last executing test programs: 5.173880218s ago: executing program 4 (id=2059): r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001418) ioctl$TUNSETOFFLOAD(r1, 0x40047452, 0x20004002) 5.147052792s ago: executing program 1 (id=2060): setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000de00000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) setrlimit(0x40000000000008, &(0x7f0000000000)) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(0x0, r3, 0x0) setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) sendto$inet6(r1, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)='v', 0x1}], 0x1}}], 0x1, 0x4044c84) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f00000000c0)=0x1, 0xd, 0x0, 0x0, 0x0, 0x1) dup(0xffffffffffffffff) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) 4.135696661s ago: executing program 1 (id=2066): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x3, 0x2000000000000081, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000", @ANYRESDEC=r0, @ANYRESHEX=0x0], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_usb_connect$hid(0x0, 0x6c, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x27b8, 0x1ed, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000b00)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x0, "efb9ce47"}]}}, 0x0}, 0x0) syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r3, 0x107, 0x16, &(0x7f0000001c00)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80}, {0x6}]}, 0x10) r4 = socket(0x200000100000011, 0x803, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'xfrm0\x00', 0x0}) sendto$packet(r4, &(0x7f0000000100)="4dcdc7d96a760000000280040200000000000000", 0x5dc, 0x0, &(0x7f0000000000)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @link_local}, 0x14) socket$packet(0x11, 0x0, 0x300) mkdir(0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) mknodat$loop(0xffffffffffffffff, 0x0, 0x0, 0x1) 3.487470345s ago: executing program 4 (id=2068): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0xe4}, 0x10) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0xfffffffffffffed5, &(0x7f0000000240)={&(0x7f0000000280)=@ipv6_getaddrlabel={0x24, 0x4a, 0x6d1c8b79a9711461, 0x0, 0x0, {}, [@IFAL_LABEL={0x8}]}, 0x24}}, 0x0) 3.404027673s ago: executing program 4 (id=2069): pipe(&(0x7f0000000080)={0xffffffffffffffff}) tee(r0, 0xffffffffffffffff, 0xaf5, 0x0) 3.303856997s ago: executing program 4 (id=2070): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x44}, {0x6}]}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x20}, 0x20}}, 0x0) 3.167360564s ago: executing program 4 (id=2071): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='xfrm0\x00', 0x10) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0xf00, 0x0}}], 0x40000cf, 0x0) 2.650806428s ago: executing program 4 (id=2075): syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x0, &(0x7f0000000000), 0x1, 0x51aa, &(0x7f0000005280)="$eJzs3V+IVNcdB/Az+0cXpe5UCtqCRR987mJ9aOnDDoXSP7Iw1lq0oLsKlYogi1SwuFBFC0pBtmwRWimI0AcpylAqQjcQIZAQElh8kIgBE4mQ5ElJAgbyEnbuPbMz53p3xo1mjX4+snvn3N89554Z7sN8xz13AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQQRqd+s+f0vaufl9W3XrpTv7durHbm2Lnhxtrj4yFUmvsreX38p7/49YEd42NDscPE9mxbrZYNmXV9P2us6Ng536/zZ18IYTAZoD/f/qy/rW8lPUE4UhxwUScHrm24uXfb2Exj7sHho5unik+deUPLPYHlkl9X9xeupVrzd19yRKvddulVOi7RrH96wX0tTwIAeCIj9eam9XY0f4vbap9I60m7lrSnk3Z8hzDd3liKbNwVZfPcmNaXaZ61LCqsLJ1nUs9f/1a7nvZP2knUeIJ5dh6aR5qhsnlOJvXlmicAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA8+Tsj2Y/evX3e94pq2+9dKd+b91Y7cyxc8ONtcfHQ6g291eycmX33H8uf+vYz394+f4XI1sOPvx/f94vbgfaDg6344MfD4ewv61yPw778ZoQ6p2FZjP8o1g42Hzwy1gAAADgRfLd5u++VjuLg4Md7UozTVaa/6IsLJ4cuLbh5t5tYzONuQeHj26eWvp49ZLxao8dr9WuLvxU2oJxjL/peAv1eOiRwjiLS0dM8/zOqR9Urjz6zpWy/oX8X108/8dXTv4HAADgq5D/03EW1y3/rz775n9PvTX2WVn/Qv7f2HHKQv6PM475vy8sLf8DAADA8+xZ5/9aYZzFdcv/f7879OfTnxxZVda/kP9Hesv/A+3TjjvfjhM+NBzCSLepAwAAACXi/7svfLQQ83r2yUGa1y9cP7Dvn/+78q+y8Qr5v9Zb/h986s8MAAAAWKrZk43ZW3+58++yeiH/13vL/yuf+cwBAACAXl3d9cH5C997tLOsXsj/E73l/7igIF/5kHV6Pf4VwsxwCEPzDyazwhtherRVAAAAAJ6SmNNvVXd9v/rh6GzZcYX8P7n4/f/jnQ7i+v+O+/8V1v+3FbK7/v3EjQEAAAB4GRXX88fb42ffXFD2/fu9rv8/v73v7v6/jTXKzl/I/yd6y//97dun+f1/AAAAsATftO//210YZ3Hd7v+/6b3Xbhz9429Hy/oX8v90b/k/ble3P70b8fU5NRzC+vkH+d0EL8fTHUoKjcG2QvbCJz12xB55obGyrdA0mfTYMhzCpvkHJ5LCt2NhOik8XJMXLiaFuVjIr4dW4WpSuBGvtPNr8ummheuxkC+waMQVFKtbSyKSHp+W9ZgvPLbHu62TAwAAvFRieM6z7GBnM6RRtlHpdsCqbgf0dTugv9sBA8kB6YFl+8NEZyHuf+VX9Znbv/vDn0KJQv6/2Fv+jy/FimxTtv4/xPX/+fcattb/T8RCNSk0YqGe3jGgHs+Rhd2/xnNU63mPh+tbBQAAAHihxc8F+pd5HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAle/ceI9dVHw787Hr26X3l8SMJz4WImPyQ1+s1oQ1EYkNBPEM3JKCklGadeBMWbxIntis7oNZ5NIKkQCoilQJSHRAClwosoAq4qeIGYdTUUqLQoCRASoIRpSRKIqrQyn+kmr33zN45d69nHHsdb/r5/LFzZr7neefO7Jx775wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+b6jd975v//A9+zdVxd/wpUemHjvlvMlPbPv08O4TP3ZJCFPzj3dk4Y6L7/v6rsFt71i368DB8YnZp/d05+XyeFhZ/9OZ37kp1npgMIQ7O0KopYHVA1mgK78/EOt7+UAIJ4SFQKPETH9WIm04/KAvhJ1hIdCo6nt9IQwUAhc+cM/dn6onbu8L4bUhhJ60jZ/1ZG30pYEzurNAfxq4upYFfvdcphH4bmcWgCMWXwyNnX73VHOGkcXLVex/XUetYy+sdHgrYmKkOt+T5y5xpwq60wemjuhpK1XHkii9PPZ6tS2DV1tpO9/maSt+kMo/oTy3EOoJnRtmLl+/dW5LfKQzjI2tqKppiZ7nh5/5+GWHk142+2HswMhR2Q+fuOrmi1bdMnlg113v3TN979aJI+3mQ4VNWkwvtZ6Q73PL5nmMJr2fLIOXX+lT0qgPXSGEj3znzWtvrH3m36ripfn/yKHn/3F3jredTbljrQeHsrl5fGQgJp4ayubmAAAAsGwsh6OmT/3RNXvufXL/v1fVV5r/j7Z3/j+e8s8n89lo94YwOZ+4cTiEU+cfzwK7YnOXDofw6vnUVHPg3CSwN4TT5hNnNqpKSvTGEqNJ4FdDeWAyCeyLgakk8JUYuC0J3BQDu5PAZTGwNwm8NQbCbPM4/v9QPo62A30xMJ1txN3xKoTfDsXWkm31k0ZVAAAAR0k+O+xqvlu41uFIM8Tp5e6+VhniFdiVGXqSGtIZbGNaVVlDrVUNna1qaIx7x6GHX6q5o1XNpcswOpozfPfJv/nnG9504MFQoTT/Hz/0/L9nkY50lM7/h3D+/N+YuzOPzDXi01NNGQAAAIAj8LbvfGH6tN9cen9VvDT/n2zv+v94TGRFIXPYHw9DbBwOYbw5kFX75nIgO+u9Mg8AAADActA4H984Fz6b32aXaKfz6XL+qcPMH0/8Ty6a/7xHRz//+Af+fKqqv6X5/1R71//3N99mndgXe/HZ4RB6C4Efxl7WA/NGY+Dnb2kO5OPfFzfArbGq/MKERlW3xhLTMTCeBHZWlbi/UeLU5kD+ZDUav7Exjtm8RCEAAAAAx1w8HBDPy8fr/z/5F3c9dMsXv/WWqnKl+f/04V3/Pz8PLl3eP7cyhDW1EFakXwzY358tDBgDAx154p/6s7pWpFVd3x/COfWBpVU9lq//X0vXGHygL6sqBk59zdeeOaOe+HJfCGuKgR9/6I6z6oktSaDR+Af6QnhVfbRp4//QmzXelTb+170hvLIQaFR1aW8I9ca606ru6cl/xyCt6ps9IZxUCDSqemNPCNsDAMtU/Fe6ofjg5u3XbVw/Nzdz7RIm4jH8vnD57NzM2GVXz23oqejThqTPTcsYXV8eU2ebY/9pvkTRgxdsHG4n3fie4HixL/lx/NKFg/n9+Fmoa36cE11Nd9elQ37d6eUm0iG9EEPuL1ay8CSW6o/5u8PK0Lt188y1Y9vWb9ly7drsb7vZJ7K/8TRTtq3Wptuqf7G+tbF7tLuq9vPdVquKlazZcuWmNZu3X7d69sr1V8xcMXPVurXjZ5/9xomzzp5YUx/VePa3xVBXLVZ1MtTn7igPYal3i5fWCpUci3cNCQmJ5ZZ49IMTtZe85vX/WfX2U5r/bzr0/D++68R3/nx9hqrz/yPxNH/2+MJp/ukY2Nnu+f+RqrP5jQsDRpPAjhjY4TQ/AAAALw7xcGQ8mhkPPz79kY8+Wdu27pqqcqX5/472vv9/lNb/byxd/+6qZf7PjCXGq9b/T5f5b6z/v6Nq/f90mf/G+v87X4D1/7c2Askm+a31/wEAgBeDY7f+f8vl/dMfCChlaLm8f/oDAaUMLZfxb/cHAg57/f+Hb7rzgv83e/G7QoXS/P+29ub/Fu4HAACA40f/6O/2/eL6+8+tipfm/zvbm/8f+/X/QtX1/6NVgamqhQGt/wcAAMAyVbX+38Vv/87LPjj6hvbX/9vd3vw/XnbR2ZQ71npwKFvTLqRr2j011PjKAAAAACwPnWFsrKvNvE0ro1aejW/t4Xwp0EOli/7j8SvXnLP390+vqq80/9/b3vy/6XsZT1x180Wrbpk8cHDXXe/dM33v1omF8/8AAADA0mn3uAQAAAAAAAAAAAAAAPDC+3X/F/70lL8b+X5VvPT9/3D+/ONV3/+Pv/sXv19wclPuWGvr9f/y+xe+5xvb55cs3D8UwunFwMYbNp4Q8t/mX1UM3P3hM0+pJ25IS9z16Ft/WU9ckgbeufrEZ+uJc5LAdFwk8bQ0EH9V8dnBJBCXV/xRGojbY3ca6M4DnxzMxtGRbqtfD2TbqiPdVo8MhDBcCDS21Z0DWRsd6QBvTwKNAV6TBuIA35cHOtNefWNl1qsYGIhF/3Zl1isAAI5b8VNgV7h8dm5mPH6Ej7cvrTXfRk1Lll1fXW0rP82XJnvwgo3D7aRXpJ9FF35rvCv01IewtvRxtZilY36UR6eWFpvu5Ioht1rtrVZRLnW4m667ekR92YjGLrt6bkNXy4Gva51lotYyy9rSZKeYpXN+k7ZRSxt9aWNEbW6bNroc73eGsbEVSa43xeBIaNJqj2j3+/rFdf6q9oJino6T//Kdt3925o6q+krz/5H25v89xXE9m/8YwI74y3o3DodwapsjAgAAANr1k398aOLqL9z89+ntNx/ff/Mr7znv6apypfn/aHvz/3hgLD8VnB3t2Bt//78x/x/JArtic5cOh/Dq+dRULJH9oP67Y4nxLLArHjA5M5aYnmquqjcGdieBXw3lgb1JYF8M5EcpvhbyQzl/NRTCWfOp85tLbIolRpLAH8bAaBIYi4HxJDAYA5NJ4InBPDCVBP41BsJs87b69qCjKwAAwPOQz7O6mu+GdJ63u9YqQ0erDP2tMnS2ytDTKkPVKOL9b8UMXcXz8XmG+FBXWmtfUkspQ/wx/MPuVylDuL85Z1qw1HS8/qBxvUFHc4b/Pvkzn39V756DoUJp/j/e3vy/v/k2a31fnP8v/P5fFvhh7N5n46XjozHw87c0B/IDA/viZPfWRlVTeYl80n5rLDEZA6NJYFMMTCaB6fPzwM5TmgP5TLvR+I2NxmfzEoUAAAAAHHPxAEE8TBPn/+8/6fXfP+9dMw9UlSvN/yfbm//H9lYWG7sp1npgMIQ7OxZ60wisHsgC8TjGQPx6/MsHQjihcICjUWKmPyvRnTQcftCXfUO9O63qe33ZGgPx/oUP3HP3p+qJ2/tCeG3h6EujjZ/1ZG30pYEzurNAfxq4upYF4pGfRuC7nVkAjljjqGDcofJLXRpGFi9Xsf+9WH4TNB1e6RjoIvkW+87VUulJH8iPqTYc3tNWqo4lUXp57PVqW46vthGvtuIHqfwTynMLoZ7QuWHm8vVb57bER4rfZC1Zoue5+C3VdtJHYT/c8fx721pP2oHx5O1jfPFyi++HHbG6J666+aJVt0we2HXXe/dM37t1ou1uVIhfFH77c58beaiweZdaT8j3uWX3fjLl/WQ5/hsY9bTVX+Yvmb7qgkd+9GRVvDT/n2pv/l9Lbuf9T9yYm4dDeF1h4+6Pm/8PhrP3wUIge5c8qRzITrn/YqjynRMAAACOtsbhjsbxgtn8NrsgPJ0nl/NPHWb+eLxictH87fZ7/b7f/PHYaa+4tCpemv9PH3r+35t00/l/5/9ZIs7/L+p4PxTdmz6w44gORZeqY0k4/7+o4/3V5vz/opz/d/5/Mc7/t+D8/6KO96et9Clpkw9dIYTXffCr4fHPPNv++n+b2pv/W/9v8UX7Guv/TVet/7epav2/Hdb/AwAAllTFQnPpPK+0el8pQ7p6XylDywUCWy4xaP2/w17/b//bXvGz7R/49UWhQmn+v6O9+X/cHVYWW18u6/+Nnl9R1W0xsMnCgAAAAByPqg4QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8MK6/09W/941n1/15ar4G770yNRjp5w3+Yltnx7efeLHLglhdv7xjizccfF9X981uO0d63YdODg+Mfv0np68XFd++7Km3LHWg0Mh7Cw8MhATTw3V7ywELnzPN7bX6on9QyGcXgxsvGHjCfXEV4ZCWFUM3P3hM0+pJ25IS9z16Ft/WU9ckgbeufrEZ+uJc/JAR9rdLw5m3e1Iu/upwRCGC4FGdz862FxVo4135IHOtI2vDmRtxMBALPq5gayNGJiLJWZ7Q1hTC2FFWtW/9GRVrUirqj87w4VAo6o/6wnhnBBCLa3q0e6sqlo68vu6s6pi4NTXfO2ZM+qJnd0hrCkGfvyhO86qJ65JAo3G398dwqvqu0za+Le6ssa70sZv7wrhlSGE7rTEf9WyEt1picdqIZxUCDQa/0gthO2BF4X45rOh+ODm7ddtXD83N3PtEia687b6wuWzczNjl109t6En6VOVjkL6uesPHT+Unz7z8cvqtw9esHG4nXQtL9c13+WJrqa7645W79t1uL2P/eovVrLwfJTqj/m7w8rQu3XzzLVj29Zv2XLt2uxvu9knsr8r8mi2rdYerW21okX56Pluq1XFStZsuXLTms3br1s9e+X6K2aumLlq3drxs89+48RZZ0+sqY9qPPt7NIZ6RzneucRDfWmtUMmxeAOQkJBYbonOpne38eP9X3bpg/5CR7tCz/wbdGlaUczSMT/KozHoc8vxpXpLL01JSiNaW5o4lLJMtM6yrjSZWMjSl2WZ/1xXmhwWa+qc36QLm2RsrPKf+kjz3eLmfXKRzduuh/NN124aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6XHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhB44FAAAAAIT5W4fRswEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKUAAAD//0cRM9w=") epoll_create1(0x0) epoll_create1(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f00000002c0), 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x0, 0x2000f75b) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) r2 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r2, 0xc0185879, &(0x7f0000000680)={0x0, 0x200002000000, 0x0, 0x0, 0x0, 0x0, 0x2401}) r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00'}) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18010000007b00000000000000000000850000007b00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='netlink_extack\x00', r6}, 0x10) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00'}, 0x90) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r10, r9, 0x25, 0x0, @val=@tracing}, 0x40) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0) sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)={0x34, 0x39, 0x9, 0x2, 0x0, {0x1}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='R\xcb'}]}, @typed={0x8, 0x2, 0x0, 0x0, @pid=0xffffffffffffffff}, @nested={0x8, 0xa6, 0x0, 0x1, [@typed={0x4}]}]}, 0x34}}, 0x0) flistxattr(r7, &(0x7f0000000540)=""/4096, 0x1000) ioctl$KDSETMODE(r3, 0x4b3a, 0x0) 2.542754255s ago: executing program 2 (id=2077): mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000000000), &(0x7f0000000080)=0x4) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, 0x2, 0x7, 0x101, 0x0, 0x0, {}, [@NFACCT_FILTER={0x14, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8}, @NFACCT_FILTER_VALUE={0x8}]}]}, 0x28}}, 0x0) 1.506455021s ago: executing program 2 (id=2082): r0 = syz_open_procfs(0x0, &(0x7f0000000480)='net/igmp\x00') preadv(r0, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/133, 0x85}], 0x1, 0xa3, 0x0) 1.355405265s ago: executing program 2 (id=2083): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x4) r1 = syz_io_uring_setup(0x24fc, &(0x7f0000000200), &(0x7f0000000080), &(0x7f0000000000)) memfd_secret(0x0) r2 = getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) sendmmsg$unix(r0, &(0x7f0000002f00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r2, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000024000000000000000100000001000000", @ANYRES32=r1], 0xd0}}], 0x1, 0x0) 1.321568342s ago: executing program 2 (id=2086): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.kill\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sendmsg$nl_xfrm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x33fe0}}, 0x0) r1 = io_uring_setup(0x1053, &(0x7f00000001c0)) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000005540)={0x0}}, 0x0) socket(0x0, 0x0, 0x0) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000040), 0x18) close(r1) 1.244992703s ago: executing program 3 (id=2087): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r0, r1, 0x0) mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 1.187382395s ago: executing program 0 (id=2088): syz_clone(0x1242000, &(0x7f0000001b00), 0x0, &(0x7f0000001b40), 0x0, &(0x7f0000001bc0)) 1.186826391s ago: executing program 1 (id=2089): r0 = openat2(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x20a40}, 0x18) close(r0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000040)={0xc, r2}) 1.130727726s ago: executing program 3 (id=2090): openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r0, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000640)={0x2, 0x0, {&(0x7f0000010140)=""/248, 0xf8, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000001f00)={0x2, 0x0, {&(0x7f0000000180)=""/114, 0x72, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000840)=""/211, 0xd3, 0x0, 0x0, 0x2}}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) write$vhost_msg_v2(r0, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f00000002c0)=""/119, 0xfca2, 0x0, 0x0, 0x3}}, 0x48) 1.118679542s ago: executing program 0 (id=2091): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(&(0x7f00000009c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000a00)='./file1\x00', &(0x7f0000000a40)='befs\x00', 0x0, &(0x7f0000000a80)=',\xdf') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x14, r2, 0x715, 0x0, 0x0, {0xd}}, 0x14}}, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8003}, 0x4) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) 1.011246139s ago: executing program 2 (id=2092): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10) syz_open_dev$video4linux(&(0x7f0000000040), 0x7ffffffffffffffb, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000001080)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) sched_setaffinity(0x0, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$rxrpc(0x21, 0x2, 0xa) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r5, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r6 = dup(r5) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r6, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r6]) chmod(&(0x7f0000000140)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x0) 1.011045971s ago: executing program 1 (id=2093): recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x66, 0x0, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r1, 0x0, 0x0, 0x0) move_pages(r0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) 1.002596842s ago: executing program 0 (id=2094): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @private1}}}, 0x84) 921.00768ms ago: executing program 0 (id=2095): symlink(&(0x7f0000000dc0)='./file0\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) readlink(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001200)=""/4096, 0x1000) 723.450316ms ago: executing program 3 (id=2096): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 715.385486ms ago: executing program 1 (id=2097): syz_emit_ethernet(0xa8, &(0x7f0000000000)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x72, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000050000000026000400"}, {}]}}}}}}, 0x0) 646.11516ms ago: executing program 0 (id=2098): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000004c0)={@val={0x0, 0x800}, @val={0x3}, @mpls={[], @ipv4=@gre={{0x5, 0x4, 0x0, 0x0, 0xfc0, 0x0, 0x0, 0x0, 0x84, 0x0, @dev, @broadcast}, {{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, [], "09726483718ba3e6d08f7571cc59e627d3ed353e879da15784c220746fc2eba11f56fe932b544f53b43a34b265bd5d44fd38791b56b3b8767c382bc52ee2b8fcbbd661f151afd5315d5f502920c297a3916d7ea039eb558ebb06336662367e15363058de9b806035d5c980832248d1fc96c6b2fb2a4dffa91026dd0228974f70bea2a8e3fe0c9aae345d6e19f211b834f1"}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "ac10ef31176d1af88e863d588661a0756365388ef6f2d7b69fb82dc9e7de475e5aad52fa5b61fb1730a4f8ba342b81d86460c5cc35df8bdc3e55e1e92140c9ed10cfd396d4fb331e1901da8dfd47cd7431fd6cb967f7d84f0ba6de4a73b26c286edc3684534e70f60b30b7aefec9309c13a29b35e134d47c3579870d43bcc2babd71412ade39c68b036b5e7a6e90c25efe7a5b3ff3fae0fe7459e71cb431cb8f6a45a9a21d938cbd1de67fde856f05154095c3d86b9f4bac02987d8a06aae5f8d3da56748f1f6b1e9de4d1afaea08c70a943b080bf77494e5dcc17fe38bb0a0b36a008f7805cfdbe5a89e2e12e013b6ff42e3f9e825f3d604768f87273edad56c12c8a5eacd9b63ea6fa1ecf16139cb19c579c4f0a125a755439e6dc9c1637c0d23c1c281af2982cca306b2d3dbaede299bfe4f2ebd822abfabafef3f159049cc24f01a412fafe3d43841a6a4dbed78566e34544a074d4c01cedbb22527e955e8f93ef5a927fdec293a3c78693cae45de7481fdf0f65a43b50d26904594676b7af375752c99e2ba3e00286ab9d438af7b8834c0e71d245c0428ecc5a59f29ab0bca9b1913b9bb5373a94e1daae374d0ed7e7ffd0a1188c83e61e8ee28625483a96a246b9e1cdc8da085de61834a15afd5e7726d711c5ecc008914b9b9f35603330113e548e4509516bac6bc1150b2ace667a540ec84d22c0d0200056918fa3ac596cddd501f7b34f3b97c12c3c10e4b0c67ef01059c2feed93f9169498278daabd27d8537882a87b2edd4b2e6789b90d065ba7a064b2b4ecc1622c8662b3145844c12491ee85dd2acbe057479db9d24e500d9f1af37745f39e7fc7d4e513fa839556155db1ba6d62465a464184f2f4f9c4c822e64c6a357d7bc06caf64db283f0a3a427b400b7dd4df488c9e30db1fdb1774038d32557b69f9c1eba7ec66309bc68c19200aa5f05ec21c1cc9a12667cbae2863198913eac1de18df558c1b5fbceb0e6b521e120e98b39ecc8cabb6c25cdc31d827eeb549fe548f6b29d4f65b176ea0a20411d750f02c660cba2c62935fad8c51324f6f437daa53c81ff2e19b94140f1d72a2540b3fa74ffe85c696a4e4411d4449744ca4b5e8b921c7d62208b88a1df38030c4e09cd264a9c534259737ed6ea798cbc2d0054845dc84e97295efad0f5228fc61710e75a4445a889e230887845fa7f02be62593c352cb344a0f947bdb6c4cf3aab5ecedbd4fdde781c496db32a51f700b2fc19b2c36e257bbb2c735e0f03cd9e49700aee6edaa6952bdc2feef2d2e5463b6778fde3c7ef73477e22a181816883192beee132b3866c4ec977e0cd0b995de650c4c7d3e6e483685f75f9d82f69868d67e64a59e7320707847040bed7bb8c24d5e6a1da326d3226e71933484a2c619592a00db3b086d5fee139abaae14d65698937ef8c066acc7134f085e1e8ccd04a67e128c2d775740f0727c14dfbf8a2ed7f25d353285ab0fd03a8788d725163d27ac13ced25669301f672fb1f404451d85e92e1d0049fa9558c8492cc336ddd5133cb1b307f2901341fb6a021e1b751f22412e76fad6ea2b4a7d756559619fa47b22bc55ef8fdc19fbd6136becc60ff19748e60452e704752c82beb4861ea118875e9fe75a9e6c10c8b922dd8054ef8dd15963db6d505e7eab028322801bb4328d8257e726d937ca83c8efca320c8ecd24313eb5e8114c604781ed936a82740340ac6692bfc3613d2f49bf8284cf60cee6513fd154034e49af838146872e8735962da7f7bbd301f2fd85e597c1b6f8418352ebec83286f9dfab4a0b4dbb8b9c7b55aaf9ac1628d1493c1786c78a8a0b8c58596f1e1ba92b7fcdb80e867fdd299c78b902ac2de3c6d6bad6c5fb0c5db603b7c3c7ff8a64dc4488e07d2b506db960db1503ad72dab8ef405549a5f12a62052be8f7ad3fad32ba8560a8874c06f815ec9912dfcc16d8e0f8c9ab9afceae435a63dcdd1dc6b1e4d186f306ec1c8af08e69ad8fc9860c9bad1af0654c51e0711ecfa47c6b4411010076c975057db6609b47fda736f6ef81863387e3c971479a572145aab35a24475ffea35c1626b644ba12ef8d92cf9310f722b493b2da8ea4c5dcd99d75167e1404642aafbf5db3f8ce95382d7bbd550c0bae73af75dc913ead260ce475b30879d4279efeae49e88b0071661725e9ec5b3579c1716d70971fd301d8ee090a98120bf35ffa62101077362a2a3564022b0bff01e76e641fc01ff731a834509600aadeffe2f00276de348a3c57778865063bd8e348b6e68b5c74298ba911a184f5bfdefd6473272c174c9e644abdf22b3ac39e246ae947ffef4773bcfec3b2a8d03dc8971471dfc50cd5ef6d32ae3486f7d14b0137e80a313910d9bc87aed8c41c6563f646b39c2a26f4add083ab6efb5753fc6b78e7907b9cd8a2cabdf87e202239fffc99e0446915c3bc147635398f73201d7369902225184d8da01641759645bf92b5d73ab153f2150264c3333ce12747ce2642aa04aeeb85513170a67dd93b010e8fd0f3cb290e1fc0040d32bdad7d8b41c4f2d10a3c170dbc3e264e29714a34dd220c2bf3e273d7cb3a9397b16a47c85cca75e4cac2def7c976fb7f38b24bdb8f80486e9cec55574d9f2864085289fd2fc497a3a7fab762877629db9ff70201f07897246f9f5211ced9266b732e9988805669dc1bc8e4ddd235562c7785e2379f1f0dd1e71a98b6d204e6c1a1ee163ceb35f6c436bb2547522bed2a55814a3f5f53d3eceee6c847c12af75fdc8452116ab891a5c6424a79b33c4b56a5412700a907f3eca800fcfba133f8bab9ebae32c699b548aff3ac702699f293fceb7445a7107956adad16a6b73a2fe0c88232f2d9831b238b92c511e4a6e02f784ee328bd979c4728ba0f86cc4ed9a69c6d5bc23496729a6512c4664006afc08de2f4dd89e52108f7c081d11facccb91ebc82415691b6bf05818638b3a4d809ae307f4b2d867a34417dbaad8c01a3773d8ebe56890230bd4a2e2a027d59839e1710cb5d25cec245ed8f86b7d4ed8e4ec48c53387ab1ea059406bf2612a6c730750b41a47bdf51cbec2c3f1b07fd6aba2ea390e138868d71f0a73990e87b383757a199f53bcd25f93b15efaf84a9a3758f5cbc2223a809ba784a5af2d36a3b99e3d143310ecf2bb9d2dd8fe9defdfa3d82e005c52514f13beb97476fb7a0f7ab62892977c9da0b950dbbc89bdd58472619f3bdbf46def88488e7bdf0633ee908a4e4e795e92037b74db18672e168514e2ad0a2df94357f2dc2c593b251894657c6bea65abfcd76b7037bd5817ab73be94f00031150f375442e0f0d0e7236ed4150637c14f62ecb6713f897889d77d814ead5774d726f307fe32c020cdefda72151798fcde65af6fbe6594eeb078a8c414b949c0c2217a0cc82049c43f6fb3cb7c00fc0305b86dddde708dd8a61a63e799abdd49d6ff1c41b8ecb230891037ca36d7a7e1f6280f52a5d45ff872f11df408ae09fc9b9d371ccf4f2777626ad84426d925dac9bbacc785acb5c29cbf9d6aec77d5ac48778ab4682b7bb611f342a72c26417a5e432e5d956844e19739e61999a78c615acc09f415032031ac6cb839da764331d131acbe66b502e7f1a5b9dc68df7f5524e7bc6fdfa982b39af2cbff69052d04be78821282dbfc034e64943004375f16cf4741526aaafebfc1a6d4a38d4c345aa22c94922f145b6c449a216b6c382565598125156fad8097c2e7ea65063cdfe34e50fb75939f3b3cf5ab8a3448ead3cc36358f45b0eaabf8ff2b64a1923407226f24420978d03d6bcefc2b45a74425017c11146e25f6d41912f39afecaa19090123ea2605994978b00a347aba322cd10822933e3f5988477ce1b2aff651553ec4977b185e5c7aaa4c64b4fb49cfc0cad75e85c0617e19f26fd0932a4bba0821d5a4d9449773c2d3c25e8aee59155346502b72a4d6818f143695acd5b83a336d02e2d1b9da5740e287c4694012f9648656c51cd44431c54301ea55f48197d1280421793598db89820937aa6a41d69618f55fd9c40dc0742e77d4ddf4a68a6cecba47ff0a22e2734bc9556193642b92838c891b4ed109af35190332aabb9aab184076cfc99f08814bebe47fccd12005ad926a643c791ecda50458a1106a033408fb90da10f8d6e42b3a462e9f9a1a2752c21967884ea79a1148f3dd0304bef05747458c7859dbf7f6df08074e9ac221677b70546909329c5557adb255cc33c1f9b762188e2498a7744f066df3fb8bee6261db37489b63f9bda047a06cbc588ff1255e3b63a86a5ca353160e0dc4088ea691c768f5d36397cb64c6db2d5bd39473a9d1209d021b8017434874ed5f99d9fc27d5549eaecdcfb7093549acaea45610221192942e108def0efbc004bbfef195af7dcdc0b75097eba13d621c2ca5ee3bfd2845b21a910e8ea21536768e1e5081997ae7415a55e58e1294d8ff3bc95faf96a65501b922382f4f75a0f938b290fd66bb3ccdc33734bafa18a3765d23f151951b8c8c6939de018c4e9ca253dff4a1fc70a601bba8c2e146a79166745e5fd1748c638a7a945e5f5aea0a93c7861446ef5996e37231e573245dae58b168c0564c8b27ada3fde66bb00f51f7e47970855d1057739ccf583666055187173bfd1454a5fbcfd59f39b6ad63fbfbe0fea9a6b336a41ec316acedd38cc6fab7de1190c97bed6e8f1cdb47d59941955f87a59d953c0f60f68a63fcf8f6f76b3eb5d79d94a2eeb3fb28781b1bbd31937c6f6e2d6fa7d2f4134702fdc0a2250bbec420c73a89c1643379235a492c2cbb3280ec3e676fcc1b33aaa645234eebefb1c28c52646a33c1989a386d537cd5ebf89f50b575b37b9a337f653919a569229009"}, {}, {}, {0x8, 0x6558, 0x0, "20e62929c11cb0549208c925145acbdc02d1fec745f9b654f2d97c9269199fc2293765cfbba8e22fa0ba230c891eb5a9490864bc2e2993a2831d52a0f75fda3f213ec297d9acaa7a8aedc6826e3274b7f48681313b4b677b469a77dd667c84aaf2766d84d9f6dd1b6aa2ab1860b1394813e57c4c6d557a4d049d74cdc674b82da3e6c6f0b9a890edc47dd5a6801c24ba1da62ac03a3620d1f109122a34cd8f552730c4239a81f09bc9174d89403e8011a5436bc7abbd69d49f68a786837a51689f7a4b422061f4768c9052c000016fffffe700e53f083b13e53ef485d121779c5da2b6ce80f9cc4a030570a1cc071d9a6845b6018baaa77418d5fb030700f7b63620c369c466108465b7c7967c0c84a9b828118c9ba7808abfe69f783c3795ecbe1714d91d56b64b9e8e7f86d3fff9c8084b5ec69fcf586b23c29dc078db3fda0fe8cfaed8ab7a5a39bc2ec6a1410270ea7d41ecbd90e45fc60062bc"}}}}}, 0xfce) 559.265091ms ago: executing program 3 (id=2099): unshare(0x22020400) recvfrom$ax25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 456.94814ms ago: executing program 1 (id=2100): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10) r2 = syz_open_dev$video4linux(0x0, 0x7ffffffffffffffb, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000001080)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$rxrpc(0x21, 0x2, 0xa) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r6, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r7 = dup(r6) write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r7]) chmod(&(0x7f0000000140)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc040564a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) 356.331639ms ago: executing program 3 (id=2101): ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x802c550a, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0) 115.433655ms ago: executing program 0 (id=2102): symlink(&(0x7f0000000dc0)='./file0\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4) readlink(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001200)=""/4096, 0x1000) 114.839028ms ago: executing program 2 (id=2103): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/tty/drivers\x00', 0x0, 0x0) syz_emit_vhci(0x0, 0xd) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) sched_setparam(0x0, &(0x7f0000000400)) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000003a80)={0x0, 0x1c, &(0x7f0000003980)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}]}, &(0x7f0000003ac0)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x6d, 0x0, &(0x7f00000000c0)) r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r4 = userfaultfd(0x801) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_ZEROPAGE(r4, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000576000/0xd000)=nil, 0xd000}}) write$binfmt_aout(r3, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r1], 0xc8) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000180001000000000000000000020000000000000900000000060015000400000014001680100008800c000180"], 0x38}}, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r6, {0x2, 0x4e20, @broadcast}, 0x2, 0x0, 0x0, 0x3}}, 0x2e) accept4(0xffffffffffffffff, &(0x7f0000000540)=@nl=@unspec, &(0x7f0000000200)=0x80, 0x800) writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000040)="caa2e39ec01b52a3bb72b9f1ea75aceba61f03a0b21f0e899d5efb9151d834ef3cf80bd643a4f18c3eb459c25d842b3255a36a5f246086cf8aa5", 0x3a}], 0x1) mount_setattr(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) r7 = syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_aout(r8, &(0x7f00000010c0)=ANY=[], 0x1a3) write$binfmt_misc(r8, &(0x7f0000000040)=ANY=[], 0xe09) ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00000014000800000000000000007f"}}) 0s ago: executing program 3 (id=2104): r0 = syz_open_dev$cec(&(0x7f0000000680), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000080)={"a0453822", 0x0, 0x6, 0x1, 0x0, 0x0, "33793e77c734c4df2a87ba315ab8da", "000100", "00007f10", "8606ba80", ["d8085781ae0cff21223446fe", "51f3d17dc9ed6f291acb3a10", "2ce50f8a285d9500c522afe1"]}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) r2 = syz_open_dev$cec(&(0x7f0000000680), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f0000000180)={"9bc378b2", 0x0, 0x0, 0x0, 0x0, 0x0, "30bea7a84ff0ffa1fa1a9399bcabb5", "e1de8f9b", "5496ca6d", "89d9cbc3", ["f0375d9e332c6776f9563670", "f46ff00fbf11c5a7f541ad56", "e635be89c0404e4322b14adc", "ddd0e7cde6659cd2091cf65f"]}) kernel console output (not intermixed with test programs): T29] kauditd_printk_skb: 42 callbacks suppressed [ 524.794005][ T29] audit: type=1800 audit(1720168123.030:1547): pid=12319 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1658" name="file2" dev="overlay" ino=126 res=0 errno=0 [ 524.851659][ T931] cdc_acm 2-1:1.0: ttyACM0: USB ACM device [ 524.882334][ T931] usb 2-1: USB disconnect, device number 16 [ 525.325241][ T931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 525.414909][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 525.787268][T12350] loop3: detected capacity change from 0 to 1024 [ 525.864204][T12350] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 526.148429][T12350] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 526.453168][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 526.707315][ T5089] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 526.910141][T12351] loop1: detected capacity change from 0 to 32768 [ 526.960831][T12351] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 526.969823][T12351] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 527.115372][T12359] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1667'. [ 527.164356][T12351] XFS (loop1): Ending clean mount [ 527.169874][T12359] netlink: 120 bytes leftover after parsing attributes in process `syz.3.1667'. [ 527.188602][T12351] XFS (loop1): Quotacheck needed: Please wait. [ 527.302951][T12351] XFS (loop1): Quotacheck: Done. [ 527.329611][T12342] loop4: detected capacity change from 0 to 32768 [ 527.464998][T11794] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 527.556555][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 527.935165][T12382] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1671'. [ 528.365044][ T931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 528.465166][ T8] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 528.605180][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 528.634720][T12395] loop4: detected capacity change from 0 to 256 [ 528.735536][ T8] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 528.762719][ T8] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 528.792603][ T8] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 528.804409][ T8] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 528.856443][ T8] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 528.871537][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 528.880666][ T8] usb 4-1: SerialNumber: syz [ 528.903935][T12386] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 528.913713][T12386] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 528.941535][ T8] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 529.223348][ T29] audit: type=1800 audit(1720168127.460:1548): pid=12386 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1674" name="file2" dev="overlay" ino=1945 res=0 errno=0 [ 529.283096][ T8] cdc_acm 4-1:1.0: ttyACM0: USB ACM device [ 529.310084][ T8] usb 4-1: USB disconnect, device number 13 [ 529.645914][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 529.896004][ T931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 530.068474][T12395] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1673'. [ 530.685382][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 530.958562][T12418] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1684'. [ 530.977864][T12418] netlink: 120 bytes leftover after parsing attributes in process `syz.1.1684'. [ 531.608678][ T5100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 531.734997][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 531.753299][T12414] loop4: detected capacity change from 0 to 32768 [ 531.840696][T12414] XFS (loop4): DAX unsupported by block device. Turning off DAX. [ 531.863906][T12414] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 532.196287][T12414] XFS (loop4): Ending clean mount [ 532.243199][T12414] XFS (loop4): Quotacheck needed: Please wait. [ 532.244904][ T931] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 532.251973][T12445] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1688'. [ 532.360049][T12414] XFS (loop4): Quotacheck: Done. [ 532.414189][T12417] loop0: detected capacity change from 0 to 32768 [ 532.458148][ T931] usb 2-1: Using ep0 maxpacket: 8 [ 532.473922][ T931] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 532.507605][ T931] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 532.564897][ T931] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 532.605052][ T931] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 532.638866][ T931] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 532.683072][ T931] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 532.723360][ T931] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.771656][ T931] usbtmc 2-1:16.0: probe with driver usbtmc failed with error -22 [ 532.780449][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 532.893449][ T7395] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 533.689661][T12456] loop4: detected capacity change from 0 to 4096 [ 533.723782][T12456] ntfs3: loop4: Different NTFS sector size (2048) and media sector size (512). [ 533.768970][T12456] ntfs3: loop4: Failed to load $MFT (-2). [ 533.815560][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 534.174063][T12465] loop2: detected capacity change from 0 to 2048 [ 534.208232][T12466] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 534.273615][T12466] NILFS (loop2): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 534.307262][T12466] NILFS error (device loop2): nilfs_bmap_propagate: broken bmap (inode number=4) [ 534.317027][T12453] loop0: detected capacity change from 0 to 32768 [ 534.325914][T12453] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1692 (12453) [ 534.340929][T12466] Remounting filesystem read-only [ 534.355988][ T8181] NILFS (loop2): discard dirty page: offset=0, ino=5 [ 534.374104][T12453] BTRFS info (device loop0): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 534.396121][ T8181] NILFS (loop2): discard dirty block: blocknr=41, size=1024 [ 534.405379][T12453] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 534.413654][ T8181] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 534.421819][T12453] BTRFS info (device loop0): using free-space-tree [ 534.440369][ T8181] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 534.458850][ T8181] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 534.469438][ T8181] NILFS (loop2): discard dirty page: offset=0, ino=4 [ 534.483632][ T8181] NILFS (loop2): discard dirty block: blocknr=40, size=1024 [ 534.498270][ T8181] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 534.513352][ T8181] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 534.556817][ T8181] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 534.686761][ T5100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 534.848508][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 534.962692][ T5100] usb 2-1: USB disconnect, device number 17 [ 535.137839][T12495] loop1: detected capacity change from 0 to 64 [ 536.228055][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 536.325752][T11018] BTRFS info (device loop0): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 536.438388][T12489] loop2: detected capacity change from 0 to 40427 [ 536.494841][T12489] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 536.514901][T12489] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 536.571688][T12489] F2FS-fs (loop2): invalid crc value [ 536.624902][T12489] F2FS-fs (loop2): Found nat_bits in checkpoint [ 536.781524][T12489] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 536.824972][T12489] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 537.139444][T12521] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1704'. [ 537.551968][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 537.582927][T12525] loop0: detected capacity change from 0 to 2048 [ 537.629854][T12527] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 537.747261][ T931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 537.867148][T12530] netlink: 1004 bytes leftover after parsing attributes in process `syz.3.1709'. [ 537.898958][T12497] loop4: detected capacity change from 0 to 32768 [ 538.188162][ T58] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 538.592840][T12547] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1715'. [ 538.775083][ T5146] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 538.795168][ T58] usb 1-1: Using ep0 maxpacket: 8 [ 538.803271][ T58] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 538.815276][ T58] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 538.825892][T12552] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun! [ 538.841511][ T58] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 538.854972][ T58] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 538.881367][ T58] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 538.915036][ T58] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 538.924098][ T58] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.963851][ T58] usbtmc 1-1:16.0: probe with driver usbtmc failed with error -22 [ 538.980693][T12549] loop2: detected capacity change from 0 to 1024 [ 538.999690][T12549] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 539.014950][T12549] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (29254!=20869) [ 539.045169][T12549] EXT4-fs (loop2): journal inode is deleted [ 539.110969][T12549] loop2: detected capacity change from 0 to 64 [ 539.492643][ T5100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 539.495386][T12564] netlink: 1004 bytes leftover after parsing attributes in process `syz.4.1721'. [ 539.529407][T12562] loop2: detected capacity change from 0 to 2048 [ 539.555091][T12566] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 539.621562][T12567] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1718'. [ 540.026213][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 540.461195][T12579] loop1: detected capacity change from 0 to 32768 [ 540.472533][T12579] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1725 (12579) [ 540.497185][T12579] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 540.507690][T12579] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 540.516539][T12579] BTRFS info (device loop1): using free-space-tree [ 540.786893][ T5142] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 541.056404][ T5142] usb 1-1: USB disconnect, device number 14 [ 541.270558][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 541.282535][T12610] fuse: Bad value for 'fd' [ 541.778988][T11794] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 541.991917][T12575] loop3: detected capacity change from 0 to 32768 [ 542.018060][T12616] FAULT_INJECTION: forcing a failure. [ 542.018060][T12616] name failslab, interval 1, probability 0, space 0, times 0 [ 542.071790][T12616] CPU: 1 UID: 0 PID: 12616 Comm: syz.2.1731 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 542.076803][T12614] loop0: detected capacity change from 0 to 32768 [ 542.082057][T12616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 542.082072][T12616] Call Trace: [ 542.082080][T12616] [ 542.082088][T12616] dump_stack_lvl+0x241/0x360 [ 542.109421][T12616] ? __pfx_dump_stack_lvl+0x10/0x10 [ 542.114644][T12616] ? __pfx__printk+0x10/0x10 [ 542.119270][T12616] should_fail_ex+0x3b0/0x4e0 [ 542.123986][T12616] ? security_file_alloc+0x28/0x130 [ 542.129195][T12616] should_failslab+0x9/0x20 [ 542.133712][T12616] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 542.139104][T12616] security_file_alloc+0x28/0x130 [ 542.144142][T12616] init_file+0x99/0x200 [ 542.148316][T12616] alloc_empty_file+0xb8/0x1d0 [ 542.151520][T12614] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1729 (12614) [ 542.153088][T12616] alloc_file_pseudo+0x1da/0x290 [ 542.170763][T12616] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 542.176232][T12616] __shmem_file_setup+0x237/0x2c0 [ 542.181252][T12616] __se_sys_memfd_create+0x36b/0x850 [ 542.186534][T12616] do_syscall_64+0xf3/0x230 [ 542.191025][T12616] ? clear_bhb_loop+0x35/0x90 [ 542.195702][T12616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 542.201591][T12616] RIP: 0033:0x7f1e56175bd9 [ 542.206007][T12616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 542.225599][T12616] RSP: 002b:00007f1e56ebce28 EFLAGS: 00000206 ORIG_RAX: 000000000000013f [ 542.234003][T12616] RAX: ffffffffffffffda RBX: 000000000001f35c RCX: 00007f1e56175bd9 [ 542.241965][T12616] RDX: 00007f1e56ebcf00 RSI: 0000000000000000 RDI: 00007f1e561e3d24 [ 542.249925][T12616] RBP: 000000002003e780 R08: 00007f1e56ebcbc7 R09: 00007f1e56ebce50 [ 542.257885][T12616] R10: 000000000000000a R11: 0000000000000206 R12: 000000002001f380 [ 542.265942][T12616] R13: 00007f1e56ebcf00 R14: 00007f1e56ebcec0 R15: 000000002001f3c0 [ 542.274088][T12616] [ 542.313169][T12614] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 542.315069][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 542.323364][T12614] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 542.340141][T12614] BTRFS info (device loop0): using free-space-tree [ 542.408322][T12623] netlink: 1004 bytes leftover after parsing attributes in process `syz.2.1732'. [ 543.382708][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 543.422601][T12643] loop2: detected capacity change from 0 to 2048 [ 543.533495][T12647] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 543.621800][T11018] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 543.805301][ T5142] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 543.823526][T12650] loop2: detected capacity change from 0 to 1024 [ 543.854588][T12650] EXT4-fs: Ignoring removed orlov option [ 543.875015][T12650] ext4: Bad value for 'barrier' [ 544.002723][ T5107] Bluetooth: hci2: connection err: -111 [ 544.008465][T12650] loop2: detected capacity change from 0 to 8 [ 544.082360][T12650] SQUASHFS error: Unknown inode type 511 in squashfs_iget! [ 544.896922][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 545.037741][ T5107] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 545.114474][T12663] futex_wake_op: syz.2.1739 tries to shift op by -1; fix this program [ 545.244055][T12674] netlink: 'syz.0.1743': attribute type 72 has an invalid length. [ 545.262578][T12674] netlink: 1016 bytes leftover after parsing attributes in process `syz.0.1743'. [ 545.289175][T12675] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1735'. [ 545.978587][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 546.034307][T12688] loop2: detected capacity change from 0 to 512 [ 546.045268][T12688] EXT4-fs (loop2): unable to read superblock [ 546.639904][T12699] loop2: detected capacity change from 0 to 128 [ 546.664903][T12690] loop4: detected capacity change from 0 to 4096 [ 546.677899][T12690] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 546.689288][T12700] loop1: detected capacity change from 0 to 512 [ 546.696535][T12700] EXT4-fs: Ignoring removed bh option [ 546.698749][T12699] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 546.722280][T12700] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 546.784189][T12699] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 546.791266][T12700] EXT4-fs (loop1): 1 truncate cleaned up [ 546.880544][ T5142] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 546.950942][T12700] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 547.006777][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 547.117259][T12707] FAULT_INJECTION: forcing a failure. [ 547.117259][T12707] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 547.157976][T12707] CPU: 1 UID: 0 PID: 12707 Comm: syz.4.1750 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 547.168353][T12707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 547.178427][T12707] Call Trace: [ 547.181725][T12707] [ 547.184663][T12707] dump_stack_lvl+0x241/0x360 [ 547.189374][T12707] ? __pfx_dump_stack_lvl+0x10/0x10 [ 547.194599][T12707] ? __pfx__printk+0x10/0x10 [ 547.199208][T12707] ? __pfx_lock_release+0x10/0x10 [ 547.204256][T12707] should_fail_ex+0x3b0/0x4e0 [ 547.208957][T12707] _copy_from_iter+0x1f6/0x1960 [ 547.213824][T12707] ? __virt_addr_valid+0x183/0x530 [ 547.218953][T12707] ? __pfx_lock_release+0x10/0x10 [ 547.223981][T12707] ? __alloc_skb+0x28f/0x440 [ 547.228563][T12707] ? __pfx__copy_from_iter+0x10/0x10 [ 547.233839][T12707] ? __virt_addr_valid+0x183/0x530 [ 547.238948][T12707] ? __virt_addr_valid+0x183/0x530 [ 547.244140][T12707] ? __virt_addr_valid+0x45f/0x530 [ 547.249244][T12707] ? __check_object_size+0x49c/0x900 [ 547.254520][T12707] netlink_sendmsg+0x73d/0xcb0 [ 547.259281][T12707] ? __pfx_netlink_sendmsg+0x10/0x10 [ 547.264556][T12707] ? __import_iovec+0x536/0x820 [ 547.269405][T12707] ? aa_sock_msg_perm+0x91/0x160 [ 547.274336][T12707] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 547.279616][T12707] ? security_socket_sendmsg+0x87/0xb0 [ 547.285070][T12707] ? __pfx_netlink_sendmsg+0x10/0x10 [ 547.290341][T12707] __sock_sendmsg+0x221/0x270 [ 547.295015][T12707] ____sys_sendmsg+0x525/0x7d0 [ 547.299865][T12707] ? __pfx_____sys_sendmsg+0x10/0x10 [ 547.305326][T12707] __sys_sendmsg+0x2b0/0x3a0 [ 547.309916][T12707] ? __pfx___sys_sendmsg+0x10/0x10 [ 547.315031][T12707] ? vfs_write+0x7c4/0xc90 [ 547.319465][T12707] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 547.325785][T12707] ? do_syscall_64+0x100/0x230 [ 547.330543][T12707] ? do_syscall_64+0xb6/0x230 [ 547.335207][T12707] do_syscall_64+0xf3/0x230 [ 547.339699][T12707] ? clear_bhb_loop+0x35/0x90 [ 547.344366][T12707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.350245][T12707] RIP: 0033:0x7f6840575bd9 [ 547.354649][T12707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 547.374243][T12707] RSP: 002b:00007f68412d6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 547.382650][T12707] RAX: ffffffffffffffda RBX: 00007f6840703f60 RCX: 00007f6840575bd9 [ 547.390611][T12707] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005 [ 547.398571][T12707] RBP: 00007f68412d60a0 R08: 0000000000000000 R09: 0000000000000000 [ 547.406532][T12707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 547.414487][T12707] R13: 000000000000000b R14: 00007f6840703f60 R15: 00007fff7b4f4b88 [ 547.422548][T12707] [ 547.477494][T11794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 547.514142][T12711] loop4: detected capacity change from 0 to 512 [ 547.562880][T12711] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 547.583001][T12683] loop3: detected capacity change from 0 to 32768 [ 547.585200][ T931] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 547.605161][T12711] ext4 filesystem being mounted at /241/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 547.804448][ T931] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 547.841237][ T931] usb 3-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 547.861430][T12724] loop1: detected capacity change from 0 to 1024 [ 547.884831][ T931] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.916625][T12724] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 547.938609][ T931] usb 3-1: config 0 descriptor?? [ 547.961838][ T7395] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 548.045952][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 548.113212][ T5107] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 548.141553][T12730] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 548.193870][T12728] futex_wake_op: syz.3.1756 tries to shift op by -1; fix this program [ 548.528117][T12739] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1755'. [ 548.837927][T11794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 549.085387][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 549.095186][ T5100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 549.659967][T12745] loop4: detected capacity change from 0 to 32768 [ 549.682981][T12745] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1760 (12745) [ 549.705076][T12745] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 549.715385][T12745] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 549.724330][T12745] BTRFS info (device loop4): using free-space-tree [ 549.897944][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 549.938463][T12745] fuse: Bad value for 'fd' [ 550.329127][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 550.432688][ T7395] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 550.911681][T12768] loop1: detected capacity change from 0 to 512 [ 550.942068][T12768] EXT4-fs: Ignoring removed bh option [ 550.966473][T12768] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 550.994087][T12770] loop4: detected capacity change from 0 to 512 [ 551.002104][T12768] EXT4-fs (loop1): 1 truncate cleaned up [ 551.021004][T12768] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 551.021302][T12770] EXT4-fs (loop4): unable to read superblock [ 551.297583][T11794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 551.397454][T12774] loop0: detected capacity change from 0 to 32768 [ 551.462006][T12774] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1763 (12774) [ 551.602701][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 551.612987][T12774] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 551.623405][T12774] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 551.632121][T12774] BTRFS info (device loop0): using free-space-tree [ 552.461525][T12794] loop4: detected capacity change from 0 to 128 [ 552.516212][T12794] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 552.560796][ T931] usbhid 3-1:0.0: can't add hid device: -71 [ 552.584923][ T931] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 552.608131][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 552.646802][T12794] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 552.670423][ T931] usb 3-1: USB disconnect, device number 21 [ 552.756841][T12812] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 552.774999][T12805] futex_wake_op: syz.1.1768 tries to shift op by -1; fix this program [ 552.801072][T12809] loop3: detected capacity change from 0 to 1024 [ 552.953003][ T931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 553.077288][T12809] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 553.225701][T12818] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 553.282521][T11018] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 553.654151][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 553.713027][ T5089] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 554.127592][T12829] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1773'. [ 554.180009][T12820] loop4: detected capacity change from 0 to 32768 [ 554.227734][T12812] loop2: detected capacity change from 0 to 32768 [ 554.314898][T12812] XFS (loop2): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 554.402449][T12812] XFS (loop2): Ending clean mount [ 554.416436][T12812] XFS (loop2): Quotacheck needed: Please wait. [ 554.477596][T12812] XFS (loop2): Quotacheck: Done. [ 554.843607][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 555.614960][ T931] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 555.965447][ T5100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 556.192503][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 556.252336][ T11] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 556.260804][ T2462] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 556.377297][ T931] usb 5-1: Using ep0 maxpacket: 8 [ 556.391364][ T931] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 556.438611][ T931] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 556.439846][T12856] loop0: detected capacity change from 0 to 1024 [ 556.479764][ T931] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 556.608105][T12856] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 556.634870][ T931] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 556.651729][ T931] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 556.671349][T12856] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (29254!=20869) [ 556.686039][ T931] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 556.700130][T12845] fuse: Unknown parameter 'roSmode' [ 556.700186][ T931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.718644][T12864] loop1: detected capacity change from 0 to 64 [ 556.739554][T12864] FAULT_INJECTION: forcing a failure. [ 556.739554][T12864] name failslab, interval 1, probability 0, space 0, times 0 [ 556.754484][T12856] EXT4-fs (loop0): journal inode is deleted [ 556.755827][T12864] CPU: 0 UID: 0 PID: 12864 Comm: syz.1.1780 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 556.770701][T12864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 556.780740][T12864] Call Trace: [ 556.784007][T12864] [ 556.786956][T12864] dump_stack_lvl+0x241/0x360 [ 556.791625][T12864] ? __pfx_dump_stack_lvl+0x10/0x10 [ 556.796812][T12864] ? __pfx__printk+0x10/0x10 [ 556.801649][T12864] ? __pfx___might_resched+0x10/0x10 [ 556.806923][T12864] ? __mutex_unlock_slowpath+0x21d/0x750 [ 556.812546][T12864] should_fail_ex+0x3b0/0x4e0 [ 556.817215][T12864] ? getname_flags+0xb7/0x540 [ 556.821875][T12864] should_failslab+0x9/0x20 [ 556.826365][T12864] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 556.831729][T12864] getname_flags+0xb7/0x540 [ 556.836222][T12864] user_path_at+0x24/0x60 [ 556.840538][T12864] do_sys_truncate+0xa4/0x190 [ 556.845200][T12864] ? __pfx_do_sys_truncate+0x10/0x10 [ 556.850469][T12864] ? do_syscall_64+0x100/0x230 [ 556.855218][T12864] ? do_syscall_64+0xb6/0x230 [ 556.859880][T12864] do_syscall_64+0xf3/0x230 [ 556.864365][T12864] ? clear_bhb_loop+0x35/0x90 [ 556.869029][T12864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.874908][T12864] RIP: 0033:0x7fbabfd75bd9 [ 556.879328][T12864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 556.898922][T12864] RSP: 002b:00007fbac0aa3048 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 556.907324][T12864] RAX: ffffffffffffffda RBX: 00007fbabff03f60 RCX: 00007fbabfd75bd9 [ 556.915280][T12864] RDX: 0000000000000000 RSI: 0000000010081c00 RDI: 0000000020000180 [ 556.923321][T12864] RBP: 00007fbac0aa30a0 R08: 0000000000000000 R09: 0000000000000000 [ 556.931275][T12864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 556.939233][T12864] R13: 000000000000000b R14: 00007fbabff03f60 R15: 00007ffd0ba7ad28 [ 556.947196][T12864] [ 556.995653][ T931] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22 [ 557.039507][T12856] loop0: detected capacity change from 0 to 64 [ 557.260145][T12866] loop1: detected capacity change from 0 to 32768 [ 557.273800][T12866] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1781 (12866) [ 557.302714][T12866] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 557.313064][T12866] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 557.321844][T12866] BTRFS info (device loop1): using free-space-tree [ 557.334222][ T46] net_ratelimit: 4 callbacks suppressed [ 557.334239][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 557.640231][T12882] loop3: detected capacity change from 0 to 1024 [ 557.760491][T12888] fuse: Bad value for 'fd' [ 557.973906][T12886] futex_wake_op: syz.0.1783 tries to shift op by -1; fix this program [ 557.986561][T12890] syz.3.1782: attempt to access beyond end of device [ 557.986561][T12890] loop3: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 558.018847][T12882] syz.3.1782: attempt to access beyond end of device [ 558.018847][T12882] loop3: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 558.036617][T12882] Buffer I/O error on dev loop3, logical block 2889, async page read [ 558.059050][ T29] audit: type=1800 audit(1720168156.300:1549): pid=12882 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1782" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 558.099941][T12882] syz.3.1782: attempt to access beyond end of device [ 558.099941][T12882] loop3: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 558.118106][T12882] syz.3.1782: attempt to access beyond end of device [ 558.118106][T12882] loop3: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 558.146499][T11794] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 558.155849][ T8181] XFS (loop2): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 558.248391][T12882] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1782'. [ 558.288688][T12880] syz.3.1782: attempt to access beyond end of device [ 558.288688][T12880] loop3: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 558.370498][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 558.524216][T12895] loop3: detected capacity change from 0 to 256 [ 558.666076][T10235] usb 5-1: USB disconnect, device number 27 [ 558.710041][ T5100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 559.638731][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 559.649578][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 559.667969][T12903] loop1: detected capacity change from 0 to 1024 [ 559.747142][T12903] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 559.947287][T12912] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 560.404034][T11794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 560.421880][T12896] loop2: detected capacity change from 0 to 32768 [ 560.433839][T12896] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1785 (12896) [ 560.456145][T12896] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 560.474650][T12896] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 560.501740][T12896] BTRFS info (device loop2): using free-space-tree [ 560.654893][ T29] audit: type=1800 audit(1720168158.890:1550): pid=12896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1785" name="bus" dev="loop2" ino=263 res=0 errno=0 [ 560.712259][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 561.214239][ T8181] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 561.304272][T12945] bond0: (slave erspan0): Opening slave failed [ 561.392186][T12947] loop4: detected capacity change from 0 to 2048 [ 561.433775][T12948] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 561.885361][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 561.908685][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 561.924513][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 561.965425][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 562.085902][T12956] FAULT_INJECTION: forcing a failure. [ 562.085902][T12956] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 562.112730][T12956] CPU: 0 UID: 0 PID: 12956 Comm: syz.0.1797 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 562.123010][T12956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 562.133083][T12956] Call Trace: [ 562.133888][T12957] loop3: detected capacity change from 0 to 256 [ 562.136369][T12956] [ 562.136486][T12956] dump_stack_lvl+0x241/0x360 [ 562.136524][T12956] ? __pfx_dump_stack_lvl+0x10/0x10 [ 562.136551][T12956] ? __pfx__printk+0x10/0x10 [ 562.136589][T12956] should_fail_ex+0x3b0/0x4e0 [ 562.136621][T12956] prepare_alloc_pages+0x1da/0x5d0 [ 562.136655][T12956] __alloc_pages_noprof+0x166/0x6c0 [ 562.136684][T12956] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 562.136731][T12956] alloc_pages_mpol_noprof+0x3e8/0x680 [ 562.136760][T12956] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 562.192406][T12956] ? alloc_pages_noprof+0xef/0x170 [ 562.197537][T12956] __pmd_alloc+0x91/0x630 [ 562.201868][T12956] ? mt_find+0x226/0x850 [ 562.206107][T12956] ? __pfx___pmd_alloc+0x10/0x10 [ 562.211045][T12956] handle_mm_fault+0xe66/0x1990 [ 562.215911][T12956] ? __pfx_handle_mm_fault+0x10/0x10 [ 562.221207][T12956] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 562.227534][T12956] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 562.232814][T12956] exc_page_fault+0x2b9/0x8c0 [ 562.237495][T12956] asm_exc_page_fault+0x26/0x30 [ 562.242342][T12956] RIP: 0010:rep_movs_alternative+0x33/0x70 [ 562.248163][T12956] Code: 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb [ 562.267783][T12956] RSP: 0018:ffffc90003c277d0 EFLAGS: 00050212 [ 562.273850][T12956] RAX: 37312e302e7a7973 RBX: 0000000020000050 RCX: 0000000000000010 [ 562.281849][T12956] RDX: 0000000000000000 RSI: ffffc90003c27e80 RDI: 0000000020000040 [ 562.289813][T12956] RBP: ffffc90003c27f00 R08: ffffc90003c27e8f R09: 1ffff92000784fd1 [ 562.297775][T12956] R10: dffffc0000000000 R11: fffff52000784fd2 R12: 0000000000000010 [ 562.305736][T12956] R13: 0000000000000000 R14: 0000000020000040 R15: ffffc90003c27e80 [ 562.313713][T12956] _copy_to_user+0x86/0xb0 [ 562.318130][T12956] __se_sys_prctl+0x37a/0x3990 [ 562.322888][T12956] ? __lock_acquire+0x1359/0x2000 [ 562.327916][T12956] ? _parse_integer_limit+0x1b5/0x200 [ 562.333283][T12956] ? mark_lock+0x9a/0x360 [ 562.337608][T12956] ? __lock_acquire+0x1359/0x2000 [ 562.342627][T12956] ? __pfx___se_sys_prctl+0x10/0x10 [ 562.347831][T12956] ? __pfx_lock_acquire+0x10/0x10 [ 562.352848][T12956] ? get_pid_task+0x23/0x1f0 [ 562.357433][T12956] ? __pfx_lock_release+0x10/0x10 [ 562.362446][T12956] ? kstrtouint_from_user+0x128/0x190 [ 562.367831][T12956] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 562.373717][T12956] ? ksys_write+0x23e/0x2c0 [ 562.378208][T12956] ? __pfx_lock_release+0x10/0x10 [ 562.383227][T12956] ? vfs_write+0x7c4/0xc90 [ 562.387635][T12956] ? __mutex_unlock_slowpath+0x21d/0x750 [ 562.393259][T12956] ? __pfx_vfs_write+0x10/0x10 [ 562.398013][T12956] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 562.403986][T12956] ? __fget_files+0x3f6/0x470 [ 562.408666][T12956] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 562.414674][T12956] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 562.420999][T12956] ? do_syscall_64+0x100/0x230 [ 562.425771][T12956] ? __x64_sys_prctl+0x20/0xc0 [ 562.430527][T12956] do_syscall_64+0xf3/0x230 [ 562.435017][T12956] ? clear_bhb_loop+0x35/0x90 [ 562.439689][T12956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.445572][T12956] RIP: 0033:0x7f511b575bd9 [ 562.449988][T12956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 562.469669][T12956] RSP: 002b:00007f511c2cd048 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 562.478077][T12956] RAX: ffffffffffffffda RBX: 00007f511b703f60 RCX: 00007f511b575bd9 [ 562.486039][T12956] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000010 [ 562.494000][T12956] RBP: 00007f511c2cd0a0 R08: 0000000000000000 R09: 0000000000000000 [ 562.501958][T12956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 562.509916][T12956] R13: 000000000000000b R14: 00007f511b703f60 R15: 00007ffc10636f08 [ 562.517893][T12956] [ 562.587218][T12951] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1790'. [ 562.697838][ T5100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 562.747389][T12957] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 562.809600][T12960] loop2: detected capacity change from 0 to 1024 [ 562.857912][T12960] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 562.895586][T12960] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (29254!=20869) [ 562.936591][T12960] EXT4-fs (loop2): journal inode is deleted [ 563.005216][ T5146] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 563.054402][T12961] loop2: detected capacity change from 0 to 64 [ 563.167931][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.174452][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.848917][T12953] loop4: detected capacity change from 0 to 32768 [ 564.208964][T12977] loop0: detected capacity change from 0 to 32768 [ 564.217836][T12977] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1800 (12977) [ 564.219108][T12979] tunl0: entered promiscuous mode [ 564.246772][ T5146] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 564.265468][T12977] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 564.275752][T12977] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 564.284550][T12977] BTRFS info (device loop0): using free-space-tree [ 564.291397][T12979] netlink: 'syz.3.1802': attribute type 1 has an invalid length. [ 564.327765][T12979] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1802'. [ 564.513041][T12977] fuse: Bad value for 'fd' [ 564.847517][T12999] bond0: (slave erspan0): Opening slave failed [ 565.492547][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 565.494320][T11018] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 565.736588][ T5100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 565.922861][T13008] bond0: (slave erspan0): Opening slave failed [ 566.012250][T13010] loop3: detected capacity change from 0 to 2048 [ 566.151857][T13012] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 566.559627][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 566.894082][T13029] FAULT_INJECTION: forcing a failure. [ 566.894082][T13029] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 566.936575][T13029] CPU: 0 UID: 0 PID: 13029 Comm: syz.4.1806 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 566.946859][T13029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 566.956941][T13029] Call Trace: [ 566.960231][T13029] [ 566.963170][T13029] dump_stack_lvl+0x241/0x360 [ 566.967877][T13029] ? __pfx_dump_stack_lvl+0x10/0x10 [ 566.973096][T13029] ? __pfx__printk+0x10/0x10 [ 566.977709][T13029] ? __pfx_lock_release+0x10/0x10 [ 566.982762][T13029] should_fail_ex+0x3b0/0x4e0 [ 566.987467][T13029] _copy_from_user+0x2f/0xe0 [ 566.992080][T13029] copy_msghdr_from_user+0xae/0x680 [ 566.997312][T13029] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 567.003158][T13029] __sys_sendmsg+0x23d/0x3a0 [ 567.007775][T13029] ? __pfx___sys_sendmsg+0x10/0x10 [ 567.012909][T13029] ? vfs_write+0x7c4/0xc90 [ 567.017387][T13029] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 567.023736][T13029] ? do_syscall_64+0x100/0x230 [ 567.028521][T13029] ? do_syscall_64+0xb6/0x230 [ 567.033216][T13029] do_syscall_64+0xf3/0x230 [ 567.037743][T13029] ? clear_bhb_loop+0x35/0x90 [ 567.042437][T13029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.048343][T13029] RIP: 0033:0x7f6840575bd9 [ 567.052768][T13029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 567.072386][T13029] RSP: 002b:00007f68412d6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 567.080822][T13029] RAX: ffffffffffffffda RBX: 00007f6840703f60 RCX: 00007f6840575bd9 [ 567.088812][T13029] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000003 [ 567.096800][T13029] RBP: 00007f68412d60a0 R08: 0000000000000000 R09: 0000000000000000 [ 567.104872][T13029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 567.112875][T13029] R13: 000000000000000b R14: 00007f6840703f60 R15: 00007fff7b4f4b88 [ 567.120878][T13029] [ 567.423075][T13035] loop4: detected capacity change from 0 to 1024 [ 567.524501][T13035] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 567.588687][T13035] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (29254!=20869) [ 567.645957][T13035] EXT4-fs (loop4): journal inode is deleted [ 567.665135][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 567.690914][T13035] loop4: detected capacity change from 0 to 64 [ 568.438747][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 568.461394][ T2523] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 568.471684][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 568.480843][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 568.724272][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 568.849654][T13044] loop1: detected capacity change from 0 to 32768 [ 568.857699][T13044] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1814 (13044) [ 568.875063][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 568.900978][T13044] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 568.911223][T13044] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 568.920121][T13044] BTRFS info (device loop1): using free-space-tree [ 569.280926][T13064] bond0: (slave erspan0): Opening slave failed [ 569.893772][T13044] fuse: Bad value for 'fd' [ 569.922627][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 570.154304][T13042] loop4: detected capacity change from 0 to 32768 [ 570.173131][T13042] BTRFS: device /dev/loop4 (7:4) using temp-fsid 2f5df2cc-40ae-4d86-925d-61514ae0d9d2 [ 570.413985][T13078] bond0: (slave erspan0): Opening slave failed [ 570.500044][T13079] loop0: detected capacity change from 0 to 2048 [ 570.783768][T13042] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1813 (13042) [ 570.798299][T13080] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 570.847097][T11794] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 570.890687][T13083] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1817'. [ 570.991417][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 571.365557][T13042] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 571.380712][T13089] fuse: Bad value for 'group_id' [ 571.395043][T13042] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 571.405579][T13089] loop0: detected capacity change from 0 to 256 [ 571.412601][T13089] exfat: Unknown parameter 'fcmoT zȋNh1/N.Bms`@U-9XZ~wN1xt5ofi9N2ũq؎N [ 571.412601][T13089] ֱg9' [ 571.434873][T13042] BTRFS info (device loop4): using free-space-tree [ 571.447562][T13042] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 571.449728][T13042] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 571.465963][T13042] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 571.505866][T13042] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 571.526181][T13042] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 571.538331][T13042] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 571.563350][T13042] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 571.622793][T13042] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 571.762474][T13042] BTRFS error (device loop4): open_ctree failed [ 571.907733][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 572.159852][ T5146] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 572.183917][T13122] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 573.011497][T13129] FAULT_INJECTION: forcing a failure. [ 573.011497][T13129] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 573.030352][T13133] loop0: detected capacity change from 0 to 256 [ 573.053315][T13122] loop3: detected capacity change from 0 to 4096 [ 573.059955][T13129] CPU: 1 UID: 0 PID: 13129 Comm: syz.1.1829 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 573.070218][T13129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 573.080298][T13129] Call Trace: [ 573.083598][T13129] [ 573.086548][T13129] dump_stack_lvl+0x241/0x360 [ 573.091263][T13129] ? __pfx_dump_stack_lvl+0x10/0x10 [ 573.096495][T13129] ? __pfx__printk+0x10/0x10 [ 573.101126][T13129] ? __pfx_lock_release+0x10/0x10 [ 573.106181][T13129] ? __local_bh_enable_ip+0x168/0x200 [ 573.111578][T13129] ? copy_fpstate_to_sigframe+0x175/0xd90 [ 573.117327][T13129] should_fail_ex+0x3b0/0x4e0 [ 573.122141][T13129] copy_fpstate_to_sigframe+0xa87/0xd90 [ 573.127724][T13129] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 573.133823][T13129] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 573.140187][T13129] ? __pfx_lock_acquire+0x10/0x10 [ 573.145241][T13129] ? do_raw_spin_lock+0x14f/0x370 [ 573.150287][T13129] ? fpu__alloc_mathframe+0xab/0x130 [ 573.155598][T13129] get_sigframe+0x55d/0x700 [ 573.160136][T13129] ? __pfx_get_sigframe+0x10/0x10 [ 573.165179][T13129] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 573.171186][T13129] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 573.177542][T13129] ? _raw_spin_lock_irq+0xdf/0x120 [ 573.182693][T13129] x64_setup_rt_frame+0x180/0xcc0 [ 573.187739][T13129] ? lockdep_hardirqs_on+0x99/0x150 [ 573.192965][T13129] ? _raw_spin_unlock_irq+0x2e/0x50 [ 573.198201][T13129] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 573.203955][T13129] arch_do_signal_or_restart+0x458/0x860 [ 573.209618][T13129] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 573.215880][T13129] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 573.221893][T13129] ? syscall_exit_to_user_mode+0xa3/0x370 [ 573.227640][T13129] syscall_exit_to_user_mode+0xc9/0x370 [ 573.233215][T13129] do_syscall_64+0x100/0x230 [ 573.237831][T13129] ? clear_bhb_loop+0x35/0x90 [ 573.242530][T13129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.248446][T13129] RIP: 0033:0x7fbabfd75bd9 [ 573.252967][T13129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 573.272596][T13129] RSP: 002b:00007fbac0aa3048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 573.281039][T13129] RAX: fffffffffffffffc RBX: 00007fbabff03f60 RCX: 00007fbabfd75bd9 [ 573.289030][T13129] RDX: 0000000000000000 RSI: 00000000200008c0 RDI: 0000000000000004 [ 573.297019][T13129] RBP: 00007fbac0aa30a0 R08: 0000000000000000 R09: 0000000000000000 [ 573.305012][T13129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 573.313002][T13129] R13: 000000000000000b R14: 00007fbabff03f60 R15: 00007ffd0ba7ad28 [ 573.321001][T13129] [ 573.345464][T13122] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 573.362798][T13133] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 573.991266][T13147] loop0: detected capacity change from 0 to 2048 [ 574.399908][T13145] bond0: (slave erspan0): Opening slave failed [ 574.408987][ T2502] net_ratelimit: 1 callbacks suppressed [ 574.409004][ T2502] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 574.423062][ T5146] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 574.432054][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 574.443745][T13150] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 574.465638][ T5100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 574.925180][ T5107] Bluetooth: hci3: command 0x0405 tx timeout [ 575.431944][ T5100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 575.472371][T13156] loop0: detected capacity change from 0 to 2048 [ 575.489264][ T5107] Bluetooth: hci4: command 0x0406 tx timeout [ 575.505138][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 575.532512][T13156] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 576.129170][T11018] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 576.537232][ T5146] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 577.584013][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 577.709718][T13157] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1832'. [ 578.708658][T13194] bond0: (slave erspan0): Opening slave failed [ 578.738028][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 578.941822][T13193] loop4: detected capacity change from 0 to 2048 [ 578.948424][ T9] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 578.977701][T13196] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 579.020684][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 579.202726][T13201] loop3: detected capacity change from 0 to 1024 [ 579.221784][ T9] usb 2-1: New USB device found, idVendor=6737, idProduct=0001, bcdDevice=5e.f6 [ 579.254179][ T5094] Bluetooth: hci4: unexpected event for opcode 0x1004 [ 579.256021][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 579.315787][ T9] usb 2-1: Product: syz [ 579.330831][ T9] usb 2-1: Manufacturer: syz [ 579.337435][T13201] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.1845' sets config #0 [ 579.363995][ T9] usb 2-1: SerialNumber: syz [ 579.396249][ T9] usb 2-1: config 0 descriptor?? [ 579.422551][ T9] cypress_m8 2-1:0.0: HID->COM RS232 Adapter converter detected [ 579.445734][ T9] cyphidcom ttyUSB0: required endpoint is missing [ 579.542014][T13208] loop2: detected capacity change from 0 to 2048 [ 579.719820][T13208] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 579.809846][T13180] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1839'. [ 580.220992][T13219] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1849'. [ 580.532166][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 580.921173][T13224] loop4: detected capacity change from 0 to 4096 [ 580.958547][T13224] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 581.331474][ T8181] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 581.421753][T13214] loop3: detected capacity change from 0 to 32768 [ 581.434985][ T9] usb 2-1: USB disconnect, device number 18 [ 581.441942][ T9] cypress_m8 2-1:0.0: device disconnected [ 581.764655][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 581.820713][T13269] bond0: (slave erspan0): Opening slave failed [ 581.906019][T13272] loop0: detected capacity change from 0 to 2048 [ 582.005662][T13276] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 582.115328][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 582.572403][T13284] bond0: (slave erspan0): Opening slave failed [ 582.657927][T13285] loop2: detected capacity change from 0 to 2048 [ 583.233144][T13289] netlink: 191416 bytes leftover after parsing attributes in process `syz.4.1858'. [ 583.281099][ T9] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 583.281200][T13290] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 583.648657][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 583.656822][ T5142] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 583.665211][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 583.678026][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 583.694611][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 583.704766][ T9] usb 2-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00 [ 583.713912][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 583.747350][ T9] usb 2-1: config 0 descriptor?? [ 584.080457][T13304] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1861'. [ 584.688075][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 584.757241][ T9] hid-led 0003:04D8:F372.0009: hidraw0: USB HID v0.00 Device [HID 04d8:f372] on usb-dummy_hcd.1-1/input0 [ 584.794490][ T9] hid-led 0003:04D8:F372.0009: Greynut Luxafor initialized [ 584.824884][ T5142] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 584.857488][T13309] 9pnet_fd: Insufficient options for proto=fd [ 584.875856][T13309] bridge0: entered allmulticast mode [ 585.026843][T13309] loop4: detected capacity change from 0 to 4096 [ 585.046785][ T5142] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 585.059474][T13310] loop1: detected capacity change from 0 to 8192 [ 585.066284][ T5142] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.075064][T13309] ntfs3: loop4: Different NTFS sector size (2048) and media sector size (512). [ 585.092164][ T5142] usb 1-1: config 0 descriptor?? [ 585.117612][T13309] ntfs3: loop4: Failed to load $Bitmap (-22). [ 585.167211][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 585.195887][T13313] loop3: detected capacity change from 0 to 1024 [ 585.483346][T13297] batadv_slave_1: entered promiscuous mode [ 585.520763][T13313] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 585.537281][T13297] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 585.750037][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 585.763217][T13297] batadv_slave_1 (unregistering): left promiscuous mode [ 585.783983][T13313] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 585.791700][T13297] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 586.058816][ T5142] pegasus 1-1:0.0: probe with driver pegasus failed with error -71 [ 586.101970][T13324] loop2: detected capacity change from 0 to 4096 [ 586.122481][T13325] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 586.151837][ T5142] usb 1-1: USB disconnect, device number 15 [ 586.173067][ T5089] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 586.556962][ T5142] usb 2-1: USB disconnect, device number 19 [ 586.638210][ T8] leds luxafor0:blue:led5: Setting an LED's brightness failed (-38) [ 587.285740][ T5100] leds luxafor0:green:led5: Setting an LED's brightness failed (-38) [ 587.294733][ T8] leds luxafor0:red:led5: Setting an LED's brightness failed (-38) [ 587.304831][ T5100] leds luxafor0:blue:led4: Setting an LED's brightness failed (-38) [ 587.313701][ T5100] leds luxafor0:green:led4: Setting an LED's brightness failed (-38) [ 587.322870][ T5100] leds luxafor0:red:led4: Setting an LED's brightness failed (-38) [ 587.331569][ T5100] leds luxafor0:blue:led3: Setting an LED's brightness failed (-38) [ 587.340388][ T5100] leds luxafor0:green:led3: Setting an LED's brightness failed (-38) [ 587.349358][ T5100] leds luxafor0:red:led3: Setting an LED's brightness failed (-38) [ 587.375782][ T5100] leds luxafor0:blue:led2: Setting an LED's brightness failed (-38) [ 587.514659][T13337] loop0: detected capacity change from 0 to 32768 [ 587.525451][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 587.542236][T13337] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1871 (13337) [ 587.629004][ T5100] leds luxafor0:green:led2: Setting an LED's brightness failed (-38) [ 587.639025][ T8] leds luxafor0:red:led2: Setting an LED's brightness failed (-38) [ 587.639365][T13337] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 587.647909][ T8] leds luxafor0:blue:led1: Setting an LED's brightness failed (-38) [ 587.657391][T13337] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 587.666035][ T8] leds luxafor0:green:led1: Setting an LED's brightness failed (-38) [ 587.673944][T13337] BTRFS info (device loop0): using free-space-tree [ 587.682703][ T8] leds luxafor0:red:led1: Setting an LED's brightness failed (-38) [ 587.760492][T13344] bond0: (slave erspan0): Opening slave failed [ 587.848497][T13345] loop1: detected capacity change from 0 to 2048 [ 587.963358][T13348] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 588.291583][ T5100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 588.315844][ T5100] leds luxafor0:blue:led0: Setting an LED's brightness failed (-38) [ 588.350471][ T5100] leds luxafor0:green:led0: Setting an LED's brightness failed (-38) [ 588.588604][T13365] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1873'. [ 589.217144][T13366] fuse: Bad value for 'fd' [ 589.255276][ T8] leds luxafor0:red:led0: Setting an LED's brightness failed (-38) [ 589.275436][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 589.585753][T13369] sctp: [Deprecated]: syz.3.1875 (pid 13369) Use of int in maxseg socket option. [ 589.585753][T13369] Use struct sctp_assoc_value instead [ 589.714389][T13371] loop1: detected capacity change from 0 to 2048 [ 589.764490][T11018] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 589.811961][T13371] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 589.912463][T13381] loop3: detected capacity change from 0 to 1024 [ 590.149145][T13381] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 590.286172][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 590.379606][T13390] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 590.602556][T13394] loop0: detected capacity change from 0 to 1024 [ 590.632513][T13394] EXT4-fs error (device loop0): __ext4_get_inode_loc:4431: comm syz.0.1881: Invalid inode table block 0 in block_group 0 [ 590.658721][T13394] EXT4-fs (loop0): Remounting filesystem read-only [ 590.685748][T11794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 590.715107][T13394] EXT4-fs (loop0): get root inode failed [ 590.720778][T13394] EXT4-fs (loop0): mount failed [ 590.829786][ T5089] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 591.322750][T13407] bond0: (slave erspan0): Opening slave failed [ 591.409151][T13408] loop3: detected capacity change from 0 to 2048 [ 591.554502][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 591.711884][T13410] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1885'. [ 591.727974][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 592.159338][T13413] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 592.214589][T13412] loop1: detected capacity change from 0 to 2048 [ 592.492675][T13418] loop0: detected capacity change from 0 to 32768 [ 592.500220][T13418] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1887 (13418) [ 592.519435][T13418] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 592.530092][T13418] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 592.538836][T13418] BTRFS info (device loop0): using free-space-tree [ 592.579784][T13412] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 592.611884][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 592.661699][ T29] audit: type=1804 audit(1720168190.900:1551): pid=13412 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1882" name="/newroot/58/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop1" ino=1367 res=1 errno=0 [ 592.870214][T13432] loop3: detected capacity change from 0 to 32768 [ 592.886978][T13432] BTRFS: device /dev/loop3 (7:3) using temp-fsid 60cae156-32df-442d-80c2-3ea3e94b49f1 [ 592.896736][T13432] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1888 (13432) [ 592.923546][T13432] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 592.934194][T13432] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 592.942970][T13432] BTRFS info (device loop3): using free-space-tree [ 593.142699][T13436] mkiss: ax0: crc mode is auto. [ 593.352199][ T5100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 593.374585][T11018] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 593.685980][T13466] fuse: Bad value for 'fd' [ 593.923109][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 594.109849][T13470] loop4: detected capacity change from 0 to 2048 [ 594.115926][ T5089] BTRFS info (device loop3): last unmount of filesystem 60cae156-32df-442d-80c2-3ea3e94b49f1 [ 594.183668][T13477] loop0: detected capacity change from 0 to 64 [ 594.187238][T13472] loop2: detected capacity change from 0 to 2048 [ 594.198199][T13470] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 594.330603][T13472] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 594.767527][ T5100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 594.787973][ T7395] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 594.802876][ T5142] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 594.971457][T13487] overlayfs: missing 'lowerdir' [ 595.062289][ T29] audit: type=1800 audit(1720168193.290:1552): pid=13488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1890" name="file2" dev="loop0" ino=6 res=0 errno=0 [ 595.126333][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 595.253787][T13490] loop3: detected capacity change from 0 to 1024 [ 595.406028][ T8181] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 595.544126][ T5142] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 595.555976][ T5142] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 595.568793][ T5142] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 595.580481][ T5142] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 595.673637][T13498] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1897'. [ 596.251004][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 596.257282][T13490] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 596.285510][ T5142] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 596.320271][ T5142] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 596.343991][T13500] FAULT_INJECTION: forcing a failure. [ 596.343991][T13500] name failslab, interval 1, probability 0, space 0, times 0 [ 596.353196][ T5142] usb 2-1: SerialNumber: syz [ 596.359274][T13500] CPU: 1 UID: 0 PID: 13500 Comm: syz.4.1900 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 596.371711][T13500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 596.381767][T13500] Call Trace: [ 596.385063][T13500] [ 596.388013][T13500] dump_stack_lvl+0x241/0x360 [ 596.389360][T13481] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 596.392703][T13500] ? __pfx_dump_stack_lvl+0x10/0x10 [ 596.405001][T13500] ? __pfx__printk+0x10/0x10 [ 596.409596][T13500] ? netlink_insert+0x10b7/0x14b0 [ 596.414642][T13500] should_fail_ex+0x3b0/0x4e0 [ 596.419349][T13500] ? __alloc_skb+0x1c3/0x440 [ 596.423953][T13500] should_failslab+0x9/0x20 [ 596.428468][T13500] kmem_cache_alloc_node_noprof+0x71/0x320 [ 596.434281][T13500] __alloc_skb+0x1c3/0x440 [ 596.438693][T13500] ? __pfx___alloc_skb+0x10/0x10 [ 596.443624][T13500] ? netlink_autobind+0xd6/0x2f0 [ 596.448551][T13500] ? netlink_autobind+0x2b0/0x2f0 [ 596.453572][T13500] netlink_sendmsg+0x638/0xcb0 [ 596.458337][T13500] ? __pfx_netlink_sendmsg+0x10/0x10 [ 596.463625][T13500] ? __import_iovec+0x536/0x820 [ 596.468468][T13500] ? aa_sock_msg_perm+0x91/0x160 [ 596.473400][T13500] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 596.478680][T13500] ? security_socket_sendmsg+0x87/0xb0 [ 596.484142][T13500] ? __pfx_netlink_sendmsg+0x10/0x10 [ 596.489420][T13500] __sock_sendmsg+0x221/0x270 [ 596.494104][T13500] ____sys_sendmsg+0x525/0x7d0 [ 596.498867][T13500] ? __pfx_____sys_sendmsg+0x10/0x10 [ 596.504173][T13500] __sys_sendmsg+0x2b0/0x3a0 [ 596.508757][T13500] ? __pfx___sys_sendmsg+0x10/0x10 [ 596.513861][T13500] ? vfs_write+0x7c4/0xc90 [ 596.518316][T13500] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 596.524646][T13500] ? do_syscall_64+0x100/0x230 [ 596.529404][T13500] ? do_syscall_64+0xb6/0x230 [ 596.534072][T13500] do_syscall_64+0xf3/0x230 [ 596.538571][T13500] ? clear_bhb_loop+0x35/0x90 [ 596.543242][T13500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.549126][T13500] RIP: 0033:0x7f6840575bd9 [ 596.553530][T13500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 596.573130][T13500] RSP: 002b:00007f68412d6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 596.581536][T13500] RAX: ffffffffffffffda RBX: 00007f6840703f60 RCX: 00007f6840575bd9 [ 596.589498][T13500] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 596.597457][T13500] RBP: 00007f68412d60a0 R08: 0000000000000000 R09: 0000000000000000 [ 596.605422][T13500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 596.613383][T13500] R13: 000000000000000b R14: 00007f6840703f60 R15: 00007fff7b4f4b88 [ 596.621367][T13500] [ 596.635057][T13481] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 596.643523][ T5142] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 596.833403][T13489] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 596.854248][T13481] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 596.926148][T13506] bond0: (slave erspan0): Opening slave failed [ 597.012677][T13508] loop2: detected capacity change from 0 to 2048 [ 597.056383][T13481] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 597.630335][T13509] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 597.658229][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 597.671225][ T29] audit: type=1800 audit(1720168195.910:1553): pid=13481 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1895" name="file2" dev="overlay" ino=369 res=0 errno=0 [ 597.723533][ T5142] cdc_acm 2-1:1.0: ttyACM0: USB ACM device [ 597.740607][ T5142] usb 2-1: USB disconnect, device number 20 [ 597.820813][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 597.961578][ T5089] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 598.111540][T13518] loop4: detected capacity change from 0 to 2048 [ 598.126692][T13525] FAULT_INJECTION: forcing a failure. [ 598.126692][T13525] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 598.154479][T13525] CPU: 0 UID: 0 PID: 13525 Comm: syz.3.1903 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 598.164732][T13525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 598.174781][T13525] Call Trace: [ 598.178061][T13525] [ 598.180976][T13525] dump_stack_lvl+0x241/0x360 [ 598.185647][T13525] ? __pfx_dump_stack_lvl+0x10/0x10 [ 598.190839][T13525] ? __pfx__printk+0x10/0x10 [ 598.195437][T13525] ? __pfx_lock_release+0x10/0x10 [ 598.200469][T13525] ? __lock_acquire+0x1359/0x2000 [ 598.205484][T13525] should_fail_ex+0x3b0/0x4e0 [ 598.210152][T13525] _copy_from_user+0x2f/0xe0 [ 598.214726][T13525] kstrtouint_from_user+0xc6/0x190 [ 598.219831][T13525] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 598.225565][T13525] ? __pfx_lock_acquire+0x10/0x10 [ 598.230588][T13525] proc_fail_nth_write+0xaa/0x2d0 [ 598.235613][T13525] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 598.241505][T13525] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 598.247136][T13525] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 598.252767][T13525] vfs_write+0x2a2/0xc90 [ 598.257015][T13525] ? __pfx_vfs_write+0x10/0x10 [ 598.261771][T13525] ? __fget_files+0x29/0x470 [ 598.266358][T13525] ? __fget_files+0x3f6/0x470 [ 598.271038][T13525] ksys_write+0x1a0/0x2c0 [ 598.275384][T13525] ? __pfx_ksys_write+0x10/0x10 [ 598.280224][T13525] ? do_syscall_64+0x100/0x230 [ 598.284991][T13525] ? do_syscall_64+0xb6/0x230 [ 598.289683][T13525] do_syscall_64+0xf3/0x230 [ 598.294188][T13525] ? clear_bhb_loop+0x35/0x90 [ 598.298867][T13525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 598.304754][T13525] RIP: 0033:0x7f6cca97475f [ 598.309167][T13525] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 598.328779][T13525] RSP: 002b:00007f6ccb73b040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 598.337193][T13525] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6cca97475f [ 598.345166][T13525] RDX: 0000000000000001 RSI: 00007f6ccb73b0b0 RDI: 0000000000000004 [ 598.353132][T13525] RBP: 00007f6ccb73b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 598.361101][T13525] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 598.369066][T13525] R13: 000000000000006e R14: 00007f6ccab04038 R15: 00007fff337be9f8 [ 598.377046][T13525] [ 598.390354][T13518] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 598.415710][ T29] audit: type=1804 audit(1720168196.650:1554): pid=13518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1901" name="/newroot/271/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop4" ino=1367 res=1 errno=0 [ 598.496828][T13522] loop2: detected capacity change from 0 to 128 [ 598.756630][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 598.910524][T13531] loop1: detected capacity change from 0 to 2048 [ 598.989189][T13531] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 599.329253][T13544] loop4: detected capacity change from 0 to 2048 [ 599.337595][T13546] blktrace: Concurrent blktraces are not allowed on sg0 [ 599.423712][T13544] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 600.243460][ T5146] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 600.249884][T11794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 600.744069][T13566] bond0: (slave erspan0): Opening slave failed [ 600.831369][T13568] loop1: detected capacity change from 0 to 2048 [ 600.898373][T13569] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 601.356495][ T5142] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 601.371402][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 601.393486][ T7395] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 601.744456][T13565] loop0: detected capacity change from 0 to 32768 [ 601.775015][T13565] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1915 (13565) [ 601.814572][T13556] loop3: detected capacity change from 0 to 32768 [ 601.828426][T13556] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1913 (13556) [ 601.844947][T13565] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 601.863453][T13556] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 601.867700][T13565] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 601.885050][ T5142] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 601.892515][T13565] BTRFS info (device loop0): using free-space-tree [ 601.902985][T13556] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 601.933390][T13556] BTRFS info (device loop3): using free-space-tree [ 602.016584][T13565] BTRFS info (device loop0): rebuilding free space tree [ 602.116784][ T5142] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 602.142548][ T5142] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 602.197189][ T5142] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 602.337946][T11018] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 602.797671][ T5146] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 602.996419][ T931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 603.018739][ T5142] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 603.033254][ T5142] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 603.046519][ T5142] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 603.054845][ T5142] usb 2-1: SerialNumber: syz [ 603.062614][T13572] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 603.076729][ T5089] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 603.095194][T13572] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 603.120946][ T5142] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 603.405785][T13572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 603.435201][T13572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 603.478022][ T29] audit: type=1800 audit(1720168201.710:1555): pid=13572 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1916" name="file2" dev="overlay" ino=395 res=0 errno=0 [ 603.526199][ T5142] cdc_acm 2-1:1.0: ttyACM0: USB ACM device [ 603.577577][ T5142] usb 2-1: USB disconnect, device number 21 [ 603.655711][T13574] loop4: detected capacity change from 0 to 65536 [ 603.663650][T13615] loop2: detected capacity change from 0 to 2048 [ 603.745467][T13615] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 603.779812][T13574] XFS (loop4): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 603.844162][ T5146] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 603.884160][T13574] XFS (loop4): Ending clean mount [ 603.916053][T13628] loop0: detected capacity change from 0 to 2048 [ 603.928063][T13574] XFS (loop4): Quotacheck needed: Please wait. [ 603.968196][T13628] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 604.004573][T13633] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 604.042636][T13574] XFS (loop4): Quotacheck: Done. [ 604.198220][ T29] audit: type=1800 audit(1720168202.440:1556): pid=13574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1917" name="bus" dev="loop4" ino=43 res=0 errno=0 [ 604.301488][ T7395] XFS (loop4): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 604.372159][ T931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 604.449942][ T63] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 604.500801][ T63] EXT4-fs (loop2): This should not happen!! Data will be lost [ 604.500801][ T63] [ 604.524847][ T63] EXT4-fs (loop2): Total free blocks count 0 [ 604.534873][ T63] EXT4-fs (loop2): Free/Dirty block details [ 604.540817][ T63] EXT4-fs (loop2): free_blocks=66060288 [ 604.576013][ T63] EXT4-fs (loop2): dirty_blocks=3088 [ 604.647496][T13645] loop3: detected capacity change from 0 to 2048 [ 604.702609][ T63] EXT4-fs (loop2): Block reservation details [ 604.716447][T13645] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 604.738957][ T63] EXT4-fs (loop2): i_reserved_data_blocks=193 [ 604.817737][T11018] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 604.848947][T13648] bond0: (slave erspan0): Opening slave failed [ 604.932970][T13650] loop1: detected capacity change from 0 to 2048 [ 605.004257][T13651] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 605.084527][ T63] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 1036 with error 28 [ 605.132843][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 605.355422][T13662] blktrace: Concurrent blktraces are not allowed on sg0 [ 605.406361][T13664] FAULT_INJECTION: forcing a failure. [ 605.406361][T13664] name failslab, interval 1, probability 0, space 0, times 0 [ 605.424023][T13664] CPU: 1 UID: 0 PID: 13664 Comm: syz.4.1931 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 605.434307][T13664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 605.444382][T13664] Call Trace: [ 605.447678][T13664] [ 605.450634][T13664] dump_stack_lvl+0x241/0x360 [ 605.455347][T13664] ? __pfx_dump_stack_lvl+0x10/0x10 [ 605.460576][T13664] ? __pfx__printk+0x10/0x10 [ 605.465208][T13664] ? __pfx___might_resched+0x10/0x10 [ 605.470508][T13664] ? dynamic_dname+0x141/0x1b0 [ 605.475295][T13664] should_fail_ex+0x3b0/0x4e0 [ 605.480431][T13664] ? tomoyo_encode+0x26f/0x540 [ 605.485217][T13664] should_failslab+0x9/0x20 [ 605.489739][T13664] __kmalloc_noprof+0xd8/0x400 [ 605.493726][ T147] Bluetooth: hci5: Frame reassembly failed (-84) [ 605.494512][T13664] tomoyo_encode+0x26f/0x540 [ 605.494539][T13664] ? __pfx_anon_inodefs_dname+0x10/0x10 [ 605.511192][T13664] tomoyo_realpath_from_path+0x59e/0x5e0 [ 605.516866][T13664] tomoyo_path_number_perm+0x23a/0x880 [ 605.522351][T13664] ? tomoyo_path_number_perm+0x208/0x880 [ 605.528005][T13664] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 605.534044][T13664] ? __fget_files+0x29/0x470 [ 605.538658][T13664] ? __fget_files+0x3f6/0x470 [ 605.543436][T13664] ? __fget_files+0x29/0x470 [ 605.548051][T13664] security_file_ioctl+0x75/0xb0 [ 605.553008][T13664] __se_sys_ioctl+0x47/0x170 [ 605.557616][T13664] do_syscall_64+0xf3/0x230 [ 605.562122][T13664] ? clear_bhb_loop+0x35/0x90 [ 605.566825][T13664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.572729][T13664] RIP: 0033:0x7f6840575bd9 [ 605.577152][T13664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 605.596783][T13664] RSP: 002b:00007f68412d6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 605.600126][T13674] loop2: detected capacity change from 0 to 1024 [ 605.605205][T13664] RAX: ffffffffffffffda RBX: 00007f6840703f60 RCX: 00007f6840575bd9 [ 605.605226][T13664] RDX: 0000000020000040 RSI: 00000000c048aeca RDI: 0000000000000006 [ 605.605238][T13664] RBP: 00007f68412d60a0 R08: 0000000000000000 R09: 0000000000000000 [ 605.605252][T13664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 605.605264][T13664] R13: 000000000000000b R14: 00007f6840703f60 R15: 00007fff7b4f4b88 [ 605.605294][T13664] [ 605.641400][T13674] loop2: detected capacity change from 0 to 1024 [ 605.679602][T13664] ERROR: Out of memory at tomoyo_realpath_from_path. [ 605.711450][ T5089] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 606.647705][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 607.168989][T13699] bond0: (slave erspan0): Opening slave failed [ 607.252107][T13701] loop1: detected capacity change from 0 to 2048 [ 607.273423][T13702] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 607.369372][T13685] loop4: detected capacity change from 0 to 32768 [ 607.393235][T13685] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1936 (13685) [ 607.450811][ T5142] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 607.461419][T13685] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 607.473225][T13685] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 607.484978][ T5107] Bluetooth: hci5: command 0x1003 tx timeout [ 607.498182][T13685] BTRFS info (device loop4): using free-space-tree [ 607.544350][ T5094] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 607.678027][T13722] blktrace: Concurrent blktraces are not allowed on sg0 [ 607.725760][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 607.893851][T13736] loop2: detected capacity change from 0 to 64 [ 608.084153][ T7395] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 608.637950][ T931] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 608.680808][T13721] loop0: detected capacity change from 0 to 32768 [ 608.851693][ T931] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 608.927020][ T931] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0 [ 609.005199][T13746] overlayfs: missing 'lowerdir' [ 609.073924][ T29] audit: type=1800 audit(1720168207.280:1557): pid=13742 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1946" name="file2" dev="loop2" ino=6 res=0 errno=0 [ 609.337479][ T931] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 609.396766][ T931] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 609.426885][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 609.463463][T13750] loop3: detected capacity change from 0 to 512 [ 609.474842][ T931] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.507075][ T931] usb 2-1: config 0 descriptor?? [ 609.652834][T13753] loop4: detected capacity change from 0 to 1024 [ 609.674592][T13753] hfsplus: unable to parse mount options [ 609.736626][T13753] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1947'. [ 609.761871][T13753] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1947'. [ 609.779997][T13757] loop3: detected capacity change from 0 to 2048 [ 609.813732][T13757] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 609.837397][ T29] audit: type=1804 audit(1720168208.080:1558): pid=13757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1951" name="/newroot/404/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop3" ino=1367 res=1 errno=0 [ 609.965939][ T931] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 610.118541][ T931] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 610.128212][ T931] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 610.139912][ T931] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 610.151034][ T931] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 610.169297][ T931] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 610.183314][ T931] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 610.194511][ T931] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 610.204066][ T931] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 610.221234][ T931] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 610.260808][ T931] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 610.302828][ T931] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 610.405498][ T931] usb 2-1: USB disconnect, device number 22 [ 610.462620][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 610.534940][ T5142] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 610.877469][T13769] loop2: detected capacity change from 0 to 4096 [ 610.917594][T13769] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 610.985357][T13769] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 611.163005][T13779] loop1: detected capacity change from 0 to 32768 [ 611.171529][T13779] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1957 (13779) [ 611.234755][T13779] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 611.268453][T13779] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 611.305458][T13779] BTRFS info (device loop1): using free-space-tree [ 611.401258][T13795] loop4: detected capacity change from 0 to 256 [ 611.502659][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 611.509642][T13795] loop4: detected capacity change from 0 to 4096 [ 611.517979][T13795] ntfs3: Unknown parameter '0xffffffffffffffff' [ 611.894383][T11794] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 611.898718][T13815] loop4: detected capacity change from 0 to 16 [ 611.937546][T13815] erofs: (device loop4): erofs_read_inode: bogus i_mode (0) @ nid 36 [ 612.081044][T13817] FAULT_INJECTION: forcing a failure. [ 612.081044][T13817] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 612.124081][T13817] CPU: 1 UID: 0 PID: 13817 Comm: syz.3.1962 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 612.134367][T13817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 612.144431][T13817] Call Trace: [ 612.147717][T13817] [ 612.150653][T13817] dump_stack_lvl+0x241/0x360 [ 612.155350][T13817] ? __pfx_dump_stack_lvl+0x10/0x10 [ 612.160562][T13817] ? __pfx__printk+0x10/0x10 [ 612.165163][T13817] ? __pfx_lock_release+0x10/0x10 [ 612.170194][T13817] should_fail_ex+0x3b0/0x4e0 [ 612.174873][T13817] _copy_from_user+0x2f/0xe0 [ 612.179468][T13817] copy_msghdr_from_user+0xae/0x680 [ 612.184670][T13817] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 612.190493][T13817] __sys_sendmsg+0x23d/0x3a0 [ 612.195083][T13817] ? __pfx___sys_sendmsg+0x10/0x10 [ 612.200203][T13817] ? vfs_write+0x7c4/0xc90 [ 612.204638][T13817] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 612.210960][T13817] ? do_syscall_64+0x100/0x230 [ 612.215716][T13817] ? do_syscall_64+0xb6/0x230 [ 612.220382][T13817] do_syscall_64+0xf3/0x230 [ 612.224875][T13817] ? clear_bhb_loop+0x35/0x90 [ 612.229552][T13817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.235435][T13817] RIP: 0033:0x7f6cca975bd9 [ 612.239847][T13817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 612.259455][T13817] RSP: 002b:00007f6ccb75c048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 612.267879][T13817] RAX: ffffffffffffffda RBX: 00007f6ccab03f60 RCX: 00007f6cca975bd9 [ 612.275848][T13817] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 612.283820][T13817] RBP: 00007f6ccb75c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 612.291786][T13817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 612.299753][T13817] R13: 000000000000000b R14: 00007f6ccab03f60 R15: 00007fff337be9f8 [ 612.307731][T13817] [ 612.452761][ T931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 612.533587][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 612.643488][T13783] ntfs3: loop2: ino=21, The size of extended attributes must not exceed 64KiB [ 613.276556][T13838] loop4: detected capacity change from 0 to 4096 [ 613.560586][T13856] FAULT_INJECTION: forcing a failure. [ 613.560586][T13856] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 613.577262][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 613.585464][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 613.609369][T13856] CPU: 1 UID: 0 PID: 13856 Comm: syz.3.1973 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 613.619638][T13856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 613.629707][T13856] Call Trace: [ 613.633085][T13856] [ 613.636038][T13856] dump_stack_lvl+0x241/0x360 [ 613.640754][T13856] ? __pfx_dump_stack_lvl+0x10/0x10 [ 613.645981][T13856] ? __pfx__printk+0x10/0x10 [ 613.650616][T13856] should_fail_ex+0x3b0/0x4e0 [ 613.655332][T13856] _copy_from_user+0x2f/0xe0 [ 613.659954][T13856] move_addr_to_kernel+0x82/0x150 [ 613.665009][T13856] copy_msghdr_from_user+0x43e/0x680 [ 613.670322][T13856] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 613.676174][T13856] __sys_sendmsg+0x23d/0x3a0 [ 613.680790][T13856] ? __pfx___sys_sendmsg+0x10/0x10 [ 613.685917][T13856] ? vfs_write+0x7c4/0xc90 [ 613.690396][T13856] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 613.696749][T13856] ? do_syscall_64+0x100/0x230 [ 613.701531][T13856] ? do_syscall_64+0xb6/0x230 [ 613.706233][T13856] do_syscall_64+0xf3/0x230 [ 613.710749][T13856] ? clear_bhb_loop+0x35/0x90 [ 613.715451][T13856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.721363][T13856] RIP: 0033:0x7f6cca975bd9 [ 613.725799][T13856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 613.745450][T13856] RSP: 002b:00007f6ccb75c048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 613.747889][T13847] loop0: detected capacity change from 0 to 32768 [ 613.753861][T13856] RAX: ffffffffffffffda RBX: 00007f6ccab03f60 RCX: 00007f6cca975bd9 [ 613.753880][T13856] RDX: 0000000000000000 RSI: 0000000020000900 RDI: 0000000000000003 [ 613.753895][T13856] RBP: 00007f6ccb75c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 613.753908][T13856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 613.780803][T13847] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1971 (13847) [ 613.784173][T13856] R13: 000000000000000b R14: 00007f6ccab03f60 R15: 00007fff337be9f8 [ 613.784208][T13856] [ 613.864390][T13847] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 613.903552][T13847] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 613.922799][T13860] netlink: 124 bytes leftover after parsing attributes in process `syz.3.1974'. [ 613.934006][T13847] BTRFS info (device loop0): using free-space-tree [ 614.256325][T13882] loop3: detected capacity change from 0 to 128 [ 614.296514][T13882] VFS: Found a Xenix FS (block size = 512) on device loop3 [ 614.311312][T13882] sysv_count_free_blocks: cannot read free-list block [ 614.333740][T13885] FAULT_INJECTION: forcing a failure. [ 614.333740][T13885] name failslab, interval 1, probability 0, space 0, times 0 [ 614.369093][T13882] sysv_count_free_inodes: unable to read inode table [ 614.373566][T13885] CPU: 1 UID: 0 PID: 13885 Comm: syz.2.1979 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 614.386475][T13885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 614.396545][T13885] Call Trace: [ 614.399854][T13885] [ 614.402801][T13885] dump_stack_lvl+0x241/0x360 [ 614.407511][T13885] ? __pfx_dump_stack_lvl+0x10/0x10 [ 614.412735][T13885] ? __pfx__printk+0x10/0x10 [ 614.417352][T13885] ? netlink_insert+0x10b7/0x14b0 [ 614.420355][T13889] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1978'. [ 614.422385][T13885] should_fail_ex+0x3b0/0x4e0 [ 614.422421][T13885] ? __alloc_skb+0x1c3/0x440 [ 614.440558][T13885] should_failslab+0x9/0x20 [ 614.445071][T13885] kmem_cache_alloc_node_noprof+0x71/0x320 [ 614.450875][T13885] __alloc_skb+0x1c3/0x440 [ 614.455291][T13885] ? __pfx___alloc_skb+0x10/0x10 [ 614.460224][T13885] ? netlink_autobind+0xd6/0x2f0 [ 614.465147][T13885] ? netlink_autobind+0x2b0/0x2f0 [ 614.470161][T13885] netlink_sendmsg+0x638/0xcb0 [ 614.474933][T13885] ? __pfx_netlink_sendmsg+0x10/0x10 [ 614.480217][T13885] ? __import_iovec+0x536/0x820 [ 614.485060][T13885] ? aa_sock_msg_perm+0x91/0x160 [ 614.489991][T13885] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 614.495270][T13885] ? security_socket_sendmsg+0x87/0xb0 [ 614.500734][T13885] ? __pfx_netlink_sendmsg+0x10/0x10 [ 614.506006][T13885] __sock_sendmsg+0x221/0x270 [ 614.510683][T13885] ____sys_sendmsg+0x525/0x7d0 [ 614.515461][T13885] ? __pfx_____sys_sendmsg+0x10/0x10 [ 614.520765][T13885] __sys_sendmsg+0x2b0/0x3a0 [ 614.525360][T13885] ? __pfx___sys_sendmsg+0x10/0x10 [ 614.530472][T13885] ? vfs_write+0x7c4/0xc90 [ 614.534909][T13885] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 614.541236][T13885] ? do_syscall_64+0x100/0x230 [ 614.545994][T13885] ? do_syscall_64+0xb6/0x230 [ 614.550672][T13885] do_syscall_64+0xf3/0x230 [ 614.555164][T13885] ? clear_bhb_loop+0x35/0x90 [ 614.559834][T13885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.565717][T13885] RIP: 0033:0x7f1e56175bd9 [ 614.570121][T13885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 614.589717][T13885] RSP: 002b:00007f1e56ebd048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 614.598122][T13885] RAX: ffffffffffffffda RBX: 00007f1e56303f60 RCX: 00007f1e56175bd9 [ 614.606085][T13885] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004 [ 614.614044][T13885] RBP: 00007f1e56ebd0a0 R08: 0000000000000000 R09: 0000000000000000 [ 614.622003][T13885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 614.629961][T13885] R13: 000000000000000b R14: 00007f1e56303f60 R15: 00007ffd2ef5b308 [ 614.637932][T13885] [ 614.735530][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 614.912757][ T5089] sysv_free_block: trying to free block not in datazone [ 614.933511][T11018] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 614.961577][ T5089] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 615.004711][T13898] loop2: detected capacity change from 0 to 128 [ 615.091763][T13902] loop3: detected capacity change from 0 to 164 [ 615.099124][ T29] audit: type=1800 audit(1720168213.320:1559): pid=13897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1981" name="bus" dev="loop2" ino=1048660 res=0 errno=0 [ 615.552744][T13906] raw_sendmsg: syz.2.1981 forgot to set AF_INET. Fix it! [ 615.734716][T13903] loop1: detected capacity change from 0 to 1024 [ 615.743448][T13903] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 615.794874][T13903] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (29254!=20869) [ 615.845265][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 615.868270][T13903] EXT4-fs (loop1): journal inode is deleted [ 615.958928][T13903] loop1: detected capacity change from 0 to 64 [ 616.090696][T13915] loop3: detected capacity change from 0 to 2048 [ 616.161973][T13915] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 616.196760][ T29] audit: type=1804 audit(1720168214.430:1560): pid=13912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1984" name="/newroot/412/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop3" ino=1367 res=1 errno=0 [ 616.322745][T13929] FAULT_INJECTION: forcing a failure. [ 616.322745][T13929] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 616.337947][T13929] CPU: 0 UID: 0 PID: 13929 Comm: syz.4.1991 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 616.348202][T13929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 616.358344][T13929] Call Trace: [ 616.361650][T13929] [ 616.364569][T13929] dump_stack_lvl+0x241/0x360 [ 616.369253][T13929] ? __pfx_dump_stack_lvl+0x10/0x10 [ 616.374466][T13929] ? __pfx__printk+0x10/0x10 [ 616.379052][T13929] ? __pfx_lock_release+0x10/0x10 [ 616.384072][T13929] should_fail_ex+0x3b0/0x4e0 [ 616.388764][T13929] strncpy_from_user+0x36/0x2f0 [ 616.393605][T13929] ? kmem_cache_alloc_noprof+0x185/0x2a0 [ 616.399232][T13929] getname_flags+0xf1/0x540 [ 616.403731][T13929] ? __fget_files+0x3f6/0x470 [ 616.408398][T13929] user_path_at+0x24/0x60 [ 616.412978][T13929] __se_sys_name_to_handle_at+0x10c/0x790 [ 616.418695][T13929] ? __pfx___se_sys_name_to_handle_at+0x10/0x10 [ 616.424919][T13929] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 616.430886][T13929] ? do_syscall_64+0x100/0x230 [ 616.435644][T13929] ? __x64_sys_name_to_handle_at+0x20/0xc0 [ 616.441432][T13929] do_syscall_64+0xf3/0x230 [ 616.445914][T13929] ? clear_bhb_loop+0x35/0x90 [ 616.450573][T13929] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.456449][T13929] RIP: 0033:0x7f6840575bd9 [ 616.460845][T13929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 616.480443][T13929] RSP: 002b:00007f68412d6048 EFLAGS: 00000246 ORIG_RAX: 000000000000012f [ 616.488873][T13929] RAX: ffffffffffffffda RBX: 00007f6840703f60 RCX: 00007f6840575bd9 [ 616.497835][T13929] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: ffffffffffffff9c [ 616.505796][T13929] RBP: 00007f68412d60a0 R08: 0000000000000000 R09: 0000000000000000 [ 616.513750][T13929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 616.521711][T13929] R13: 000000000000000b R14: 00007f6840703f60 R15: 00007fff7b4f4b88 [ 616.529699][T13929] [ 616.564697][T13931] loop1: detected capacity change from 0 to 512 [ 616.582784][T13931] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 616.602448][T13931] EXT4-fs (loop1): warning: maximal mount count reached, running e2fsck is recommended [ 616.615417][ T931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 616.643101][T13931] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.1989: inode #15: comm syz.1.1989: iget: illegal inode # [ 616.693863][T13931] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz.1.1989: couldn't read orphan inode 15 (err -117) [ 616.736335][T13931] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 616.765238][T13931] EXT4-fs error (device loop1): ext4_empty_dir:3050: inode #12: block 13: comm syz.1.1989: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=12, rec_len=32769, size=4096 fake=0 [ 616.830320][T13931] EXT4-fs warning (device loop1): ext4_empty_dir:3052: inode #12: comm syz.1.1989: directory missing '.' [ 616.843826][T13943] loop4: detected capacity change from 0 to 2048 [ 616.845065][T13941] loop0: detected capacity change from 0 to 1024 [ 616.858022][T13944] EXT4-fs error (device loop1): ext4_find_dest_de:2066: inode #2: block 3: comm syz.1.1989: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1 [ 616.882527][T13941] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 616.912570][T13943] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 616.920431][T13943] UDF-fs: Scanning with blocksize 512 failed [ 616.926894][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 616.954581][T13943] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 129: 0x7d != 0x7e [ 616.969110][T13943] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 616.998422][T13935] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 19: invalid block bitmap [ 616.999811][T13943] Process accounting resumed [ 617.050948][T11794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 617.123515][T13947] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 617.465207][T13954] netlink: 191416 bytes leftover after parsing attributes in process `syz.4.1997'. [ 618.197199][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 618.288083][T13958] loop1: detected capacity change from 0 to 512 [ 618.336333][T13958] ext4: Unknown parameter 'noload"init_itable' [ 618.395735][T13958] loop1: detected capacity change from 0 to 256 [ 618.402417][T13958] exfat: Unknown parameter 'GGiHvV/o4j㿻n@%k/Un?kfwJ;}񹹫ݹ?>vY>Cq{O<I|' [ 618.606657][T13965] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 618.991755][T13965] CIFS mount error: No usable UNC path provided in device string! [ 618.991755][T13965] [ 619.002625][T13965] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 619.305526][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 619.422893][T13933] loop2: detected capacity change from 0 to 32768 [ 619.444581][T13933] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1990 (13933) [ 619.482874][T13933] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 619.520326][T13933] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 619.560623][T13933] BTRFS info (device loop2): using free-space-tree [ 619.585288][T13933] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 619.609726][T13933] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 619.629497][T13977] loop4: detected capacity change from 0 to 2048 [ 619.632721][T13933] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 619.645620][ T931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 619.658392][T13933] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 619.673664][T13980] loop0: detected capacity change from 0 to 2048 [ 619.717774][T13933] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 619.720251][T13977] udf: Unknown parameter 'GPL' [ 619.747194][T13933] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 619.747618][T13933] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 619.818153][T13980] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 619.847465][T13933] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 619.848211][T13933] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 619.889353][T13933] BTRFS error (device loop2): open_ctree failed [ 619.911435][ T29] audit: type=1804 audit(1720168218.150:1561): pid=13980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2004" name="/newroot/115/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop0" ino=1367 res=1 errno=0 [ 619.954519][ C0] vkms_vblank_simulate: vblank timer overrun [ 620.230244][T13997] loop4: detected capacity change from 0 to 4096 [ 620.242245][T13997] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 620.264870][ T25] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 620.308875][T13997] ntfs3: loop4: ino=1b, "file0" directory corrupted [ 620.336804][T13997] FAULT_INJECTION: forcing a failure. [ 620.336804][T13997] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 620.365459][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 620.367639][T13997] CPU: 0 UID: 0 PID: 13997 Comm: syz.4.2006 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 620.383747][T13997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 620.393795][T13997] Call Trace: [ 620.397080][T13997] [ 620.400008][T13997] dump_stack_lvl+0x241/0x360 [ 620.404690][T13997] ? __pfx_dump_stack_lvl+0x10/0x10 [ 620.409885][T13997] ? __pfx__printk+0x10/0x10 [ 620.414478][T13997] ? snprintf+0xda/0x120 [ 620.418717][T13997] should_fail_ex+0x3b0/0x4e0 [ 620.423395][T13997] _copy_to_user+0x2f/0xb0 [ 620.427806][T13997] simple_read_from_buffer+0xca/0x150 [ 620.433179][T13997] proc_fail_nth_read+0x1e9/0x250 [ 620.438290][T13997] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 620.443839][T13997] ? rw_verify_area+0x52a/0x6b0 [ 620.448684][T13997] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 620.454225][T13997] vfs_read+0x204/0xbc0 [ 620.458383][T13997] ? __pfx_lock_release+0x10/0x10 [ 620.463407][T13997] ? __pfx_vfs_read+0x10/0x10 [ 620.468079][T13997] ? __fget_files+0x29/0x470 [ 620.472661][T13997] ? __fget_files+0x3f6/0x470 [ 620.477342][T13997] ksys_read+0x1a0/0x2c0 [ 620.481584][T13997] ? __pfx_ksys_read+0x10/0x10 [ 620.486341][T13997] ? do_syscall_64+0x100/0x230 [ 620.491101][T13997] ? do_syscall_64+0xb6/0x230 [ 620.495769][T13997] do_syscall_64+0xf3/0x230 [ 620.500264][T13997] ? clear_bhb_loop+0x35/0x90 [ 620.504936][T13997] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 620.510822][T13997] RIP: 0033:0x7f68405746bc [ 620.515228][T13997] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 620.534829][T13997] RSP: 002b:00007f68412d6040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 620.543234][T13997] RAX: ffffffffffffffda RBX: 00007f6840703f60 RCX: 00007f68405746bc [ 620.551196][T13997] RDX: 000000000000000f RSI: 00007f68412d60b0 RDI: 0000000000000005 [ 620.559155][T13997] RBP: 00007f68412d60a0 R08: 0000000000000000 R09: 0000000000000000 [ 620.567118][T13997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 620.575169][T13997] R13: 000000000000000b R14: 00007f6840703f60 R15: 00007fff7b4f4b88 [ 620.583146][T13997] [ 620.586194][ C0] vkms_vblank_simulate: vblank timer overrun [ 620.635392][ T25] usb 2-1: config 9 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 620.657309][ T25] usb 2-1: New USB device found, idVendor=05e0, idProduct=2005, bcdDevice=5d.aa [ 620.672552][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.290142][T14009] loop0: detected capacity change from 0 to 2048 [ 621.302212][T14009] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 621.353720][ T5094] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 621.357781][T14009] UBIFS error (pid: 14009): cannot open "/dev/loop0", error -22 [ 621.412358][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 621.860524][T14009] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2010'. [ 622.047234][ T931] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 622.128473][T14022] gretap0: refused to change device tx_queue_len [ 622.150221][T14022] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 622.447273][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 622.559669][ T25] usb 2-1: USB disconnect, device number 23 [ 622.702948][ T5142] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 622.771109][T14037] loop0: detected capacity change from 0 to 128 [ 622.802087][T14037] ext4: Unknown parameter 'euid' [ 622.846704][T14037] loop0: detected capacity change from 0 to 512 [ 622.887530][T14037] EXT4-fs warning (device loop0): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 622.899620][T14037] EXT4-fs warning (device loop0): dx_probe:880: Enable large directory feature to access it [ 622.909769][T14037] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz.0.2019: Corrupt directory, running e2fsck is recommended [ 622.965951][T14037] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 622.974407][T14037] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2234: inode #15: comm syz.0.2019: corrupted in-inode xattr: invalid ea_ino [ 622.988477][T14037] EXT4-fs (loop0): Remounting filesystem read-only [ 622.996593][T14037] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 623.056386][T11018] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 623.464971][T14049] loop2: detected capacity change from 0 to 512 [ 623.595885][T14049] EXT4-fs (loop2): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 624.107872][ T5146] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 624.236443][ T8181] EXT4-fs (loop2): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 624.608988][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.617475][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.839327][ T5094] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 625.210484][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 625.696612][T14050] loop4: detected capacity change from 0 to 32768 [ 625.830913][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 626.094975][ T5146] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 626.164464][T14050] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names [ 626.203150][T14050] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 626.233509][T14050] bcachefs (loop4): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 626.233509][T14050] running recovery passes: check_allocations [ 626.287344][ T5094] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 626.305168][ T5094] Bluetooth: hci4: Injecting HCI hardware error event [ 626.315924][ T5107] Bluetooth: hci4: hardware error 0x00 [ 626.330605][ T5146] usb 4-1: Using ep0 maxpacket: 8 [ 626.341107][ T5146] usb 4-1: New USB device found, idVendor=2639, idProduct=0002, bcdDevice=27.3c [ 626.360170][ T5146] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 626.360601][T14050] bcachefs (loop4): accounting_read... [ 626.368316][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 626.370504][ T5146] usb 4-1: config 0 descriptor?? [ 626.393960][T14050] done [ 626.397051][T14050] bcachefs (loop4): alloc_read... done [ 626.402597][T14050] bcachefs (loop4): stripes_read... done [ 626.408594][T14050] bcachefs (loop4): snapshots_read... done [ 626.418572][T14050] bcachefs (loop4): check_allocations... [ 626.429456][T14112] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 626.442874][T14050] btree ptr not marked in member info btree allocated bitmap [ 626.442937][T14050] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4fe84214937890c3 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down [ 626.472543][T14050] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 10 [ 626.482564][T14050] bcachefs (loop4): bch2_gc_mark_key(): error fsck_errors_not_fixed [ 626.490790][T14050] bcachefs (loop4): bch2_gc_btree(): error fsck_errors_not_fixed [ 626.500951][T14050] bcachefs (loop4): bch2_gc_btrees(): error fsck_errors_not_fixed [ 626.510660][T14050] bcachefs (loop4): bch2_check_allocations(): error fsck_errors_not_fixed [ 626.522247][T14050] bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed [ 626.533516][T14050] bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 626.545017][T14050] bcachefs (loop4): shutting down [ 626.571114][T14050] bcachefs (loop4): shutdown complete [ 626.867663][T14124] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2048'. [ 627.337735][T14134] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 627.387941][ T5146] usb 4-1: USB disconnect, device number 14 [ 627.450066][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 627.503382][T14142] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 627.513008][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 628.365383][ T5107] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 628.795922][ T5146] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 629.195087][ T5100] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 629.329608][T14158] loop2: detected capacity change from 0 to 40427 [ 629.342587][T14158] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 629.350283][T14158] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 629.365246][T14158] F2FS-fs (loop2): heap/no_heap options were deprecated [ 629.373910][T14158] F2FS-fs (loop2): user quota file already specified [ 629.475014][T10235] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 629.620944][T14181] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 629.641383][T14181] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 629.652310][T14181] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 629.669753][T10235] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 629.690546][T10235] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 629.720552][T10235] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 629.723584][T14183] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2072'. [ 629.766936][T10235] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.798927][T10235] usb 2-1: config 0 descriptor?? [ 630.221404][T14193] loop0: detected capacity change from 0 to 512 [ 630.245942][T14193] EXT4-fs: Ignoring removed i_version option [ 630.292667][T14193] EXT4-fs error (device loop0): ext4_orphan_get:1420: comm syz.0.2076: bad orphan inode 1 [ 630.427911][T14193] EXT4-fs (loop0): Remounting filesystem read-only [ 630.447872][T14193] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 630.971453][T11018] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 631.132221][T10235] hid-led 0003:27B8:01ED.000B: probe with driver hid-led failed with error -71 [ 631.243483][ T5146] net_ratelimit: 386 callbacks suppressed [ 631.243503][ T5146] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 631.257855][T10235] usb 2-1: USB disconnect, device number 24 [ 631.458701][T14189] loop4: detected capacity change from 0 to 32768 [ 631.484337][T14189] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2075 (14189) [ 631.545117][T14189] BTRFS info (device loop4): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 631.565771][T14189] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 631.588417][T14189] BTRFS info (device loop4): using free-space-tree [ 631.650898][ T5142] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 631.653699][T14238] befs: Unrecognized mount option "" or missing value [ 631.669437][T14238] befs: (nbd0): cannot parse mount options [ 632.030685][ T29] audit: type=1326 audit(1720168230.260:1562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14259 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cca975bd9 code=0x7ffc0000 [ 632.131621][ T29] audit: type=1326 audit(1720168230.260:1563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14259 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cca975bd9 code=0x7ffc0000 [ 632.133652][ T29] audit: type=1326 audit(1720168230.300:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14259 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6cca975bd9 code=0x7ffc0000 [ 632.133698][ T29] audit: type=1326 audit(1720168230.300:1565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14259 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cca975bd9 code=0x7ffc0000 [ 632.133739][ T29] audit: type=1326 audit(1720168230.300:1566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14259 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6cca975bd9 code=0x7ffc0000 [ 632.133779][ T29] audit: type=1326 audit(1720168230.300:1567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14259 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cca975bd9 code=0x7ffc0000 [ 632.133825][ T29] audit: type=1326 audit(1720168230.330:1568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14259 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cca975bd9 code=0x7ffc0000 [ 632.133865][ T29] audit: type=1326 audit(1720168230.330:1569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14259 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f6cca975bd9 code=0x7ffc0000 [ 632.133904][ T29] audit: type=1326 audit(1720168230.340:1570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14259 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cca975bd9 code=0x7ffc0000 [ 632.133943][ T29] audit: type=1326 audit(1720168230.340:1571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14259 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cca975bd9 code=0x7ffc0000 [ 632.221503][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 632.468020][T10235] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 632.785163][T14258] Oops: stack segment: 0000 [#1] PREEMPT SMP KASAN PTI [ 632.785183][T14258] CPU: 0 UID: 0 PID: 14258 Comm: syz.4.2075 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 632.785197][T14258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 632.785204][T14258] RIP: 0010:bpf_xdp_redirect+0x59/0x1a0 [ 632.785225][T14258] Code: 81 c3 00 18 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 b5 18 90 f8 48 8b 1b 4c 8d 63 38 4c 89 e5 48 c1 ed 03 <42> 0f b6 44 2d 00 84 c0 0f 85 d0 00 00 00 45 8b 34 24 44 89 f6 83 [ 632.785234][T14258] RSP: 0018:ffffc9001216f970 EFLAGS: 00010202 [ 632.785245][T14258] RAX: 1ffff11005983a80 RBX: 0000000000000000 RCX: 0000000000040000 [ 632.785253][T14258] RDX: ffffc90010248000 RSI: 00000000000001cc RDI: 00000000000001cd [ 632.785261][T14258] RBP: 0000000000000007 R08: ffffffff866b89bf R09: 1ffffffff26020f0 [ 632.785268][T14258] R10: dffffc0000000000 R11: fffffbfff26020f1 R12: 0000000000000038 [ 632.785276][T14258] R13: dffffc0000000000 R14: ffffc90010da5048 R15: 0000000000000000 [ 632.785284][T14258] FS: 00007f68412b56c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 632.785293][T14258] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 632.785300][T14258] CR2: 00007f511b704030 CR3: 000000007a174000 CR4: 00000000003506f0 [ 632.785310][T14258] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 632.785317][T14258] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 632.785324][T14258] Call Trace: [ 632.785329][T14258] [ 632.785334][T14258] ? __die_body+0x88/0xe0 [ 632.785350][T14258] ? die+0xcf/0x110 [ 632.785363][T14258] ? do_trap+0x15a/0x3a0 [ 632.785377][T14258] ? do_error_trap+0x1dc/0x2c0 [ 632.785390][T14258] ? __pfx_do_error_trap+0x10/0x10 [ 632.785402][T14258] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 632.785417][T14258] ? rcu_is_watching+0x15/0xb0 [ 632.785432][T14258] ? exc_stack_segment+0x38/0x50 [ 632.785443][T14258] ? asm_exc_stack_segment+0x26/0x30 [ 632.785456][T14258] ? tun_get_user+0x30df/0x4560 [ 632.785469][T14258] ? bpf_xdp_redirect+0x59/0x1a0 [ 632.785490][T14258] bpf_prog_bd73926c2776e1d5+0x1a/0x1c [ 632.785501][T14258] tun_get_user+0x3321/0x4560 [ 632.785512][T14258] ? tun_get_user+0x84c/0x4560 [ 632.785526][T14258] ? __pfx_tun_get_user+0x10/0x10 [ 632.785536][T14258] ? rcu_is_watching+0x15/0xb0 [ 632.785552][T14258] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 632.785568][T14258] ? __rcu_read_unlock+0xa1/0x110 [ 632.785580][T14258] ? tun_get+0x1e/0x2f0 [ 632.785589][T14258] ? tun_get+0x27d/0x2f0 [ 632.785599][T14258] tun_chr_write_iter+0x113/0x1f0 [ 632.785610][T14258] vfs_write+0xa72/0xc90 [ 632.785621][T14258] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 632.785631][T14258] ? __pfx_vfs_write+0x10/0x10 [ 632.785639][T14258] ? do_futex+0x33b/0x560 [ 632.785656][T14258] ksys_write+0x1a0/0x2c0 [ 632.785666][T14258] ? __pfx_ksys_write+0x10/0x10 [ 632.785676][T14258] ? do_syscall_64+0x100/0x230 [ 632.785686][T14258] ? do_syscall_64+0xb6/0x230 [ 632.785696][T14258] do_syscall_64+0xf3/0x230 [ 632.785705][T14258] ? clear_bhb_loop+0x35/0x90 [ 632.785717][T14258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 632.785729][T14258] RIP: 0033:0x7f684057475f [ 632.785740][T14258] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 632.785748][T14258] RSP: 002b:00007f68412b5010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 632.785758][T14258] RAX: ffffffffffffffda RBX: 00007f6840704038 RCX: 00007f684057475f [ 632.785766][T14258] RDX: 000000000000002a RSI: 0000000020000000 RDI: 00000000000000c8 [ 632.785773][T14258] RBP: 00007f68405e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 632.785779][T14258] R10: 000000000000002a R11: 0000000000000293 R12: 0000000000000000 [ 632.785785][T14258] R13: 000000000000006e R14: 00007f6840704038 R15: 00007fff7b4f4b88 [ 632.785796][T14258] [ 632.785800][T14258] Modules linked in: [ 632.785808][T14258] ---[ end trace 0000000000000000 ]--- [ 633.168315][T14258] RIP: 0010:bpf_xdp_redirect+0x59/0x1a0 [ 633.173857][T14258] Code: 81 c3 00 18 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 b5 18 90 f8 48 8b 1b 4c 8d 63 38 4c 89 e5 48 c1 ed 03 <42> 0f b6 44 2d 00 84 c0 0f 85 d0 00 00 00 45 8b 34 24 44 89 f6 83 [ 633.193473][T14258] RSP: 0018:ffffc9001216f970 EFLAGS: 00010202 [ 633.199539][T14258] RAX: 1ffff11005983a80 RBX: 0000000000000000 RCX: 0000000000040000 [ 633.207508][T14258] RDX: ffffc90010248000 RSI: 00000000000001cc RDI: 00000000000001cd [ 633.215480][T14258] RBP: 0000000000000007 R08: ffffffff866b89bf R09: 1ffffffff26020f0 [ 633.223458][T14258] R10: dffffc0000000000 R11: fffffbfff26020f1 R12: 0000000000000038 [ 633.231452][T14258] R13: dffffc0000000000 R14: ffffc90010da5048 R15: 0000000000000000 [ 633.239434][T14258] FS: 00007f68412b56c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 633.248366][T14258] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 633.254949][T14258] CR2: 00007f511b704030 CR3: 000000007a174000 CR4: 00000000003506f0 [ 633.262912][T14258] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 633.270883][T14258] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 633.278860][T14258] Kernel panic - not syncing: Fatal exception in interrupt [ 633.286261][T14258] Kernel Offset: disabled [ 633.290574][T14258] Rebooting in 86400 seconds..