last executing test programs: 2m50.636919214s ago: executing program 2 (id=50): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x20000014}) epoll_wait(r2, &(0x7f0000000340)=[{}], 0x1, 0x80000000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000000)={0xa0000001}) 2m48.752913343s ago: executing program 2 (id=53): syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) r0 = syz_usb_connect$cdc_ncm(0x1, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000080)="5800000014", 0x5}], 0x1) syz_usb_disconnect(r0) syz_usb_connect(0x1, 0x2d, &(0x7f0000000000)=ANY=[], 0x0) 2m45.09348533s ago: executing program 2 (id=69): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000000)) 2m44.323555021s ago: executing program 2 (id=72): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x0, &(0x7f0000000180)={[{@init_itable_val={'init_itable', 0x3d, 0x1}}, {@norecovery}, {@mblk_io_submit}, {@barrier}, {@quota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000}}]}, 0x1, 0x783, &(0x7f0000001340)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xe7c) openat(0xffffffffffffff9c, 0x0, 0x101042, 0x15) r1 = open(&(0x7f0000000100)='./file1\x00', 0x109042, 0x88) fallocate(r1, 0x10, 0x1500, 0x7000000) 2m43.803347487s ago: executing program 2 (id=74): syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3214212, &(0x7f00000001c0)=ANY=[], 0x1, 0xf1e, &(0x7f0000006600)="$eJzs3U1sHNUdAPA368/EJl7zaaCEFFoRKNghidT0FgTqEXHpHRQSGmEoauiBiI/QA6ISokiIU8WBigulUorUSqBKFeqp7alVbz2hXqhUpVKiXhopcRXnvfXuiye7nqxnd72/n/T32zdvPP//eCNnZjz7JgBjq7H+9fDhpSKED754/4nXni1+d2XZva019q1/LWKvGUKYausX2fa+igsunX/12GZtEQ6uf0398OS51vfOhRDOhH3hy9AMn66sXvjkw8f3f/bW7O3vnn7+9W3a/ZZ8PwAAYCc6+5fVfzz4rz8/vHjx7N6jYaa1PB2fN2N/Lh73H4gHyul4uRE6+0VbtJvO1puI0cjWm8jWm8zyTJbkm8q2M1Wy3nSXfBNtyzbbTwAAABhF6by2GYrGcke/0Vhevnref8VXC9PF8osnV0+cGlChAAAAQGX/fWP9plshhBBCCCGEEH2M1j3KQ1CLEFdibWGw1x8AAACA8ZPPF3aNM/2dqau1tWZv+c891tj8+6EP6v73L/9o5f/4Tb9xAACobqceTab9SsfRaR6DfB7Biez7tnr838i2M7nFOsvmFRyV+QbL6sx/rsOqrP6tvo+DUlZ/Ph/msCqrP5+nc1iV1T9Tcx1VldU/W3MdVZXVv6vmOqoqq393zXVUVVb/XM11VFVW/3zNdVRVVv9NNddRVVn9e2quo6qy+kflttqy+ps111FVWf2LNddRVVn9N9dcR1Vl9d9Scx1VldV/a811DMo9sU0/h73ZePv5c35ONyrneAAAADDu/mf+PyGEGNto3esyBLUIIW40bhuCGoQQQgxzvDHYyw8AAADAEEifC0ifel+L0vhEl/HJLuNTXcanu4zPdBkHAAAAQvj92yfufK/Y+Jz/jc6Htz5vVGNj/qWtzmOUz0e41fw3Ou9Z2trV+i9sOf+ozFsGAADAeCm+/+Xlh5746OXFi2f3Hm07+74cz3fTPKCT8drA57Gf7guYz/pFOoc+2pmnUbJefn3gprLtPXWDOwoAAABjLJ2/N0OxfsrdaPUbjeXljfPxpTBVnDi5evxA7Kfns/xpYWpUHrUEAAAAY2vjfL9oLG9y/p+e47sUpovlF0+unjh1tT/fWj7VaL8usLCxfP16waOt7XUuP1iy/FDsp+d3/nBh1/ry5WM/Wn223zsPAAAAY+LUK6eff2Z19fiPN32RPs1+vXW28iJ9vmAr3xVCEfqT3QsvvOj1xQB/KQEAANvi66/fn/rJofk/XP38/8b8d+nz//tivxnn9vtrXCHdJ5A+B3DN5/Wf7syzULbeS53rNbP1JmLMZHXPtm0nhI35BtP3LZbla3ZuZ7ok31yWbz7Ll89TMJmtn/LtyZbn8xOm9Ray5fk8jJNZjiLLf18AAACAcisvv/DSyqlXTj9y8oVnnjv+3PEXDx088r0jRw48+t1HV9bv619pv7sfAAAAGEUbN/0OuhIAAAAAAAAAAAAAAAAAAAAYX3U8TmzQ+wgAAADj7j9vhBDOCCFK4uojMPu/3Y0nUQ5+H8XOjV1DUIMQQoh+x8XrjE0MQX1CiKGNtbX8SfMAAAAA2+vS+VePtbfXOFP0NV9ra/GvsZdj3tTOP/L3xSuRVjv3WOf1kt19rYZxV/e/f/lHK//Hb/Y3/2x60fPvv0bnBo5Wy/vAyq+W2vPfNdlj/nz/n6qWf3+W/4HQW/61j7L8T1fL/2CWf3eP+a/Z/5eq5X8o5l+K/f3395q/8/2fiW3aj13XS9r2X+d3sv1/NvSaP9v/Zo87nHk45geAcdQYdAHbJB0lpOPoudhP+xsPN0N+98NWj/8b2XYmb7jyzu2m46A7Yj8dL81neZOt1j+Xbe+minXmRuWukrL6+/U+brey+qdqrqOqsvqna66jqrL6Z2quo6qy+mdrrqOqsvqvex46RMrqH5XrymX1z9VcR1Vl9c/XXEdVZfVv9f/xQSmrf0/NdVRVVv9CzXVUVVZ/xctqtSurf7HmOqoqq//mmuuoqqz+W2quo6qy+m+tuY5BuTu2ZefD6fxzIY6lfjPrz2zys9yp1xYAAABg1Pzb/H9iVOLw/OBrEEKIvsWuIahBjHfEv/4MvA4hdkasrV1eu2LQdQhxvVhbG/QVCAZpez/NDMCw8vt/vHn/x5v3f7x5/7medA9/kfWTiS7jk13Gp7qMT2fj+b/XmS7jt2TbXYvS+K1dxm/rMr6ny/gdXcaXuozf2WX8ri7jd3cZBwAAYDzcHlvnhwAAALBzvfbrz9/57QNPn1+8eHbv0TB9zbzzB2J/Jv5t/e3Yz+e9T6bi3/x/Gvu/jO0fY/vPbH33nwAAAMD2S8+J8fd/AAAA2LnSc0qd/wMAAMDOtRhb5/8AAACwc90cW+f/AAAAsIMVs5svjm26LnBfbHud1w8AGH7fiO09sd0b23tj+83YpuOA+2P7rZrqAwD65xc/+NmR94qN+f4PZeOX4vLUXuPM1SsFRaNzJv9dsd0d22/3WE/+PIBe8yd7esyzXfkXbjA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBzNNa/Hj68VITwwRfvP/Hz6Xf+dmXZva019q1/LWKvGUKYan1fGt3o/yaueOn8q8fa28uxLcLBUISitTw8ea6VaS6EcCbsC1+GZvh0ZfXCJx8+vv+zt2Zvf/f0869v44+gY/8AAABgJ/p/AAAA//9D9Bis") creat(&(0x7f0000000380)='./bus\x00', 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) creat(&(0x7f0000000040)='./file1\x00', 0xd) 2m42.731277293s ago: executing program 2 (id=78): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r1 = socket(0x15, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x271e, 0x0, &(0x7f0000000100)) 2m26.840992686s ago: executing program 32 (id=78): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r1 = socket(0x15, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x271e, 0x0, &(0x7f0000000100)) 1m52.333044558s ago: executing program 3 (id=258): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x102, 0x0) ioctl$TCXONC(r0, 0x540a, 0x2) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x2076) ppoll(&(0x7f0000000140)=[{r1, 0xb39b}], 0x1, 0x0, 0x0, 0x0) ioctl$TCXONC(r1, 0x540a, 0x3) 1m51.303486971s ago: executing program 3 (id=262): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='ns\x00') pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000140)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d24070000030769dc000049c40c240000e9fffff5ffffffff0924031300010005024524", @ANYRES8=r0, @ANYBLOB="05"], 0x0) 1m49.74777084s ago: executing program 3 (id=269): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000380)={"b417338bc8a844419a5868bb33ac0f428aa935999d8809f1ba0fd2f34e74f0f84c1e07d4ae73c2e5f7e7a02104bbfabf83d77dd68a76bd7a3708cdca804ba646a7fbdde0925a4d65b33f7fe8cbaea3efc7c483d5b98adcf5beaea19a73cd461fdb248352c71764b8daba89886a7d85fa3084b7f11a047cfbf4f7fb45ff458eb7655fe2814664df26efd52611a091ac89df0d11b57028def34bc89dc6c8ff0cf028c606d370b754d1c0bff35e6af16881562541a3b65142799b758c0985f457f07611d0ced7697adb9145582fe11c8a65e0b503ca1b7d4f313bde22de96911af50a0aaaec3dd4d245fbc3546e97bd2523bdf6ca6e9add49bae6de98345168aafa46fe5a26719739f9e8afc64c798f176cb01f6b8a7790bb875cb128b12e9d430e7fc664e3dc9bd019f82b7252f9946c9a3aa6d0c5e662687dc292e60b48977ad6f1daa16e0c310bef45c3a0775ea24f3e37a4135e02230c83afc93774a2c9521c288d5a5aa46e1474f46296f9cf8e2f088e018c2b73f5e159036a202ecc03ea06f7acdc532b9c3aa9cdee8a8556eea5e343b8d15d1d82cff79a511852b4c83965427c0eef85967b57714af1192863721885b1bad1e0cd2df449ea5c5fb2f61616b0402cec7055fd488c2d165590e1cc04e0a57c5cb3821430337ff0e3bce6207ddb6047bdc2449f516fa22cd471d56551aff9cc02154c70a2c161b1ad7a8bb9b9d1f237db7755c04731e696bb9661956b07960509ab23c3299559e8e3c24d8dbd14e5f803844380796641ce000271fca3a6127d56bfb23d1cd814e26175aaaf49e13fae0b9b7f6379c691c00ea7f8df6d0a8a760667e8281c7afec74444cd8304566b2fdc064764a7dc17846b20b20cdcc65d27f8e3ae5fcf83c655e46ebf877b2795d63a9e35dad841a48c25eac6c36edd748366cae81772b19ab90bd1fd354dde209963b76ae78337193ae30058b7012ac651c87a618c3a0613e564e76e834e3d080482e8448608afd273c6dd37f0469a683246f0ed50f13f8872159b1e993164c326c3c092a904055a909174696fff8bec15b7e5a138eb1a0c68f4d47ec68e18b6cd3cb96a1e3161b5bf1c9fe20d10df1396ee2db9cf5cbdbef01cb0ed510b7cd864dd7226ff556fed89c9ff4db36e7218b01381d475bb58891f64911d6707ad51febb2a92f839df2d83791e9acd6d3facae48e9e5394a575ec6117651f2266c64b1e79da1e111cb414b41d45b3a3423c1f5a66dc1cfc05804c9b30864c08ca32a410393b3c758fbf6194e79da5ac122f85bbc9c07b39c6a28afd5bc649db4497ee29098d6d85d36521118ad203b6cf1f17f9b86c4ee974c6f8eddad5374e08f8420f5368ed5809c9d0db4f316771150c9337777c99e8972d0013fc9c83de8f276bc5de32b961ee0c90ec9044101dcea35204445908a43551eac4559aeceb1"}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x75, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff}) 1m49.245607319s ago: executing program 3 (id=271): mkdir(&(0x7f0000001c00)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800400, 0x0) mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0) mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) 1m48.893127335s ago: executing program 3 (id=275): r0 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x8, @loopback}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x2ef2, 0x4) sendto$inet6(r0, &(0x7f0000000000)="8d", 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000002140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=""/5, 0x5}, 0xfffff30c}], 0x1, 0x12043, 0x0) 1m48.467874578s ago: executing program 3 (id=278): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@x86={0x4, 0x1, 0x8d, 0x0, 0xa, 0x8, 0x3, 0x8, 0x7, 0xff, 0x0, 0x40, 0x0, 0x1, 0x4, 0x0, 0xd7, 0x4, 0x7, '\x00', 0x4a, 0x88}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0) 1m47.942274383s ago: executing program 33 (id=278): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@x86={0x4, 0x1, 0x8d, 0x0, 0xa, 0x8, 0x3, 0x8, 0x7, 0xff, 0x0, 0x40, 0x0, 0x1, 0x4, 0x0, 0xd7, 0x4, 0x7, '\x00', 0x4a, 0x88}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0) 6.84855873s ago: executing program 1 (id=795): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000540)={[{@barrier}, {@nodioread_nolock}, {@nomblk_io_submit}, {@noquota}, {@auto_da_alloc}, {@nodioread_nolock}]}, 0x1, 0x59c, &(0x7f0000001840)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQ9KArm51N03S3bmI2W7O/H0z2fWdm93nfmX3e7AwzTAB962j9TxrxVERcTCKGNywbiGzh0cZ6qytLxfsrS8UkarVLvySRRMS9laVic/0kez0UEcsR8f+I+CYfcTxd/8h9zUJ1YXFqvFwuzWb1kbnpqyPVhcUTV6bHJ0uTpZlTL7505uzpM2MnxzY2935tYy2/tb7e+PHmuze+e+X2zU8/O7JcfH88iXMxlC3b2I+d1Ngm+Ti3af7pbgTroaTXDWBbclme11PpfzEcuSzrW6ltHBwGd6V5QBfVBiNq6zYUgT6QSHroU83fAfXj3+a0m78/7pxvHIDU466uLBXfiWb8gca5idi/dmxy8NfkoSOT+vHm4d1sKHvS8vWIGB0YePT7n2Tfv+0b3YkG0lVfn2/sqEf3f7o+/kSL8Weoee70b2qOf6vZ+LfaIn6uzfh3scMYv7/+00dt418fjKdbxk/W4yct4qcR8WaH8W+99uXZdstqH0cci9bxm5LHnx8euXylXBpt/G0Z46tjR15u3/+Ig23iN87Z7l9ryMb+78valHbY/y++/fyZ5cfEf/7Zx+//Vtv/QES812H8/9z75NV2y+5cT+7WfwVsdf8nkY/bHcZ/4dzRH7Kis4YAAAAAAAAAALCD0rVr2ZK0sF5O00KhcQ/vf+NgWq5U545frszPTDSueTsc+bR5pdVwo57U62PZ9bjN+slN9VO5LGDuwFq9UKyUJ3rcdwAAAAAAAAAAAAAAAAAAAHhSHNp0//9vubX7/zc/rhrYq9o/8hvY6+Q/9K+H8z/pWTuA3ef/P/StmvyH/iX/oX/Jf+hf8h/6l/yH/iX/oX/JfwAAAAAAAAAAAAAAAAAAAAAAAAAA6IqLFy7Up9r9laVivT4xsDA/VXnrxESpOlWYni8WipXZq4XJSmWyXCoUK9N/9XlJpXJ1NGbmr43MlapzI9WFxTemK/MzzWeKlvJd7xEAAAAAAAAAAAAAAAAAAAD88wytTUlaiMg36mlaKET8KyIOJ5FcvlIujUbEvyPi+1x+sF4f63WjAQAAAAAAAAAAAAAAAAAAYI+pLixOjZfLpdnuFQayUF0M0XlhYCsrR8Tyzjaj/olbflc+24A93nR7o5B7Mr6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qQc3/Xb6jj+62yAAAAAAAAAAAAAAAAAAAADoS+nPSUTUp2PDzw1tXrovWc2tvUbE27cufXBtfG5udqw+/+76/LkPs/kne9F+oFPNPE0jop7HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPVhcWp8XK5NLvNwmAH6/S6jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb8WcAAAD//y4WzlE=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x105042, 0x1c3) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) fadvise64(r0, 0x9, 0xa, 0x5) open$dir(&(0x7f0000000100)='./file1\x00', 0x200, 0x92dfb5a0ec20639) syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0x40, &(0x7f0000000000)=ANY=[@ANYRES16], 0x1, 0x1a1, &(0x7f0000000a80)="$eJzs0L9rE2Ecx/H397knv4QqUXGoYAMWzwuV3l3VwSk4RciBQxfBoKE9m+JFTS+DLS24SEGq/Rd0qqMKOokoOFcHwUHPpZs0QnFw0kiSi+Df0Oc13Oe+H7h7Hr7NuB3ngN97q3NUGLA4yEcEDUzIsFNqmK/S+Xuam8PgYjpvpPk0zfF4eeVmI4rCpdKFEsX/CuDnoPtXxc85pugKFeTz3upcQ64H9Cq01HxAsUb5IVadtvOIcT3G0WtY9OwNLinaYtfg0HSndWc6Xl45s9hqLIQL4S3fnznvnnXdc39+QBS6LxHngSges4YTkAsoOGtk6tzf1geYEsRpqsSScpdsnc1t6/TJqS7K2aVHgbd2l9xX3SypWU6Rv9q/fJUjwhOsgMkaBYXmxmIUulXksnohnv6kf2VmPwAluB3Nr19RebJbFdnNi7dDxvbwyx4z/dVwmHesJ0wmVBO2Ena+MSGv+6eM9qrv9Z/P0uk4JyDL3Uans+Rl4b3oAN8O8IswNvidGtyrCG/Sb9Lgy+jFMAzDMAzDMAzD2Af+BgAA//9l3mPp") 6.195715571s ago: executing program 4 (id=797): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x2, 0x2, 0x4}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000bc0)={r2, 0x0, 0x0}, 0x10) 6.098138944s ago: executing program 1 (id=798): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000080)={@val={0x0, 0x88e7}, @void, @eth={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x1, 0x5, 0x14, 0x6b, 0x0, 0x9, 0x84, 0x0, @broadcast, @multicast1}}}}}}, 0x26) 5.883333575s ago: executing program 4 (id=799): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000340)=0x0) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) readv(r1, &(0x7f0000000300)=[{&(0x7f0000000840)=""/4080, 0xff0}], 0x1) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 5.482490922s ago: executing program 1 (id=800): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000340)='environ\x00') r1 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) close(0x3) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) syz_usb_disconnect(r1) ioctl$SG_BLKTRACETEARDOWN(r0, 0x1276, 0x0) 4.723629715s ago: executing program 4 (id=802): timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) r1 = fanotify_init(0x200, 0x0) read(r1, 0x0, 0x0) 4.14332065s ago: executing program 5 (id=803): ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0xffffffff, 0xc9a, 0xfffff001, 0x6, 0x18, "5cadf0fa59ebc3cef90ac43c5c135252e5d962"}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x1c, 0x10, &(0x7f0000000380)=ANY=[], 0x0, 0x1000, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x2641, &(0x7f0000000040)={0x0, 0x1254, 0x1c080, 0x1, 0x20002f7}) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 3.468970028s ago: executing program 4 (id=804): sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_mount_image$exfat(&(0x7f00000005c0), &(0x7f0000000240)='./bus\x00', 0x801, &(0x7f0000000600)=ANY=[], 0x41, 0x14fe, &(0x7f0000000700)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==") 3.452614565s ago: executing program 5 (id=805): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x8000, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000009003940422c021664da010203010902120001000000040904"], 0x0) close(0x3) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) 3.223966893s ago: executing program 1 (id=806): socket$kcm(0x10, 0x2, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) 3.20582891s ago: executing program 0 (id=736): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x1) io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 2.830125752s ago: executing program 0 (id=807): pipe2$9p(&(0x7f0000000400), 0x80800) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000004"], 0x50) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 2.496800982s ago: executing program 0 (id=808): timer_create(0x3, 0x0, &(0x7f00000001c0)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) socket$key(0xf, 0x3, 0x2) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x2010009, &(0x7f00000001c0), 0xfc, 0x553, &(0x7f00000009c0)="$eJzs3c9rJFkdAPBvddKZzExmk1UPOrDr4q7MLDrdk427GzysK4ieFsT1PsakJ4TppIekszsJi3b+AkFEBU968SL4Bwgy4MWjCAN6VlhRRGcV9LBOSXVXJ7FTnfSMnfQk+Xygpt6rH/39vkxeparrURXAufVCRLwZEY/SNH05Iqbz5aV8ilZnyrb74OF7i9mURJq+/bckknxZtlmapmn3My/nu01GxNe+EvHNZF/AyXy+tX1noV6vrefVanP1bnVja/vGyurCcm25tjY3N/va/Ovzr87fHEo7r0TEG1/60/e/89Mvv/HLz777x1t/uf6tLK2pfH23HU9g/LCVnaaXL0z27LD+hMGeRll7yh/mlYuD7bNznAkBANBXdo7/kYj4VES8HNMxdvjpLAAAAHAKpV+Yig+Tzv27AhN9lgMAAACnSKk9BjYpVfKxAFNRKlUqnTG8H4tLpXpjo/mZ243NtaXOWNmZKJdur9RrN/OxwjNRTrL6bLu8V3+lpz4XEc9GxPemL7brlcVGfWnUX34AAADAOXG55/r/n9Od6//DJSeTHAAAADA8M6NOAAAAADh2rv8BAADgTCuPOgEAAADg2H31rbeyKe2+/3rpna3NO413bizVNu5UVjcXK4uN9buV5UZjuf3MvtWjPq/eaNz9XKxt3qs2axvN6pWt7Vurjc215q2VmDyRBgEAAAAHPPvJ+79PIqL1+YvtKTMx6qSAEzG+W+o+07Og9//hmc78/RNKCjgRYwNs8/6F4uXOE+B0G+9d0KevA2eP8f/AUW/06Dt45zedWWnI+QAAAMN37RPF9/+PPp9vOeWHU04nhvOr5/5/Oj2qRIAT177/P+hAHicLcKaUBxoBCJxl/+/9/6Ol6WMlBAAADN1Ue0pKlfzrvakolSqViCvt1wKWk9sr9drNiHgmIn43Xb6Q1WfbeyZHXjMAAAAAAAAAAAAAAAAAAAAAAAAAAB1pmkQKAAAAnGkRpT8nv+o8y//a9EtTvd8PTCT/br8SeCIi3v3R2z+4t9Bsrs9my/++u7z5w3z5K6P4BgMAAADo1b1Ob8//NepsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADhrPnj43mJ3GmDzi8OK+9cvRsRMUfzxmGzPJ6McEZf+kcT4vv2SiBgbQvzWTkR8vCh+kqW1G7Io/jB+CK2dpJW2FcaPmfynUBT/8hDiw3l2Pzv+vFnU/0vxQnte3P/GI/6n/qT6H/9i9/g31qf/XxkwxtUHP6/2jX91Kq6OFx//uvGTPvFfHCh6Ob7x9e3tfmvTH0dc6/79aR/x9kfYK1Wbq3erG1vbN1ZWF5Zry7W1ubnZ1+Zfn391/mb19kq9lv9bGOO7z/3iUd/270RcKvz7l+TZ9G//SwWfN1aQ/38e3Hv40W6ldTD+9RcL4v/6J/kWB+OX8jifzsvZ+mvdcqtT3u/5n/32+cPav7TX/vLj/P9f7/ehvQ50lOcG+9UBAI7Fxtb2nYV6vbZ+ugoXImLAjbOr9Kci58cvTMRTkcbZLXw7KzwYcOOxOGKbNE3TrE8VrLofEYMklsSQW1oqzmev0PcIMOojEwAAMGx7J/2jzgQAAAAAAAAAAAAAAAAAAADOr5N4ylpvzL1HICfDeIQ2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBQ/DcAAP//fdvZHw==") mount$overlay(0x0, 0x0, 0x0, 0x8, &(0x7f0000000380)) fchownat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xee01, 0xee00, 0x1000) 2.147191028s ago: executing program 1 (id=809): syz_mount_image$reiserfs(&(0x7f0000000180), &(0x7f0000000280)='./file0\x00', 0x1000098, &(0x7f00000002c0), 0xfe, 0x10fd, &(0x7f0000006200)="$eJzs2LFqFFEUBuD/zmyEVCs3/RDQQkGCYX2BFArbWFgLFouVnVsp+zg+jqSyD3mAFAF7ZWYcs4UgYZcEwvfBMJyfuffMLc8NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9GbJoyRHTVKnrElSkq47X14m6ab88fe2Scm7j8v168+LN+vxs/RZk9KvGup6+qTURV3U0/rq6OxpXX/5+qndalnS5eJ6szp8e7XXo/S9273uCAAAAA/Dr53Nbzb7cB/9AQAAgP/Z62UCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwA4OktSpaJKUpOvOl5dJuvv9NQAAAGBHJU3ez/+Vj9cAN17kx7wM+eTnULzMt3H989t3P7j9EgAAAHigytY8/iyzv3N5nx1nlpOTsf7zytVZ0g6TeXK4tc/F9WY1PMebVbnrQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBvduBYAAAAAECYv3UaHRsAAAAAAAAAAAAAAAAAwFABAAD//9Of0YA=") openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x2042, 0x19d) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) r1 = fanotify_init(0xf00, 0x1000) fanotify_mark(r1, 0x105, 0x10000839, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0) 1.629929255s ago: executing program 0 (id=810): syz_mount_image$fuse(0x0, &(0x7f0000000000)='./bus\x00', 0x283016, 0x0, 0x11, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x96) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)={0xf8, 0x0, 0x9, 0x2, 0xfffffffc}) 1.475750847s ago: executing program 5 (id=811): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fdb000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0xa, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x61, &(0x7f0000000140)=[@cr4={0x1, 0x40be6}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.316551108s ago: executing program 0 (id=812): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300) poll(&(0x7f0000000100)=[{r0, 0x8088}], 0x1, 0x9) 669.353231ms ago: executing program 4 (id=813): syz_open_dev$evdev(&(0x7f0000000c00), 0x803, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mount$9p_fd(0x0, &(0x7f00000002c0)='.\x00', &(0x7f0000000040), 0x8000, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x2002) write$evdev(r2, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37) 667.680891ms ago: executing program 5 (id=814): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0xf, &(0x7f00000000c0), 0x4) sendmsg$inet(r1, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x31, &(0x7f0000000640)=r0, 0x4) setsockopt$sock_attach_bpf(r1, 0x1, 0x31, &(0x7f0000000000), 0x4) 410.305314ms ago: executing program 5 (id=815): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000800000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="05000000040000000c0000000b"], 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x1, 0x56d, 0x2}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380)={r1}, 0xc) 404.404363ms ago: executing program 1 (id=816): syz_mount_image$ocfs2(&(0x7f00000026c0), &(0x7f0000004780)='./file0\x00', 0x200000, &(0x7f0000000340)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c636f686572656e63793d66756c6c2c6572726f72733d636f6e74696e75652c6865617274626561743d6e6f6e652c6572726f72733d636f6e74696e75652c6e6f696e74722c67727071756f74612c001796fa694353e3807803df5ea6fd4d6e6a2613d336eb62b863dcd89e37b45f8bd04199a14c48b3e553e035ab300ba3c60c27682a8ab5656969d829535c0862f6e3a35f15fe4d50c0d5c74631344625d6224c436474bb101ff47a14c51e342ca291c09c35d9d31b06b6b86cb9dccae387b5f1e7c5e1d445d52845a3fa4c77234ea9d37c8a277c85e69a85cc6ffeb225bebbca91b569b80ee303c9a21c58db5d96fb87f1713e0e9b896e37becae2e7a978259a0847e9fb08dcb8b9f84f616463da2507db1b3489769e99"], 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzZ1ezmybb/UibpOnHJBFctCybPlXrQ1yrNpo2H9pWU2Wd3Ww3q7M76+6MFgxSgyAKghIEFT+oCqUvtSAG+lKLUPADaRVKRdH6IlKogg8GbaArM3Nvdu6d2d7JTtLS9veDdvaee8+5Z/a/99w590wKseqphdXiwmqxtFSszN6/ekvxc5VybXEuFF4lr/X56c6VyEn2r50j7/vAR+65JYQ/HPvah9bW1tZC3XDo6EDLz+f/fXq29TVRyNSpt9u5taY/1h556edveaUj8pwIIexo61ddXwjhY78IYUsIYSQuG41fB0MI20IIUQjh0d/868cDvXShxdl7X3ju2JnD+85MPf7YMxfmj254YBTCd8u7b55ffHF/323Pv+MynR4AAF7RB48fufvo5IHwZBSGzvW3f17fGb8mn4/vfNun7nq4f33/Gt3pexVDBQAAgIz1+f9w9HKH9bpkZS1ZEnzigRN3PxWt7zexfX07dNeR298/eSBe/43a9t8aF/3zvX2NNdTsum92/XckU7/z+u/6eR7+6rO/XHrr5vuf9C8573CIChOp7UJhYiKEY1PN7V3R1kK5slp95/2V2tLJzZ/3jSKdf3b1fn1Bv9v8RzPV89b/d3/i8z8b7O/lHYyF7F9tfbvY/qdMB+n8Nx7Lf/KlqKv8xzL18vK/4+nt53+1pZd3kD0jlyKdf/NC3Nd6QLE5ANTz/2Z/fv47Mu3n5f/9qXOPntjE93/q48xwVO/rQGoEeDku3+ArTGSk828GkRo641/kRtf//zL5X5NpPy//Oyv/+N3ferj/bzT+j0/10uabRzr/ZhDF1BHr1/9IIf/6vzbTfl7+vz3152c/2dO9uj3/ev/H3f+7ks4/vhGnB8/Gb7Lb8X9npv28/HeN3ffQwib6/eHBuJ9DURhr+dbpufotbGh9vboxpanvXt7ESd4E0vk3f2upS2eo+dK4/ofzx/9dmfbz8n9oz9ffc7qn7/92Hv8njf9dSec/2Ci7lPxfyuS/O9N+Xv4/PP33v9x3mcf/+vZB+Xclnf/Wtv3rz38KXc3/rsvUz3v+s2/0qUf+2sP8P+lfct7k+U/yHGI8aj7/obN0/ldteFy39/89mXp51/+3/vP80/t7Gf+jAU8AepDOf1uzsMMEsNv8r8+0n5f/F+758sf/tIn5X+MT30CSf8v8f0uz/Kjxvyvp/Lc3C1P/GOrBxv8b9/+oPff/ZvK/IdN+Xv4XDk30f+Uy3//r/R/v8Cibdun8hzY8rp7/77u4/9+YqZeX/xf3/vTFm3v6/B/CpLn+pqXzv3rD4xrX/0B+/jdl6uXl/51v/PqJB3vo/9t7qEs2/+a9PnU5xZ/Nu53/FzPt5+X/o/HzZ/dfgfnfre7/XUnn31w1v5T8s/P/vZn28/L/3pEfrPRfgec/d8gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgU0bj1+EQFSZS24XCxEQIY/H2rrA1mimdnJ4pV2Y/sxrCjri8GEaj+XJlplSeXliqnJybLpXLldkQron37wgD0Wq5Up1eLC1fe7GtwejUXGmlOjNXqoYQdsbl14ftSVszC9XF0nLj2KTOVVHps7VKtTRRW51bCbsvlm9LyudXKrXl6y62dXWhsrJ8qrQ0fXJh5d2Tk5OTYc/FPo9Ecw9U55aqzd4299brJHWHo5Y309h9Q8v5Pl2prSyVyo3yG1vqlCuzpXJLnZtazlddqS3Nlqpz0+XKfHK+YkvdlvfW2L033jceRlLvL6mbdTB+vf3Q8Y8eP3ygbX8xSue9VFucm9ze+W8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDeuJ29717dDCH3NrUII4WDyQxT/l3L23heeO3bm8L4zU48/9syF+aOdjgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh535equjiOACfGd/7WiCltBFyGRgiojsJC/pFJJXXyJZtWge1SsigKDCMaFkQBEHtooKgVVD5F0QtXLaqNrVoYRBBxehMXu4IN7zQMed5YDgzzL1nvjBw78z5HA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD6cXbHYlfWXtq1eWnr7g+hMz/3fwhhNFne/7y3I/SEEL5+mTkdVmkLPU39v5mcGy9fNfm9t3/84fXRZO31F98trtsdknSo4XhnkqZDQ2vvf6O6M/hsejAJIY1dCFEsjD05UwshdMQuhCh+fpy/mP2+/xe7EKLo/3C3K7v/tdiFEMXW3Z/6avkzHtVzvn5hsPG/v9UjeBuP6KxDb09eeZe6qZX3Mn//T/LN+2A1zJ448v557CKIZnZu6mjsGgAAgL/rXIv8P2xZ3r9/OQk93eXc/1tT/t/b1P/q+f+Ke9tvjM20FUJsK41NZsfD+9rpc+M7NXD19uua8Z6qkv9Xm/y/2uT/1Sb/rzb5f7XJ/8m8kv9X0uObexZfxC6CaOT/AABQPYeOT0zVh0eyl/9NPzrLeX1f3tbzPP3BremBRw3jRvLDf9vhYxMHDg6P5Pe9PCC4sv5DunT2ez7fo7ktTDbNu2i1/kPv04X5a53lT9T/cP5GUV9xXes/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/2J17GgbBKAyj321F1EarogkLPwk+0MCIAKQwowEdTBiAgRBQwEDOWe5NnuUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnu9f5XXx/aUx0muNSFPZZdf+OZ5mP3PfDsv77HHjVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjYgQMZAAAAAGH+1nm0HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKcCAAD//wTsyzo=") syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0xc800, 0x0, 0x1, 0x0, &(0x7f0000000000)) openat(0xffffffffffffff9c, 0x0, 0x42, 0x8) r0 = open(&(0x7f0000000080)='./file1\x00', 0x66842, 0x90) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x1}], 0x1, 0x0, 0x0, 0xa) syz_open_procfs(0x0, 0x0) 197.877676ms ago: executing program 5 (id=817): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000fea000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fec000/0x14000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x1c79, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xd9}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 134.859924ms ago: executing program 4 (id=818): socket$packet(0x11, 0x3, 0x300) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth1_to_bond\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r1, {}, {0x0, 0xfff1}, {0x0, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0xc015}, 0x0) 0s ago: executing program 0 (id=819): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff4000/0xa000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) io_uring_setup(0xac9, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x10000008, 0x11b}) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000040)={0xaeee, 0x5, 0x5, 0x4}, &(0x7f0000000080)=0x10) sendmmsg(r0, &(0x7f0000000740)=[{{&(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0xf276, @loopback, 0xa, 0x3}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000000)='B', 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x36}}], 0x2, 0x40804) kernel console output (not intermixed with test programs): 129.066538][ T5769] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 129.075296][ T5769] Bluetooth: hci3: Injecting HCI hardware error event [ 129.086840][ T5769] Bluetooth: hci3: hardware error 0x00 [ 129.193483][ T6903] loop4: detected capacity change from 0 to 1024 [ 129.212447][ T6903] EXT4-fs: Ignoring removed orlov option [ 129.296579][ T5821] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 129.327242][ T6903] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.456464][ T6910] loop1: detected capacity change from 0 to 1764 [ 129.496962][ T5821] usb 4-1: Using ep0 maxpacket: 32 [ 129.503948][ T6399] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.553877][ T5821] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.585404][ T5821] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.623450][ T5821] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 129.646137][ T1188] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 129.666291][ T5821] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.682782][ T5821] usb 4-1: config 0 descriptor?? [ 129.700187][ T5821] hub 4-1:0.0: USB hub found [ 129.846806][ T1188] usb 1-1: Using ep0 maxpacket: 8 [ 129.888767][ T1188] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 129.906035][ T1188] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 129.925040][ T5821] hub 4-1:0.0: 1 port detected [ 129.932080][ T1188] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 129.963636][ T1188] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 129.983862][ T1188] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 130.014973][ T1188] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 130.045695][ T1188] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.293077][ T1188] usb 1-1: usb_control_msg returned -32 [ 130.305190][ T1188] usbtmc 1-1:16.0: can't read capabilities [ 130.539757][ T1188] hub 4-1:0.0: activate --> -90 [ 130.768088][ T6922] loop1: detected capacity change from 0 to 32768 [ 130.786463][ T6922] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 16 [ 130.891913][ T5756] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 16 [ 130.950685][ T5821] usb 4-1: USB disconnect, device number 5 [ 131.087290][ T6924] usbtmc 1-1:16.0: usb_control_msg returned -32 [ 131.136225][ T5769] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 131.218790][ T27] usb 1-1: USB disconnect, device number 6 [ 131.741305][ T6926] loop4: detected capacity change from 0 to 32768 [ 131.755313][ T6926] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 10 [ 131.787976][ T6926] overlayfs: overlapping lowerdir path [ 131.921134][ T5756] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 10 [ 132.457112][ T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 132.658598][ T9] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 132.679858][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.711170][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 132.746128][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 132.777846][ T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 132.788658][ T9] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 132.830948][ T9] usb 1-1: Manufacturer: syz [ 132.867262][ T9] usb 1-1: config 0 descriptor?? [ 133.295484][ T9] appleir 0003:05AC:8243.0003: unknown main item tag 0x0 [ 133.336931][ T9] appleir 0003:05AC:8243.0003: No inputs registered, leaving [ 133.372935][ T9] appleir 0003:05AC:8243.0003: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 133.416581][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.423055][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.478560][ T6944] loop1: detected capacity change from 0 to 40427 [ 133.560469][ T6944] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 133.575626][ T6944] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 133.592035][ T6947] loop4: detected capacity change from 0 to 32768 [ 133.608451][ T6944] F2FS-fs (loop1): invalid crc value [ 133.681283][ T6947] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 133.729618][ T6947] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 133.775341][ T6947] BTRFS info (device loop4): setting nodatacow, compression disabled [ 133.820557][ T6947] BTRFS info (device loop4): setting datasum, datacow enabled [ 133.848495][ T5821] usb 1-1: USB disconnect, device number 7 [ 133.858593][ T6947] BTRFS info (device loop4): force clearing of disk cache [ 133.883865][ T6947] BTRFS info (device loop4): enabling ssd optimizations [ 133.908468][ T6947] BTRFS info (device loop4): using spread ssd allocation scheme [ 133.925892][ T6944] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 133.936375][ T6947] BTRFS info (device loop4): turning on sync discard [ 133.943137][ T6947] BTRFS info (device loop4): turning off barriers [ 133.966556][ T6944] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 133.994614][ T6947] BTRFS info (device loop4): enabling auto defrag [ 134.029970][ T6947] BTRFS info (device loop4): not using ssd optimizations [ 134.055638][ T6947] BTRFS info (device loop4): not using spread ssd allocation scheme [ 134.070301][ T6947] BTRFS info (device loop4): using free space tree [ 134.087192][ T6944] overlayfs: failed to clone lowerpath [ 134.154722][ T5761] syz-executor: attempt to access beyond end of device [ 134.154722][ T5761] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 134.205074][ T6947] BTRFS info (device loop4): rebuilding free space tree [ 134.222481][ T5761] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 134.411929][ T28] audit: type=1800 audit(1772556474.954:11): pid=6947 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.241" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 134.484835][ T6947] BTRFS info (device loop4): balance: start -sconvert=raid0,soft [ 134.509574][ T28] audit: type=1800 audit(1772556475.054:12): pid=6979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.241" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 134.588211][ T6947] BTRFS info (device loop4): relocating block group 1048576 flags system [ 134.946837][ T6947] BTRFS info (device loop4): balance: ended with status: 0 [ 135.089575][ T6399] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 135.793593][ T6999] ip6erspan1: entered allmulticast mode [ 135.896072][ T1188] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 136.041122][ T7004] "syz.4.252" (7004) uses obsolete ecb(arc4) skcipher [ 136.106156][ T1188] usb 1-1: Using ep0 maxpacket: 32 [ 136.117659][ T1188] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 136.155788][ T1188] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 136.190595][ T1188] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 136.212002][ T1188] usb 1-1: Product: syz [ 136.223205][ T1188] usb 1-1: Manufacturer: syz [ 136.235518][ T1188] usb 1-1: SerialNumber: syz [ 136.264254][ T1188] usb 1-1: config 0 descriptor?? [ 136.288926][ T6995] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 137.498719][ T7016] loop1: detected capacity change from 0 to 32768 [ 137.540795][ T7016] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.257 (7016) [ 137.581355][ T7016] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 137.607275][ T7016] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 137.636168][ T7016] BTRFS info (device loop1): setting nodatacow, compression disabled [ 137.661092][ T7016] BTRFS info (device loop1): setting datasum, datacow enabled [ 137.678783][ T7016] BTRFS info (device loop1): force clearing of disk cache [ 137.709355][ T7016] BTRFS info (device loop1): enabling ssd optimizations [ 137.734695][ T7016] BTRFS info (device loop1): using spread ssd allocation scheme [ 137.755878][ T7016] BTRFS info (device loop1): turning on sync discard [ 137.778841][ T7016] BTRFS info (device loop1): turning off barriers [ 137.797198][ T7016] BTRFS info (device loop1): enabling auto defrag [ 137.846133][ T7016] BTRFS info (device loop1): not using ssd optimizations [ 137.874947][ T7016] BTRFS info (device loop1): not using spread ssd allocation scheme [ 137.905767][ T7016] BTRFS info (device loop1): using free space tree [ 138.004060][ T7016] BTRFS info (device loop1): rebuilding free space tree [ 138.175122][ T28] audit: type=1800 audit(1772556478.714:13): pid=7016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.257" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 138.196341][ T1188] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 138.231616][ T7016] BTRFS info (device loop1): balance: start -sconvert=raid0,soft [ 138.260728][ T7016] BTRFS info (device loop1): relocating block group 1048576 flags system [ 138.269598][ T28] audit: type=1800 audit(1772556478.804:14): pid=7050 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.257" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 138.398484][ T1188] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 138.426823][ T1188] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 138.454388][ T1188] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 138.467639][ T1188] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 138.486681][ T1188] usb 4-1: SerialNumber: syz [ 138.617657][ T7016] BTRFS info (device loop1): balance: ended with status: 0 [ 138.661825][ T5770] usb 1-1: USB disconnect, device number 8 [ 138.739093][ T1188] usb 4-1: 0:2 : does not exist [ 138.765594][ T1188] usb 4-1: unit 5: unexpected type 0x09 [ 138.841554][ T1188] usb 4-1: USB disconnect, device number 6 [ 139.224003][ T5761] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 139.578683][ T7061] loop4: detected capacity change from 0 to 8192 [ 139.651761][ T7061] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 139.686319][ T7061] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 139.699346][ T7061] REISERFS (device loop4): using ordered data mode [ 139.709716][ T7061] reiserfs: using flush barriers [ 139.762992][ T7061] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 7, max trans age 7 [ 139.786195][ T7061] REISERFS (device loop4): checking transaction log (loop4) [ 139.803015][ T7061] REISERFS (device loop4): Using r5 hash to sort names [ 139.820367][ T7061] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 139.886534][ T7061] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 140.148219][ T7075] loop1: detected capacity change from 0 to 512 [ 140.289738][ T7075] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2853: Unable to expand inode 17. Delete some EAs or run e2fsck. [ 140.359812][ T7075] EXT4-fs (loop1): 1 truncate cleaned up [ 140.382416][ T7075] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.525841][ T5761] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.747130][ T7086] loop8: detected capacity change from 0 to 8 [ 140.791162][ T7086] Dev loop8: unable to read RDB block 8 [ 140.811733][ T2907] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.823026][ T7086] loop8: unable to read partition table [ 140.829533][ T7086] loop8: partition table beyond EOD, truncated [ 140.846034][ T7086] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 140.979169][ T2907] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.154115][ T2907] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.332437][ T2907] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.825205][ T7104] loop4: detected capacity change from 0 to 164 [ 141.852113][ T7088] loop1: detected capacity change from 0 to 32768 [ 141.920393][ T7088] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.276 (7088) [ 141.987043][ T7088] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 142.045716][ T7088] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 142.073834][ T7088] BTRFS info (device loop1): setting nodatacow, compression disabled [ 142.088374][ T7088] BTRFS info (device loop1): setting datasum, datacow enabled [ 142.105000][ T5774] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 142.106952][ T7088] BTRFS info (device loop1): force clearing of disk cache [ 142.121924][ T5774] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 142.134555][ T7088] BTRFS info (device loop1): enabling ssd optimizations [ 142.142805][ T5774] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 142.151430][ T7088] BTRFS info (device loop1): using spread ssd allocation scheme [ 142.159254][ T7088] BTRFS info (device loop1): turning on sync discard [ 142.171082][ T7088] BTRFS info (device loop1): turning off barriers [ 142.171328][ T5774] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 142.185735][ T7088] BTRFS info (device loop1): enabling auto defrag [ 142.192864][ T5774] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 142.200250][ T5774] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 142.207460][ T7088] BTRFS info (device loop1): not using ssd optimizations [ 142.217332][ T7088] BTRFS info (device loop1): not using spread ssd allocation scheme [ 142.236238][ T7088] BTRFS info (device loop1): using free space tree [ 142.440703][ T7088] BTRFS info (device loop1): rebuilding free space tree [ 142.565228][ T9] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 142.622221][ T28] audit: type=1800 audit(1772556483.164:15): pid=7088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.276" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 142.700406][ T7088] BTRFS info (device loop1): balance: start -sconvert=raid0,soft [ 142.758629][ T28] audit: type=1800 audit(1772556483.284:16): pid=7138 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.276" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 142.788461][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 142.796914][ T7088] BTRFS info (device loop1): relocating block group 1048576 flags system [ 142.809535][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 142.828594][ T9] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 142.870012][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.919282][ T9] usb 5-1: config 0 descriptor?? [ 142.946979][ T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 142.954054][ T9] dvb-usb: bulk message failed: -22 (3/0) [ 143.028650][ T9] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 143.078986][ T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 143.109312][ T9] usb 5-1: media controller created [ 143.176041][ T7115] dibusb: i2c wr: len=90 is too big! [ 143.176041][ T7115] [ 143.184950][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 143.276838][ T7088] BTRFS info (device loop1): balance: ended with status: 0 [ 143.327760][ T9] dvb-usb: bulk message failed: -22 (6/0) [ 143.366683][ T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 143.420908][ T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input5 [ 143.447465][ T9] dvb-usb: schedule remote query interval to 150 msecs. [ 143.464868][ T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 143.490371][ T9] usb 5-1: USB disconnect, device number 5 [ 143.588803][ T5761] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 143.694332][ T7110] chnl_net:caif_netlink_parms(): no params data found [ 143.697618][ T9] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 144.336293][ T5769] Bluetooth: hci3: command tx timeout [ 144.590265][ T7166] netlink: 'syz.0.294': attribute type 1 has an invalid length. [ 144.702549][ T7166] 8021q: adding VLAN 0 to HW filter on device bond1 [ 144.820793][ T7167] bond1: (slave geneve2): making interface the new active one [ 144.843137][ T7167] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 144.910193][ T7158] loop4: detected capacity change from 0 to 32768 [ 144.954674][ T7158] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 scanned by syz.4.291 (7158) [ 145.001071][ T7158] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 145.056913][ T7158] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 145.067809][ T7158] BTRFS info (device loop4): force zlib compression, level 3 [ 145.097835][ T7158] BTRFS info (device loop4): using free space tree [ 145.262554][ T7110] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.276224][ T7110] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.284560][ T7110] bridge_slave_0: entered allmulticast mode [ 145.291201][ T7158] BTRFS info (device loop4): enabling ssd optimizations [ 145.299343][ T7158] BTRFS info (device loop4): auto enabling async discard [ 145.323421][ T7110] bridge_slave_0: entered promiscuous mode [ 145.406530][ T7110] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.413695][ T7110] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.469510][ T7110] bridge_slave_1: entered allmulticast mode [ 145.478313][ T7110] bridge_slave_1: entered promiscuous mode [ 145.562340][ T2907] hsr_slave_0: left promiscuous mode [ 145.598420][ T2907] hsr_slave_1: left promiscuous mode [ 145.621632][ T2907] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 145.630792][ T6399] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 145.655402][ T2907] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 145.683127][ T2907] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 145.728665][ T2907] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 145.753099][ T2907] bridge_slave_1: left allmulticast mode [ 145.760106][ T2907] bridge_slave_1: left promiscuous mode [ 145.765890][ T2907] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.828006][ T2907] bridge_slave_0: left allmulticast mode [ 145.833777][ T2907] bridge_slave_0: left promiscuous mode [ 145.844807][ T5756] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 10 /dev/loop4 scanned by udevd (5756) [ 145.870952][ T2907] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.991479][ T2907] veth1_macvtap: left promiscuous mode [ 145.997424][ T2907] veth0_macvtap: left promiscuous mode [ 146.003095][ T2907] veth1_vlan: left promiscuous mode [ 146.023324][ T2907] veth0_vlan: left promiscuous mode [ 146.416428][ T5769] Bluetooth: hci3: command tx timeout [ 147.008387][ T2907] team0 (unregistering): Port device team_slave_1 removed [ 147.065299][ T2907] team0 (unregistering): Port device team_slave_0 removed [ 147.123394][ T2907] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 147.182305][ T2907] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 147.699248][ T2907] bond0 (unregistering): Released all slaves [ 147.847231][ T7110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.885699][ T7110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.981684][ T7110] team0: Port device team_slave_0 added [ 148.010054][ T7110] team0: Port device team_slave_1 added [ 148.062024][ T7110] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 148.091406][ T7110] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.145455][ T7110] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 148.162521][ T7110] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 148.175728][ T7110] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.212728][ T7110] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 148.324321][ T7110] hsr_slave_0: entered promiscuous mode [ 148.331283][ T7110] hsr_slave_1: entered promiscuous mode [ 148.354642][ T7110] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 148.382315][ T7110] Cannot create hsr debugfs directory [ 148.496334][ T5769] Bluetooth: hci3: command tx timeout [ 148.671132][ T7110] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 148.689741][ T7110] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 148.704147][ T7110] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 148.721187][ T7110] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 148.871176][ T7110] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.925632][ T7110] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.944483][ T1012] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.951856][ T1012] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.990313][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.998186][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.434393][ T7110] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.989261][ T7110] veth0_vlan: entered promiscuous mode [ 150.032261][ T7110] veth1_vlan: entered promiscuous mode [ 150.074292][ T7110] veth0_macvtap: entered promiscuous mode [ 150.091950][ T7110] veth1_macvtap: entered promiscuous mode [ 150.134162][ T7110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.166044][ T7110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.186371][ T7110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.200061][ T7110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.211280][ T7110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.222471][ T7110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.237311][ T7110] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 150.265601][ T7110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.279846][ T7110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.293949][ T7110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.309876][ T7110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.320537][ T7110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.336598][ T7110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.348556][ T7110] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 150.374183][ T7110] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.391607][ T7110] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.401608][ T7110] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.411071][ T7110] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.538857][ T1012] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.552951][ T1012] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.576288][ T5769] Bluetooth: hci3: command tx timeout [ 150.639828][ T1012] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.653589][ T1012] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.909653][ T7271] loop1: detected capacity change from 0 to 1024 [ 150.970969][ T7271] EXT4-fs (loop1): bad geometry: first data block is 0 with a 1k block and cluster size [ 151.900476][ T7298] Zero length message leads to an empty skb [ 151.969177][ T7276] loop5: detected capacity change from 0 to 32768 [ 152.016605][ T7276] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.297 (7276) [ 152.096513][ T7276] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 152.114484][ T7276] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 152.143449][ T7276] BTRFS info (device loop5): setting nodatacow, compression disabled [ 152.167066][ T7276] BTRFS info (device loop5): setting datasum, datacow enabled [ 152.174903][ T7276] BTRFS info (device loop5): force clearing of disk cache [ 152.187266][ T7276] BTRFS info (device loop5): enabling ssd optimizations [ 152.197691][ T7276] BTRFS info (device loop5): using spread ssd allocation scheme [ 152.207059][ T7276] BTRFS info (device loop5): turning on sync discard [ 152.214790][ T7276] BTRFS info (device loop5): turning off barriers [ 152.239512][ T7276] BTRFS info (device loop5): enabling auto defrag [ 152.254003][ T7276] BTRFS info (device loop5): not using ssd optimizations [ 152.316016][ T7276] BTRFS info (device loop5): not using spread ssd allocation scheme [ 152.324143][ T7276] BTRFS info (device loop5): using free space tree [ 152.591129][ T5799] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 152.654504][ T7331] netlink: 28 bytes leftover after parsing attributes in process `syz.4.309'. [ 152.668067][ T7276] BTRFS info (device loop5): rebuilding free space tree [ 152.871005][ T5799] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 152.871061][ T5799] usb 1-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 152.871085][ T5799] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.876870][ T5799] usb 1-1: config 0 descriptor?? [ 152.892761][ T5799] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 152.921398][ T28] audit: type=1800 audit(1772556493.464:17): pid=7276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.297" name="file1" dev="loop5" ino=260 res=0 errno=0 [ 152.978562][ T7276] BTRFS info (device loop5): balance: start -sconvert=raid0,soft [ 152.981180][ T7276] BTRFS info (device loop5): relocating block group 1048576 flags system [ 153.003629][ T28] audit: type=1800 audit(1772556493.544:18): pid=7338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.297" name="file1" dev="loop5" ino=260 res=0 errno=0 [ 153.231919][ T7276] BTRFS info (device loop5): balance: ended with status: 0 [ 153.732670][ T7110] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 154.072512][ T7351] loop1: detected capacity change from 0 to 128 [ 154.154214][ T7351] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 154.242180][ T7354] loop4: detected capacity change from 0 to 2048 [ 154.370550][ T7354] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 154.407005][ T7354] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.515011][ T7354] fs-verity: sha512 using implementation "sha512-avx2" [ 154.585771][ T7354] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.314: bg 0: block 345: padding at end of block bitmap is not set [ 154.621477][ T7354] fs-verity (loop4, inode 13): Error -117 writing Merkle tree block 0 [ 154.646139][ T7354] fs-verity (loop4, inode 13): Error -117 building Merkle tree [ 154.823894][ T6399] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.000218][ T7372] syz.5.316 uses obsolete (PF_INET,SOCK_PACKET) [ 155.238974][ T1188] usb 1-1: USB disconnect, device number 9 [ 155.683991][ T7388] af_packet: tpacket_rcv: packet too big, clamped from 4260 to 3952. macoff=96 [ 156.294772][ T7397] use of bytesused == 0 is deprecated and will be removed in the future, [ 156.332105][ T7397] use the actual size instead. [ 156.429360][ T7374] loop4: detected capacity change from 0 to 40427 [ 156.476798][ T7374] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 156.484606][ T7374] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 156.559096][ T7374] F2FS-fs (loop4): Found nat_bits in checkpoint [ 156.674073][ T7406] netlink: 104 bytes leftover after parsing attributes in process `syz.5.324'. [ 156.747242][ T7374] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 156.754335][ T7374] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 156.772219][ T7389] loop1: detected capacity change from 0 to 32768 [ 156.836171][ T7389] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.321 (7389) [ 156.951335][ T7389] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 157.014919][ T7389] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 157.047583][ T7389] BTRFS info (device loop1): setting nodatacow, compression disabled [ 157.090143][ T7389] BTRFS info (device loop1): setting datasum, datacow enabled [ 157.114278][ T6399] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 157.123942][ T7389] BTRFS info (device loop1): force clearing of disk cache [ 157.163775][ T7389] BTRFS info (device loop1): enabling ssd optimizations [ 157.186001][ T6399] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 157.193616][ T6399] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 157.208828][ T7389] BTRFS info (device loop1): using spread ssd allocation scheme [ 157.253511][ T7389] BTRFS info (device loop1): turning on sync discard [ 157.279900][ T7389] BTRFS info (device loop1): turning off barriers [ 157.298433][ T6399] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 157.310048][ T7389] BTRFS info (device loop1): enabling auto defrag [ 157.328782][ T6399] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 157.346041][ T7389] BTRFS info (device loop1): not using ssd optimizations [ 157.358418][ T7389] BTRFS info (device loop1): not using spread ssd allocation scheme [ 157.366660][ T6399] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 157.375183][ T6399] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 157.404079][ T7389] BTRFS info (device loop1): using free space tree [ 157.599931][ T7389] BTRFS info (device loop1): rebuilding free space tree [ 157.703804][ T28] audit: type=1800 audit(1772556498.244:19): pid=7389 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.321" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 157.721897][ T7389] BTRFS info (device loop1): balance: start -sconvert=raid0,soft [ 157.766456][ T28] audit: type=1800 audit(1772556498.304:20): pid=7441 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.321" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 157.813674][ T7389] BTRFS info (device loop1): relocating block group 1048576 flags system [ 158.139308][ T7389] BTRFS info (device loop1): balance: ended with status: 0 [ 158.449561][ T5761] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 158.732360][ T7457] vivid-001: disconnect [ 158.756154][ T7456] vivid-001: reconnect [ 159.421960][ T7466] syzkaller1: entered promiscuous mode [ 159.440041][ T7466] syzkaller1: entered allmulticast mode [ 159.457648][ T7466] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 324 [ 159.516556][ T7454] loop4: detected capacity change from 0 to 32768 [ 159.544065][ T7454] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.331 (7454) [ 159.619952][ T7454] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 159.650168][ T7454] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 159.658560][ T7459] loop0: detected capacity change from 0 to 32768 [ 159.665880][ T7454] BTRFS info (device loop4): setting nodatacow, compression disabled [ 159.680670][ T7454] BTRFS info (device loop4): force clearing of disk cache [ 159.693642][ T7454] BTRFS info (device loop4): enabling ssd optimizations [ 159.715345][ T7454] BTRFS info (device loop4): using spread ssd allocation scheme [ 159.723639][ T7454] BTRFS info (device loop4): turning off barriers [ 159.743384][ T7454] BTRFS info (device loop4): disabling free space tree [ 159.748809][ T7459] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 159.751106][ T7454] BTRFS info (device loop4): not using ssd optimizations [ 159.766262][ T7454] BTRFS info (device loop4): not using spread ssd allocation scheme [ 159.812597][ T7459] XFS (loop0): Ending clean mount [ 159.993772][ T7454] BTRFS info (device loop4): rebuilding free space tree [ 160.061811][ T7496] binder: 7489:7496 ioctl c0306201 2000000001c0 returned -14 [ 160.080766][ T7454] BTRFS info (device loop4): disabling free space tree [ 160.108590][ T7454] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 160.134290][ T7454] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 160.143381][ T5765] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 160.530825][ T6399] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 160.839244][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880662a6000: rx timeout, send abort [ 160.850942][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880662a6000: 0x20000: (3) A timeout occurred and this is the connection abort to close the session. [ 161.012029][ T27] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 161.096073][ T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 161.146474][ T27] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 161.328599][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 161.342514][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 161.369559][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 161.417303][ T9] usb 5-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 161.438321][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.468771][ T9] usb 5-1: config 0 descriptor?? [ 161.684907][ T7503] loop0: detected capacity change from 0 to 32768 [ 161.741781][ T7503] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.339 (7503) [ 161.783836][ T7503] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 161.812391][ T7503] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 161.839628][ T7503] BTRFS info (device loop0): setting nodatacow, compression disabled [ 161.901356][ T7503] BTRFS info (device loop0): setting datasum, datacow enabled [ 161.912148][ T9] zydacron 0003:13EC:0006.0005: item fetching failed at offset 0/2 [ 161.942862][ T7503] BTRFS info (device loop0): force clearing of disk cache [ 161.955567][ T9] zydacron 0003:13EC:0006.0005: parse failed [ 161.971688][ T9] zydacron: probe of 0003:13EC:0006.0005 failed with error -22 [ 161.981768][ T7503] BTRFS info (device loop0): enabling ssd optimizations [ 162.002922][ T7503] BTRFS info (device loop0): using spread ssd allocation scheme [ 162.041237][ T7503] BTRFS info (device loop0): turning on sync discard [ 162.067093][ T7503] BTRFS info (device loop0): turning off barriers [ 162.087312][ T7503] BTRFS info (device loop0): enabling auto defrag [ 162.093800][ T7503] BTRFS info (device loop0): not using ssd optimizations [ 162.112205][ T9] usb 5-1: USB disconnect, device number 6 [ 162.126554][ T7503] BTRFS info (device loop0): not using spread ssd allocation scheme [ 162.163968][ T7503] BTRFS info (device loop0): using free space tree [ 162.196147][ T787] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 162.287563][ T7503] BTRFS info (device loop0): rebuilding free space tree [ 162.391957][ T787] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 162.427662][ T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.451191][ T28] audit: type=1800 audit(1772556502.994:21): pid=7503 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.339" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 162.467400][ T787] usb 2-1: config 0 descriptor?? [ 162.508117][ T7503] BTRFS info (device loop0): balance: start -sconvert=raid0,soft [ 162.530065][ T787] cp210x 2-1:0.0: cp210x converter detected [ 162.532157][ T28] audit: type=1800 audit(1772556503.074:22): pid=7545 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.339" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 162.552991][ T7503] BTRFS info (device loop0): relocating block group 1048576 flags system [ 162.944529][ T787] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 163.011559][ T787] usb 2-1: cp210x converter now attached to ttyUSB0 [ 163.061380][ T7503] BTRFS info (device loop0): balance: ended with status: 0 [ 163.183800][ T5765] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 163.213715][ T787] usb 2-1: USB disconnect, device number 4 [ 163.261683][ T787] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 163.318873][ T787] cp210x 2-1:0.0: device disconnected [ 163.492227][ T5756] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 17 /dev/loop0 scanned by udevd (5756) [ 164.512471][ T7560] loop4: detected capacity change from 0 to 32768 [ 164.552053][ T7560] XFS (loop4): DAX unsupported by block device. Turning off DAX. [ 164.577746][ T7560] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 164.648477][ T7560] XFS (loop4): Ending clean mount [ 164.700230][ T7560] XFS (loop4): Quotacheck needed: Please wait. [ 164.989164][ T7560] XFS (loop4): Quotacheck: Done. [ 165.150511][ T7588] loop0: detected capacity change from 0 to 8192 [ 165.162043][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 165.188652][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 165.213774][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 165.233406][ T6399] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 165.245422][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 165.279836][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 165.446529][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 165.694227][ T7598] loop0: detected capacity change from 0 to 1024 [ 165.749689][ T7598] EXT4-fs: Ignoring removed nomblk_io_submit option [ 165.766256][ T1188] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 165.919216][ T7598] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 165.977129][ T1188] usb 2-1: Using ep0 maxpacket: 32 [ 165.992561][ T1188] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 166.006751][ T1188] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 166.080148][ T1188] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 166.103695][ T1188] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 166.141495][ T1188] usb 2-1: config 0 interface 0 has no altsetting 0 [ 166.169810][ T1188] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 166.195963][ T1188] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 166.217092][ T1188] usb 2-1: Product: syz [ 166.231882][ T1188] usb 2-1: Manufacturer: syz [ 166.242225][ T1188] usb 2-1: SerialNumber: syz [ 166.265465][ T1188] usb 2-1: config 0 descriptor?? [ 166.294006][ T1188] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 166.326232][ T1188] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 166.646507][ T1188] usb 2-1: USB disconnect, device number 5 [ 166.652453][ C0] ldusb 2-1:0.0: usb_submit_urb failed (-19) [ 166.665343][ T7596] ldusb 2-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 166.690457][ T1188] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 166.788969][ T5765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.395626][ T7628] loop0: detected capacity change from 0 to 1024 [ 167.420887][ T7628] EXT4-fs: inline encryption not supported [ 167.474120][ T7628] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 167.549240][ T7628] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.621003][ T7628] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4047: comm syz.0.370: Allocating blocks 497-513 which overlap fs metadata [ 167.666526][ T7628] EXT4-fs (loop0): Remounting filesystem read-only [ 167.667101][ T7639] netlink: 'syz.1.371': attribute type 12 has an invalid length. [ 167.736463][ T7639] netlink: 'syz.1.371': attribute type 29 has an invalid length. [ 167.761226][ T7627] EXT4-fs (loop0): pa ffff888076de5000: logic 256, phys. 385, len 8 [ 167.780621][ T7639] netlink: 148 bytes leftover after parsing attributes in process `syz.1.371'. [ 167.820388][ T7639] netlink: 'syz.1.371': attribute type 3 has an invalid length. [ 167.911822][ T5765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.103096][ T7649] netlink: 'syz.1.373': attribute type 1 has an invalid length. [ 168.268262][ T7649] 8021q: adding VLAN 0 to HW filter on device bond1 [ 168.315309][ T7653] bond1: (slave geneve2): making interface the new active one [ 168.348797][ T7653] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 168.435617][ T7658] loop4: detected capacity change from 0 to 256 [ 168.713533][ T7662] loop4: detected capacity change from 0 to 1024 [ 168.745763][ T7662] EXT4-fs: Ignoring removed nomblk_io_submit option [ 168.833196][ T7662] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 168.923445][ T7648] loop0: detected capacity change from 0 to 32768 [ 169.021500][ T7648] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 169.077779][ T7648] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 169.110099][ T7648] BTRFS info (device loop0): setting nodatacow, compression disabled [ 169.133762][ T7648] BTRFS info (device loop0): setting datasum, datacow enabled [ 169.158834][ T7648] BTRFS info (device loop0): force clearing of disk cache [ 169.196023][ T7648] BTRFS info (device loop0): enabling ssd optimizations [ 169.230804][ T7648] BTRFS info (device loop0): using spread ssd allocation scheme [ 169.276114][ T7648] BTRFS info (device loop0): turning on sync discard [ 169.282850][ T7648] BTRFS info (device loop0): turning off barriers [ 169.326031][ T7648] BTRFS info (device loop0): enabling auto defrag [ 169.332599][ T7648] BTRFS info (device loop0): not using ssd optimizations [ 169.394376][ T7648] BTRFS info (device loop0): not using spread ssd allocation scheme [ 169.418990][ T7648] BTRFS info (device loop0): using free space tree [ 169.629188][ T7648] BTRFS info (device loop0): rebuilding free space tree [ 169.685299][ T6399] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.992048][ T28] audit: type=1800 audit(1772556510.524:23): pid=7648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.381" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 170.096914][ T28] audit: type=1800 audit(1772556510.554:24): pid=7704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.381" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 170.380841][ T7709] loop4: detected capacity change from 0 to 1024 [ 170.440391][ T7709] EXT4-fs: inline encryption not supported [ 170.467709][ T7709] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 170.538541][ T5765] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 170.596767][ T7709] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.859057][ T7720] loop1: detected capacity change from 0 to 1024 [ 171.066420][ T7709] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4047: comm syz.4.382: Allocating blocks 497-513 which overlap fs metadata [ 171.176388][ T7709] EXT4-fs (loop4): Remounting filesystem read-only [ 171.318059][ T7708] EXT4-fs (loop4): pa ffff888076ecb740: logic 256, phys. 385, len 8 [ 171.548819][ T6399] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.172538][ T7758] netlink: 'syz.1.392': attribute type 20 has an invalid length. [ 172.206166][ T7758] netlink: 4 bytes leftover after parsing attributes in process `syz.1.392'. [ 172.275257][ T7758] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 172.284930][ T7758] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 172.293880][ T7758] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 172.302690][ T7758] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 172.380660][ T7758] netlink: 'syz.1.392': attribute type 20 has an invalid length. [ 172.396400][ T7758] netlink: 4 bytes leftover after parsing attributes in process `syz.1.392'. [ 172.460024][ T7762] loop4: detected capacity change from 0 to 1024 [ 172.513446][ T7762] EXT4-fs (loop4): bad geometry: first data block is 0 with a 1k block and cluster size [ 172.530401][ T7765] loop5: detected capacity change from 0 to 1024 [ 173.678966][ T7802] loop5: detected capacity change from 0 to 512 [ 173.792509][ T7802] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.895039][ T7802] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 174.121061][ T7793] loop0: detected capacity change from 0 to 32768 [ 174.234632][ T7793] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 174.285253][ T7793] JBD2: Ignoring recovery information on journal [ 174.422781][ T7793] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 174.504472][ T7110] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.814959][ T5765] ocfs2: Unmounting device (7,0) on (node local) [ 175.398296][ T7851] syzkaller1: entered promiscuous mode [ 175.420363][ T7851] syzkaller1: entered allmulticast mode [ 175.716229][ T1188] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 175.922889][ T1188] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 175.976168][ T1188] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.047300][ T1188] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.108789][ T1188] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 176.150562][ T1188] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 176.187558][ T1188] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 176.225132][ T1188] usb 6-1: Manufacturer: syz [ 176.258123][ T1188] usb 6-1: config 0 descriptor?? [ 176.537407][ T7886] loop4: detected capacity change from 0 to 512 [ 176.569816][ T7886] EXT4-fs: Ignoring removed nobh option [ 176.643720][ T7885] loop1: detected capacity change from 0 to 4096 [ 176.654409][ T7886] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.694772][ T7885] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.708265][ T7886] ext4 filesystem being mounted at /69/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 176.723764][ T1188] appleir 0003:05AC:8243.0006: unknown main item tag 0x0 [ 176.737121][ T1188] appleir 0003:05AC:8243.0006: No inputs registered, leaving [ 176.749724][ T1188] appleir 0003:05AC:8243.0006: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 176.951438][ T6399] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.990440][ T5761] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.175342][ T9] usb 6-1: USB disconnect, device number 2 [ 177.294309][ T7906] loop4: detected capacity change from 0 to 1024 [ 177.318994][ T7906] EXT4-fs: Ignoring removed bh option [ 177.385001][ T7906] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 177.643009][ T7915] input: syz0 as /devices/virtual/input/input6 [ 177.674332][ T7918] EXT4-fs error (device loop4): ext4_iget_extra_inode:4732: inode #15: comm syz.4.423: corrupted in-inode xattr: e_value out of bounds [ 177.925681][ T6399] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 178.216176][ T1188] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 178.408075][ T1188] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 178.442979][ T1188] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.483528][ T1188] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.499696][ T1188] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 178.525513][ T1188] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 178.534980][ T1188] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 178.555173][ T1188] usb 6-1: Manufacturer: syz [ 178.566932][ T1188] usb 6-1: config 0 descriptor?? [ 179.013739][ T1188] appleir 0003:05AC:8243.0007: unknown main item tag 0x0 [ 179.053811][ T1188] appleir 0003:05AC:8243.0007: No inputs registered, leaving [ 179.077804][ T7960] loop1: detected capacity change from 0 to 8192 [ 179.116266][ T1188] appleir 0003:05AC:8243.0007: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 179.157877][ T7939] loop4: detected capacity change from 0 to 32768 [ 179.190530][ T7965] netlink: 4 bytes leftover after parsing attributes in process `syz.0.436'. [ 179.281872][ T7939] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 179.506572][ T7939] XFS (loop4): Ending clean mount [ 179.731721][ T9] usb 6-1: USB disconnect, device number 3 [ 179.885436][ T6399] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 180.304120][ T7982] loop0: detected capacity change from 0 to 32768 [ 180.379647][ T7982] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 180.606667][ T7998] loop5: detected capacity change from 0 to 2048 [ 180.680974][ T7982] XFS (loop0): Ending clean mount [ 180.686453][ T7999] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 180.754076][ T28] audit: type=1800 audit(1772556521.294:25): pid=7998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.445" name="bus" dev="loop5" ino=18 res=0 errno=0 [ 180.824156][ T7999] NILFS (loop5): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 180.859653][ T7999] NILFS error (device loop5): nilfs_bmap_propagate: broken bmap (inode number=4) [ 180.915145][ T7999] Remounting filesystem read-only [ 181.108519][ T7110] NILFS (loop5): disposed unprocessed dirty file(s) when stopping log writer [ 181.166996][ T7110] NILFS (loop5): discard dirty page: offset=0, ino=2 [ 181.173818][ T7110] NILFS (loop5): discard dirty block: blocknr=18, size=1024 [ 181.229435][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 181.258246][ T5765] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 181.286774][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 181.297111][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 181.326806][ T7110] NILFS (loop5): discard dirty page: offset=0, ino=18 [ 181.377345][ T7110] NILFS (loop5): discard dirty block: blocknr=0, size=1024 [ 181.384600][ T7110] NILFS (loop5): discard dirty block: blocknr=0, size=1024 [ 181.456880][ T7110] NILFS (loop5): discard dirty block: blocknr=0, size=1024 [ 181.478929][ T7110] NILFS (loop5): discard dirty block: blocknr=0, size=1024 [ 181.496232][ T7110] NILFS (loop5): discard dirty page: offset=4096, ino=18 [ 181.516209][ T7110] NILFS (loop5): discard dirty block: blocknr=0, size=1024 [ 181.523884][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 181.547090][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 181.571315][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 181.658391][ T7110] NILFS (loop5): discard dirty page: offset=0, ino=6 [ 181.685989][ T7110] NILFS (loop5): discard dirty block: blocknr=35, size=1024 [ 181.693321][ T7110] NILFS (loop5): discard dirty block: blocknr=36, size=1024 [ 181.736953][ T7110] NILFS (loop5): discard dirty block: blocknr=37, size=1024 [ 181.746086][ T7110] NILFS (loop5): discard dirty block: blocknr=38, size=1024 [ 181.784579][ T7110] NILFS (loop5): discard dirty page: offset=4096, ino=6 [ 181.793850][ T7110] NILFS (loop5): discard dirty block: blocknr=39, size=1024 [ 181.801340][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 181.811015][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 181.820081][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 181.833105][ T7110] NILFS (loop5): discard dirty page: offset=0, ino=5 [ 181.840071][ T7110] NILFS (loop5): discard dirty block: blocknr=41, size=1024 [ 181.848701][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 181.858446][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 181.925424][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 181.935396][ T7110] NILFS (loop5): discard dirty page: offset=0, ino=4 [ 181.988735][ T7110] NILFS (loop5): discard dirty block: blocknr=40, size=1024 [ 182.008431][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 182.036073][ T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 182.054936][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 182.077286][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 182.096679][ T7110] NILFS (loop5): discard dirty page: offset=0, ino=3 [ 182.108801][ T7110] NILFS (loop5): discard dirty block: blocknr=42, size=1024 [ 182.129517][ T7110] NILFS (loop5): discard dirty block: blocknr=43, size=1024 [ 182.146164][ T7110] NILFS (loop5): discard dirty block: blocknr=44, size=1024 [ 182.162951][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 182.185690][ T7110] NILFS (loop5): discard dirty page: offset=65536, ino=3 [ 182.201419][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 182.218721][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 182.243063][ T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 182.269257][ T7110] NILFS (loop5): discard dirty block: blocknr=0, size=1024 [ 182.281088][ T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 58398, setting to 1024 [ 182.298459][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 182.331015][ T9] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 182.341973][ T7110] NILFS (loop5): discard dirty page: offset=196608, ino=3 [ 182.358090][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 182.367321][ T9] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 182.383450][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 182.392810][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.405564][ T7110] NILFS (loop5): discard dirty block: blocknr=49, size=1024 [ 182.421164][ T8013] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 182.449806][ T9] usb 5-1: Quirk or no altest; falling back to MIDI 1.0 [ 182.456991][ T7110] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 182.713453][ T5770] usb 5-1: USB disconnect, device number 7 [ 183.587926][ T8029] loop1: detected capacity change from 0 to 32768 [ 183.620869][ T8029] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 183.648895][ T8029] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 183.732458][ T8029] XFS (loop1): Ending clean mount [ 183.811403][ T8059] capability: warning: `syz.0.471' uses 32-bit capabilities (legacy support in use) [ 183.820758][ T8029] XFS (loop1): Quotacheck needed: Please wait. [ 183.924424][ T8029] XFS (loop1): Quotacheck: Done. [ 184.106241][ T5770] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 184.133836][ T5761] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 184.332749][ T5770] usb 5-1: config 0 has no interfaces? [ 184.347033][ T5770] usb 5-1: New USB device found, idVendor=23c5, idProduct=8699, bcdDevice=f8.85 [ 184.373069][ T5770] usb 5-1: New USB device strings: Mfr=200, Product=24, SerialNumber=3 [ 184.399969][ T5770] usb 5-1: Product: syz [ 184.415588][ T5770] usb 5-1: Manufacturer: syz [ 184.430126][ T5770] usb 5-1: SerialNumber: syz [ 184.457970][ T5770] usb 5-1: config 0 descriptor?? [ 184.615053][ T8056] loop5: detected capacity change from 0 to 32768 [ 184.645573][ T8056] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 184.746923][ T8057] netlink: 12 bytes leftover after parsing attributes in process `syz.4.464'. [ 184.758621][ T27] usb 5-1: USB disconnect, device number 8 [ 184.870329][ T8056] XFS (loop5): Ending clean mount [ 185.030398][ T8062] loop0: detected capacity change from 0 to 32768 [ 185.097395][ T8065] loop1: detected capacity change from 0 to 32768 [ 185.111696][ T8065] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.466 (8065) [ 185.157070][ T7110] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 185.163541][ T8062] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 185.207366][ T8065] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 185.221164][ T8065] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 185.233717][ T8065] BTRFS info (device loop1): setting nodatacow, compression disabled [ 185.247491][ T8065] BTRFS info (device loop1): turning on flush-on-commit [ 185.270600][ T8065] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_LZO (0x8) [ 185.311794][ T8065] BTRFS info (device loop1): use lzo compression, level 0 [ 185.342717][ T8062] XFS (loop0): Ending clean mount [ 185.387336][ T8065] BTRFS info (device loop1): setting nodatasum [ 185.393667][ T8065] BTRFS info (device loop1): use no compression [ 185.432592][ T8062] XFS (loop0): Quotacheck needed: Please wait. [ 185.446200][ T8065] BTRFS info (device loop1): trying to use backup root at mount time [ 185.498105][ T8065] BTRFS info (device loop1): max_inline at 0 [ 185.509176][ T8065] BTRFS info (device loop1): using free space tree [ 185.595104][ T8062] XFS (loop0): Quotacheck: Done. [ 185.752367][ T11] BTRFS warning (device loop1): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xcee3a718 level 0 [ 185.806012][ T8065] BTRFS warning (device loop1): couldn't read tree root [ 185.813646][ T8065] BTRFS warning (device loop1): try to load backup roots slot 1 [ 185.843642][ T1141] BTRFS warning (device loop1): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0xe06dfc66 level 0 [ 185.934586][ T8065] BTRFS warning (device loop1): couldn't read tree root [ 185.943318][ T8065] BTRFS warning (device loop1): try to load backup roots slot 2 [ 185.976671][ T11] BTRFS error (device loop1): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 186.038799][ T8065] BTRFS warning (device loop1): couldn't read tree root [ 186.084579][ T8065] BTRFS warning (device loop1): try to load backup roots slot 3 [ 186.121627][ T5765] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 186.151387][ T8065] BTRFS info (device loop1): enabling ssd optimizations [ 186.175796][ T8065] BTRFS info (device loop1): auto enabling async discard [ 186.188401][ T8065] BTRFS info (device loop1): rebuilding free space tree [ 186.243452][ T8065] BTRFS info (device loop1): checking UUID tree [ 186.767781][ T5761] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 187.656038][ T1188] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 187.856019][ T1188] usb 1-1: Using ep0 maxpacket: 8 [ 187.903993][ T8129] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 187.936606][ T1188] usb 1-1: unable to get BOS descriptor or descriptor too short [ 187.967291][ T1188] usb 1-1: no configurations [ 187.971966][ T1188] usb 1-1: can't read configurations, error -22 [ 188.435399][ T8144] loop4: detected capacity change from 0 to 128 [ 188.467279][ T8144] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 188.505306][ T8144] ext4 filesystem being mounted at /79/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 188.699274][ T8153] netlink: 'syz.0.486': attribute type 10 has an invalid length. [ 188.740534][ T8153] netlink: 2 bytes leftover after parsing attributes in process `syz.0.486'. [ 188.767425][ T6399] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 188.776283][ T8153] team0: entered promiscuous mode [ 188.786156][ T8153] team_slave_0: entered promiscuous mode [ 188.801056][ T8153] team_slave_1: entered promiscuous mode [ 188.830665][ T8153] bridge0: port 3(team0) entered blocking state [ 188.853850][ T8153] bridge0: port 3(team0) entered disabled state [ 188.867542][ T8153] team0: entered allmulticast mode [ 188.896431][ T8153] team_slave_0: entered allmulticast mode [ 188.917585][ T8153] team_slave_1: entered allmulticast mode [ 188.930414][ T8153] bridge0: port 3(team0) entered blocking state [ 188.937440][ T8153] bridge0: port 3(team0) entered forwarding state [ 189.202980][ T5802] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 189.395340][ T8164] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 189.416576][ T8151] loop5: detected capacity change from 0 to 32768 [ 189.426019][ T5802] usb 5-1: Using ep0 maxpacket: 16 [ 189.449993][ T5802] usb 5-1: config 0 has no interfaces? [ 189.465101][ T8168] netlink: 'syz.0.495': attribute type 20 has an invalid length. [ 189.474008][ T5802] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 189.486318][ T5802] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.492554][ T8151] XFS (loop5): DAX unsupported by block device. Turning off DAX. [ 189.495259][ T5802] usb 5-1: Product: syz [ 189.503291][ T8168] netlink: 4 bytes leftover after parsing attributes in process `syz.0.495'. [ 189.507874][ T5802] usb 5-1: Manufacturer: syz [ 189.520552][ T5802] usb 5-1: SerialNumber: syz [ 189.532142][ T5802] r8152-cfgselector 5-1: config 0 descriptor?? [ 189.538988][ T8151] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 189.585273][ T8168] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 189.594470][ T8168] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 189.603544][ T8168] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 189.612422][ T8168] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 189.694627][ T8168] netlink: 'syz.0.495': attribute type 20 has an invalid length. [ 189.717172][ T8168] netlink: 4 bytes leftover after parsing attributes in process `syz.0.495'. [ 189.747492][ T8151] XFS (loop5): Ending clean mount [ 189.770611][ T8151] XFS (loop5): Quotacheck needed: Please wait. [ 189.839245][ T5802] usbip-host 5-1: 5-1 is not in match_busid table... skip! [ 189.917742][ T8151] XFS (loop5): Quotacheck: Done. [ 190.105179][ T7110] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 190.200500][ T27] usb 5-1: USB disconnect, device number 9 [ 190.678508][ T8178] loop1: detected capacity change from 0 to 40427 [ 190.726725][ T8178] F2FS-fs (loop1): invalid crc value [ 190.759805][ T8178] F2FS-fs (loop1): Found nat_bits in checkpoint [ 190.836156][ T27] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 190.945659][ T8178] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 190.965150][ T8196] netlink: 'syz.4.502': attribute type 2 has an invalid length. [ 190.984852][ T8196] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.502'. [ 191.058366][ T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 191.072780][ T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 191.082905][ T27] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 191.096720][ T27] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 191.106569][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.106694][ T5761] syz-executor: attempt to access beyond end of device [ 191.106694][ T5761] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 191.125144][ T27] usb 1-1: config 0 descriptor?? [ 191.170782][ T5761] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 191.572354][ T27] plantronics 0003:047F:FFFF.0008: unknown main item tag 0xd [ 191.587501][ T27] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 191.625096][ T27] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 191.687089][ T8208] Bluetooth: MGMT ver 1.22 [ 191.791463][ T5762] Bluetooth: hci0: command 0x0406 tx timeout [ 191.799767][ T5082] Bluetooth: hci2: command 0x0406 tx timeout [ 191.890505][ T787] usb 1-1: USB disconnect, device number 12 [ 191.980434][ T8215] loop5: detected capacity change from 0 to 64 [ 192.427568][ T27] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 192.616019][ T27] usb 5-1: Using ep0 maxpacket: 32 [ 192.628747][ T27] usb 5-1: config 0 has an invalid interface number: 184 but max is 0 [ 192.647392][ T27] usb 5-1: config 0 has no interface number 0 [ 192.667004][ T27] usb 5-1: config 0 interface 184 has no altsetting 0 [ 192.669052][ T8229] loop0: detected capacity change from 0 to 128 [ 192.683951][ T27] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 192.702071][ T27] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.704905][ T8229] EXT4-fs (loop0): Test dummy encryption mode enabled [ 192.716445][ T27] usb 5-1: Product: syz [ 192.727671][ T27] usb 5-1: Manufacturer: syz [ 192.735751][ T27] usb 5-1: SerialNumber: syz [ 192.741015][ T8229] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 192.747989][ T27] usb 5-1: config 0 descriptor?? [ 192.758580][ T8229] ext4 filesystem being mounted at /126/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 192.787986][ T27] smsc75xx v1.0.0 [ 192.853652][ T8229] xt_hashlimit: size too large, truncated to 1048576 [ 193.202042][ T8239] loop1: detected capacity change from 0 to 512 [ 193.264341][ T8239] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.333797][ T8239] ext4 filesystem being mounted at /149/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 193.765512][ T5761] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.004424][ T27] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -71 [ 194.037216][ T27] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA [ 194.096735][ T27] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 194.128307][ T27] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 194.162660][ T27] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 194.183301][ T27] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 194.194599][ T27] smsc75xx: probe of 5-1:0.184 failed with error -71 [ 194.220570][ T27] usb 5-1: USB disconnect, device number 10 [ 194.825280][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.832146][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.983536][ T8292] loop4: detected capacity change from 0 to 256 [ 197.023840][ T8290] loop1: detected capacity change from 0 to 32768 [ 197.123367][ T8290] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 197.200801][ T8292] FAT-fs (loop4): Directory bread(block 64) failed [ 197.250654][ T8292] FAT-fs (loop4): Directory bread(block 65) failed [ 197.270560][ T8292] FAT-fs (loop4): Directory bread(block 66) failed [ 197.294592][ T8292] FAT-fs (loop4): Directory bread(block 67) failed [ 197.312205][ T8292] FAT-fs (loop4): Directory bread(block 68) failed [ 197.320502][ T8292] FAT-fs (loop4): Directory bread(block 69) failed [ 197.333789][ T8292] FAT-fs (loop4): Directory bread(block 70) failed [ 197.341188][ T8292] FAT-fs (loop4): Directory bread(block 71) failed [ 197.346587][ T8290] XFS (loop1): Ending clean mount [ 197.348558][ T8292] FAT-fs (loop4): Directory bread(block 72) failed [ 197.386610][ T8292] FAT-fs (loop4): Directory bread(block 73) failed [ 197.397340][ T8290] XFS (loop1): Quotacheck needed: Please wait. [ 197.500597][ T8290] XFS (loop1): Quotacheck: Done. [ 197.676124][ T8292] syz.4.538: attempt to access beyond end of device [ 197.676124][ T8292] loop4: rw=524288, sector=1736, nr_sectors = 32 limit=256 [ 197.749919][ T8292] syz.4.538: attempt to access beyond end of device [ 197.749919][ T8292] loop4: rw=0, sector=1736, nr_sectors = 8 limit=256 [ 197.782272][ T5761] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 197.795861][ T28] audit: type=1800 audit(1772556538.334:26): pid=8292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.538" name="file0" dev="loop4" ino=1048607 res=0 errno=0 [ 198.762454][ T8321] loop1: detected capacity change from 0 to 512 [ 198.795762][ T8321] EXT4-fs: Ignoring removed i_version option [ 198.841294][ T8321] EXT4-fs: Ignoring removed oldalloc option [ 198.955618][ T8321] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 199.300395][ T5761] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.456589][ T8334] loop5: detected capacity change from 0 to 512 [ 199.482622][ T8334] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 199.532131][ T8334] EXT4-fs (loop5): invalid journal inode [ 199.568917][ T8334] EXT4-fs (loop5): can't get journal size [ 199.634412][ T8334] EXT4-fs error (device loop5): ext4_orphan_get:1398: inode #15: comm syz.5.551: iget: bad extended attribute block 2449473536 [ 199.692222][ T8334] EXT4-fs error (device loop5): ext4_orphan_get:1403: comm syz.5.551: couldn't read orphan inode 15 (err -117) [ 199.740941][ T8334] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 200.031010][ T5765] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 200.725194][ T7110] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.005442][ T8356] warning: `syz.0.559' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 201.142291][ T8343] loop4: detected capacity change from 0 to 40427 [ 201.209742][ T8343] F2FS-fs (loop4): heap/no_heap options were deprecated [ 201.245141][ T8343] F2FS-fs (loop4): build fault injection attr: rate: 19, type: 0x7ffff [ 201.282415][ T8343] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x77e8c [ 201.315579][ T8343] F2FS-fs (loop4): invalid crc value [ 201.349742][ T8343] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x21d/0x9b0 [ 201.412874][ T8343] F2FS-fs (loop4): Found nat_bits in checkpoint [ 201.551759][ T8343] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650 [ 201.631688][ C0] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x597/0xe40 [ 201.692189][ T8343] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 201.773667][ T8352] loop1: detected capacity change from 0 to 40427 [ 201.819725][ T8352] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 201.832042][ T8343] F2FS-fs (loop4): inject no more block in inc_valid_node_count of f2fs_new_node_page+0x187/0x910 [ 201.863725][ T8352] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 201.909412][ T8352] F2FS-fs (loop1): invalid crc_offset: 33558524 [ 201.924541][ T28] audit: type=1800 audit(1772556542.464:27): pid=8343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.553" name="file1" dev="loop4" ino=12 res=0 errno=0 [ 201.964504][ T8343] F2FS-fs (loop4): inject checkpoint error in f2fs_balance_fs of f2fs_convert_inline_inode+0x792/0x800 [ 202.018691][ T8352] F2FS-fs (loop1): Found nat_bits in checkpoint [ 202.026431][ T8343] F2FS-fs (loop4): Stopped filesystem due to reason: 1 [ 202.165770][ T8352] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 202.187961][ T8352] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 202.444020][ T8376] f2fs_ckpt-7:1: attempt to access beyond end of device [ 202.444020][ T8376] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 202.465303][ T8376] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 203.205061][ T8400] netlink: 'syz.4.573': attribute type 2 has an invalid length. [ 203.214745][ T8400] netlink: 40 bytes leftover after parsing attributes in process `syz.4.573'. [ 203.388941][ T8405] TCP: TCP_TX_DELAY enabled [ 203.406982][ T8403] netlink: 'syz.4.575': attribute type 4 has an invalid length. [ 203.477035][ T8403] netlink: 'syz.4.575': attribute type 4 has an invalid length. [ 204.183681][ T8422] loop4: detected capacity change from 0 to 4096 [ 204.224287][ T8422] EXT4-fs (loop4): stripe (9) is not aligned with cluster size (16), stripe is disabled [ 204.251013][ T8422] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a856e018, mo2=0002] [ 204.271346][ T8422] System zones: 0-5 [ 204.289094][ T8422] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 204.296023][ T5799] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 204.320390][ T8424] loop1: detected capacity change from 0 to 4096 [ 204.463614][ T8424] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 204.523506][ T5799] usb 6-1: Using ep0 maxpacket: 32 [ 204.542264][ T5799] usb 6-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 204.582455][ T5799] usb 6-1: config 0 interface 0 has no altsetting 0 [ 204.609834][ T5799] usb 6-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 204.616872][ T8424] ntfs3: loop1: Failed to load $Extend (-22). [ 204.630781][ T5799] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.652594][ T8424] ntfs3: loop1: Failed to initialize $Extend. [ 204.668789][ T5799] usb 6-1: config 0 descriptor?? [ 204.749221][ T6399] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.815031][ T8415] loop0: detected capacity change from 0 to 40427 [ 204.841282][ T8415] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x7ffff [ 204.872590][ T8415] F2FS-fs (loop0): Image doesn't support compression [ 204.932612][ T8415] F2FS-fs (loop0): heap/no_heap options were deprecated [ 204.955515][ T5799] usbhid 6-1:0.0: can't add hid device: -71 [ 204.961824][ T8415] F2FS-fs (loop0): Image doesn't support compression [ 204.989463][ T5799] usbhid: probe of 6-1:0.0 failed with error -71 [ 205.011044][ T8415] F2FS-fs (loop0): heap/no_heap options were deprecated [ 205.020784][ T5799] usb 6-1: USB disconnect, device number 4 [ 205.040234][ T8415] F2FS-fs (loop0): invalid crc value [ 205.062098][ T8415] F2FS-fs (loop0): Found nat_bits in checkpoint [ 205.098796][ T28] audit: type=1800 audit(1772556545.644:28): pid=8427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.583" name="file2" dev="loop1" ino=31 res=0 errno=0 [ 205.254556][ T8415] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 205.402049][ T8440] loop5: detected capacity change from 0 to 128 [ 205.462618][ T8440] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 205.491055][ T8440] ext4 filesystem being mounted at /85/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 205.523138][ C1] vkms_vblank_simulate: vblank timer overrun [ 205.543646][ T8415] F2FS-fs (loop0): inject slab alloc in f2fs_alloc_inode of new_inode_pseudo+0x63/0x1d0 [ 205.624417][ T5765] syz-executor: attempt to access beyond end of device [ 205.624417][ T5765] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 205.656754][ T5765] F2FS-fs (loop0): Remounting filesystem read-only [ 205.675463][ T8440] EXT4-fs error (device loop5): make_indexed_dir:2333: inode #2: block 18: comm syz.5.587: bad entry in directory: rec_len is smaller than minimal - offset=36, inode=128, rec_len=9, size=1000 fake=0 [ 205.762541][ T8440] EXT4-fs warning (device loop5): dx_probe:893: inode #2: comm syz.5.587: dx entry: limit 0 != root limit 125 [ 205.789584][ T8440] EXT4-fs warning (device loop5): dx_probe:966: inode #2: comm syz.5.587: Corrupt directory, running e2fsck is recommended [ 206.237915][ T7110] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 206.546190][ T5799] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 206.727041][ T5799] usb 5-1: Using ep0 maxpacket: 32 [ 206.748808][ T5799] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.777509][ T5799] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 206.802279][ T5799] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 206.837015][ T5799] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.878477][ T5799] usb 5-1: config 0 descriptor?? [ 206.908456][ T5799] hub 5-1:0.0: USB hub found [ 207.042345][ T8498] loop0: detected capacity change from 0 to 128 [ 207.078624][ T28] audit: type=1326 audit(1772556547.614:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8499 comm="syz.5.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418939c799 code=0x7ffc0000 [ 207.151366][ T5799] hub 5-1:0.0: 1 port detected [ 207.164702][ T28] audit: type=1326 audit(1772556547.614:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8499 comm="syz.5.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f418939c799 code=0x7ffc0000 [ 207.229995][ T28] audit: type=1326 audit(1772556547.614:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8499 comm="syz.5.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418939c799 code=0x7ffc0000 [ 207.293309][ T28] audit: type=1326 audit(1772556547.614:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8499 comm="syz.5.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418939c799 code=0x7ffc0000 [ 207.321595][ T28] audit: type=1326 audit(1772556547.614:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8499 comm="syz.5.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f418939c799 code=0x7ffc0000 [ 207.343610][ C1] vkms_vblank_simulate: vblank timer overrun [ 207.352645][ T28] audit: type=1326 audit(1772556547.614:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8499 comm="syz.5.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418939c799 code=0x7ffc0000 [ 207.374887][ C1] vkms_vblank_simulate: vblank timer overrun [ 207.388004][ T8507] loop1: detected capacity change from 0 to 128 [ 207.396457][ T28] audit: type=1326 audit(1772556547.614:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8499 comm="syz.5.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418939c799 code=0x7ffc0000 [ 207.447240][ T8507] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 207.482019][ T28] audit: type=1326 audit(1772556547.614:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8499 comm="syz.5.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f418939c799 code=0x7ffc0000 [ 207.515379][ T28] audit: type=1326 audit(1772556547.614:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8499 comm="syz.5.596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418939c799 code=0x7ffc0000 [ 207.543564][ T8507] ext4 filesystem being mounted at /171/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 207.640544][ T5761] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 207.827511][ T5799] hub 5-1:0.0: activate --> -90 [ 207.999934][ T8518] netlink: 28 bytes leftover after parsing attributes in process `syz.5.603'. [ 208.037767][ T8518] netlink: 32 bytes leftover after parsing attributes in process `syz.5.603'. [ 208.069917][ T8518] netlink: 28 bytes leftover after parsing attributes in process `syz.5.603'. [ 208.108784][ T8518] netlink: 32 bytes leftover after parsing attributes in process `syz.5.603'. [ 208.211593][ T8523] loop0: detected capacity change from 0 to 4096 [ 208.237600][ T5799] usb 5-1-port1: cannot reset (err = -71) [ 208.246439][ T1188] usb 5-1: USB disconnect, device number 11 [ 208.265571][ T5799] usb 5-1-port1: attempt power cycle [ 208.469113][ T8523] loop0: detected capacity change from 4096 to 0 [ 208.489141][ T8528] syz.0.605: attempt to access beyond end of device [ 208.489141][ T8528] loop0: rw=0, sector=568, nr_sectors = 8 limit=0 [ 208.538716][ T8528] ntfs3: loop0: failed to read volume at offset 0x47000 [ 208.702934][ T5765] syz-executor: attempt to access beyond end of device [ 208.702934][ T5765] loop0: rw=0, sector=552, nr_sectors = 8 limit=0 [ 208.724064][ T5765] ntfs3: loop0: failed to read volume at offset 0x45000 [ 208.752363][ T5765] syz-executor: attempt to access beyond end of device [ 208.752363][ T5765] loop0: rw=0, sector=16, nr_sectors = 8 limit=0 [ 208.787455][ T5765] ntfs3: loop0: failed to read volume at offset 0x2000 [ 208.803335][ T5765] syz-executor: attempt to access beyond end of device [ 208.803335][ T5765] loop0: rw=2049, sector=32, nr_sectors = 8 limit=0 [ 208.836297][ T5765] Buffer I/O error on dev loop0, logical block 4, lost sync page write [ 208.844631][ T5765] ntfs3: loop0: ino=3, ntfs_set_state failed, -5. [ 208.860442][ T5765] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 208.901193][ T5765] syz-executor: attempt to access beyond end of device [ 208.901193][ T5765] loop0: rw=2049, sector=32, nr_sectors = 8 limit=0 [ 208.917619][ T8540] loop1: detected capacity change from 0 to 64 [ 208.927679][ T5765] Buffer I/O error on dev loop0, logical block 4, lost sync page write [ 208.945182][ T5765] ntfs3: loop0: ino=3, ntfs_set_state failed, -5. [ 208.963362][ T5765] syz-executor: attempt to access beyond end of device [ 208.963362][ T5765] loop0: rw=0, sector=32, nr_sectors = 8 limit=0 [ 208.997196][ T8473] kworker/u4:12: attempt to access beyond end of device [ 208.997196][ T8473] loop0: rw=2049, sector=32, nr_sectors = 8 limit=0 [ 209.032122][ T8473] Buffer I/O error on dev loop0, logical block 4, lost sync page write [ 209.051164][ T8473] ntfs3: loop0: ino=3, ntfs3_write_inode failed, -5. [ 209.072277][ T5765] syz-executor: attempt to access beyond end of device [ 209.072277][ T5765] loop0: rw=0, sector=32, nr_sectors = 8 limit=0 [ 209.106306][ T5765] syz-executor: attempt to access beyond end of device [ 209.106306][ T5765] loop0: rw=0, sector=32, nr_sectors = 8 limit=0 [ 209.125080][ T8543] loop5: detected capacity change from 0 to 2048 [ 209.184610][ T8543] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 209.197596][ T1188] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 209.373672][ T8547] loop0: detected capacity change from 0 to 64 [ 209.438636][ T1188] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 209.461981][ T1188] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.488547][ T1188] usb 5-1: Product: syz [ 209.503841][ T1188] usb 5-1: Manufacturer: syz [ 209.535871][ T1188] usb 5-1: SerialNumber: syz [ 209.567928][ T1188] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 209.644270][ T5821] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 209.880782][ T8556] loop0: detected capacity change from 0 to 512 [ 209.952667][ T8556] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.051157][ T8556] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. [ 210.074223][ T8556] EXT4-fs error (device loop0): ext4_validate_block_bitmap:421: comm syz.0.619: bg 0: bad block bitmap checksum [ 210.108341][ T8556] __quota_error: 7 callbacks suppressed [ 210.108357][ T8556] Quota error (device loop0): write_blk: dquota write failed [ 210.132180][ T8556] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 210.143092][ T8556] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.619: Failed to acquire dquot type 0 [ 210.241375][ T5765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.405295][ T787] usb 5-1: USB disconnect, device number 16 [ 211.060868][ T5821] usb 5-1: Service connection timeout for: 256 [ 211.088179][ T5821] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 211.120109][ T5821] ath9k_htc: Failed to initialize the device [ 211.133695][ T787] usb 5-1: ath9k_htc: USB layer deinitialized [ 211.179238][ T8581] loop4: detected capacity change from 0 to 2048 [ 211.248551][ T8581] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 211.609167][ T8589] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 212.174820][ T8604] loop1: detected capacity change from 0 to 512 [ 212.203680][ T8604] EXT4-fs: Ignoring removed oldalloc option [ 212.270711][ T8604] EXT4-fs (loop1): 1 truncate cleaned up [ 212.337845][ T8604] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 212.491604][ T8610] netlink: 6 bytes leftover after parsing attributes in process `syz.4.641'. [ 212.628359][ T5761] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.956081][ T787] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 213.185983][ T787] usb 6-1: Using ep0 maxpacket: 32 [ 213.192928][ T787] usb 6-1: config 0 has an invalid interface number: 188 but max is 0 [ 213.216140][ T787] usb 6-1: config 0 has no interface number 0 [ 213.222321][ T787] usb 6-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 213.248998][ T787] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 213.266015][ T787] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.274118][ T787] usb 6-1: Product: syz [ 213.281929][ T787] usb 6-1: Manufacturer: syz [ 213.296372][ T787] usb 6-1: SerialNumber: syz [ 213.315069][ T787] usb 6-1: config 0 descriptor?? [ 213.332790][ T8615] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 213.582327][ T8615] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 214.032110][ T8632] loop4: detected capacity change from 0 to 32768 [ 214.045281][ T8632] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.649 (8632) [ 214.073351][ T8632] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 214.089708][ T8632] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 214.133270][ T8632] BTRFS info (device loop4): force clearing of disk cache [ 214.154534][ T8632] BTRFS info (device loop4): metadata ratio 0 [ 214.187780][ T8632] BTRFS info (device loop4): enabling ssd optimizations [ 214.209620][ T8632] BTRFS info (device loop4): using spread ssd allocation scheme [ 214.227923][ T8632] BTRFS info (device loop4): using free space tree [ 214.333780][ T8632] BTRFS info (device loop4): auto enabling async discard [ 214.352160][ T8632] BTRFS info (device loop4): rebuilding free space tree [ 214.419317][ T787] asix 6-1:0.188 (unnamed net_device) (uninitialized): invalid PHY address: 124 [ 214.665284][ T1188] usb 6-1: USB disconnect, device number 5 [ 214.915303][ T8471] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 215.286217][ T6399] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 215.478069][ T8675] loop5: detected capacity change from 0 to 1024 [ 215.666817][ T8471] hfsplus: b-tree write err: -5, ino 4 [ 215.757155][ T8675] hfsplus: filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. leaving read-only. [ 216.227301][ T8697] netlink: 'syz.1.662': attribute type 6 has an invalid length. [ 216.496844][ T787] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 216.706599][ T787] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 216.726021][ T787] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 216.743441][ T787] usb 6-1: config 1 has no interface number 0 [ 216.756436][ T787] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 216.796002][ T787] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 216.813278][ T787] usb 6-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 216.858311][ T787] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 216.882908][ T787] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.900641][ T787] usb 6-1: Product: syz [ 216.904961][ T787] usb 6-1: Manufacturer: syz [ 216.918801][ T787] usb 6-1: SerialNumber: syz [ 216.928530][ T8699] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 217.205480][ T8705] loop1: detected capacity change from 0 to 32768 [ 217.368822][ T8699] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 217.804939][ T787] cdc_ncm 6-1:1.1: bind() failure [ 218.037931][ T5832] usb 6-1: USB disconnect, device number 6 [ 218.765488][ T8720] loop4: detected capacity change from 0 to 32768 [ 218.805099][ T8720] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.673 (8720) [ 218.847580][ T8720] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 218.881453][ T8720] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 218.905146][ T8720] BTRFS info (device loop4): setting nodatacow, compression disabled [ 218.952902][ T8720] BTRFS info (device loop4): turning on flush-on-commit [ 218.971516][ T8720] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8) [ 218.991797][ T8720] BTRFS info (device loop4): use lzo compression, level 0 [ 219.009383][ T8720] BTRFS info (device loop4): setting nodatasum [ 219.030512][ T8733] netlink: 'syz.5.676': attribute type 7 has an invalid length. [ 219.040722][ T8720] BTRFS info (device loop4): use no compression [ 219.052811][ T8720] BTRFS info (device loop4): trying to use backup root at mount time [ 219.067086][ T8733] netlink: 'syz.5.676': attribute type 7 has an invalid length. [ 219.081832][ T8720] BTRFS info (device loop4): max_inline at 0 [ 219.115703][ T8720] BTRFS info (device loop4): using free space tree [ 219.252825][ T78] BTRFS warning (device loop4): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xcee3a718 level 0 [ 219.318997][ T8749] loop5: detected capacity change from 0 to 256 [ 219.338407][ T8720] BTRFS warning (device loop4): couldn't read tree root [ 219.345383][ T8720] BTRFS warning (device loop4): try to load backup roots slot 1 [ 219.425210][ T78] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0xe06dfc66 level 0 [ 219.466057][ T8720] BTRFS warning (device loop4): couldn't read tree root [ 219.474671][ T8749] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 219.477252][ T8720] BTRFS warning (device loop4): try to load backup roots slot 2 [ 219.522701][ T8749] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 219.566698][ T49] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 219.606404][ T8720] BTRFS warning (device loop4): couldn't read tree root [ 219.616846][ T8749] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 219.629136][ T8720] BTRFS warning (device loop4): try to load backup roots slot 3 [ 219.710102][ T8720] BTRFS info (device loop4): enabling ssd optimizations [ 219.740117][ T8720] BTRFS info (device loop4): auto enabling async discard [ 219.786924][ T8720] BTRFS info (device loop4): rebuilding free space tree [ 219.881194][ T8720] BTRFS info (device loop4): checking UUID tree [ 220.271508][ T6399] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 220.379778][ T8766] loop0: detected capacity change from 0 to 1024 [ 220.427561][ T8768] loop1: detected capacity change from 0 to 16 [ 220.548193][ T8768] erofs: (device loop1): mounted with root inode @ nid 36. [ 220.556255][ T5821] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 220.573814][ T8766] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 220.690044][ T8768] erofs: (device loop1): erofs_read_inode: bogus i_mode (0) @ nid 281474976710655 [ 220.755996][ T5821] usb 6-1: Using ep0 maxpacket: 16 [ 220.775292][ T5821] usb 6-1: config 1 has an invalid descriptor of length 122, skipping remainder of the config [ 220.833090][ T5765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.843065][ T5821] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 220.913998][ T5821] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 220.940309][ T5821] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.963896][ T5821] usb 6-1: Product: syz [ 220.975193][ T5821] usb 6-1: Manufacturer: syz [ 221.007236][ T5821] usb 6-1: SerialNumber: syz [ 221.095002][ T8779] loop1: detected capacity change from 0 to 128 [ 221.123390][ T8779] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 221.174084][ T8779] ext4 filesystem being mounted at /200/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 221.281451][ T5821] usb 6-1: 0:2 : does not exist [ 221.322265][ T5821] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 221.365823][ T8779] syz.1.686 (pid 8779) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 221.433471][ T5821] usb 6-1: USB disconnect, device number 7 [ 221.555327][ T5761] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 221.923119][ T8782] loop4: detected capacity change from 0 to 40427 [ 222.008449][ T8782] F2FS-fs (loop4): Found nat_bits in checkpoint [ 222.208975][ T8782] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 222.284946][ T8795] loop5: detected capacity change from 0 to 1024 [ 222.337652][ T8795] EXT4-fs: Ignoring removed bh option [ 222.371148][ T8795] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 222.426603][ T8795] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 222.820170][ T8801] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4047: comm syz.5.691: Allocating blocks 497-513 which overlap fs metadata [ 222.942668][ T8794] EXT4-fs (loop5): pa ffff888076de5658: logic 128, phys. 257, len 16 [ 222.955344][ T8794] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5388: group 0, free 0, pa_free 1 [ 223.083887][ T7110] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.576005][ T787] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 223.758227][ T787] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 223.762457][ T8822] loop5: detected capacity change from 0 to 16 [ 223.795671][ T787] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 223.798956][ T8822] erofs: (device loop5): mounted with root inode @ nid 36. [ 223.812435][ T787] usb 2-1: config 1 has no interface number 0 [ 223.856375][ T787] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 223.875161][ T8822] erofs: (device loop5): erofs_read_inode: bogus i_mode (0) @ nid 281474976710655 [ 223.906118][ T787] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 223.936480][ T787] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 223.959248][ T787] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 223.985255][ T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.006942][ T787] usb 2-1: Product: syz [ 224.011273][ T787] usb 2-1: Manufacturer: syz [ 224.021409][ T787] usb 2-1: SerialNumber: syz [ 224.048679][ T8817] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 224.342268][ T8833] netlink: 84 bytes leftover after parsing attributes in process `syz.4.704'. [ 224.510595][ T8817] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 224.962448][ T787] cdc_ncm 2-1:1.1: bind() failure [ 225.230870][ T1188] usb 2-1: USB disconnect, device number 6 [ 225.718785][ T8845] loop0: detected capacity change from 0 to 40427 [ 225.812592][ T8845] F2FS-fs (loop0): Found nat_bits in checkpoint [ 226.039551][ T8845] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 226.115305][ T8876] netlink: 8 bytes leftover after parsing attributes in process `syz.5.720'. [ 226.323698][ T5765] syz-executor: attempt to access beyond end of device [ 226.323698][ T5765] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 226.372504][ T5765] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 226.432774][ T8882] loop5: detected capacity change from 0 to 1024 [ 227.267153][ T8886] loop1: detected capacity change from 0 to 32768 [ 227.354625][ T8886] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 227.540066][ T8891] loop5: detected capacity change from 0 to 32768 [ 227.556973][ T8886] (syz.1.726,8886,0):ocfs2_remount:623 ERROR: Cannot change heartbeat mode on remount [ 227.616331][ T5762] Bluetooth: hci1: command 0x0406 tx timeout [ 227.849692][ T5761] ocfs2: Unmounting device (7,1) on (node local) [ 228.192002][ T8904] netlink: 25 bytes leftover after parsing attributes in process `syz.1.730'. [ 228.513100][ T8471] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 228.555385][ T8906] loop1: detected capacity change from 0 to 8192 [ 228.566288][ T8471] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.599970][ T8906] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 228.657201][ T8909] netlink: 84 bytes leftover after parsing attributes in process `syz.5.732'. [ 228.693352][ T8906] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 228.714964][ T8906] REISERFS (device loop1): using ordered data mode [ 228.723616][ T8906] reiserfs: using flush barriers [ 228.732458][ T8906] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 228.753793][ T8906] REISERFS (device loop1): checking transaction log (loop1) [ 228.777322][ T8906] REISERFS (device loop1): Using r5 hash to sort names [ 228.795066][ T8906] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 228.863350][ T8471] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 228.904344][ T8471] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.986108][ T5769] Bluetooth: hci4: command 0x1003 tx timeout [ 228.986434][ T5774] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 229.103687][ T8912] loop5: detected capacity change from 0 to 4096 [ 229.131485][ T8471] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 229.205973][ T8471] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.280573][ T8915] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 229.287289][ T8914] binder: 8913:8914 unknown command 0 [ 229.306112][ T8914] binder: 8913:8914 ioctl c0306201 200000000080 returned -22 [ 229.433452][ T8471] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 229.484958][ T8471] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.822856][ T8925] loop4: detected capacity change from 0 to 128 [ 229.967720][ T5769] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 229.984371][ T5769] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 229.993038][ T5769] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 230.001540][ T5769] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 230.009349][ T5769] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 230.017015][ T5769] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 230.027865][ T8925] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 230.166633][ T8925] ext4 filesystem being mounted at /129/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 230.598072][ T6399] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 230.713710][ T8949] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 231.637732][ T8967] loop5: detected capacity change from 0 to 512 [ 231.745438][ T8967] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 231.764478][ T8928] chnl_net:caif_netlink_parms(): no params data found [ 231.970508][ T8967] EXT4-fs error (device loop5): ext4_readdir:223: inode #12: comm syz.5.749: path /128/file0/file0: directory fails checksum at offset 0 [ 232.098469][ T5769] Bluetooth: hci2: command tx timeout [ 232.377579][ T7110] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 233.039707][ T8976] loop4: detected capacity change from 0 to 131072 [ 233.054091][ T8976] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0) [ 233.062353][ T8976] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 233.069102][ T8928] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.084294][ T8976] F2FS-fs (loop4): invalid crc value [ 233.106125][ T8928] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.113774][ T8928] bridge_slave_0: entered allmulticast mode [ 233.122191][ T8928] bridge_slave_0: entered promiscuous mode [ 233.138722][ T8976] F2FS-fs (loop4): Found nat_bits in checkpoint [ 233.198947][ T8976] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 233.206360][ T8976] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 233.543645][ T8928] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.569688][ T8928] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.594938][ T8928] bridge_slave_1: entered allmulticast mode [ 233.605321][ T9001] loop5: detected capacity change from 0 to 256 [ 233.615487][ T8928] bridge_slave_1: entered promiscuous mode [ 233.813670][ T8471] hsr_slave_0: left promiscuous mode [ 233.861104][ T8471] hsr_slave_1: left promiscuous mode [ 233.917202][ T8471] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 233.924696][ T8471] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 234.003376][ T8471] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 234.037447][ T8471] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 234.037600][ T5832] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 234.089205][ T8471] team0: left allmulticast mode [ 234.094077][ T9005] loop1: detected capacity change from 0 to 2048 [ 234.094589][ T8471] team_slave_0: left allmulticast mode [ 234.110839][ T5832] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.00 Device [syz1] on syz0 [ 234.136030][ T8471] team_slave_1: left allmulticast mode [ 234.175784][ T9005] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 234.182528][ T8471] bridge0: port 3(team0) entered disabled state [ 234.191755][ T5769] Bluetooth: hci2: command tx timeout [ 234.215361][ T8471] bridge_slave_1: left allmulticast mode [ 234.223014][ T8471] bridge_slave_1: left promiscuous mode [ 234.250304][ T8471] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.278353][ T9007] fido_id[9007]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/0000:0000:0000.0009/report_descriptor': No such device [ 234.313954][ T8471] bridge_slave_0: left allmulticast mode [ 234.329107][ T8471] bridge_slave_0: left promiscuous mode [ 234.346482][ T8471] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.509603][ T8471] veth1_macvtap: left promiscuous mode [ 234.533950][ T8471] veth0_macvtap: left promiscuous mode [ 234.553241][ T8471] veth1_vlan: left promiscuous mode [ 234.573516][ T8471] veth0_vlan: left promiscuous mode [ 234.712424][ T9010] loop5: detected capacity change from 0 to 8192 [ 234.758310][ T9010] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 234.780607][ T9010] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal [ 234.798937][ T9010] REISERFS (device loop5): using ordered data mode [ 234.882416][ T9010] reiserfs: using flush barriers [ 234.919944][ T9010] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 234.987032][ T9010] REISERFS (device loop5): checking transaction log (loop5) [ 235.037681][ T9010] REISERFS (device loop5): Using r5 hash to sort names [ 235.072222][ T9010] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 235.224777][ T8471] bond1 (unregistering): (slave geneve2): Releasing active interface [ 235.915269][ T8471] bond1 (unregistering): Released all slaves [ 236.058630][ T9030] loop5: detected capacity change from 0 to 256 [ 236.092736][ T9030] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011bf5, chksum : 0x8943bfe8, utbl_chksum : 0xe619d30d) [ 236.112985][ T9030] exFAT-fs (loop5): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 236.266037][ T5769] Bluetooth: hci2: command tx timeout [ 237.453540][ T9047] Invalid argument reading file caps for ./file0 [ 237.647869][ T9039] loop5: detected capacity change from 0 to 40427 [ 237.718961][ T9039] F2FS-fs (loop5): Found nat_bits in checkpoint [ 237.826377][ T9056] Bluetooth: hci0: unsupported parameter 256 [ 237.845363][ T9056] Bluetooth: hci0: invalid length 0, exp 2 for type 7 [ 237.867768][ T9039] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 237.906358][ T8471] team_slave_1 (unregistering): left promiscuous mode [ 237.928632][ T8471] team0 (unregistering): Port device team_slave_1 removed [ 238.083162][ T7110] syz-executor: attempt to access beyond end of device [ 238.083162][ T7110] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 238.100436][ T8471] team_slave_0 (unregistering): left promiscuous mode [ 238.107611][ T7110] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 238.118413][ T8471] team0 (unregistering): Port device team_slave_0 removed [ 238.287493][ T8471] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 238.340481][ T5769] Bluetooth: hci2: command tx timeout [ 238.495080][ T8471] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 238.613876][ T9065] loop4: detected capacity change from 0 to 128 [ 238.672833][ T9065] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 238.708139][ T9065] hpfs: filesystem error: improperly stopped [ 238.714204][ T9065] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 238.750833][ T9065] hpfs: You really don't want any checks? You are crazy... [ 238.796224][ T9065] hpfs: hpfs_map_sector(): read error [ 238.801660][ T9065] hpfs: code page support is disabled [ 238.837981][ T9065] hpfs: hpfs_map_4sectors(): unaligned read [ 238.845231][ T9065] hpfs: hpfs_map_4sectors(): unaligned read [ 238.886555][ T9065] hpfs: filesystem error: unable to find root dir [ 238.952953][ T9065] hpfs: hpfs_map_4sectors(): unaligned read [ 238.978513][ T9065] hpfs: hpfs_map_sector(): read error [ 239.673228][ T8471] bond0 (unregistering): Released all slaves [ 239.871813][ T8928] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 239.881891][ T27] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 239.917420][ T8928] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 240.075733][ T8928] team0: Port device team_slave_0 added [ 240.130754][ T27] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 240.152227][ T27] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.181762][ T27] usb 5-1: Product: syz [ 240.191533][ T27] usb 5-1: Manufacturer: syz [ 240.192097][ T8928] team0: Port device team_slave_1 added [ 240.200695][ T27] usb 5-1: SerialNumber: syz [ 240.291173][ T8928] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 240.324848][ T8928] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.386223][ T8928] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 240.406211][ T5832] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 240.427763][ T8928] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 240.451500][ T8928] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.529519][ T8928] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 240.619165][ T5832] usb 6-1: Using ep0 maxpacket: 8 [ 240.635213][ T5832] usb 6-1: config index 0 descriptor too short (expected 74, got 45) [ 240.657205][ T5832] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 240.678615][ T8928] hsr_slave_0: entered promiscuous mode [ 240.684880][ T5832] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 240.695442][ T8928] hsr_slave_1: entered promiscuous mode [ 240.703836][ T8928] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 240.719193][ T8928] Cannot create hsr debugfs directory [ 240.728898][ T5832] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 240.768420][ T5832] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 240.786776][ T5832] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 240.815995][ T5832] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 240.825134][ T5832] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.096248][ T5832] usb 6-1: usb_control_msg returned -32 [ 241.101886][ T5832] usbtmc 6-1:16.0: can't read capabilities [ 241.475368][ T9110] loop1: detected capacity change from 0 to 256 [ 241.493643][ T27] cdc_ncm 5-1:1.0: failed to get mac address [ 241.502450][ C0] usbtmc 6-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 241.513779][ T27] cdc_ncm 5-1:1.0: bind() failure [ 241.514595][ T9108] usbtmc 6-1:16.0: Unable to send data, error -71 [ 241.546405][ T9108] usbtmc 6-1:16.0: usb_control_msg returned -32 [ 241.550857][ T27] cdc_ncm: probe of 5-1:1.1 failed with error -71 [ 241.566330][ T9] usb 6-1: USB disconnect, device number 8 [ 241.610164][ T27] cdc_mbim: probe of 5-1:1.1 failed with error -71 [ 241.645611][ T27] usbtest: probe of 5-1:1.1 failed with error -71 [ 241.755392][ T27] usb 5-1: USB disconnect, device number 17 [ 242.077883][ T9116] overlayfs: failed to clone upperpath [ 242.403568][ T8928] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 242.461139][ T8928] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 242.479336][ T9126] loop1: detected capacity change from 0 to 1024 [ 242.501541][ T9126] EXT4-fs: Ignoring removed nomblk_io_submit option [ 242.521052][ T8928] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 242.558928][ T9126] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 242.579927][ T8928] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 242.636801][ T9126] ext4 filesystem being mounted at /229/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 242.779556][ T28] audit: type=1800 audit(1772556583.324:45): pid=9126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.795" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 242.817623][ T9126] EXT4-fs error (device loop1): ext4_free_blocks:6692: comm syz.1.795: Freeing blocks not in datazone - block = 0, count = 16 [ 242.846070][ T28] audit: type=1800 audit(1772556583.344:46): pid=9126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.795" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 242.871697][ T8928] 8021q: adding VLAN 0 to HW filter on device bond0 [ 242.941563][ T8928] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.949244][ T28] audit: type=1804 audit(1772556583.354:47): pid=9126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.795" name="/newroot/229/file1/file1" dev="loop1" ino=15 res=1 errno=0 [ 243.010819][ T8469] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.018069][ T8469] bridge0: port 1(bridge_slave_0) entered forwarding state [ 243.051108][ T5761] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 243.148672][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.155943][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 243.573834][ T9122] mmap: syz.5.794 (9122) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 243.951367][ T8928] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 244.047518][ T27] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 244.109128][ T8928] veth0_vlan: entered promiscuous mode [ 244.169757][ T8928] veth1_vlan: entered promiscuous mode [ 244.270022][ T27] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 244.283296][ T8928] veth0_macvtap: entered promiscuous mode [ 244.304586][ T27] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 244.325066][ T8928] veth1_macvtap: entered promiscuous mode [ 244.346252][ T27] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 244.400259][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.418620][ T8928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 244.445314][ T9160] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 244.474336][ T8928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.475672][ T27] usb 2-1: Quirk or no altest; falling back to MIDI 1.0 [ 244.510546][ T8928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 244.552285][ T8928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.593661][ T8928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 244.635371][ T8928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.683766][ T8928] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 244.749397][ T8928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 244.805585][ T8928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.853136][ T8928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 244.894112][ T8928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.935255][ T5821] usb 2-1: USB disconnect, device number 7 [ 244.958212][ T8928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 244.992930][ T8928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.038304][ T8928] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 245.115545][ T8928] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.155508][ T8928] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.190255][ T8928] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.221465][ T8928] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.517284][ T8469] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.525147][ T8469] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.667492][ T8469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.694192][ T8469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 246.119689][ T9191] loop4: detected capacity change from 0 to 256 [ 246.156167][ T5799] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 246.343985][ T9191] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 246.355431][ T9191] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 246.360943][ T5799] usb 6-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64 [ 246.421425][ T5799] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.440761][ T5799] usb 6-1: Product: syz [ 246.450635][ T5799] usb 6-1: Manufacturer: syz [ 246.462326][ T9191] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 246.472625][ T5799] usb 6-1: SerialNumber: syz [ 246.523666][ T5799] usb 6-1: config 0 descriptor?? [ 246.538582][ T5799] hub 6-1:0.0: bad descriptor, ignoring hub [ 246.553254][ T5799] hub: probe of 6-1:0.0 failed with error -5 [ 246.586541][ T5799] f81232 6-1:0.0: f81534a converter detected [ 246.830800][ T9204] loop0: detected capacity change from 0 to 512 [ 246.861698][ T5799] f81534a ttyUSB0: f81232_set_register failed status: -71 [ 246.888185][ T9204] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 246.909879][ T5799] f81534a: probe of ttyUSB0 failed with error -5 [ 246.945326][ T9204] EXT4-fs (loop0): orphan cleanup on readonly fs [ 246.989863][ T9204] EXT4-fs error (device loop0): ext4_orphan_get:1424: comm syz.0.808: bad orphan inode 13 [ 247.022917][ T5799] usb 6-1: USB disconnect, device number 9 [ 247.032421][ T9204] ext4_test_bit(bit=12, block=18) = 1 [ 247.038973][ T9204] is_bad_inode(inode)=0 [ 247.057299][ T9204] NEXT_ORPHAN(inode)=0 [ 247.061655][ T9204] max_ino=32 [ 247.065057][ T9204] i_nlink=1 [ 247.075481][ T9204] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0008-000000000000 ro without journal. Quota mode: writeback. [ 247.117450][ T5799] f81232 6-1:0.0: device disconnected [ 247.280698][ T9204] EXT4-fs error (device loop0): ext4_lookup:1862: inode #2: comm syz.0.808: deleted inode referenced: 12 [ 247.329804][ T9210] loop1: detected capacity change from 0 to 8192 [ 247.375682][ T9210] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 247.412900][ T9210] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 247.451789][ T9210] REISERFS (device loop1): using ordered data mode [ 247.473349][ T8928] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 247.483897][ T9210] reiserfs: using flush barriers [ 247.574940][ T9210] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 247.650037][ T9210] REISERFS (device loop1): checking transaction log (loop1) [ 248.129053][ T9210] REISERFS (device loop1): Using tea hash to sort names [ 248.170785][ T9210] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 248.208604][ T9210] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 248.542540][ T28] audit: type=1804 audit(1772556589.084:48): pid=9210 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.809" name="/newroot/233/file0/file0" dev="loop1" ino=4 res=1 errno=0 [ 248.751138][ T5799] kernel read not supported for file /input/event1 (pid: 5799 comm: kworker/1:3) [ 249.154712][ T9244] veth1_to_bond: entered allmulticast mode [ 249.190911][ T9244] netlink: 4 bytes leftover after parsing attributes in process `syz.4.818'. [ 249.216671][ T29] INFO: task syz-executor:5764 blocked for more than 143 seconds. [ 249.231351][ T29] Not tainted syzkaller #0 [ 249.236582][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 249.245437][ T29] task:syz-executor state:D stack:21608 pid:5764 ppid:1 flags:0x00004002 [ 249.254902][ T29] Call Trace: [ 249.258363][ T29] [ 249.261319][ T29] __schedule+0x1553/0x45a0 [ 249.280186][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 249.327125][ T29] ? lock_chain_count+0x20/0x20 [ 249.347140][ T29] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 249.368883][ T29] ? asan.module_dtor+0x20/0x20 [ 249.383924][ T29] ? _raw_spin_unlock+0x40/0x40 [ 249.403901][ T29] ? prepare_to_wait_event+0x3db/0x470 [ 249.421624][ T29] ? prepare_to_wait_event+0x434/0x470 [ 249.436570][ T29] schedule+0xbd/0x170 [ 249.445325][ T29] wb_wait_for_completion+0x173/0x2a0 [ 249.467084][ T29] ? __bpf_trace_writeback_inode_template+0x100/0x100 [ 249.491163][ T29] ? wake_bit_function+0x200/0x200 [ 249.509384][ T29] sync_inodes_sb+0x1c9/0xa10 [ 249.532697][ T29] ? filemap_fdatawrite_range+0x160/0x160 [ 249.546850][ T29] ? try_to_writeback_inodes_sb+0xc0/0xc0 [ 249.560049][ T29] ? nilfs_put_super+0x150/0x150 [ 249.574399][ T29] ? get_nr_dirty_inodes+0x1d4/0x220 [ 249.585023][ T29] sync_filesystem+0x171/0x220 [ 249.595734][ T29] generic_shutdown_super+0x6f/0x2b0 [ 249.611643][ T29] kill_block_super+0x44/0x90 [ 249.630933][ T29] deactivate_locked_super+0x97/0x100 [ 249.650309][ T29] cleanup_mnt+0x43b/0x4d0 [ 249.660606][ T29] task_work_run+0x1d4/0x260 [ 249.671068][ T29] ? task_work_cancel+0x220/0x220 [ 249.681867][ T29] ? do_exit+0x955/0x2460 [ 249.692039][ T29] ? kmem_cache_free+0xf8/0x270 [ 249.703816][ T29] do_exit+0x95a/0x2460 [ 249.716005][ T29] ? put_task_struct+0xc0/0xc0 [ 249.729909][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 249.756576][ T29] ? lock_chain_count+0x20/0x20 [ 249.767182][ T29] ? _raw_spin_lock_irq+0xbb/0xf0 [ 249.787033][ T29] ? _raw_spin_lock_irqsave+0x100/0x100 [ 249.804934][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 249.818005][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 249.828927][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 249.841965][ T29] do_group_exit+0x21b/0x2d0 [ 249.851256][ T29] __x64_sys_exit_group+0x3f/0x40 [ 249.865679][ T29] do_syscall_64+0x55/0xa0 [ 249.872548][ T29] ? clear_bhb_loop+0x40/0x90 [ 249.884581][ T29] ? clear_bhb_loop+0x40/0x90 [ 249.894049][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 249.907063][ T29] RIP: 0033:0x7f563879c799 [ 249.915063][ T29] RSP: 002b:00007ffe5df6c8d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 249.933888][ T29] RAX: ffffffffffffffda RBX: 00007f5638831ff0 RCX: 00007f563879c799 [ 249.954236][ T29] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 249.961813][ T9246] loop1: detected capacity change from 0 to 32768 [ 249.969448][ T29] RBP: 000000000000000c R08: 0000000000000000 R09: 00007f5638831f90 [ 249.986773][ T29] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe5df6db90 [ 249.998837][ T9246] (syz.1.816,9246,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 250.006417][ T29] R13: 00007f5638831f90 R14: 000055555fb1c4e8 R15: 00007ffe5df6ec60 [ 250.021427][ T9246] (syz.1.816,9246,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 250.038257][ T29] [ 250.053338][ T29] [ 250.053338][ T29] Showing all locks held in the system: [ 250.063691][ T29] 1 lock held by khungtaskd/29: [ 250.069172][ T29] #0: ffffffff8d131fa0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 [ 250.107880][ T29] 2 locks held by kworker/u4:4/78: [ 250.113191][ T29] 2 locks held by kworker/u4:8/2888: [ 250.120767][ T9246] JBD2: Ignoring recovery information on journal [ 250.121993][ T29] #0: ffff888140068138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 250.139169][ T29] #1: ffffc9000bd37d00 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 250.152620][ T29] 2 locks held by getty/5521: [ 250.157720][ T29] #0: ffff88802d2c30a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 250.176019][ T29] #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390 [ 250.212376][ T29] 1 lock held by udevd/5756: [ 250.236099][ T29] #0: ffff8880b8f3c018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 250.242502][ T9246] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 250.264582][ T29] 2 locks held by syz-executor/5764: [ 250.282564][ T29] #0: ffff88805bca20e0 (&type->s_umount_key#77){+.+.}-{3:3}, at: deactivate_super+0xa4/0xe0 [ 250.305452][ T29] #1: ffff888147e907d0 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: sync_inodes_sb+0x1ad/0xa10 [ 250.329559][ T29] 2 locks held by kworker/1:3/5799: [ 250.355963][ T29] #0: ffff888017c72538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 250.405976][ T29] #1: ffffc9000474fd00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 250.456589][ T29] 3 locks held by kworker/u4:10/8469: [ 250.462041][ T29] #0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 250.503244][ T29] #1: ffffc9000ffafd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 250.518663][ T29] #2: ffffffff8e3c0348 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 250.535344][ T29] 2 locks held by syz.4.818/9243: [ 250.556362][ T29] #0: ffff88805e8b2620 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x9b/0x230 [ 250.576017][ T29] #1: ffffffff8e3c0348 (rtnl_mutex){+.+.}-{3:3}, at: packet_release+0x48c/0xcf0 [ 250.585266][ T29] 2 locks held by syz.4.818/9244: [ 250.605957][ T29] #0: ffffffff8e3c0348 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 [ 250.615470][ T29] #1: ffffffff8d137978 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x306/0x880 [ 250.640321][ T28] audit: type=1800 audit(1772556591.184:49): pid=9246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.816" name="file1" dev="loop1" ino=16979 res=0 errno=0 [ 250.654444][ T29] 1 lock held by dhcpcd-run-hook/9253: [ 250.686117][ T29] #0: ffff8880b8f3c018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 250.705985][ T29] 1 lock held by rm/9266: [ 250.751445][ T29] [ 250.753848][ T29] ============================================= [ 250.753848][ T29] [ 250.811853][ T29] NMI backtrace for cpu 1 [ 250.816247][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 250.823444][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 250.833492][ T29] Call Trace: [ 250.836782][ T29] [ 250.839704][ T29] dump_stack_lvl+0x18c/0x250 [ 250.844390][ T29] ? show_regs_print_info+0x20/0x20 [ 250.849584][ T29] ? load_image+0x400/0x400 [ 250.854090][ T29] nmi_cpu_backtrace+0x3a6/0x3e0 [ 250.859032][ T29] ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0 [ 250.865180][ T29] ? _printk+0xde/0x130 [ 250.869381][ T29] ? load_image+0x400/0x400 [ 250.873970][ T29] ? load_image+0x400/0x400 [ 250.878465][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 250.884528][ T29] nmi_trigger_cpumask_backtrace+0x17a/0x2f0 [ 250.890597][ T29] watchdog+0xf3d/0xf80 [ 250.894746][ T29] ? watchdog+0x1e1/0xf80 [ 250.899163][ T29] kthread+0x2fa/0x390 [ 250.903303][ T29] ? hungtask_pm_notify+0x90/0x90 [ 250.908319][ T29] ? kthread_blkcg+0xd0/0xd0 [ 250.912987][ T29] ret_from_fork+0x48/0x80 [ 250.917408][ T29] ? kthread_blkcg+0xd0/0xd0 [ 250.922000][ T29] ret_from_fork_asm+0x11/0x20 [ 250.926860][ T29] [ 250.931383][ T29] Sending NMI from CPU 1 to CPUs 0: [ 250.937057][ C0] NMI backtrace for cpu 0 [ 250.937066][ C0] CPU: 0 PID: 5821 Comm: kworker/0:6 Not tainted syzkaller #0 [ 250.937082][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 250.937092][ C0] Workqueue: events free_obj_work [ 250.937118][ C0] RIP: 0010:__sanitizer_cov_trace_switch+0x74/0x120 [ 250.937142][ C0] Code: 00 b9 07 00 00 00 48 85 c0 75 13 e9 bc 00 00 00 b9 01 00 00 00 48 85 c0 0f 84 ae 00 00 00 41 57 41 56 41 54 53 48 8b 54 24 20 <65> 4c 8b 05 74 9b 7c 7e 45 31 c9 eb 08 49 ff c1 4c 39 c8 74 77 4e [ 250.937154][ C0] RSP: 0018:ffffc9000481f550 EFLAGS: 00000202 [ 250.937165][ C0] RAX: 0000000000000008 RBX: 0000000000000000 RCX: 0000000000000003 [ 250.937174][ C0] RDX: ffffffff813b3d62 RSI: ffffffff8cfa0760 RDI: 0000000000000004 [ 250.937184][ C0] RBP: ffffc9000481f698 R08: ffff88801e2d5a00 R09: 0000000000000002 [ 250.937194][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc9000481f648 [ 250.937202][ C0] R13: dffffc0000000000 R14: 0000000000000004 R15: ffffffff8f0ed0ce [ 250.937212][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 250.937224][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 250.937234][ C0] CR2: 000055555d05aa28 CR3: 0000000069916000 CR4: 00000000003506f0 [ 250.937246][ C0] Call Trace: [ 250.937252][ C0] [ 250.937259][ C0] unwind_next_frame+0x742/0x2970 [ 250.937280][ C0] ? process_scheduled_works+0xa5d/0x15d0 [ 250.937301][ C0] ? process_scheduled_works+0xa5d/0x15d0 [ 250.937317][ C0] ? stack_trace_save+0x100/0x100 [ 250.937334][ C0] arch_stack_walk+0x144/0x190 [ 250.937351][ C0] ? process_scheduled_works+0xa5d/0x15d0 [ 250.937370][ C0] stack_trace_save+0xaa/0x100 [ 250.937387][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 250.937404][ C0] ? __stack_depot_save+0x1f/0x630 [ 250.937423][ C0] kasan_set_track+0x4e/0x70 [ 250.937439][ C0] ? kasan_set_track+0x4e/0x70 [ 250.937453][ C0] ? kasan_save_free_info+0x2e/0x50 [ 250.937470][ C0] ? ____kasan_slab_free+0x126/0x1e0 [ 250.937485][ C0] ? slab_free_freelist_hook+0x130/0x1a0 [ 250.937498][ C0] ? kmem_cache_free+0xf8/0x270 [ 250.937517][ C0] ? free_obj_work+0x436/0x5a0 [ 250.937535][ C0] ? process_scheduled_works+0xa5d/0x15d0 [ 250.937573][ C0] ? kmem_cache_free+0xf8/0x270 [ 250.937591][ C0] kasan_save_free_info+0x2e/0x50 [ 250.937609][ C0] ____kasan_slab_free+0x126/0x1e0 [ 250.937626][ C0] slab_free_freelist_hook+0x130/0x1a0 [ 250.937642][ C0] ? free_obj_work+0x436/0x5a0 [ 250.937661][ C0] kmem_cache_free+0xf8/0x270 [ 250.937682][ C0] free_obj_work+0x436/0x5a0 [ 250.937703][ C0] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 250.937720][ C0] ? __free_object+0xa70/0xa70 [ 250.937739][ C0] ? read_lock_is_recursive+0x20/0x20 [ 250.937757][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 250.937773][ C0] ? process_scheduled_works+0x96f/0x15d0 [ 250.937791][ C0] ? process_scheduled_works+0x96f/0x15d0 [ 250.937808][ C0] process_scheduled_works+0xa5d/0x15d0 [ 250.937838][ C0] ? assign_work+0x430/0x430 [ 250.937857][ C0] ? assign_work+0x3d0/0x430 [ 250.937882][ C0] worker_thread+0xa55/0xfc0 [ 250.937899][ C0] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 250.937914][ C0] ? _raw_spin_unlock+0x40/0x40 [ 250.937927][ C0] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 250.937952][ C0] kthread+0x2fa/0x390 [ 250.937965][ C0] ? pr_cont_work+0x560/0x560 [ 250.937982][ C0] ? kthread_blkcg+0xd0/0xd0 [ 250.937995][ C0] ret_from_fork+0x48/0x80 [ 250.938013][ C0] ? kthread_blkcg+0xd0/0xd0 [ 250.938026][ C0] ret_from_fork_asm+0x11/0x20 [ 250.938052][ C0] [ 251.069382][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 251.069400][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 251.069417][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 251.069428][ T29] Call Trace: [ 251.069436][ T29] [ 251.069443][ T29] dump_stack_lvl+0x18c/0x250 [ 251.069477][ T29] ? show_regs_print_info+0x20/0x20 [ 251.069499][ T29] ? load_image+0x400/0x400 [ 251.069528][ T29] panic+0x2dc/0x730 [ 251.069546][ T29] ? schedule_preempt_disabled+0x20/0x20 [ 251.069570][ T29] ? bpf_jit_dump+0xd0/0xd0 [ 251.069587][ T29] ? __irq_work_queue_local+0x13a/0x3b0 [ 251.069611][ T29] ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0 [ 251.069640][ T29] watchdog+0xf7c/0xf80 [ 251.069663][ T29] ? watchdog+0x1e1/0xf80 [ 251.069688][ T29] kthread+0x2fa/0x390 [ 251.069704][ T29] ? hungtask_pm_notify+0x90/0x90 [ 251.069724][ T29] ? kthread_blkcg+0xd0/0xd0 [ 251.069740][ T29] ret_from_fork+0x48/0x80 [ 251.069759][ T29] ? kthread_blkcg+0xd0/0xd0 [ 251.069774][ T29] ret_from_fork_asm+0x11/0x20 [ 251.069806][ T29] [ 251.072655][ T29] Kernel Offset: disabled [ 251.408822][ T29] Rebooting in 86400 seconds..