xr96Rr4576XbzILXZr3Tq33m1we90n7pz7wR11X7vz7kfX1XVz/dxLrr972Q1wr7iBbtDv4hHuDTfSjXKj3Rg31o37XTzFTXXT3HQ3w73jZrpZv4sXuvfdHJfq5rp5br5b8HN8aU6p7gO3xH3olrplbrlb4Va6VW61W/OXua5wm9xmt8XtcR+7bW672+F2ul1u98/xpXXsc5+6/e4zd8R95Q66z90hd8wddl/+HF9a3zH3jTvuvnUn3El3yn3nTrvv3Rl39uf1X1r7d+4nd9EFB4ysWLPhiNNxek7hDJyRr+JMfDVn5iyc4Gs4K1/L2fg6zs45OCfn4tych/OyZWLHzDHn4/yc5Ou5AN/ABbkQF+Yi7LkoF+MbuTjfxCX4Zi7Jt3ApvpVLcxkuy+X4Ni7Pt3MFvoMr8p1ciStzFa7Kd3E1vpur8z1cg+/lmnwf1+L7uTb/ievwA1yXH+R6/BDX54e5ATfkRtyYm/Aj3JQf5WbcnFvwY9ySH+dW/AS35ie5DT/FbflpbsfPcHt+ljvwc9yRO3Fnfp678Avclbtxd+7BPflF7sW9uQ/35X78Evfnl3kAv8IDeRAP5ld5CL/GQ/l1HsbDeQS/wSN5FI/mMTyWx/F4fpMn8Fs8kd/mSTyZp/BUnsbTeQa/wzN5Fs/md3kOv8dzeR7P5wW8kN/nRbyYU/kDXsIf8lJexst5Ba/kVbya1/BaXsfreQNv5E28mbfwVv6It/F23sE7eRfv5j38Me/lT3gff8r7+TM+wH/mg/w5H+Iv+DB/yUf4Kz7KX/Mx/oaP87d8gk/yKf6OT/P3fIbP8jn+gc/zj3yBf+KLHBhijFWsYxNHcbo4fZwSZ4gzxlfFmeKr48xxljgRXxNnja+Ns8XXxdnjHHHOOFecO84T541tTLGLOY7jfHH+OBlfHxeIb4gLxoXiwnGR2MdF42LxjXHx+Ka4RHxzXDK+JS4V3xqXjsvEZeNy8W1x+fj2uEJ8R1wxvjOuFFeOq8RV47viavHdcfX4nrhGfG9cIr4vrhXfH9eO/xTXiR+I68YPxvXih+L68cNxg7hh3ChuHDeJH4mbxo/GzeLmcYv4sbhl/HjcKn4ibh0/GbeJn/rD/u5xj7hn/GL8YhzCPXp+ckFyYfL95KLk4mRq8oPkkuSHyaXJZcnlyRXJlclVydXJNcm1yXXJ9ckNyY3JTcnNyS3JEKqmB49eee2Nj3w6n96n+Aw+o7/KZ/JX+8w+i0/4a3xWf63P5q/z2X0On9Pn8rl9Hp/XW0/eefaxz+fz+6S/3hfwN/iCvpAv7It474v6Yr6xb+Kb+Kb+Ud/MN/ct/GP+Mf+4f9w/4Z/wT/o2/inf1j/t2/lnfHv/rH/WP+c7+k6+s3/ed/Ev+K6+m+/uu/uevqfv5Xv5Pr6P7+f7+f6+vx/gB/iBfqAf7Af7IX6IH+qH+mF+mB/hR/iRfqQf7Uf7sX6sH+/H+wl+gp/oJ/pJfpKf4qf4aX6an+Fn+Jl+pp/tZ/s5fo6f6+f6+X6+X+gX+kV+kU/1qX6JX+KX+qV+uV/uV/qVfrVf7df6tX69X+83+o1+s9/st/qtfpvf5nf4HX6X3+X3+D1+r9/r9/l9fr/f7w/4A/6gP+gP+S/8Yf+lP+K/8kf91/6Y/8Yf99/6E/6kP+W/86f99/6MP+vP+R/8ef+jv+B/8hd98OMTbyYmJN5KTEy8nZiUmJyYkpiamJaYnpiReCcxMzErMTvxbmJO4r3E3MS8xPzEgsTCxPuJRYnFidTEB4kliQ8TSxPLEssTKxIrE6sSIeTZFod8IX9IhutDgXBDKBgKhcKhSPChaCgWbgzFw02hRLg5lAy3hFLh1lA6lAllw8OhQWgYGoXGoUl4JDQNj4ZmoXloER4LLcPjoVV4IrQOT4Y24anQNjwd2oVnQvvwbOgQngsdQ6fQOTwfuoQXQtfQLXQPPULP8GLoFXqHPqFv6BdeCv3Dy2FAeCUMDIPC4PBqGBJeC0PD62FYGB5GhDfCyDAqjA5jwtgwLowPb4YJ4a0wMbwdJoXJYUqYGqaF6WFGeCfMDLPC7PBumBPeC3PDvDA/LAgLw/thUVgcUsMHYUn4MCwNy8LysCKsDKvC6rAmrA3rwvqwIWwMm8LmsCVsDR+FbWF72BF2hl1hd9gTPg57wydhX/g07A+fhQPhz+Fg+DwcCl+Ew+HLcCR8FY6Gr8Ox8E04Hr4NJ8LJcCp8F06H78OZcDacCz+E8+HHcCH8FC7Kz6wJIYQQQvy36D/o7+H+fo76td0TAK7enuvwf+3fmP2Xdu/0uVsmAODJbh0e+O2oVKl79+6/nrtUQ5R/HgAkLueng8vxMmgBj0NraA7F/9Kf8lfX6q06nec/GD95C0DGv8q5lP9bfHn8m/7u+nurUXP+cPx5AAXzX87JAJfjy+OX+L+Mn6PpH4yf4fPxAM3+KicTXI4vj18MHoWnoPXfnCmEEEIIIYQQQvyityrb7o/2t5f257nN5Zz0cDn+e/tzIYQQQgghhBBC/M/yTKfOTzzSunXzdtL4dzVCll+e6v8p85GGNH5ppADAL//S49eXg78650q+KgkhhBBCCCH+HS7vB670TIQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiLTr/8dvGvvtWn/0twaFEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEKI/1T/JwAA//+sCjTX")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
syz_mount_image$ext4(0x0, &(0x7f00000003c0)='./mnt\x00', 0x810, 0x0, 0x0, 0x0, &(0x7f0000000000))
chdir(&(0x7f0000000240)='./file0\x00')
r5 = inotify_init()
inotify_add_watch(r5, &(0x7f0000000340)='.\x00', 0xa50003d1)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@newqdisc={0x48, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x48}}, 0x0)

11.067433762s ago: executing program 4:
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
eventfd(0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x9}, 0x1c)
bind$inet6(r2, &(0x7f00000001c0)={0xa, 0x4e22}, 0x1c)
sendto$inet6(r2, 0x0, 0x0, 0x200008d4, &(0x7f000072e000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="fc000000190001000000000000000000e0000001000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000668b649b8bdb9a5a00000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500ac141400000000000000000000000000000000003c000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b2771825ee1cc99f969f4a3b3432652e624d868398401859faee8ed783c6b13bb031916c2f7707ad7b6c810c576aaca58e3f83d26c1a3990712e03225961362e3172a17c343a3a4b59da46353dddffe7b79"], 0xfc}}, 0x0)
sendto$inet6(r2, &(0x7f0000000080)='w', 0x1, 0x0, 0x0, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x2}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x36, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kfree\x00'}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'syz_tun\x00'})
socket$inet6_sctp(0xa, 0x0, 0x84)
listen(r4, 0x0)
open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0)

8.708058167s ago: executing program 4:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
chdir(&(0x7f0000000000)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0xffffffffffffffff}], 0x2)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)

8.203675934s ago: executing program 4:
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000980)={[{@nombcache}, {@sysvgroups}, {@norecovery}, {@grpid}, {@norecovery}]}, 0x9, 0x60b, &(0x7f00000001c0)="$eJzs3c1vVOUaAPDnTKcftPfeFnJz7+UupIkxkCgtLWCIMRHilhD82LmqtBCkUEJrtEhiSXCjMW5cmLhyIf4XSuLWhVsXblwZksYYFmJQxpzpmTofnTKdzkfb+f2SQ99zDnPe5ww8fd955z3nBNCzxtM/chEHI+J6EjFati8f2c7xtb/34NdbF9IliULhtV+SuPV+slJ+rCT7OZK9+M/RSL7PRRzoq613cfnmlZn5+bkb2frk0tXrk4vLN49evjpzae7S3LXp56dPnTxx8tTUsW2dX76sfPbOW++MfnjujS8/f5RMffXjuSROx+MstvS8ql87uK2a0/dsPAprHlbHdGqbx94pfhutfI9TSfUGdqyL2f/H/oj4b4xGX9m/5mh88EpXgwPaqpBEqY0Cek7SVP4PtT4QoMNK/YDSZ/uNPgfXyrW5VwJ0wuqZtQGAtdzvj4hS/ufXxgZjqDg2MPwgqRjnSSJieyNza9I6vvv23J10iTrjcEB7rNwujXJXt/9JMTfHYqi4NvwgV5H/ubIl3f5qk/WPV63Lf+icldsR8b+s/R+IpvP/zSbrl/8AAAAAAADQOvfORMRzG83/y63P/xnYYP7PSEScbkH9T/7+L3c/KyQtqA4os3om4sWa+b9/lM8OHuvLvuf/Z3E+QH/u4uX5uWMR8a+IOBL9g+n6VOVhKyYIH/34wGf16i+f/5cuaf2luYDZoe7nqy7EnZ1ZmmnN2UNvW70d8f/i/N9D2ZbK+T9p+5/UtP8fvZwm+PUG6zjwzN3z9fY9Of+Bdil8EXF4w+t//u5uJ5vfn2Oy2B+YLPUKaj313idf16tf/kP3pO3/8Ob5P5iU369ncWvHH4iI48v5Qr39zfb/B5LX+0rHT707s7R0YypiIDlbu316azHDXlXKh1K+pPl/5OnNx//W+/9lebgvIlYarPM/j0d+qrdP+w/dk+b/7Obt/1hl+7/VwlBM3x37JrvFWI3zDbX/J4pt+pFsi/E/KFd7P45GE7Qr4QIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADALpeLiH9EkptYL+dyExMRIxHx7xjOzS8sLj17ceHta7Ppvsrn/4+urSel5/+Pla1PV60fj4j9EfFp377i+sSFhfnZbp88AAAAAAAAAAAAAAAAAAAA7BAjxWv+C4PV1/+nfu7rdnRA2+Wzn/Idek++6VcWBlsaCNBxzec/sNs1nv/9bY0D6Lz6+f/wUaGoo+EAHaT/D72ryfz3dQHsAdp/6FUNjukNtTsOoBsabv9X2xsHAAAAAADQEvsP3fshiYiVF/YVl9RAts9kf9jbct0OAOgac3ihd+UXuh0B0C0+4wPJeun3DS/2rz/7P2lPQAAAAAAAAAAAAABAjcMHXf8PvSoXsckjvM3th71sk+v/N0p+twuAPaT+oz8aafsTPQTYxXzGB57Ujrv+HwAAAAAAAAAAAAB2gKGbV2bm5+duLC7vvsJLOyOMrRVWZnZEGC0tPG7PkfsjYmecYKcLpVtwdDGMLv9eAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1v0VAAD//wwXMFk=")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
pipe(0x0)
syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000402505a1a4400000000101090244"], 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2})
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)

6.173045867s ago: executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
fchdir(r0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r1, 0xfffffffffffffffd, 0x58)

6.150862521s ago: executing program 1:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
open$dir(0x0, 0x0, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x0)
fallocate(r0, 0x0, 0x0, 0x0)

6.087949651s ago: executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000e00)={&(0x7f0000000980)='sys_exit\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x1d, 0x0, 0x0)

6.031758699s ago: executing program 1:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xfa, 0xcf, 0x1, 0x40, 0x56e, 0x4010, 0x201c, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x91, 0x55, 0xe7}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000680)={0x0, 0x0, 0x1, '$'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000180)={0x0, 0x0, 0x2, "f252"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000a40)={0x44, &(0x7f0000000840)={0x0, 0x0, 0x1, "ca"}, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)={0x20, 0x83, 0x1, "b1"}, &(0x7f00000009c0)={0x20, 0x84, 0x1, "06"}, 0x0})

5.969203009s ago: executing program 4:
syz_emit_ethernet(0x3b8, 0x0, 0x0)
shmat(0x0, &(0x7f0000001000/0x3000)=nil, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f0000000240)=ANY=[], 0xfd, 0x11f3, &(0x7f0000001b80)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
ftruncate(r0, 0x100c17a)
syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902"], 0x0)
truncate(&(0x7f0000000000)='./file2\x00', 0x0)

3.569301459s ago: executing program 4:
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
write$uinput_user_dev(r0, &(0x7f00000007c0)={'syz0\x00'}, 0x45c)
ioctl$UI_SET_PROPBIT(r0, 0x5501, 0x0)
write$input_event(r0, &(0x7f00000005c0), 0x200005d8)
write$input_event(r0, &(0x7f0000000440), 0x18)
timer_create(0x0, &(0x7f0000000780)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc))
r1 = gettid()
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x14)

2.988005319s ago: executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

2.91480681s ago: executing program 3:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
chdir(&(0x7f0000000000)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0xffffffffffffffff}], 0x2)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)

2.846176771s ago: executing program 1:
syz_emit_ethernet(0x3b8, 0x0, 0x0)
shmat(0x0, &(0x7f0000001000/0x3000)=nil, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f0000000240)=ANY=[], 0xfd, 0x11f3, &(0x7f0000001b80)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
ftruncate(r0, 0x100c17a)
syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902"], 0x0)
truncate(&(0x7f0000000000)='./file2\x00', 0x0)

2.58738362s ago: executing program 3:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
poll(0x0, 0x0, 0x1402)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
rt_sigreturn()
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
openat(0xffffffffffffffff, 0x0, 0x664001, 0x5)

2.209127879s ago: executing program 3:
r0 = gettid()
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8)
readv(r1, 0x0, 0x0)
close(r1)
openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCGETS(0xffffffffffffffff, 0x5451, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
rt_sigreturn()
timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0)
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
semctl$IPC_SET(0x0, 0x0, 0x1, 0x0)

2.07335523s ago: executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140))
pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r0, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$binfmt_elf32(r1, &(0x7f0000000240)=ANY=[], 0xfffffdb6)
sendmmsg$unix(r1, &(0x7f0000000700)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000b80)="81", 0x1}], 0x1, 0xffffffffffffffff}}], 0x1, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system', 0x0, 0x0)
r3 = socket(0x1, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r4, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
listen(r4, 0x0)
r5 = socket(0x1, 0x5, 0x0)
dup3(r4, r5, 0x0)
accept4$unix(r5, 0x0, 0x0, 0x0)
recvmsg$inet_nvme(r3, &(0x7f00000014c0)={&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, <r6=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, 0x0}, 0x0)
close(r6)
rt_sigreturn()
openat$urandom(0xffffffffffffff9c, &(0x7f0000001640), 0x0, 0x0)
socketpair(0x1, 0x5, 0x0, 0x0)
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000001640), 0x2, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=<r7=>0x0)
timer_settime(r7, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x1c9c380}}, 0x0)
ioctl$FIOCLEX(r2, 0x5451)

1.798211232s ago: executing program 0:
eventfd(0x0)
close(0xffffffffffffffff)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
recvmsg(r1, &(0x7f0000000000)={&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, <r2=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}, 0x0)
close(r2)
ioctl$sock_SIOCSPGRP(r0, 0x5450, 0x0)

1.173849469s ago: executing program 2:
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x5)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, 0x0, 0x0)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
getsockopt$inet_pktinfo(r1, 0x0, 0x31, 0x0, &(0x7f0000000240))

1.086632592s ago: executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = socket$inet6(0xa, 0x80002, 0x88)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6}]}, 0x10)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000000002100000002ff02000000000000000000000000000104004e20"], 0x0)

1.011426364s ago: executing program 2:
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)

907.27272ms ago: executing program 0:
r0 = memfd_create(&(0x7f0000000500)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90k\x96\x05\r\x84\x87\x1c\b\x8c`\xea)A\x90m\xb6&\xd0\x9d\xb8\x7f\xc6W\x81\xb7\xf9\xbd\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<qK\x80\x8fQ|\xf5d\x10\x10\xb1\xe6\xa4`\xd3\xf9\xa5\xd1I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D4E^7%8\x94y\x90\xf0l\xa0\'Q%\xd4\xda\xee\x81\x98\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd30\xa2\x17\xca\xed\xdf\x91\xf9\x8c\xa1T\xfa\xc30\xfb&\xb7\x0f\xf9\xc9[R\xa8\xa3\xf4@dd9\xdd\vt\xa9\xa32\xc1\x1cA\xd2q\x9b\x9bV\x8c(\xb2\'\xf5~\xf6\xcf\xb0\x86\xdd\xab>\xd6\xf2\xfe\xf3]\x15&\x97]mC\v\f\n\x1f\xe2\t\x14\x84\xe0\xa4\xda\xe7\xe8\xd5ue\xf4\xf8\xde\xf3\x00q?[\xba=\x1a\xb2\xdf]\xc0\xeb\x16\xe4\x7f\x17o\x1b\xa4M\xafa\xc7tR?3hH\x18\xc9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcd\xe3\xb5\xd6\xed1\x10\x8d\x87N\x9c8\xfd\xd0t\xe6?\x9c\x95`\xfc_\'N\x90\xb7\xb5\x0f\xeb\x17{\x1fu\'\xb4=\xbcO@AP1\x9d\x1b\xba%\xca!\x0eRsGT\xdf\xd8;\x9ea\xd0\x01\x0eq~\x00\xfbh\xf7\xc8\x97\\\xc0\\\x17', 0x0)
userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc020aa00, 0x0)
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc018aa06, 0x0)
tkill(0x0, 0x0)
ftruncate(r0, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x6, 0x2012, r0, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000001c0)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa07, &(0x7f0000000040)={{&(0x7f000030e000/0x2000)=nil, 0x2000}})

666.285127ms ago: executing program 2:
r0 = gettid()
timer_create(0x1, &(0x7f0000004080)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
write$binfmt_script(r1, &(0x7f0000000340), 0xffffff46)
sendmsg$unix(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)}, 0x0)
inotify_init()
close(r1)
rt_sigreturn()
timer_settime(0x0, 0x1, &(0x7f0000000080)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
syz_socket_connect_nvme_tcp()
r2 = signalfd(0xffffffffffffffff, 0x0, 0x0)
readv(r2, 0x0, 0x0)
fchmod(0xffffffffffffffff, 0xa)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0x5451, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r3, 0x5451, 0x0)
eventfd2(0x0, 0x0)
fchdir(0xffffffffffffffff)
r4 = mq_open(&(0x7f0000000100)=',>\\#\x00Zs\xd4\x00'/25, 0x40, 0x0, 0x0)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r4, 0x5451)
r5 = mq_open(&(0x7f0000000040)='*.)\x00', 0x40, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r5, 0x5451, 0x0)

551.618005ms ago: executing program 2:
pipe(&(0x7f0000001300)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
write$P9_RRENAMEAT(r1, 0x0, 0x0)

516.88594ms ago: executing program 1:
futex(&(0x7f0000000700)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0)
rt_sigreturn()
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_read_part_table(0x401f, &(0x7f0000000000)="$eJzs0DEOAUEUBuB/NqKgUbuERk2UjrKNTqLRuIrKMSQaB3EBJ9CMZElIVuv7mvlnMjMv741vp1WSMttu2l1eNJ28bJKSZF73Jf/nvedrsjgnGfX5pDvUtPcvNycfzveHGoZ96j4N6ro+Ti+/vAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAwAAACDM3zqP9gMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEsBAAD//4IoCls=")
pipe2$9p(&(0x7f0000004080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r0, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838)
write$P9_RSYMLINK(r0, 0x0, 0x0)

481.772806ms ago: executing program 0:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
chdir(&(0x7f0000000000)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)

451.86874ms ago: executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

307.497522ms ago: executing program 3:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x989680}}, 0x0)
pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r1, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838)
r2 = dup(r1)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
write$P9_RUNLINKAT(r2, 0x0, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
close(r3)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/class/dmi', 0x0, 0x0)
dup3(r3, r2, 0x0)

180.357332ms ago: executing program 3:
futex(&(0x7f0000000700)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0)
rt_sigreturn()
timer_create(0x0, &(0x7f0000004040)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000004080))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_read_part_table(0x401f, &(0x7f0000000000)="$eJzs0DEOAUEUBuB/NqKgUbuERk2UjrKNTqLRuIrKMSQaB3EBJ9CMZElIVuv7mvlnMjMv741vp1WSMttu2l1eNJ28bJKSZF73Jf/nvedrsjgnGfX5pDvUtPcvNycfzveHGoZ96j4N6ro+Ti+/vAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAwAAACDM3zqP9gMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEsBAAD//4IoCls=")
pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r0, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838)
r1 = dup(r0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0)
write$FUSE_POLL(r1, 0x0, 0x0)

90.905206ms ago: executing program 3:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
mount$tmpfs(0x0, 0x0, &(0x7f0000000100), 0x0, 0x0)
open(0x0, 0x0, 0x0)
setxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f00000003c0)={0x0, 0x22, 0x22, {[@global=@item_4={0x3, 0x1, 0x0, "d24467f9"}, @main=@item_012={0x2, 0x0, 0xa, "0be0"}, @global=@item_4={0x3, 0x1, 0x0, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x0, "9000"}, @local=@item_4={0x3, 0x2, 0x0, "8a8118af"}, @main=@item_012={0x0, 0x0, 0x1b}, @local=@item_4={0x3, 0x2, 0x0, "72479ad4"}, @local=@item_4={0x3, 0x2, 0x0, "e598a6ca"}, @main=@item_012={0x1, 0x0, 0x0, '}'}]}}, 0x0}, 0x0)

0s ago: executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x5)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, 0x0, 0x0)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
getsockopt$inet_pktinfo(r1, 0x0, 0x31, 0x0, &(0x7f0000000240))

kernel console output (not intermixed with test programs):

ses=4294967295 subj=unconfined pid=4404 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3e6d6aaf69 code=0x7ffc0000
[  104.559124][ T1290] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  104.671871][   T25] audit: type=1326 audit(1717664250.147:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4404 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e6d6aaf69 code=0x7ffc0000
[  104.693381][ T1290] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  104.720549][ T1290] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  104.758852][ T1290] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  104.806113][   T25] audit: type=1326 audit(1717664250.147:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4404 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e6d6aaf69 code=0x7ffc0000
[  104.833468][ T1290] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  104.881745][   T25] audit: type=1326 audit(1717664250.217:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4404 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3e6d6aaf69 code=0x7ffc0000
[  104.896369][ T1290] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  104.942608][   T25] audit: type=1326 audit(1717664250.217:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4404 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e6d6aaf69 code=0x7ffc0000
[  104.965652][ T1290] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  105.004832][   T25] audit: type=1326 audit(1717664250.217:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4404 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e6d6aaf69 code=0x7ffc0000
[  105.028328][   T25] audit: type=1326 audit(1717664250.217:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4404 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f3e6d6aaf69 code=0x7ffc0000
[  105.039143][ T1290] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  105.113174][ T1290] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  105.121301][ T1290] usb 5-1: SerialNumber: syz
[  105.180948][ T1290] cdc_acm: probe of 5-1:1.0 failed with error -12
[  105.185294][ T4392] loop0: detected capacity change from 0 to 40427
[  105.233449][ T4392] F2FS-fs (loop0): Invalid log blocks per segment (5)
[  105.242755][ T4392] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  105.262771][ T4414] loop2: detected capacity change from 0 to 1024
[  105.298329][ T4392] F2FS-fs (loop0): Found nat_bits in checkpoint
[  105.332215][ T4414] EXT4-fs (loop2): Ignoring removed orlov option
[  105.364670][ T4414] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  105.437644][ T4392] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  105.448257][ T4392] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  105.485294][ T4414] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  105.531490][ T4392] attempt to access beyond end of device
[  105.531490][ T4392] loop0: rw=2049, want=53256, limit=40427
[  105.544141][ T4392] attempt to access beyond end of device
[  105.544141][ T4392] loop0: rw=2049, want=78224, limit=40427
[  105.587249][ T3538] attempt to access beyond end of device
[  105.587249][ T3538] loop0: rw=2049, want=45104, limit=40427
[  105.683940][ T4410] loop3: detected capacity change from 0 to 32768
[  105.844964][ T4410] XFS (loop3): Mounting V5 Filesystem
[  105.923359][ T4410] XFS (loop3): Ending clean mount
[  105.943931][ T4410] XFS (loop3): Quotacheck needed: Please wait.
[  106.015846][ T4410] XFS (loop3): Quotacheck: Done.
[  106.080918][ T3537] XFS (loop3): Unmounting Filesystem
[  106.281565][ T4440] loop0: detected capacity change from 0 to 512
[  106.352561][ T4440] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  106.397823][ T4440] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  106.429137][ T4440] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2
[  106.467323][ T4440] EXT4-fs (loop0): 1 truncate cleaned up
[  106.487682][ T3915] usb 5-1: USB disconnect, device number 3
[  106.494419][ T4440] EXT4-fs (loop0): mounted filesystem without journal. Opts: nomblk_io_submit,usrjquota="errors=continue,noload,data_err=ignore,grpjquota="errors=continue,errors=remount-ro,jqfmt=vfsv1,. Quota mode: writeback.
[  106.553267][ T4444] loop4: detected capacity change from 0 to 2048
[  106.577400][ T4440] EXT4-fs error (device loop0): ext4_map_blocks:601: inode #2: block 4: comm syz-executor.0: lblock 0 mapped to illegal pblock 4 (length 1)
[  106.652536][ T4440] EXT4-fs (loop0): Remounting filesystem read-only
[  106.683472][ T4444] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  106.849125][ T4431] loop2: detected capacity change from 0 to 40427
[  106.900451][   T25] kauditd_printk_skb: 46 callbacks suppressed
[  106.900463][   T25] audit: type=1326 audit(1717664252.507:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000
[  107.669182][ T4431] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  107.679151][ T4431] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  107.707744][ T4431] F2FS-fs (loop2): invalid crc value
[  107.828671][ T4431] F2FS-fs (loop2): Found nat_bits in checkpoint
[  107.855843][   T25] audit: type=1326 audit(1717664253.307:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000
[  107.944770][   T25] audit: type=1326 audit(1717664253.307:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000
[  107.967712][ T4431] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  107.976110][ T4431] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  108.044246][   T25] audit: type=1326 audit(1717664253.307:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000
[  108.090578][ T4477] loop0: detected capacity change from 0 to 1024
[  108.134641][   T25] audit: type=1326 audit(1717664253.307:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000
[  108.189585][ T4474] loop1: detected capacity change from 0 to 4096
[  108.212568][ T4477] EXT4-fs (loop0): Ignoring removed orlov option
[  108.244294][ T4477] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  108.272078][   T25] audit: type=1326 audit(1717664253.307:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000
[  108.313574][ T4158] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  108.331824][ T4477] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  108.354328][ T4158] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  108.370286][   T25] audit: type=1326 audit(1717664253.307:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000
[  108.563023][   T25] audit: type=1326 audit(1717664253.307:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000
[  108.605607][   T25] audit: type=1326 audit(1717664253.307:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc8aef5f69 code=0x7ffc0000
[  108.786853][   T25] audit: type=1326 audit(1717664253.307:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4457 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efc8aef36e7 code=0x7ffc0000
[  108.980355][ T4464] loop4: detected capacity change from 0 to 32768
[  109.191787][ T4464] XFS (loop4): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent.
[  109.221592][ T4464] XFS (loop4): Quotacheck needed: Please wait.
[  109.944709][ T4464] XFS (loop4): Quotacheck: Done.
[  109.997651][ T3532] XFS (loop4): Unmounting Filesystem
[  110.063240][ T3916] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  110.349033][ T3916] usb 2-1: Using ep0 maxpacket: 16
[  110.500497][ T3916] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  110.517414][ T3916] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  110.528368][ T3916] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  110.539089][ T4484] loop0: detected capacity change from 0 to 32768
[  110.543176][ T3916] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  110.556006][ T3916] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  110.573282][ T3916] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  110.583828][ T3916] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  110.663108][ T4484] XFS (loop0): Mounting V5 Filesystem
[  110.709268][ T3916] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  110.737196][ T3916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  110.743546][ T4484] XFS (loop0): Ending clean mount
[  110.745934][ T3916] usb 2-1: SerialNumber: syz
[  110.771550][ T4484] XFS (loop0): Quotacheck needed: Please wait.
[  110.807799][ T3916] cdc_acm: probe of 2-1:1.0 failed with error -12
[  110.836803][ T4484] XFS (loop0): Quotacheck: Done.
[  110.865076][ T4513] loop3: detected capacity change from 0 to 512
[  110.916024][ T3538] XFS (loop0): Unmounting Filesystem
[  110.964718][ T4513] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  111.042412][ T4513] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  111.051143][ T4513] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2
[  111.051213][ T4500] loop2: detected capacity change from 0 to 32768
[  111.065442][ T4513] EXT4-fs (loop3): 1 truncate cleaned up
[  111.084691][ T4513] EXT4-fs (loop3): mounted filesystem without journal. Opts: nomblk_io_submit,usrjquota="errors=continue,noload,data_err=ignore,grpjquota="errors=continue,errors=remount-ro,jqfmt=vfsv1,. Quota mode: writeback.
[  111.142961][ T4500] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz-executor.2 (4500)
[  111.201812][ T4500] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  111.223164][ T4513] EXT4-fs error (device loop3): ext4_map_blocks:601: inode #2: block 4: comm syz-executor.3: lblock 0 mapped to illegal pblock 4 (length 1)
[  111.269470][ T4500] BTRFS info (device loop2): using free space tree
[  111.276013][ T4500] BTRFS info (device loop2): has skinny extents
[  111.300019][ T4513] EXT4-fs (loop3): Remounting filesystem read-only
[  111.436546][ T4521] loop4: detected capacity change from 0 to 2048
[  111.475459][ T4529] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  111.546920][ T4500] BTRFS info (device loop2): enabling ssd optimizations
[  111.621094][ T4521] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  113.318895][   T25] kauditd_printk_skb: 68 callbacks suppressed
[  113.318909][   T25] audit: type=1326 audit(1717664258.917:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4525 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdd0086c3b9 code=0x7ffc0000
[  113.369652][ T1290] usb 2-1: USB disconnect, device number 4
[  113.477952][   T25] audit: type=1326 audit(1717664258.957:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4525 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd008a8f69 code=0x7ffc0000
[  113.559058][   T25] audit: type=1326 audit(1717664258.957:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4525 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdd008a66e7 code=0x7ffc0000
[  113.610161][ T4551] loop0: detected capacity change from 0 to 4096
[  113.636355][   T25] audit: type=1326 audit(1717664258.957:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4525 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdd0086c3b9 code=0x7ffc0000
[  113.647717][ T4555] loop4: detected capacity change from 0 to 1024
[  113.688585][ T4553] loop3: detected capacity change from 0 to 4096
[  113.694440][   T25] audit: type=1326 audit(1717664258.967:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4525 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd008a8f69 code=0x7ffc0000
[  113.726769][ T4555] EXT4-fs (loop4): Ignoring removed orlov option
[  113.747548][ T4555] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  113.762503][ T4553] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512)
[  113.829968][ T4555] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  113.932824][   T25] audit: type=1800 audit(1717664259.537:147): pid=4555 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=18 res=0 errno=0
[  114.047860][ T4549] loop1: detected capacity change from 0 to 40427
[  114.190902][ T4574] loop3: detected capacity change from 0 to 128
[  114.207380][ T4549] F2FS-fs (loop1): Found nat_bits in checkpoint
[  114.254158][ T4574] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  114.392800][ T4549] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  114.468185][ T4567] loop2: detected capacity change from 0 to 40427
[  114.512674][ T4567] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  114.531647][ T4567] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  114.539476][ T4549] F2FS-fs (loop1): Inconsistent error blkaddr:5633, sit bitmap:0
[  114.571537][ T4567] F2FS-fs (loop2): invalid crc value
[  114.585106][ T4549] CPU: 1 PID: 4549 Comm: syz-executor.1 Not tainted 5.15.160-syzkaller #0
[  114.593623][ T4549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  114.603662][ T4549] Call Trace:
[  114.606941][ T4549]  <TASK>
[  114.609870][ T4549]  dump_stack_lvl+0x1e3/0x2d0
[  114.614549][ T4549]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  114.620165][ T4549]  ? f2fs_get_next_page_offset+0x6c0/0x6c0
[  114.625959][ T4549]  ? unlock_page+0x188/0x200
[  114.630531][ T4549]  f2fs_is_valid_blkaddr+0xc61/0x1270
[  114.635896][ T4549]  f2fs_get_read_data_page+0x35a/0x6b0
[  114.641346][ T4549]  ? f2fs_get_block+0x310/0x310
[  114.646199][ T4549]  ? __lock_acquire+0x1295/0x1ff0
[  114.651208][ T4549]  f2fs_find_data_page+0x1d7/0x620
[  114.656304][ T4549]  f2fs_readdir+0x553/0xef0
[  114.660811][ T4549]  ? f2fs_fill_dentries+0xd60/0xd60
[  114.666000][ T4549]  ? __fdget_pos+0x2cb/0x380
[  114.670574][ T4549]  ? f2fs_fill_dentries+0xd60/0xd60
[  114.675755][ T4549]  ? iterate_dir+0x10a/0x570
[  114.680325][ T4549]  ? fsnotify_perm+0x438/0x5a0
[  114.685071][ T4549]  iterate_dir+0x224/0x570
[  114.689471][ T4549]  ? f2fs_fill_dentries+0xd60/0xd60
[  114.694650][ T4549]  __se_sys_getdents+0x1e8/0x4c0
[  114.699674][ T4549]  ? __x64_sys_getdents+0x80/0x80
[  114.704684][ T4549]  ? fillonedir+0x4b0/0x4b0
[  114.709178][ T4549]  ? syscall_enter_from_user_mode+0x2e/0x240
[  114.715291][ T4549]  ? lockdep_hardirqs_on+0x94/0x130
[  114.720478][ T4549]  ? syscall_enter_from_user_mode+0x2e/0x240
[  114.726442][ T4549]  do_syscall_64+0x3b/0xb0
[  114.730840][ T4549]  ? clear_bhb_loop+0x15/0x70
[  114.735506][ T4549]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  114.741399][ T4549] RIP: 0033:0x7f3e6d6aaf69
[  114.745797][ T4549] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  114.765382][ T4549] RSP: 002b:00007f3e6c2240c8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  114.773801][ T4549] RAX: ffffffffffffffda RBX: 00007f3e6d7e1f80 RCX: 00007f3e6d6aaf69
[  114.781755][ T4549] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  114.789706][ T4549] RBP: 00007f3e6d7086fe R08: 0000000000000000 R09: 0000000000000000
[  114.797661][ T4549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  114.805631][ T4549] R13: 000000000000000b R14: 00007f3e6d7e1f80 R15: 00007ffeec554158
[  114.813601][ T4549]  </TASK>
[  114.840477][ T4567] F2FS-fs (loop2): Found nat_bits in checkpoint
[  114.968434][ T4567] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  114.975655][ T4567] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  115.089964][ T1485] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  115.206931][ T4158] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  115.235354][ T4158] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  115.534657][ T4589] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  115.587210][ T4570] loop0: detected capacity change from 0 to 32768
[  115.703542][ T4570] XFS (loop0): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent.
[  115.808915][ T4570] XFS (loop0): Quotacheck needed: Please wait.
[  115.901028][ T4570] XFS (loop0): Quotacheck: Done.
[  115.929989][ T4605] loop1: detected capacity change from 0 to 128
[  115.955502][ T3538] XFS (loop0): Unmounting Filesystem
[  116.050868][ T4605] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  116.102901][ T4605] ext4 filesystem being mounted at /root/syzkaller-testdir3280181984/syzkaller.kJjv93/70/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  116.172032][ T4610] loop2: detected capacity change from 0 to 2048
[  116.257062][ T4610] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  118.369219][ T3582] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  118.780406][ T3582] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  118.959394][ T3582] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  118.974413][ T3582] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.996941][ T3582] usb 3-1: Product: syz
[  119.014256][ T3582] usb 3-1: Manufacturer: syz
[  119.036335][ T3582] usb 3-1: SerialNumber: syz
[  119.472135][ T4703] loop1: detected capacity change from 0 to 1024
[  119.488529][ T4624] loop0: detected capacity change from 0 to 32768
[  119.554683][ T4703] EXT4-fs (loop1): Ignoring removed orlov option
[  119.561343][ T4624] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor.0 (4624)
[  119.579395][ T4703] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  119.648044][ T4624] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  119.661496][ T4624] BTRFS info (device loop0): using free space tree
[  119.679589][ T4703] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  119.729529][ T4624] BTRFS info (device loop0): has skinny extents
[  119.813801][   T25] audit: type=1800 audit(1717664265.417:148): pid=4713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=18 res=0 errno=0
[  119.934931][ T4624] BTRFS info (device loop0): enabling ssd optimizations
[  119.959398][ T4661] loop3: detected capacity change from 0 to 32768
[  120.035812][ T4661] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 scanned by syz-executor.3 (4661)
[  120.111530][ T4661] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  120.124586][ T4661] BTRFS info (device loop3): using free space tree
[  120.132204][ T4661] BTRFS info (device loop3): has skinny extents
[  120.145071][ T4728] loop1: detected capacity change from 0 to 2048
[  120.233316][ T4728] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  120.251236][   T25] audit: type=1804 audit(1717664265.857:149): pid=4624 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3265105875/syzkaller.hM9UpK/61/file1/bus" dev="loop0" ino=263 res=1 errno=0
[  120.517069][ T4661] BTRFS info (device loop3): enabling ssd optimizations
[  121.289649][ T3582] cdc_ncm 3-1:1.0: failed GET_NTB_PARAMETERS
[  121.302745][ T3582] cdc_ncm 3-1:1.0: bind() failure
[  121.342098][ T3582] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  121.367834][ T3582] cdc_ncm 3-1:1.1: bind() failure
[  121.411507][ T3582] usb 3-1: USB disconnect, device number 2
[  122.695451][ T4792] loop4: detected capacity change from 0 to 1024
[  122.742868][ T4792] EXT4-fs (loop4): Ignoring removed orlov option
[  122.753505][ T4792] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  122.794833][ T4799] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  122.889890][ T4792] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  123.028532][ T4814] loop3: detected capacity change from 0 to 4096
[  123.266059][ T4780] loop0: detected capacity change from 0 to 32768
[  123.342773][ T4825] loop3: detected capacity change from 0 to 4096
[  123.383005][ T4825] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512)
[  123.397992][ T4780] XFS (loop0): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent.
[  123.475733][ T4780] XFS (loop0): Quotacheck needed: Please wait.
[  123.580154][ T4780] XFS (loop0): Quotacheck: Done.
[  123.638302][ T3538] XFS (loop0): Unmounting Filesystem
[  123.762946][ T4823] loop4: detected capacity change from 0 to 32768
[  123.811955][ T4823] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz-executor.4 (4823)
[  123.826623][ T4810] loop2: detected capacity change from 0 to 40427
[  123.850834][ T4843] loop3: detected capacity change from 0 to 128
[  123.914635][ T4843] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  123.924065][ T4823] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  123.936782][ T4810] F2FS-fs (loop2): Found nat_bits in checkpoint
[  123.955440][ T4823] BTRFS info (device loop4): using free space tree
[  123.981727][ T4823] BTRFS info (device loop4): has skinny extents
[  124.051299][ T4810] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  124.094768][ T4810] F2FS-fs (loop2): Inconsistent error blkaddr:5633, sit bitmap:0
[  124.136025][ T4810] CPU: 0 PID: 4810 Comm: syz-executor.2 Not tainted 5.15.160-syzkaller #0
[  124.144547][ T4810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  124.154203][ T4841] loop1: detected capacity change from 0 to 32768
[  124.154592][ T4810] Call Trace:
[  124.154602][ T4810]  <TASK>
[  124.167165][ T4810]  dump_stack_lvl+0x1e3/0x2d0
[  124.171863][ T4810]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  124.177499][ T4810]  ? f2fs_get_next_page_offset+0x6c0/0x6c0
[  124.183310][ T4810]  ? unlock_page+0x188/0x200
[  124.187902][ T4810]  f2fs_is_valid_blkaddr+0xc61/0x1270
[  124.193283][ T4810]  f2fs_get_read_data_page+0x35a/0x6b0
[  124.198750][ T4810]  ? f2fs_get_block+0x310/0x310
[  124.203611][ T4810]  ? __lock_acquire+0x1295/0x1ff0
[  124.208643][ T4810]  f2fs_find_data_page+0x1d7/0x620
[  124.213760][ T4810]  f2fs_readdir+0x553/0xef0
[  124.218283][ T4810]  ? f2fs_fill_dentries+0xd60/0xd60
[  124.223484][ T4810]  ? __fdget_pos+0x2cb/0x380
[  124.228079][ T4810]  ? f2fs_fill_dentries+0xd60/0xd60
[  124.233274][ T4810]  ? iterate_dir+0x10a/0x570
[  124.237860][ T4810]  ? fsnotify_perm+0x438/0x5a0
[  124.242627][ T4810]  iterate_dir+0x224/0x570
[  124.247049][ T4810]  ? f2fs_fill_dentries+0xd60/0xd60
[  124.252250][ T4810]  __se_sys_getdents+0x1e8/0x4c0
[  124.257202][ T4810]  ? __x64_sys_getdents+0x80/0x80
[  124.262224][ T4810]  ? fillonedir+0x4b0/0x4b0
[  124.266730][ T4810]  ? syscall_enter_from_user_mode+0x2e/0x240
[  124.272709][ T4810]  ? lockdep_hardirqs_on+0x94/0x130
[  124.277912][ T4810]  ? syscall_enter_from_user_mode+0x2e/0x240
[  124.283898][ T4810]  do_syscall_64+0x3b/0xb0
[  124.288402][ T4810]  ? clear_bhb_loop+0x15/0x70
[  124.293079][ T4810]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  124.298967][ T4810] RIP: 0033:0x7f1bdffb2f69
[  124.303376][ T4810] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  124.322972][ T4810] RSP: 002b:00007f1bdeb2c0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  124.331385][ T4810] RAX: ffffffffffffffda RBX: 00007f1be00e9f80 RCX: 00007f1bdffb2f69
[  124.339351][ T4810] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  124.347314][ T4810] RBP: 00007f1be00106fe R08: 0000000000000000 R09: 0000000000000000
[  124.355277][ T4810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  124.363243][ T4810] R13: 000000000000000b R14: 00007f1be00e9f80 R15: 00007ffe33eba138
[  124.371229][ T4810]  </TASK>
[  124.413935][ T4823] BTRFS info (device loop4): enabling ssd optimizations
[  124.435978][ T4841] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (4841)
[  124.504513][ T4698] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  124.506004][ T4872] Cannot find add_set index 0 as target
[  124.538799][   T25] audit: type=1804 audit(1717664270.137:150): pid=4823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir1616127491/syzkaller.MZPKEp/54/file1/bus" dev="loop4" ino=263 res=1 errno=0
[  124.571122][ T4841] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  124.581292][ T4841] BTRFS info (device loop1): using free space tree
[  124.587833][ T4841] BTRFS info (device loop1): has skinny extents
[  124.700477][ T4841] BTRFS info (device loop1): enabling ssd optimizations
[  124.812079][ T4896] loop3: detected capacity change from 0 to 128
[  125.007049][ T4896] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  125.139157][ T4896] ext4 filesystem being mounted at /root/syzkaller-testdir147948912/syzkaller.KMlI2e/72/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  125.352784][ T4901] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  125.521865][ T4908] loop4: detected capacity change from 0 to 1024
[  125.573458][ T4908] EXT4-fs (loop4): Ignoring removed orlov option
[  125.589118][ T4908] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  125.618170][ T4906] loop0: detected capacity change from 0 to 4096
[  125.641076][ T4908] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  125.780413][ T4791] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  125.918923][ T4921] loop4: detected capacity change from 0 to 4096
[  125.930831][ T4926] loop0: detected capacity change from 0 to 128
[  125.976585][ T4921] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512)
[  125.985654][ T4926] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  126.039218][ T4791] usb 2-1: Using ep0 maxpacket: 8
[  126.159914][ T4791] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  126.185211][ T4791] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  126.224866][ T4791] usb 2-1: New USB device found, idVendor=04e7, idProduct=0009, bcdDevice= 0.00
[  126.262719][ T4791] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.281107][ T4791] usb 2-1: config 0 descriptor??
[  126.314065][    T9] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  126.519390][ T4920] loop2: detected capacity change from 0 to 40427
[  126.573120][ T4935] loop3: detected capacity change from 0 to 4096
[  126.627377][ T4920] F2FS-fs (loop2): Found nat_bits in checkpoint
[  126.772211][ T4791] elo 0003:04E7:0009.0005: unknown main item tag 0x0
[  126.779381][ T4773] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  126.804874][ T4791] elo 0003:04E7:0009.0005: unknown main item tag 0x0
[  126.832589][ T4920] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  126.848106][ T4791] elo 0003:04E7:0009.0005: unknown main item tag 0x0
[  126.875276][ T4791] elo 0003:04E7:0009.0005: unknown main item tag 0x0
[  126.908125][ T4791] elo 0003:04E7:0009.0005: unknown main item tag 0x0
[  126.950534][ T4920] F2FS-fs (loop2): Inconsistent error blkaddr:5633, sit bitmap:0
[  126.970872][ T4791] elo 0003:04E7:0009.0005: unknown main item tag 0x0
[  126.970958][ T4920] CPU: 1 PID: 4920 Comm: syz-executor.2 Not tainted 5.15.160-syzkaller #0
[  126.986032][ T4920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  126.996068][ T4920] Call Trace:
[  126.999327][ T4920]  <TASK>
[  127.002239][ T4920]  dump_stack_lvl+0x1e3/0x2d0
[  127.006896][ T4920]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  127.012510][ T4920]  ? f2fs_get_next_page_offset+0x6c0/0x6c0
[  127.018299][ T4920]  ? unlock_page+0x188/0x200
[  127.022867][ T4920]  f2fs_is_valid_blkaddr+0xc61/0x1270
[  127.028223][ T4920]  f2fs_get_read_data_page+0x35a/0x6b0
[  127.033663][ T4920]  ? f2fs_get_block+0x310/0x310
[  127.038495][ T4920]  ? __lock_acquire+0x1295/0x1ff0
[  127.043522][ T4920]  f2fs_find_data_page+0x1d7/0x620
[  127.048616][ T4920]  f2fs_readdir+0x553/0xef0
[  127.053106][ T4920]  ? f2fs_fill_dentries+0xd60/0xd60
[  127.058280][ T4920]  ? __fdget_pos+0x2cb/0x380
[  127.062852][ T4920]  ? f2fs_fill_dentries+0xd60/0xd60
[  127.068033][ T4920]  ? iterate_dir+0x10a/0x570
[  127.072620][ T4920]  ? fsnotify_perm+0x438/0x5a0
[  127.077365][ T4920]  iterate_dir+0x224/0x570
[  127.081758][ T4920]  ? f2fs_fill_dentries+0xd60/0xd60
[  127.086942][ T4920]  __se_sys_getdents+0x1e8/0x4c0
[  127.091870][ T4920]  ? __x64_sys_getdents+0x80/0x80
[  127.096870][ T4920]  ? fillonedir+0x4b0/0x4b0
[  127.101369][ T4920]  ? syscall_enter_from_user_mode+0x2e/0x240
[  127.107328][ T4920]  ? lockdep_hardirqs_on+0x94/0x130
[  127.112501][ T4920]  ? syscall_enter_from_user_mode+0x2e/0x240
[  127.118455][ T4920]  do_syscall_64+0x3b/0xb0
[  127.122844][ T4920]  ? clear_bhb_loop+0x15/0x70
[  127.127492][ T4920]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  127.133364][ T4920] RIP: 0033:0x7f1bdffb2f69
[  127.137757][ T4920] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  127.157335][ T4920] RSP: 002b:00007f1bdeb2c0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  127.165721][ T4920] RAX: ffffffffffffffda RBX: 00007f1be00e9f80 RCX: 00007f1bdffb2f69
[  127.173669][ T4920] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  127.181615][ T4920] RBP: 00007f1be00106fe R08: 0000000000000000 R09: 0000000000000000
[  127.189561][ T4920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  127.197504][ T4920] R13: 000000000000000b R14: 00007f1be00e9f80 R15: 00007ffe33eba138
[  127.205456][ T4920]  </TASK>
[  127.264386][ T4791] elo 0003:04E7:0009.0005: unknown main item tag 0x0
[  127.274851][ T4791] elo 0003:04E7:0009.0005: hidraw0: USB HID v0.00 Device [HID 04e7:0009] on usb-dummy_hcd.1-1/input0
[  127.307345][ T4791] usb 2-1: USB disconnect, device number 5
[  127.319114][ T4773] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  127.345250][ T4773] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  127.379159][ T4773] usb 1-1: New USB device found, idVendor=0471, idProduct=0329, bcdDevice=db.da
[  127.412743][ T4773] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.476130][ T4773] usb 1-1: config 0 descriptor??
[  127.483427][ T4939] loop4: detected capacity change from 0 to 32768
[  127.647430][ T4939] XFS (loop4): Mounting V5 Filesystem
[  127.787871][ T4939] XFS (loop4): Ending clean mount
[  127.812343][ T4939] XFS (loop4): Quotacheck needed: Please wait.
[  127.840940][ T4964] loop1: detected capacity change from 0 to 1024
[  127.862019][ T4966] loop2: detected capacity change from 0 to 128
[  127.882348][ T4939] XFS (loop4): Quotacheck: Done.
[  127.892553][ T4964] EXT4-fs (loop1): Ignoring removed orlov option
[  127.905779][ T4964] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  127.923172][ T4966] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  127.939701][ T4966] ext4 filesystem being mounted at /root/syzkaller-testdir2575364772/syzkaller.uNe6EY/61/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  127.994182][ T4964] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  127.997957][ T3532] XFS (loop4): Unmounting Filesystem
[  128.425628][ T4983] loop1: detected capacity change from 0 to 128
[  128.503379][ T4984] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  128.514040][ T4983] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  128.692395][ T4987] loop4: detected capacity change from 0 to 764
[  129.153599][  T144] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  129.518055][ T4764] usb 1-1: USB disconnect, device number 5
[  129.901463][ T5009] loop1: detected capacity change from 0 to 1024
[  129.973999][ T5009] EXT4-fs (loop1): Ignoring removed orlov option
[  130.005913][ T5009] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  130.130813][ T5009] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  130.216583][ T4994] loop2: detected capacity change from 0 to 40427
[  130.257221][ T5026] loop0: detected capacity change from 0 to 2048
[  130.306887][ T5026] NILFS (loop0): invalid segment: Sequence number mismatch
[  130.314458][ T5026] NILFS (loop0): trying rollback from an earlier position
[  130.324259][ T5030] loop4: detected capacity change from 0 to 64
[  130.337586][ T5026] NILFS (loop0): recovery complete
[  130.348202][ T5031] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  130.473337][ T4994] F2FS-fs (loop2): Found nat_bits in checkpoint
[  131.286787][ T5028] loop3: detected capacity change from 0 to 512
[  131.287062][ T4994] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  131.377012][ T5028] EXT4-fs (loop3): Ignoring removed oldalloc option
[  131.414745][ T5028] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor.3: casefold flag without casefold feature
[  131.432464][ T5028] EXT4-fs error (device loop3): __ext4_iget:4861: inode #12: block 2: comm syz-executor.3: invalid block
[  131.446228][ T5028] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 12 err=-117
[  131.466249][ T5028] EXT4-fs (loop3): 1 orphan inode deleted
[  131.472762][ T5028] EXT4-fs (loop3): mounted filesystem without journal. Opts: oldalloc,usrquota,,errors=continue. Quota mode: writeback.
[  131.491868][ T4994] F2FS-fs (loop2): Inconsistent error blkaddr:5633, sit bitmap:0
[  131.505200][ T4994] CPU: 0 PID: 4994 Comm: syz-executor.2 Not tainted 5.15.160-syzkaller #0
[  131.513703][ T4994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  131.523745][ T4994] Call Trace:
[  131.527006][ T4994]  <TASK>
[  131.529926][ T4994]  dump_stack_lvl+0x1e3/0x2d0
[  131.534605][ T4994]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  131.540224][ T4994]  ? f2fs_get_next_page_offset+0x6c0/0x6c0
[  131.546024][ T4994]  ? unlock_page+0x188/0x200
[  131.550609][ T4994]  f2fs_is_valid_blkaddr+0xc61/0x1270
[  131.555977][ T4994]  f2fs_get_read_data_page+0x35a/0x6b0
[  131.561431][ T4994]  ? f2fs_get_block+0x310/0x310
[  131.566282][ T4994]  ? __lock_acquire+0x1295/0x1ff0
[  131.571302][ T4994]  f2fs_find_data_page+0x1d7/0x620
[  131.576399][ T4994]  f2fs_readdir+0x553/0xef0
[  131.580901][ T4994]  ? f2fs_fill_dentries+0xd60/0xd60
[  131.586084][ T4994]  ? __fdget_pos+0x2cb/0x380
[  131.590666][ T4994]  ? f2fs_fill_dentries+0xd60/0xd60
[  131.595850][ T4994]  ? iterate_dir+0x10a/0x570
[  131.600422][ T4994]  ? fsnotify_perm+0x438/0x5a0
[  131.605173][ T4994]  iterate_dir+0x224/0x570
[  131.609574][ T4994]  ? f2fs_fill_dentries+0xd60/0xd60
[  131.614760][ T4994]  __se_sys_getdents+0x1e8/0x4c0
[  131.619687][ T4994]  ? __x64_sys_getdents+0x80/0x80
[  131.624694][ T4994]  ? fillonedir+0x4b0/0x4b0
[  131.629182][ T4994]  ? syscall_enter_from_user_mode+0x2e/0x240
[  131.635148][ T4994]  ? lockdep_hardirqs_on+0x94/0x130
[  131.640326][ T4994]  ? syscall_enter_from_user_mode+0x2e/0x240
[  131.646289][ T4994]  do_syscall_64+0x3b/0xb0
[  131.650686][ T4994]  ? clear_bhb_loop+0x15/0x70
[  131.655353][ T4994]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  131.661231][ T4994] RIP: 0033:0x7f1bdffb2f69
[  131.665630][ T4994] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  131.685213][ T4994] RSP: 002b:00007f1bdeb2c0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  131.693606][ T4994] RAX: ffffffffffffffda RBX: 00007f1be00e9f80 RCX: 00007f1bdffb2f69
[  131.701558][ T4994] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  131.709510][ T4994] RBP: 00007f1be00106fe R08: 0000000000000000 R09: 0000000000000000
[  131.717459][ T4994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  131.725409][ T4994] R13: 000000000000000b R14: 00007f1be00e9f80 R15: 00007ffe33eba138
[  131.733373][ T4994]  </TASK>
[  131.861649][  T307] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.067887][  T307] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.148714][  T307] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.277658][  T307] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.342716][ T5046] dccp_close: ABORT with 76 bytes unread
[  132.590669][ T1376] ieee802154 phy0 wpan0: encryption failed: -22
[  132.596955][ T1376] ieee802154 phy1 wpan1: encryption failed: -22
[  132.845825][ T5060] chnl_net:caif_netlink_parms(): no params data found
[  132.865911][ T5066] loop0: detected capacity change from 0 to 1024
[  132.949504][ T5066] EXT4-fs (loop0): Ignoring removed orlov option
[  132.970146][ T5066] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  133.055119][ T5066] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  133.078022][    C1] vkms_vblank_simulate: vblank timer overrun
[  133.214798][ T5060] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.226694][ T5060] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.242652][ T5060] device bridge_slave_0 entered promiscuous mode
[  133.249674][ T5063] loop3: detected capacity change from 0 to 32768
[  133.275155][ T5060] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.330707][ T5060] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.384226][ T5060] device bridge_slave_1 entered promiscuous mode
[  133.419523][ T5063] XFS (loop3): Mounting V5 Filesystem
[  133.680778][ T5060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  133.707368][ T5063] XFS (loop3): Ending clean mount
[  133.749345][ T5063] XFS (loop3): Quotacheck needed: Please wait.
[  133.758314][ T5060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  133.825733][ T5063] XFS (loop3): Quotacheck: Done.
[  133.947062][ T5104] loop2: detected capacity change from 0 to 512
[  133.965663][ T5103] loop1: detected capacity change from 0 to 512
[  133.997831][ T5104] EXT4-fs (loop2): Ignoring removed oldalloc option
[  134.006168][ T3537] XFS (loop3): Unmounting Filesystem
[  134.021033][ T3916] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  134.029830][ T3916] Bluetooth: hci4: Injecting HCI hardware error event
[  134.044233][ T3544] Bluetooth: hci4: hardware error 0x00
[  134.059877][ T5060] team0: Port device team_slave_0 added
[  134.103177][ T5103] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  134.117870][ T5104] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor.2: casefold flag without casefold feature
[  134.160792][ T5104] EXT4-fs error (device loop2): __ext4_iget:4861: inode #12: block 2: comm syz-executor.2: invalid block
[  134.190980][ T5103] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  134.193597][ T5104] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117
[  134.199610][ T5103] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 2683928664 (level 1)
[  134.234674][ T5104] EXT4-fs (loop2): 1 orphan inode deleted
[  134.253609][ T5104] EXT4-fs (loop2): mounted filesystem without journal. Opts: oldalloc,usrquota,,errors=continue. Quota mode: writeback.
[  134.258517][ T5060] team0: Port device team_slave_1 added
[  134.276865][ T3916] Bluetooth: hci1: command 0x0409 tx timeout
[  134.284065][ T5103] EXT4-fs (loop1): Remounting filesystem read-only
[  134.293192][ T5103] EXT4-fs (loop1): 1 truncate cleaned up
[  134.298907][ T5103] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,dioread_nolock,errors=remount-ro,minixdf,jqfmt=vfsv0,usrjquota=.". Quota mode: writeback.
[  134.386314][ T5060] batman_adv: batadv0: Adding interface: batadv_slave_0
[  134.414618][ T5060] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  134.444806][ T5060] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  134.495428][ T5060] batman_adv: batadv0: Adding interface: batadv_slave_1
[  134.513262][ T3531] EXT4-fs error (device loop1): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor.1: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0
[  134.549044][ T5060] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  134.609568][ T3531] EXT4-fs (loop1): Remounting filesystem read-only
[  134.618646][ T3531] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.1: corrupted in-inode xattr
[  134.644338][ T3531] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.1: corrupted in-inode xattr
[  134.673146][ T5060] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  134.702192][   T25] audit: type=1326 audit(1717664280.307:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5110 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efc8aef5f69 code=0x0
[  134.797817][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  134.816387][  T307] device hsr_slave_0 left promiscuous mode
[  134.828849][  T307] device hsr_slave_1 left promiscuous mode
[  134.835757][  T307] device bridge_slave_1 left promiscuous mode
[  134.843662][  T307] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.854069][  T307] device bridge_slave_0 left promiscuous mode
[  134.861389][  T307] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.885872][  T307] device veth1_macvtap left promiscuous mode
[  134.892113][   T26] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  134.900078][  T307] device veth0_macvtap left promiscuous mode
[  134.906107][  T307] device veth1_vlan left promiscuous mode
[  134.913093][  T307] device veth0_vlan left promiscuous mode
[  135.073854][  T307] team0 (unregistering): Port device team_slave_1 removed
[  135.087463][  T307] team0 (unregistering): Port device team_slave_0 removed
[  135.101271][  T307] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  135.118230][  T307] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  135.169201][   T26] usb 4-1: Using ep0 maxpacket: 8
[  135.178373][  T307] bond0 (unregistering): Released all slaves
[  135.257356][ T5060] device hsr_slave_0 entered promiscuous mode
[  135.263991][ T5060] device hsr_slave_1 entered promiscuous mode
[  135.299307][   T26] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  135.308982][   T26] usb 4-1: config 0 has no interface number 0
[  135.317778][   T26] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  135.329165][   T26] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  135.339231][   T26] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  135.351427][   T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.366320][   T26] usb 4-1: config 0 descriptor??
[  135.435347][   T26] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  135.582266][ T5119] loop0: detected capacity change from 0 to 764
[  135.645715][ T3916] usb 4-1: USB disconnect, device number 3
[  135.684023][ T3916] iowarrior 4-1:0.1: I/O-Warror #0 now disconnected
[  135.693780][ T5119] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.0'.
[  135.781776][ T5129] binder: 5128:5129 ioctl 400c620e 0 returned -14
[  135.834672][ T5116] chnl_net:caif_netlink_parms(): no params data found
[  135.981625][ T5060] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  136.007172][ T5138] loop2: detected capacity change from 0 to 1024
[  136.016900][ T5060] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  136.140129][ T5060] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  136.214212][ T5060] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  136.276287][ T5116] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.291177][ T5116] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.309115][ T5116] device bridge_slave_0 entered promiscuous mode
[  136.349175][   T26] Bluetooth: hci1: command 0x041b tx timeout
[  136.431478][ T5116] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.444185][ T5116] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.477683][ T5116] device bridge_slave_1 entered promiscuous mode
[  136.501909][ T5147] loop0: detected capacity change from 0 to 512
[  136.540529][ T5147] EXT4-fs (loop0): Ignoring removed oldalloc option
[  136.601824][ T5116] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  136.633371][ T5147] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz-executor.0: casefold flag without casefold feature
[  136.644607][ T5116] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  136.658433][ T5147] EXT4-fs error (device loop0): __ext4_iget:4861: inode #12: block 2: comm syz-executor.0: invalid block
[  136.673848][ T5147] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor.0: error while reading EA inode 12 err=-117
[  136.690449][ T5147] EXT4-fs (loop0): 1 orphan inode deleted
[  136.697084][ T5147] EXT4-fs (loop0): mounted filesystem without journal. Opts: oldalloc,usrquota,,errors=continue. Quota mode: writeback.
[  136.747532][ T5116] team0: Port device team_slave_0 added
[  136.791689][ T5116] team0: Port device team_slave_1 added
[  136.856192][ T3745] hfsplus: b-tree write err: -5, ino 4
[  136.883436][ T5060] 8021q: adding VLAN 0 to HW filter on device bond0
[  136.892138][ T5116] batman_adv: batadv0: Adding interface: batadv_slave_0
[  136.903744][ T5116] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  136.948234][ T5116] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  136.972884][ T5116] batman_adv: batadv0: Adding interface: batadv_slave_1
[  136.988487][ T5116] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  137.023624][ T5116] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  137.069418][ T5060] 8021q: adding VLAN 0 to HW filter on device team0
[  137.109513][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  137.126490][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  137.223715][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  137.247811][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  137.281692][ T3577] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.288780][ T3577] bridge0: port 1(bridge_slave_0) entered forwarding state
[  137.337838][ T5157] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.369268][ T5157] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.376538][ T5157] bridge0: port 1(bridge_slave_0) entered forwarding state
[  137.449814][ T5157] team0: Port device bridge0 added
[  137.462873][ T5116] device hsr_slave_0 entered promiscuous mode
[  137.483096][ T5116] device hsr_slave_1 entered promiscuous mode
[  137.498656][ T5116] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  137.520034][ T5116] Cannot create hsr debugfs directory
[  137.549308][ T3916] Bluetooth: hci0: command 0x0409 tx timeout
[  137.565425][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  137.580993][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  137.609775][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  137.638791][ T3915] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.645916][ T3915] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.061149][ T5165] loop3: detected capacity change from 0 to 65536
[  138.071820][ T5155] loop2: detected capacity change from 0 to 32768
[  138.079046][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  138.087739][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  138.096798][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  138.109153][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  138.117522][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  138.127435][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  138.161136][ T5155] XFS: noikeep mount option is deprecated.
[  138.176673][ T4764] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  138.196132][ T4764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  138.221407][ T4764] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  138.246797][ T5060] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  138.290552][ T5165] XFS (loop3): Mounting V5 Filesystem
[  138.296333][ T5060] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  138.310303][ T5155] XFS (loop2): Mounting V5 Filesystem
[  138.419708][ T3917] Bluetooth: hci1: command 0x040f tx timeout
[  138.421065][ T5165] XFS (loop3): Ending clean mount
[  138.436157][ T5165] XFS (loop3): Quotacheck needed: Please wait.
[  138.470696][ T4796] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  138.488232][ T4796] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  138.548334][ T5155] XFS (loop2): Ending clean mount
[  138.559962][ T5155] XFS (loop2): Quotacheck needed: Please wait.
[  138.611069][ T5165] XFS (loop3): Quotacheck: Done.
[  138.837689][   T25] audit: type=1800 audit(1717664284.437:152): pid=5186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="cgroup.controllers" dev="loop3" ino=74 res=0 errno=0
[  138.893153][ T5155] XFS (loop2): Quotacheck: Done.
[  138.976251][ T3533] XFS (loop2): Unmounting Filesystem
[  139.111351][ T5116] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.231068][ T5060] 8021q: adding VLAN 0 to HW filter on device batadv0
[  139.257573][ T4764] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  139.274154][ T4764] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  139.371178][ T5116] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.398683][ T5191] loop0: detected capacity change from 0 to 8192
[  139.502304][ T5191] ntfs: (device loop0): parse_options(): Unrecognized mount option .
[  139.512617][ T5116] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.630716][ T5116] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.761722][ T3915] Bluetooth: hci0: command 0x041b tx timeout
[  139.802132][ T5201] loop0: detected capacity change from 0 to 64
[  139.846276][ T5116] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  139.905382][ T5116] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  139.949313][ T5116] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  139.981841][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  139.991513][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  140.016263][ T5116] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  140.038428][ T5060] device veth0_vlan entered promiscuous mode
[  140.053127][ T5060] device veth1_vlan entered promiscuous mode
[  140.082388][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  140.087859][ T3537] XFS (loop3): Unmounting Filesystem
[  140.114501][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  140.130306][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  140.138468][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  140.180017][ T5060] device veth0_macvtap entered promiscuous mode
[  140.188538][ T4796] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  140.196829][ T4796] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  140.222245][ T4796] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  140.234363][ T4796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  140.271436][ T5060] device veth1_macvtap entered promiscuous mode
[  140.292801][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  140.301387][ T4773] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  140.316909][ T5205] loop0: detected capacity change from 0 to 4096
[  140.333779][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  140.353431][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.366574][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  140.383569][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.396377][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  140.414938][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.425822][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  140.443111][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.458284][ T5060] batman_adv: batadv0: Interface activated: batadv_slave_0
[  140.484009][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  140.496864][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  140.509276][ T3577] Bluetooth: hci1: command 0x0419 tx timeout
[  140.515266][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  140.515283][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.515292][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  140.556174][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.568748][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  140.586924][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.597090][ T5060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  140.612845][ T5060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  140.622390][ T5207] loop3: detected capacity change from 0 to 256
[  140.625004][ T5060] batman_adv: batadv0: Interface activated: batadv_slave_1
[  140.640657][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  140.651581][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  140.670699][ T5207] exfat: Deprecated parameter 'namecase'
[  140.679226][ T5207] exfat: Deprecated parameter 'namecase'
[  140.687139][ T5207] exfat: Deprecated parameter 'namecase'
[  140.691431][ T5060] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  140.705229][ T5060] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  140.714961][ T5060] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  140.724092][ T5205] ntfs: volume version 3.1.
[  140.726556][ T5207] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d)
[  140.741219][ T5060] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  140.786047][ T5116] 8021q: adding VLAN 0 to HW filter on device bond0
[  140.873805][ T5116] 8021q: adding VLAN 0 to HW filter on device team0
[  140.918120][ T5212] loop2: detected capacity change from 0 to 512
[  140.929698][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  140.937483][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  140.961683][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  140.975147][ T5212] EXT4-fs (loop2): Ignoring removed oldalloc option
[  140.983238][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  141.000376][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.007462][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.047118][ T5212] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor.2: casefold flag without casefold feature
[  141.067549][ T5212] EXT4-fs error (device loop2): __ext4_iget:4861: inode #12: block 2: comm syz-executor.2: invalid block
[  141.079404][ T5212] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117
[  141.094611][ T5212] EXT4-fs (loop2): 1 orphan inode deleted
[  141.102250][ T5212] EXT4-fs (loop2): mounted filesystem without journal. Opts: oldalloc,usrquota,,errors=continue. Quota mode: writeback.
[  141.121223][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  141.155918][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  141.204656][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.211738][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[  141.336977][ T4695] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.359733][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  141.368931][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  141.382442][ T4695] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.416189][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  141.434746][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  141.473204][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  141.485539][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  141.499594][ T4698] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.518433][ T5116] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  141.530869][ T4698] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.551858][ T5116] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  141.576975][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  141.589854][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  141.600173][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  141.613791][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  141.650602][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  141.667375][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  141.679222][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  141.697765][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  141.726539][ T3914] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  141.797760][ T3577] Bluetooth: hci0: command 0x040f tx timeout
[  141.920274][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  141.927749][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  141.947538][ T5116] 8021q: adding VLAN 0 to HW filter on device batadv0
[  142.001625][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  142.021664][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  142.051008][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  142.059418][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  142.067914][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  142.075923][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  142.107819][ T5116] device veth0_vlan entered promiscuous mode
[  142.143690][ T5116] device veth1_vlan entered promiscuous mode
[  142.267920][ T5292] loop3: detected capacity change from 0 to 512
[  142.276306][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  142.289600][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  142.319100][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  142.327670][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  142.344166][ T5292] EXT4-fs (loop3): Ignoring removed oldalloc option
[  142.348063][ T5116] device veth0_macvtap entered promiscuous mode
[  142.376136][ T5292] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor.3: casefold flag without casefold feature
[  142.391340][ T5292] EXT4-fs error (device loop3): __ext4_iget:4861: inode #12: block 2: comm syz-executor.3: invalid block
[  142.404191][ T5292] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 12 err=-117
[  142.412777][ T5116] device veth1_macvtap entered promiscuous mode
[  142.431476][ T5292] EXT4-fs (loop3): 1 orphan inode deleted
[  142.437265][ T5292] EXT4-fs (loop3): mounted filesystem without journal. Opts: oldalloc,usrquota,,errors=continue. Quota mode: writeback.
[  142.489259][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  142.513683][ T3577] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  142.567781][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.601259][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.637412][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.649973][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.660864][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.671656][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.681753][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.693400][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.715416][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.747196][ T5318] loop4: detected capacity change from 0 to 1024
[  142.757325][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.779803][ T5116] batman_adv: batadv0: Interface activated: batadv_slave_0
[  142.796528][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  142.827517][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  142.839810][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.860097][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.871905][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.882600][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.893477][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.905625][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.916977][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.931584][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.963864][ T5116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.983184][ T5116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.012713][ T5116] batman_adv: batadv0: Interface activated: batadv_slave_1
[  143.049118][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  143.066846][ T3915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  143.112258][ T5116] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  143.130774][ T5116] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  143.146303][ T5116] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  143.158514][ T5116] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  143.174539][ T5322] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  143.197985][ T5313] loop0: detected capacity change from 0 to 40427
[  143.201462][ T5322] device bridge0 entered promiscuous mode
[  143.210800][ T5322] device macsec1 entered promiscuous mode
[  143.281409][   T25] audit: type=1326 audit(1717664288.887:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000
[  143.336357][ T5313] F2FS-fs (loop0): Found nat_bits in checkpoint
[  143.339384][   T25] audit: type=1326 audit(1717664288.887:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000
[  143.367960][   T25] audit: type=1326 audit(1717664288.887:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000
[  143.406143][   T25] audit: type=1326 audit(1717664288.887:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000
[  143.455829][  T307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  143.476831][  T307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  143.517693][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  143.533894][  T307] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  143.543421][   T25] audit: type=1326 audit(1717664288.887:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000
[  143.574924][ T5313] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  143.577943][  T307] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  143.606395][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  143.634738][   T25] audit: type=1326 audit(1717664288.887:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000
[  143.686363][   T25] audit: type=1326 audit(1717664288.887:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000
[  143.722138][   T25] audit: type=1326 audit(1717664288.887:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000
[  143.741839][ T5338] loop1: detected capacity change from 0 to 1024
[  143.749545][ T3538] attempt to access beyond end of device
[  143.749545][ T3538] loop0: rw=2049, want=45104, limit=40427
[  143.762981][   T25] audit: type=1326 audit(1717664288.887:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000
[  143.790944][   T25] audit: type=1326 audit(1717664288.887:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5308 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bdffb2f69 code=0x7fc00000
[  143.813730][    C1] vkms_vblank_simulate: vblank timer overrun
[  143.838437][ T5338] EXT4-fs (loop1): Ignoring removed orlov option
[  143.850037][ T5338] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  143.859975][ T3577] Bluetooth: hci0: command 0x0419 tx timeout
[  143.889243][ T3915] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  143.932406][ T5338] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  144.121258][ T5354] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[  144.132373][ T5354] netlink: 4608 bytes leftover after parsing attributes in process `syz-executor.0'.
[  144.344305][ T5359] loop1: detected capacity change from 0 to 32768
[  144.441695][ T5359] XFS (loop1): Mounting V5 Filesystem
[  144.447587][ T3915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  144.473309][ T3915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  144.490842][ T3915] usb 5-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00
[  144.500127][ T3915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.515085][ T3915] usb 5-1: config 0 descriptor??
[  144.547058][ T5359] XFS (loop1): Ending clean mount
[  145.184950][ T5376] fuse: Unknown parameter '0xffffffffffffffff'
[  145.354837][ T3915] wacom 0003:056A:0016.0006: Unknown device_type for 'HID 056a:0016'. Assuming pen.
[  145.412726][ T5116] XFS (loop1): Unmounting Filesystem
[  145.418240][ T3915] wacom 0003:056A:0016.0006: hidraw0: USB HID v0.00 Device [HID 056a:0016] on usb-dummy_hcd.4-1/input0
[  145.462940][ T3915] input: Wacom Graphire4 6x8 Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:0016.0006/input/input6
[  145.568130][ T3915] usb 5-1: USB disconnect, device number 4
[  145.823060][ T5395] loop2: detected capacity change from 0 to 1024
[  145.859078][ T4791] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  145.873060][ T5395] EXT4-fs (loop2): Ignoring removed orlov option
[  145.893827][ T5395] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  145.940962][ T5395] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  145.963979][    C1] vkms_vblank_simulate: vblank timer overrun
[  146.205527][ T5407] loop4: detected capacity change from 0 to 8
[  146.219261][ T4791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  146.232179][ T4791] usb 4-1: New USB device found, idVendor=056a, idProduct=f600, bcdDevice= 0.9c
[  146.241900][ T4791] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.260775][ T4791] usb 4-1: config 0 descriptor??
[  146.311358][ T4791] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  146.352784][ T5407] unable to read inode lookup table
[  146.511759][ T5386] loop3: detected capacity change from 0 to 8
[  146.605717][ T5386] SQUASHFS error: Failed to read block 0x260685: -5
[  146.636149][ T5386] SQUASHFS error: Unable to read metadata cache entry [260685]
[  146.746979][ T5386] SQUASHFS error: Unable to read directory block [260685:0]
[  146.831562][ T4791] usb 4-1: USB disconnect, device number 4
[  146.955267][ T5427] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'.
[  147.022936][ T5431] loop4: detected capacity change from 0 to 512
[  147.130008][ T5431] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  147.199318][ T5431] ext4 filesystem being mounted at /root/syzkaller-testdir3504816620/syzkaller.gKyNK8/15/file0 supports timestamps until 2038 (0x7fffffff)
[  147.270006][ T5431] EXT4-fs error (device loop4): ext4_search_dir:1548: inode #2: block 3: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[  147.452225][ T5443] loop4: detected capacity change from 0 to 1024
[  147.533291][ T5443] EXT4-fs (loop4): Ignoring removed orlov option
[  147.543288][ T5443] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  147.591468][ T5443] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  147.614330][    C1] vkms_vblank_simulate: vblank timer overrun
[  147.625407][ T5453] loop1: detected capacity change from 0 to 8
[  147.709241][ T5453] unable to read inode lookup table
[  147.769119][ T4773] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  147.789508][ T3914] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  148.051129][ T3914] usb 1-1: Using ep0 maxpacket: 16
[  148.068740][ T5472] loop2: detected capacity change from 0 to 2048
[  148.104678][ T5472] NILFS (loop2): invalid segment: Sequence number mismatch
[  148.112154][ T5472] NILFS (loop2): trying rollback from an earlier position
[  148.126221][ T5472] NILFS (loop2): recovery complete
[  148.139169][ T4773] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  148.154529][ T5474] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  148.258669][ T4773] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  148.280641][ T4773] usb 4-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00
[  148.299237][ T3914] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  148.679374][ T4773] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.690090][ T3914] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  148.696900][ T4773] usb 4-1: config 0 descriptor??
[  148.719698][ T3914] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  148.729743][ T3914] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  148.747325][ T3914] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  148.875695][ T3914] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  148.889116][ T3914] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  148.902746][ T3914] usb 1-1: Manufacturer: syz
[  148.914444][ T3914] usb 1-1: config 0 descriptor??
[  148.916088][ T5485] loop1: detected capacity change from 0 to 1024
[  148.921226][ T5483] loop4: detected capacity change from 0 to 1024
[  148.988823][ T5485] EXT4-fs (loop1): Ignoring removed orlov option
[  148.996527][ T5485] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  149.021528][ T5485] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  149.029088][   T25] kauditd_printk_skb: 76 callbacks suppressed
[  149.029101][   T25] audit: type=1800 audit(1717664294.627:239): pid=5483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.4" name="file1" dev="loop4" ino=20 res=0 errno=0
[  149.044418][    C1] vkms_vblank_simulate: vblank timer overrun
[  149.077147][  T144] hfsplus: b-tree write err: -5, ino 4
[  149.169244][ T3917] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  149.192807][ T4773] wacom 0003:056A:0016.0007: Unknown device_type for 'HID 056a:0016'. Assuming pen.
[  149.205255][ T5490] loop4: detected capacity change from 0 to 8
[  149.217380][ T4773] wacom 0003:056A:0016.0007: hidraw0: USB HID v0.00 Device [HID 056a:0016] on usb-dummy_hcd.3-1/input0
[  149.250101][ T4773] input: Wacom Graphire4 6x8 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0016.0007/input/input9
[  149.254703][ T5490] unable to read inode lookup table
[  149.319072][ T3914] rc_core: IR keymap rc-hauppauge not found
[  149.327542][ T3914] Registered IR keymap rc-empty
[  149.339857][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  149.371073][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  149.418821][ T3915] usb 4-1: USB disconnect, device number 5
[  149.428536][ T3914] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  149.464794][ T5497] mmap: syz-executor.1 (5497) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  149.466808][ T3914] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input12
[  149.518459][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  149.569822][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  149.619465][ T3917] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  149.629375][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  149.639244][ T3917] usb 3-1: New USB device found, idVendor=056a, idProduct=f600, bcdDevice= 0.9c
[  149.651806][ T3917] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.660184][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  149.669454][ T3917] usb 3-1: config 0 descriptor??
[  149.699615][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  149.731980][ T3917] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  149.739509][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  149.779326][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  149.809050][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  149.849111][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  149.889683][ T3914] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  149.950709][ T3914] mceusb 1-1:0.0: Registered  with mce emulator interface version 1
[  149.979115][ T3914] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  149.997662][ T5482] loop2: detected capacity change from 0 to 8
[  150.013427][ T3914] usb 1-1: USB disconnect, device number 6
[  150.106371][ T5482] SQUASHFS error: Failed to read block 0x260685: -5
[  150.119172][ T5482] SQUASHFS error: Unable to read metadata cache entry [260685]
[  150.142500][ T5482] SQUASHFS error: Unable to read directory block [260685:0]
[  150.188216][ T5522] loop3: detected capacity change from 0 to 1024
[  150.253782][ T5522] EXT4-fs (loop3): Ignoring removed orlov option
[  150.272973][ T5522] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  150.283079][ T4773] usb 3-1: USB disconnect, device number 3
[  150.342676][ T5522] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  150.365544][    C1] vkms_vblank_simulate: vblank timer overrun
[  150.384630][ T5524] loop1: detected capacity change from 0 to 4096
[  150.758799][ T5538] loop1: detected capacity change from 0 to 8
[  150.815747][ T5538] unable to read inode lookup table
[  151.269109][ T4773] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  151.488818][ T5534] loop4: detected capacity change from 0 to 32768
[  151.518587][ T5544] loop0: detected capacity change from 0 to 40427
[  151.552345][ T5534] XFS (loop4): Mounting V5 Filesystem
[  151.606585][ T5534] XFS (loop4): Ending clean mount
[  151.613258][ T5534] XFS (loop4): Quotacheck needed: Please wait.
[  151.627778][ T3917] XFS (loop4): Metadata CRC error detected at xfs_agfl_read_verify+0x1ca/0x290, xfs_agfl block 0x3 
[  151.629174][ T4773] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  151.639526][ T3917] XFS (loop4): Unmount and run xfs_repair
[  151.650040][ T4773] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  151.662465][ T3917] XFS (loop4): First 128 bytes of corrupted metadata buffer:
[  151.666055][ T4773] usb 2-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00
[  151.673298][ T3917] 00000000: 58 41 46 ff 07 00 00 00 bf dc 47 fc 10 d8 4e ed  XAF.......G...N.
[  151.681945][ T4773] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.706458][ T3917] 00000010: a5 62 11 a8 31 b3 f7 91 00 00 00 00 00 00 00 00  .b..1...........
[  151.707685][ T4773] usb 2-1: config 0 descriptor??
[  151.729095][ T3917] 00000020: a5 3b c8 8a ff ff ff ff 00 00 00 07 00 00 00 08  .;..............
[  151.737959][ T3917] 00000030: 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c  ................
[  151.759359][ T3917] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  151.768667][ T3917] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  151.775408][ T5571] loop2: detected capacity change from 0 to 1024
[  151.789595][ T3917] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  151.798463][ T3917] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  151.830821][ T4698] XFS (loop4): metadata I/O error in "xfs_alloc_read_agfl+0x224/0x3e0" at daddr 0x3 len 1 error 74
[  151.847589][ T5571] EXT4-fs (loop2): Ignoring removed orlov option
[  151.855734][ T5534] XFS (loop4): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[  151.864259][ T4796] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  151.874145][ T5571] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  151.926204][ T5571] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  151.949086][    C1] vkms_vblank_simulate: vblank timer overrun
[  151.964562][ T5060] XFS (loop4): Unmounting Filesystem
[  152.232691][ T4773] wacom 0003:056A:0016.0008: Unknown device_type for 'HID 056a:0016'. Assuming pen.
[  152.242465][ T4796] usb 4-1: config 0 has no interfaces?
[  152.264109][ T4773] wacom 0003:056A:0016.0008: hidraw0: USB HID v0.00 Device [HID 056a:0016] on usb-dummy_hcd.1-1/input0
[  152.286947][ T4773] input: Wacom Graphire4 6x8 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0016.0008/input/input13
[  152.359236][ T4796] usb 4-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  152.377170][ T4796] usb 4-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  152.390847][ T4796] usb 4-1: Manufacturer: syz
[  152.396519][ T4796] usb 4-1: SerialNumber: syz
[  152.412476][ T4796] usb 4-1: config 0 descriptor??
[  152.443007][ T4791] usb 2-1: USB disconnect, device number 6
[  152.469408][ T3917] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  153.189328][ T3917] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  153.200982][ T3917] usb 3-1: New USB device found, idVendor=056a, idProduct=f600, bcdDevice= 0.9c
[  153.210440][ T3917] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.220565][ T3917] usb 3-1: config 0 descriptor??
[  153.261557][ T3917] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  153.324586][ T4796] usb 4-1: USB disconnect, device number 6
[  153.469873][ T5585] loop2: detected capacity change from 0 to 8
[  153.493176][ T5612] loop3: detected capacity change from 0 to 1024
[  153.522477][ T5585] SQUASHFS error: Failed to read block 0x260685: -5
[  153.542058][ T5585] SQUASHFS error: Unable to read metadata cache entry [260685]
[  153.563468][ T5612] EXT4-fs (loop3): Ignoring removed orlov option
[  153.567907][ T5585] SQUASHFS error: Unable to read directory block [260685:0]
[  153.587135][ T5612] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  153.650907][ T5612] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  153.714727][ T4796] usb 3-1: USB disconnect, device number 4
[  154.002059][ T5602] loop1: detected capacity change from 0 to 40427
[  154.249750][ T4796] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  154.497829][ T5653] loop1: detected capacity change from 0 to 1024
[  154.566039][ T5653] EXT4-fs (loop1): Ignoring removed orlov option
[  154.574278][ T5653] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  154.603006][ T5653] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  154.626897][ T4796] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  154.650126][ T4796] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  154.671441][ T4796] usb 5-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00
[  154.686976][ T4796] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.737357][ T4796] usb 5-1: config 0 descriptor??
[  155.139943][ T3914] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  155.150098][ T3914] Bluetooth: hci2: Injecting HCI hardware error event
[  155.157990][ T3544] Bluetooth: hci2: hardware error 0x00
[  155.229141][ T3915] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  155.231920][ T4796] wacom 0003:056A:0016.0009: Unknown device_type for 'HID 056a:0016'. Assuming pen.
[  155.280895][ T4796] wacom 0003:056A:0016.0009: hidraw0: USB HID v0.00 Device [HID 056a:0016] on usb-dummy_hcd.4-1/input0
[  155.320125][ T4796] input: Wacom Graphire4 6x8 Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:0016.0009/input/input16
[  155.378591][ T5669] loop0: detected capacity change from 0 to 40427
[  155.394707][ T5693] loop3: detected capacity change from 0 to 1024
[  155.439660][ T4796] usb 5-1: USB disconnect, device number 5
[  155.453157][ T5693] EXT4-fs (loop3): Ignoring removed orlov option
[  155.462541][ T5693] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  155.496993][ T5693] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  155.649338][ T3915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  155.675006][ T3915] usb 2-1: New USB device found, idVendor=056a, idProduct=f600, bcdDevice= 0.9c
[  155.693950][ T3915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.707346][ T3915] usb 2-1: config 0 descriptor??
[  155.771178][ T3915] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  155.867550][ T5700] loop2: detected capacity change from 0 to 32768
[  155.936902][ T5700] Dev loop2 SGI disklabel: csum bad, label corrupted
[  155.996947][ T5671] loop1: detected capacity change from 0 to 8
[  156.086287][ T5671] SQUASHFS error: Failed to read block 0x260685: -5
[  156.102291][ T5671] SQUASHFS error: Unable to read metadata cache entry [260685]
[  156.120954][ T5671] SQUASHFS error: Unable to read directory block [260685:0]
[  156.222660][ T4773] usb 2-1: USB disconnect, device number 7
[  156.718371][ T5735] loop2: detected capacity change from 0 to 1024
[  156.796714][ T5735] EXT4-fs (loop2): Ignoring removed orlov option
[  156.810065][ T5735] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  156.864382][ T5735] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  157.089515][ T4773] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  157.439157][ T3915] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  157.449204][ T4773] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  157.464835][ T4773] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  157.491429][ T4773] usb 4-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00
[  157.504824][ T4773] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.518717][ T4773] usb 4-1: config 0 descriptor??
[  157.664242][ T5770] loop1: detected capacity change from 0 to 32768
[  157.713699][ T5770] Dev loop1 SGI disklabel: csum bad, label corrupted
[  157.829299][ T3915] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  157.844107][ T3915] usb 1-1: New USB device found, idVendor=056a, idProduct=f600, bcdDevice= 0.9c
[  157.853175][ T3915] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.864446][ T3915] usb 1-1: config 0 descriptor??
[  157.921726][ T3915] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  158.002390][ T4773] wacom 0003:056A:0016.000A: Unknown device_type for 'HID 056a:0016'. Assuming pen.
[  158.017557][ T4773] wacom 0003:056A:0016.000A: hidraw0: USB HID v0.00 Device [HID 056a:0016] on usb-dummy_hcd.3-1/input0
[  158.031023][ T4773] input: Wacom Graphire4 6x8 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0016.000A/input/input19
[  158.064852][ T5781] loop2: detected capacity change from 0 to 1024
[  158.102839][ T5781] EXT4-fs (loop2): Ignoring removed orlov option
[  158.119733][ T5781] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  158.148428][ T5767] loop0: detected capacity change from 0 to 8
[  158.150383][ T5781] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  158.177368][    C1] vkms_vblank_simulate: vblank timer overrun
[  158.225306][ T5767] SQUASHFS error: Failed to read block 0x260685: -5
[  158.234759][ T5767] SQUASHFS error: Unable to read metadata cache entry [260685]
[  158.248607][ T3577] usb 4-1: USB disconnect, device number 7
[  158.259362][ T5767] SQUASHFS error: Unable to read directory block [260685:0]
[  158.356490][ T3915] usb 1-1: USB disconnect, device number 7
[  158.461327][   T25] audit: type=1804 audit(1717664304.067:240): pid=5802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2575364772/syzkaller.uNe6EY/123/file0" dev="sda1" ino=1961 res=1 errno=0
[  158.578899][ T5805] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.2'.
[  159.267366][ T5817] loop3: detected capacity change from 0 to 1024
[  159.335100][ T5817] EXT4-fs (loop3): Ignoring removed orlov option
[  159.343519][ T5817] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  159.360975][ T5805] loop2: detected capacity change from 0 to 2048
[  159.407957][ T5805] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  159.471858][ T5817] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  159.523981][ T5838] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  159.535145][ T5805] attempt to access beyond end of device
[  159.535145][ T5805] loop2: rw=524288, want=33554432, limit=2048
[  161.776446][ T5850] loop4: detected capacity change from 0 to 256
[  161.909668][ T5805] attempt to access beyond end of device
[  161.909668][ T5805] loop2: rw=0, want=9437256, limit=2048
[  161.933842][ T5805] NILFS (loop2): I/O error reading meta-data file (ino=6, block-offset=0)
[  161.952497][ T5853] loop0: detected capacity change from 0 to 64
[  161.968355][ T5850] FAT-fs (loop4): Directory bread(block 64) failed
[  161.968419][ T5850] FAT-fs (loop4): Directory bread(block 65) failed
[  161.968488][ T5850] FAT-fs (loop4): Directory bread(block 66) failed
[  161.968516][ T5850] FAT-fs (loop4): Directory bread(block 67) failed
[  161.968588][ T5850] FAT-fs (loop4): Directory bread(block 68) failed
[  161.968616][ T5850] FAT-fs (loop4): Directory bread(block 69) failed
[  161.968683][ T5850] FAT-fs (loop4): Directory bread(block 70) failed
[  161.968711][ T5850] FAT-fs (loop4): Directory bread(block 71) failed
[  161.973645][ T5850] FAT-fs (loop4): Directory bread(block 72) failed
[  161.973684][ T5850] FAT-fs (loop4): Directory bread(block 73) failed
[  162.132905][ T5842] attempt to access beyond end of device
[  162.132905][ T5842] loop4: rw=524288, want=1164, limit=256
[  162.133076][ T5842] attempt to access beyond end of device
[  162.133076][ T5842] loop4: rw=0, want=1164, limit=256
[  162.133476][   T25] audit: type=1800 audit(1717664307.737:241): pid=5842 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.4" name="file0" dev="loop4" ino=1048602 res=0 errno=0
[  162.135093][   T25] audit: type=1800 audit(1717664307.737:242): pid=5860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1946 res=0 errno=0
[  162.423100][    C1] vkms_vblank_simulate: vblank timer overrun
[  162.560325][   T25] audit: type=1800 audit(1717664308.167:243): pid=5865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1967 res=0 errno=0
[  162.629675][ T5867] loop0: detected capacity change from 0 to 64
[  162.764203][ T5867] MINIX-fs: mounting unchecked file system, running fsck is recommended
[  162.986413][ T5867] capability: warning: `syz-executor.0' uses deprecated v2 capabilities in a way that may be insecure
[  163.416181][ T5885] loop3: detected capacity change from 0 to 1024
[  163.483103][ T5885] EXT4-fs (loop3): Ignoring removed orlov option
[  163.491986][ T5885] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  163.613769][ T5891] loop1: detected capacity change from 0 to 64
[  163.622689][ T5885] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  163.975754][ T5903] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.2'.
[  164.139902][   T25] audit: type=1804 audit(1717664309.747:244): pid=5913 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3504816620/syzkaller.gKyNK8/50/file0" dev="sda1" ino=1956 res=1 errno=0
[  164.197007][ T5901] loop1: detected capacity change from 0 to 4096
[  164.254538][ T5901] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512)
[  164.298916][   T25] audit: type=1804 audit(1717664309.897:245): pid=5916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir3504816620/syzkaller.gKyNK8/50/file0" dev="sda1" ino=1956 res=1 errno=0
[  164.476822][ T5903] loop2: detected capacity change from 0 to 2048
[  164.908678][ T5903] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  164.910322][   T25] audit: type=1800 audit(1717664310.507:246): pid=5918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1949 res=0 errno=0
[  165.156738][ T5903] attempt to access beyond end of device
[  165.156738][ T5903] loop2: rw=524288, want=33554432, limit=2048
[  165.174087][ T5926] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  165.255008][ T5903] attempt to access beyond end of device
[  165.255008][ T5903] loop2: rw=0, want=9437256, limit=2048
[  165.267029][ T5903] NILFS (loop2): I/O error reading meta-data file (ino=6, block-offset=0)
[  166.215837][ T5931] loop1: detected capacity change from 0 to 1024
[  166.283001][ T5931] EXT4-fs (loop1): Ignoring removed orlov option
[  166.307386][ T5931] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  166.382216][ T5931] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  166.870875][ T5959] loop2: detected capacity change from 0 to 512
[  166.959236][ T4796] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  167.023131][ T5959] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback.
[  167.049161][ T5959] ext4 filesystem being mounted at /root/syzkaller-testdir2575364772/syzkaller.uNe6EY/132/bus supports timestamps until 2038 (0x7fffffff)
[  167.249331][ T4796] usb 5-1: Using ep0 maxpacket: 8
[  167.659269][ T4796] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  167.674392][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  167.730640][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  167.750655][ T5970] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.0'.
[  167.763482][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  167.859913][ T4796] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  167.878391][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  167.920285][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  167.964711][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  168.062858][ T5970] loop0: detected capacity change from 0 to 2048
[  168.080078][ T4796] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  168.096591][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  168.125080][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  168.142290][ T4796] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  168.152951][ T5970] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  168.191453][ T5981] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  168.191739][ T5970] attempt to access beyond end of device
[  168.191739][ T5970] loop0: rw=524288, want=33554432, limit=2048
[  168.252455][ T5970] attempt to access beyond end of device
[  168.252455][ T5970] loop0: rw=0, want=9437256, limit=2048
[  168.263889][ T5970] NILFS (loop0): I/O error reading meta-data file (ino=6, block-offset=0)
[  168.433223][ T4796] usb 5-1: string descriptor 0 read error: -22
[  168.440095][ T4796] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  168.491545][ T5983] loop3: detected capacity change from 0 to 1024
[  168.507537][ T4796] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.585634][ T5985] loop1: detected capacity change from 0 to 1024
[  168.603388][ T5983] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  168.631766][ T4796] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  168.642819][ T5985] EXT4-fs (loop1): Ignoring removed orlov option
[  168.664063][ T5983] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,sysvgroups,norecovery,grpid,norecovery,,errors=continue. Quota mode: writeback.
[  168.689372][ T5985] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  168.768534][ T5985] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  168.835991][ T4764] usb 5-1: USB disconnect, device number 6
[  169.039218][ T4796] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  169.429265][ T4796] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  169.462795][ T4796] usb 4-1: config 0 has no interfaces?
[  169.559150][ T4796] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  170.197952][ T4796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  170.226147][ T4796] usb 4-1: SerialNumber: syz
[  170.243948][ T4796] usb 4-1: config 0 descriptor??
[  170.419128][ T3915] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  170.442295][ T3915] Bluetooth: hci3: Injecting HCI hardware error event
[  170.443685][ T6012] loop1: detected capacity change from 0 to 512
[  170.501139][ T5983] Disabled LAPIC found during irq injection
[  170.512452][ T3539] Bluetooth: hci3: hardware error 0x00
[  170.527997][ T3915] Bluetooth: hci3: command 0x0406 tx timeout
[  170.565008][ T3915] usb 4-1: USB disconnect, device number 8
[  170.571068][   T25] audit: type=1800 audit(1717664316.167:247): pid=6021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1967 res=0 errno=0
[  170.623560][ T6012] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback.
[  170.644272][ T6012] ext4 filesystem being mounted at /root/syzkaller-testdir2414412749/syzkaller.0a1N6O/54/bus supports timestamps until 2038 (0x7fffffff)
[  171.427849][ T6034] loop3: detected capacity change from 0 to 1024
[  171.501353][ T6034] EXT4-fs (loop3): Ignoring removed orlov option
[  171.524700][ T6034] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  171.642554][ T6034] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  171.750481][ T6052] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'.
[  171.927520][ T6058] loop2: detected capacity change from 0 to 256
[  172.031547][ T6058] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x396d2d3b, utbl_chksum : 0xe619d30d)
[  172.131142][ T6058] attempt to access beyond end of device
[  172.131142][ T6058] loop2: rw=524288, want=34359738491, limit=256
[  172.168007][ T6058] attempt to access beyond end of device
[  172.168007][ T6058] loop2: rw=0, want=34359738491, limit=256
[  172.206824][ T6052] loop1: detected capacity change from 0 to 2048
[  172.247990][   T25] audit: type=1800 audit(1717664317.847:248): pid=6058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="loop2" ino=1048605 res=0 errno=0
[  172.282395][ T6052] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  172.332302][ T6065] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  172.349966][ T4796] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  172.368904][ T6052] attempt to access beyond end of device
[  172.368904][ T6052] loop1: rw=524288, want=33554432, limit=2048
[  172.425228][ T6052] attempt to access beyond end of device
[  172.425228][ T6052] loop1: rw=0, want=9437256, limit=2048
[  172.442236][ T6052] NILFS (loop1): I/O error reading meta-data file (ino=6, block-offset=0)
[  172.599117][ T4796] usb 4-1: Using ep0 maxpacket: 16
[  172.719276][ T4796] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  172.777462][ T6067] loop2: detected capacity change from 0 to 512
[  172.783862][ T4796] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  172.805092][ T4796] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  172.821656][ T6069] loop0: detected capacity change from 0 to 1024
[  172.829322][ T4796] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  172.847480][ T4796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.872755][ T4796] usb 4-1: config 0 descriptor??
[  172.888717][ T6069] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  172.905235][ T6067] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback.
[  172.953281][ T6067] ext4 filesystem being mounted at /root/syzkaller-testdir2575364772/syzkaller.uNe6EY/139/bus supports timestamps until 2038 (0x7fffffff)
[  172.973713][ T6069] EXT4-fs (loop0): mounted filesystem without journal. Opts: nombcache,sysvgroups,norecovery,grpid,norecovery,,errors=continue. Quota mode: writeback.
[  173.456901][ T4796] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  173.655953][ T4796] microsoft 0003:045E:07DA.000B: unbalanced collection at end of report description
[  173.695846][ T4796] microsoft 0003:045E:07DA.000B: parse failed
[  173.713855][ T4796] microsoft: probe of 0003:045E:07DA.000B failed with error -22
[  173.757176][ T4796] usb 4-1: USB disconnect, device number 9
[  174.059114][ T4797] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  174.199099][ T4773] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  174.439384][ T4797] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  174.449815][ T4773] usb 2-1: Using ep0 maxpacket: 32
[  174.468693][ T6094] loop3: detected capacity change from 0 to 1024
[  174.478548][ T4797] usb 1-1: config 0 has no interfaces?
[  174.535618][ T6094] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled
[  174.548119][ T6096] loop4: detected capacity change from 0 to 256
[  174.552815][ T6094] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  174.563984][ T4797] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  174.575861][ T4797] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  174.587499][ T6094] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  174.605693][ T4797] usb 1-1: SerialNumber: syz
[  174.614897][ T4797] usb 1-1: config 0 descriptor??
[  174.635345][ T6094] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  174.648764][ T6094] System zones: 0-1, 3-36
[  174.658318][ T6094] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,debug,dioread_nolock,jqfmt=vfsold,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback.
[  174.759197][ T4773] usb 2-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  174.785180][ T4773] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.794183][ T4773] usb 2-1: Product: syz
[  174.798504][ T4773] usb 2-1: Manufacturer: syz
[  174.804588][ T4773] usb 2-1: SerialNumber: syz
[  174.818938][ T4773] usb 2-1: config 0 descriptor??
[  174.889013][ T6069] Disabled LAPIC found during irq injection
[  174.934443][ T6103] loop3: detected capacity change from 0 to 1024
[  174.946076][ T4797] usb 1-1: USB disconnect, device number 8
[  174.957508][ T6107] loop2: detected capacity change from 0 to 512
[  174.987711][ T6103] EXT4-fs (loop3): Ignoring removed orlov option
[  174.997206][ T6103] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  175.021888][ T6103] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  175.069460][ T6107] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback.
[  175.103483][   T25] audit: type=1800 audit(1717664320.707:249): pid=6115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1949 res=0 errno=0
[  175.150358][ T6107] ext4 filesystem being mounted at /root/syzkaller-testdir2575364772/syzkaller.uNe6EY/143/bus supports timestamps until 2038 (0x7fffffff)
[  175.714849][ T4773] (unnamed net_device) (uninitialized): Assigned a random MAC address: 22:db:69:8c:d2:6a
[  175.757504][ T4773] rtl8150 2-1:0.0: eth1: rtl8150 is detected
[  175.763883][ T6121] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'.
[  175.784781][ T4773] usb 2-1: USB disconnect, device number 8
[  176.189221][ T4797] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  176.225506][ T6121] loop3: detected capacity change from 0 to 2048
[  176.285027][ T6121] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  176.349326][ T6138] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  176.350947][ T6121] attempt to access beyond end of device
[  176.350947][ T6121] loop3: rw=524288, want=33554432, limit=2048
[  176.449159][ T4797] usb 3-1: Using ep0 maxpacket: 16
[  176.560230][ T6121] attempt to access beyond end of device
[  176.560230][ T6121] loop3: rw=0, want=9437256, limit=2048
[  176.572906][ T6121] NILFS (loop3): I/O error reading meta-data file (ino=6, block-offset=0)
[  176.585257][ T6143] input: syz0 as /devices/virtual/input/input22
[  176.589190][ T4797] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  176.648798][ T4797] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  176.700815][ T4797] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  176.757805][ T4797] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  176.807102][ T4797] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.883161][ T4797] usb 3-1: config 0 descriptor??
[  177.337627][ T6147] loop4: detected capacity change from 0 to 1024
[  177.381244][ T4797] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0
[  177.390825][ T4797] microsoft 0003:045E:07DA.000C: unbalanced collection at end of report description
[  177.408846][ T6147] EXT4-fs (loop4): Ignoring removed orlov option
[  177.424564][ T6147] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  177.427089][ T4797] microsoft 0003:045E:07DA.000C: parse failed
[  177.444897][ T4797] microsoft: probe of 0003:045E:07DA.000C failed with error -22
[  177.508488][ T6147] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  177.587950][ T4797] usb 3-1: USB disconnect, device number 5
[  177.985958][ T6153] loop4: detected capacity change from 0 to 1024
[  178.064173][ T6153] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  178.140214][ T6153] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,sysvgroups,norecovery,grpid,norecovery,,errors=continue. Quota mode: writeback.
[  178.481056][ T6172] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[  178.609121][ T3916] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  178.775907][ T6182] loop2: detected capacity change from 0 to 1024
[  178.854950][ T6182] EXT4-fs (loop2): Ignoring removed orlov option
[  178.867753][ T6182] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  178.944771][ T6182] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  179.009245][ T3916] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  179.019709][ T3916] usb 5-1: config 0 has no interfaces?
[  179.099247][ T3916] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  179.110522][ T3916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  179.118868][ T3916] usb 5-1: SerialNumber: syz
[  179.139634][ T3916] usb 5-1: config 0 descriptor??
[  179.396310][ T6153] Disabled LAPIC found during irq injection
[  179.448114][ T4764] usb 5-1: USB disconnect, device number 7
[  179.649270][ T4797] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  179.940155][ T4797] usb 3-1: Using ep0 maxpacket: 16
[  179.965635][ T6212] loop3: detected capacity change from 0 to 1024
[  180.013385][ T6212] EXT4-fs (loop3): Ignoring removed orlov option
[  180.024474][ T6212] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  180.074075][ T6212] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  180.109156][ T4797] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  180.153034][ T4797] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  180.160480][ T6214] loop4: detected capacity change from 0 to 8192
[  180.187449][ T4797] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  180.209324][ T4797] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  180.218679][ T4797] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.227444][ T4764] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  180.247216][ T6214] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  180.268121][ T4797] usb 3-1: config 0 descriptor??
[  180.635617][ T4773] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  180.659437][ T4764] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  180.672035][ T4764] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.693214][ T4764] usb 2-1: config 0 descriptor??
[  180.780805][ T4797] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  180.788034][ T4797] microsoft 0003:045E:07DA.000D: unbalanced collection at end of report description
[  180.823794][ T4797] microsoft 0003:045E:07DA.000D: parse failed
[  180.836689][ T4797] microsoft: probe of 0003:045E:07DA.000D failed with error -22
[  181.008081][ T4797] usb 3-1: USB disconnect, device number 6
[  181.059431][ T4773] usb 5-1: config 0 has no interfaces?
[  181.154933][ T6223] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  181.163458][ T6223] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  181.236313][ T6228] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  181.310374][ T4773] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  181.337148][ T4773] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.364223][ T4773] usb 5-1: Product: syz
[  181.368624][ T4773] usb 5-1: Manufacturer: syz
[  181.375680][ T4773] usb 5-1: SerialNumber: syz
[  181.386983][ T4773] usb 5-1: config 0 descriptor??
[  181.854242][ T3577] usb 5-1: USB disconnect, device number 8
[  182.194841][ T6249] loop3: detected capacity change from 0 to 1024
[  182.255728][ T6249] EXT4-fs (loop3): Ignoring removed orlov option
[  182.269023][ T6249] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  182.329639][ T6249] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  182.589466][ T4764] pegasus 2-1:0.0: can't reset MAC
[  182.599199][ T4764] pegasus: probe of 2-1:0.0 failed with error -5
[  182.640522][ T4764] usb 2-1: USB disconnect, device number 9
[  182.696964][ T6261] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  182.701393][ T6272] input: syz0 as /devices/virtual/input/input23
[  182.714844][ T6261] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  183.011339][ T3577] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  183.077395][ T6289] loop3: detected capacity change from 0 to 1024
[  183.151754][ T6289] EXT4-fs (loop3): Ignoring removed orlov option
[  183.158347][ T6289] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  183.207312][ T6289] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  183.279111][ T3577] usb 3-1: Using ep0 maxpacket: 16
[  183.377839][ T6291] loop1: detected capacity change from 0 to 8192
[  183.399451][ T3577] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  183.424259][ T3577] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  183.451867][ T3577] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  183.475587][ T6291] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  183.487506][ T3577] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  183.507179][ T3577] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.525132][ T3577] usb 3-1: config 0 descriptor??
[  183.889054][ T4773] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  184.010886][ T3577] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0
[  184.027769][ T3577] microsoft 0003:045E:07DA.000E: unbalanced collection at end of report description
[  184.050208][ T3577] microsoft 0003:045E:07DA.000E: parse failed
[  184.064348][ T3577] microsoft: probe of 0003:045E:07DA.000E failed with error -22
[  184.237064][ T3917] usb 3-1: USB disconnect, device number 7
[  184.269148][ T4773] usb 2-1: config 0 has no interfaces?
[  184.449181][ T4773] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  184.458263][ T4773] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.485647][ T4773] usb 2-1: Product: syz
[  184.495988][ T4773] usb 2-1: Manufacturer: syz
[  184.509531][ T4773] usb 2-1: SerialNumber: syz
[  184.524923][ T4773] usb 2-1: config 0 descriptor??
[  184.909369][ T3577] usb 2-1: USB disconnect, device number 10
[  185.134647][ T6317] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  185.157718][ T6317] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  185.557734][ T6327] loop0: detected capacity change from 0 to 1024
[  185.649375][ T6327] EXT4-fs (loop0): Ignoring removed orlov option
[  185.671984][ T6327] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  185.742379][ T6327] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  185.976449][ T3538] ==================================================================
[  185.984829][ T3538] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0
[  185.992809][ T3538] Read of size 4 at addr ffff88805c380000 by task syz-executor.0/3538
[  186.001124][ T3538] 
[  186.003448][ T3538] CPU: 1 PID: 3538 Comm: syz-executor.0 Not tainted 5.15.160-syzkaller #0
[  186.011939][ T3538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  186.022017][ T3538] Call Trace:
2024/06/06 08:58:51 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[  186.025295][ T3538]  <TASK>
[  186.028219][ T3538]  dump_stack_lvl+0x1e3/0x2d0
[  186.032900][ T3538]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  186.038534][ T3538]  ? _printk+0xd1/0x120
[  186.042700][ T3538]  ? __wake_up_klogd+0xcc/0x100
[  186.047552][ T3538]  ? panic+0x860/0x860
[  186.051614][ T3538]  ? _raw_spin_lock_irqsave+0xdd/0x120
[  186.057086][ T3538]  print_address_description+0x63/0x3b0
[  186.062643][ T3538]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  186.068278][ T3538]  kasan_report+0x16b/0x1c0
[  186.072783][ T3538]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  186.078414][ T3538]  ext4_xattr_delete_inode+0xcd0/0xce0
[  186.083876][ T3538]  ? ext4_blocks_for_truncate+0x270/0x270
[  186.089601][ T3538]  ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0
[  186.095661][ T3538]  ? rcu_read_lock_any_held+0xb3/0x160
[  186.101128][ T3538]  ? ext4_inode_is_fast_symlink+0x262/0x390
[  186.107026][ T3538]  ext4_evict_inode+0xcb7/0x1100
[  186.111955][ T3538]  ? _raw_spin_unlock+0x24/0x40
[  186.116812][ T3538]  ? ext4_inode_is_fast_symlink+0x390/0x390
[  186.122704][ T3538]  ? do_raw_spin_unlock+0x137/0x8b0
[  186.127895][ T3538]  ? _raw_spin_unlock+0x24/0x40
[  186.132740][ T3538]  ? ext4_inode_is_fast_symlink+0x390/0x390
[  186.138635][ T3538]  evict+0x2a4/0x620
[  186.142533][ T3538]  vfs_rmdir+0x33c/0x460
[  186.146803][ T3538]  do_rmdir+0x368/0x670
[  186.150957][ T3538]  ? d_delete_notify+0x150/0x150
[  186.155885][ T3538]  ? strncpy_from_user+0x209/0x370
[  186.160997][ T3538]  ? syscall_enter_from_user_mode+0x2e/0x240
[  186.166976][ T3538]  __x64_sys_unlinkat+0xdc/0xf0
[  186.171829][ T3538]  do_syscall_64+0x3b/0xb0
[  186.176237][ T3538]  ? clear_bhb_loop+0x15/0x70
[  186.180908][ T3538]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  186.186799][ T3538] RIP: 0033:0x7efc8aef5747
[  186.191213][ T3538] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  186.210821][ T3538] RSP: 002b:00007ffd96acff68 EFLAGS: 00000207 ORIG_RAX: 0000000000000107
[  186.219233][ T3538] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007efc8aef5747
[  186.227200][ T3538] RDX: 0000000000000200 RSI: 00007ffd96ad1110 RDI: 00000000ffffff9c
[  186.235164][ T3538] RBP: 00007efc8af52636 R08: 0000000000000000 R09: 0000000000000000
[  186.243133][ T3538] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffd96ad1110
[  186.251097][ T3538] R13: 00007efc8af52636 R14: 000000000002d477 R15: 0000000000000008
[  186.259092][ T3538]  </TASK>
[  186.262107][ T3538] 
[  186.264421][ T3538] The buggy address belongs to the page:
[  186.270067][ T3538] page:ffffea000170e000 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x5c380
[  186.280315][ T3538] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  186.280998][ T4773] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  186.287429][ T3538] raw: 00fff00000000000 ffffea000170e048 ffffea00017179c8 0000000000000000
[  186.303562][ T3538] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[  186.312132][ T3538] page dumped because: kasan: bad access detected
[  186.318540][ T3538] page_owner tracks the page as freed
[  186.323899][ T3538] page last allocated via o