last executing test programs: 6.902847871s ago: executing program 3 (id=222): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x300001a, &(0x7f0000001e80)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c646d61736b3d30313737373737373737373737373737373737373737332c73686f72746e616d653d6c6f7765722c636865636b3d7374726963742c2c756e695f786c6174653d302c726f6469722c726f6469722c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c6e6f6e756d7461696c3d302c756e695f786c6174653d312c756e695f786c6174653d312c6572726f72733d636f6e74696e75650000000000000003667365743d30121df478303030383030303030303030303465302c757466383d302c0077b5b28056fc4549d277ed7fab6b0be27ef17f888ccab55cccc917ad315c8ea56f5a89c104f92d058b92f5881e69e06002f5914c03fefbeb09121733eaf5ded73df976fbd4cfcb8b70b0bf44da1b46bc3935431d5e60a641f9e4ebbf71c77fc9a810ce726b8c6d6295a5f2e2b069b95ba8ecce52ded99b82923228c37d5e1ec11cdbcabb8a89cbf2cf2771d69e3cf0e676cc6e5b2e542e426bceaab9b2cf261046247bce0565d13a6ca8137aba85fe39756814fda1f0624b33a2025792a477ccfff09befb1d0cf1599d272628028b9786e1fbfb3d637c2561421488c9de8d3739a94bf13ac582f6b67de0cad933631794271b2259fe5d73a74ad7da615c31505c7c0c168052d38e5b64c4bb7d0599e5dcf0000000000000000000000000000002790cf17418aa278cfc0c9d1c81c63e58b877706a4b7eed8a5aff253298db2939adc0efdab4745ab0e09ef8beaaf04e5374c2e7e4656e47fe5a25502919954242f8d771fc2acf14f2cee04696a9d84091f20646210edf871d3f20ad66fcf4b816323b8abb307381d32da887dcc71e35f364baa1b93fd5ee36c02aa4628511442992ced893ab924472440b53fc08cc41403e167b1f2605e04d5f0c16ed49969b59d650d88642b10c7893f64421a40f4822ffcc284dfe9ae1c6e4a04293c970f2dae776decf07b085eb5fdeda7d365b0f86c7fcd8df00a87f4dbbf8e623667e3b65e4c487055a2e5cd64402a4de537bf113fc7370099e4faebe6ea9d4f155f8f5f4c5f9b205ce1bbc8c0002a19457e05a210d9e9820bc7f318ebfdfcc22f83150503b2c7fb0340a249135057f87882717e166ef509c14fdcf38f63141e4ed36737c6e55498b350f41c8caed3e347c149162b4c6ed629be8eaaa25d59747816197aff2cf68a42d73e8146c72fedb130521de285872a4ca5353cc354a0b0e2ce57275b34276d28d91b2c0c2fa1041f818ea96f65a3000057dfb8858cfd194f7431e4b734f848268c5a000f01000000010000000360236584faaf1a4d4fabd3b68929729fd006fa91186ac3d0d222e00c77ad726cdc16c8456d6f598254bda7c72b24a6b213162cd6e6f205d16a083b5bf85cd0ea669c5fb5535a49d95389c186be0d5d6aaf673c3b675e34dbc89407aa23b2cd4f0d7674421b4896983d7958b0cf1c7c1322b944e316711ed73c720ac25fea464ea96fdf6be3f67430188cb9f1ea81316df61c875ff59c8ffa9ffe954ccb28f037ca003109618cff0ec917fc7abe19b6a10a0eae6c72b067e29580d666042466d68ce5d192fae5bdea0b94a9bfbd0efae746ff081eb028e5566a25db8f43ddd07c39db9bed54a8a9d5763d42", @ANYRES8], 0xfc, 0x2b6, &(0x7f0000000480)="$eJzs3U9rK1UUAPAz+ddUFwniRhEc0IWr8urWTaM8QexKiaBuDL4+kKQUWghYwdpVP4FL8Wu4defabyC4Fdy1i8rIZGaaxCZttP+g/n6b3t57z52TOUOyyskXr+0On+0lcXz6W7TbSdS2YivOkuhGLSrfRSMAgMfjLMvizywimsX/ycqRjdrdZQUA3KXi87/w0LkAAPfj408/+7C3vf30ozRtxyudk3E/iYjdk3G/WO89j69iFDvxJDpxHpFdKMbvf7D9NBpprhtv7h6N++O583t/xPokfjM60V0cv5kWyvh+RP63GS9EGr3nzeqoTry8OP7tBfHRb8Vbb8zkvxGd+PXL2ItRPIs8dhr/7Waavpd9f/rN5/ll8vikFv21yb7SekRWv7eiAAAAAAAAAAAAAAAAAAAAAADw6G2kaVK075n078mnyv479fPJ+kZa6c735yniL/oFF/2Bsihb9Bxl8UPVX+dJmqZZuXEa34hXG35YAAAAAAAAAAAAAAAAAAAAAHIHXx8OB6PRzv6NB/XhYFR1A6i+1v9fD9yamXk9DoeD+vID11a/1my3gTzXKzdHoxG3cFuuH8TP63k+S/b8WOb7709emxb3kzK8KsytvoqX3r3IMC2Xqps8HCTXXatdFe6n2aVWrJxGkszNTGo72tnPJo/EeTZf0/aSm9m6hbuRP6OtFxcu/ZVl2WrnvPN7UaNyJpm02FgtjWY5WPq0tC/X4pflBy59y6jf9D0HAAAAAAAAAAAAAAAAAABYbP6L0/9wfGVo7c6SAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB7Nv39/2rQjoj5mUuDozL4qj3loBX7Bw/8EgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgf+DsAAP//tERGig==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x143042, 0x80) r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setown(r1, 0x8, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfe}], 0x1, 0x5405, 0x0, 0x0) 5.940222857s ago: executing program 3 (id=228): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000300)={[0x3ff]}, 0xfffffffffffffff0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.443237156s ago: executing program 3 (id=234): r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) getrandom(0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x80002, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0xc, 0x12, r1, 0xffffe000) 4.370821743s ago: executing program 3 (id=240): socket$nl_generic(0x10, 0x3, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x101501, 0x0) r0 = syz_mount_image$btrfs(&(0x7f0000000200), &(0x7f0000005600)='./file0\x00', 0x800, &(0x7f0000000740), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR") getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0x15, &(0x7f0000000000), &(0x7f00000000c0)=0x4) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, &(0x7f0000000080)=0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$BTRFS_IOC_SEND(r0, 0x40489426, &(0x7f00000000c0)={{}, 0x0, 0x0}) 3.278527382s ago: executing program 3 (id=245): r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x80}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x20, 0x80, 0x1c, {0xa, 0x2, 0x5, 0xa, 0x8b2c, 0x4, 0x4004, 0xff, 0x2, 0x100, 0x8, 0x7bf}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 3.224930548s ago: executing program 1 (id=246): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0x9}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}, 0x0) write$binfmt_script(r1, &(0x7f0000000600), 0xfec8) recvmmsg(r1, &(0x7f0000001080)=[{{0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f0000001380)=""/5, 0x5}, {&(0x7f0000000780)=""/242, 0xf2}], 0x2}, 0x9}], 0x1, 0x2000, 0x0) 2.99952324s ago: executing program 1 (id=247): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0) readv(r0, &(0x7f00000018c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1) readv(r0, &(0x7f0000001840)=[{&(0x7f0000001900)=""/4096, 0x1000}], 0x1) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 2.335620186s ago: executing program 2 (id=249): openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100)) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0x8}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x2, 0x80000000, 0x20000006, 0x4d, 0x6, 0x0, 0x0, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x13, 0x0, 0x4, 0x8, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0x7, 0x0, 0xffffffff, 0x100e661, 0x629, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x0, 0x5, 0x3e, 0x8c, 0x6, 0x10002, 0x0, 0x85, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x7, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0x6, 0xe, 0x2c0, 0xfffffff7, 0x9, 0xfffffffb, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xf, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f2e, 0xd, 0x902, 0x2, 0x4, 0x7, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x24f6d000, 0x3, 0x7c9d, 0x9, 0x8, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x405, 0x7, 0x5, 0xfffffffc, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x0, 0x4, 0x2950bfad, 0x1000, 0xa2, 0x7, 0x1, 0x5, 0x6, 0xac8, 0xca, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x2, 0x93a, 0x5, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x81, 0x3, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xfffffff9, 0xfffff000, 0x10000, 0x0, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x5, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x10, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0x1000]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 2.107550999s ago: executing program 0 (id=250): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = syz_io_uring_setup(0x23d, &(0x7f0000000680)={0x0, 0xee69, 0x10100, 0x3, 0x184}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) fcntl$getflags(r1, 0xb) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x31a0}}) io_uring_enter(r1, 0x2648, 0x1d5e, 0x2, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000240)=0x3) read$dsp(r0, &(0x7f0000000280)=""/79, 0x4f) 2.107215979s ago: executing program 2 (id=251): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000380)={{0x0, 0x400, 0x4b, 0x9}, 'syz0\x00', 0x11}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000540), 0x4, 0x280283) syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) dup3(r1, r0, 0x80000) syz_open_procfs(0x0, &(0x7f0000000480)='fd/3\x00') 1.90057514s ago: executing program 1 (id=252): setresgid(0x0, 0xee01, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) fstat(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r1, 0x0) r2 = msgget$private(0x0, 0x193) msgsnd(r2, &(0x7f0000000640)=ANY=[@ANYBLOB="02"], 0x401, 0x0) msgsnd(r2, &(0x7f0000000080)={0x3}, 0x8, 0x800) 1.863940804s ago: executing program 2 (id=253): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(ecb-aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="10797fcd6cd957d2b903c6bf46b4abf3629ff075475e4bd6e43be1712bf8b4dc", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$cgroup_pid(r1, &(0x7f0000000480), 0x12) readv(r1, &(0x7f0000000100)=[{&(0x7f0000000380)=""/82, 0x52}, {&(0x7f0000000040)=""/45, 0x2d}], 0x2) sendmmsg$alg(r1, &(0x7f0000000000)=[{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)="600acf5a9bd524eb24b523c439cde580f4875be389db78d63b3d819f4ae9d669dc89ed29af345bc3f178634058e6f9d401a90a29ede83384345b16d1360611718f399724394fc9a862c79c9050605acd01063e68b96ecec64b6246a9abae7fe7cfa5afb3254dd8d05ab65dccacbfc57b", 0x70}], 0x1, 0x0, 0x0, 0x4c040}], 0x1, 0x24000804) 1.607588369s ago: executing program 2 (id=254): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x2048c5, &(0x7f0000007480)={[{@fat=@nocase}, {@shortname_winnt}, {@rodir}, {@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffbee}}, {@fat=@flush}, {@shortname_winnt}, {@utf8no}, {@fat=@dmask={'dmask', 0x3d, 0x100}}, {@fat=@dos1xfloppy}, {@uni_xlate}, {@utf8no}, {@utf8no}]}, 0x0, 0x274, &(0x7f0000000a00)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==") r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100) 1.539584476s ago: executing program 0 (id=255): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x2005c013}, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f000000000000000002000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x24040880}, 0x800) sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0) 1.435399716s ago: executing program 2 (id=256): r0 = eventfd2(0x40800200, 0x800) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) r2 = eventfd2(0x5, 0x80801) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) close_range(r2, 0xffffffffffffffff, 0x0) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000180)={0x1, r0}) 1.363551043s ago: executing program 0 (id=257): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) rmdir(&(0x7f0000000000)='./file0\x00') r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000200)=0x1, 0x12) 1.220774178s ago: executing program 0 (id=258): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000fda000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f00000001c0)="f081550100a000000f010e180045000fbe252e8a094d36420f705626002e660f3a176a4b00b9800000c00f20c035f70000000f22c067420f01c3460f79c20cb8c087678eef66ba0ced45c194710a00000005c68244bcae0090", 0x59}], 0x1, 0x5f, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x61, &(0x7f0000000100)=[@cr4={0x1, 0x9e2}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.011496939s ago: executing program 2 (id=259): r0 = epoll_create(0x10000e9) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r2 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7\x88\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7`\x9b=\xec\x9f\x1d\x9b@$\x8c\bb\x1a\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\'\xffO,4\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2\x01G\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\rr\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\xc6\x8a=\x04\xa35\x9b\xf5\x80E\x8f\x1e\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x10\x00'/276, 0x2) ftruncate(r2, 0xffff) fcntl$addseals(r2, 0x409, 0x7) r3 = ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000040)={r2, 0x0, 0x0, 0x1000}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r3, &(0x7f0000000080)={0x30000009}) 664.383203ms ago: executing program 32 (id=259): r0 = epoll_create(0x10000e9) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r2 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7\x88\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7`\x9b=\xec\x9f\x1d\x9b@$\x8c\bb\x1a\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\'\xffO,4\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2\x01G\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\rr\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\xc6\x8a=\x04\xa35\x9b\xf5\x80E\x8f\x1e\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x10\x00'/276, 0x2) ftruncate(r2, 0xffff) fcntl$addseals(r2, 0x409, 0x7) r3 = ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000040)={r2, 0x0, 0x0, 0x1000}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r3, &(0x7f0000000080)={0x30000009}) 643.867836ms ago: executing program 0 (id=261): write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030"], 0x15) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57) r1 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') preadv(r1, &(0x7f0000001b80)=[{&(0x7f00000000c0)=""/92, 0x84}], 0x1, 0x62, 0xfd4c) 643.272765ms ago: executing program 1 (id=262): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0x2, 0x2, 0x4}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x2000000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_ext_remove_space_done\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x18000, &(0x7f0000000000), 0x1, 0x632, &(0x7f0000001280)="$eJzs3c9rHNcdAPDvzEqyZauVXUqpTUsFPdhQvJZcU7c92e6hPhhqqA8h5GBhSY7w+geWDLZjsAw5JJBACLmG4Ev+gZBr0DXkFgKJbzkHnBCc5JAEb5jZWWuz2rU3kla78Xw+MDNvfmjf++7s2/dmZkcTQGlNZaM0Yl9EnEsiJlvWTURj5VSx3cOvb5/PhiTq9f9/lURSLGtu/6iY7s5GSeNvPj4Z8bvK+nyXbt66OFurN9yJOLx86erhpZu3Di1emr0wf2H+8syRfx49Nv2vmQ+3Js7dxfTU6f/96fWXX/zHwie1Q0kcj7OjL81FWxxbZarx7kYWYuvykYg4liU6vC+wnSrF53E0Iv4Qk1HJ5xomY/G1gRYO6Kt6pdE+1cfqQOkk0UwMuCDANmv2A5rH9v04Dh5mD05k4xsd4h8pjt535sdGux4mLUdG2dKIPVuQ/0pE/Hh7/9vZEF3OQ4xsQT5d878bEX/stP+TPP49eaRZ/GmkLX+XpaeLcxtZ+f6ziTIkLenePn93NpHbz/2S+Fv3Qxb/8WKaLT/Z5fWfdopnqm2+bPUPgMFYPVE05FlHJNbav6xn2Oz/RHv/p/5+fm2ove3aiO7tX7oFr/50ef9vpFP732zvd+ZteNrWD0ti5dsznV9ytH3B56+eerNb/lMt/b9syPJv9gV7sOmu4YO7Efvb4n8lf+uTx/s/6dD/zfp753rM47+ffnmq27pNxr9p9XsRBzoe/6z1SrNU2/XJJJrXJ4/OHF5YrM1PN8Yd8/jgoxfe7Zb/oOPP9v+uLvE/af9ny672mMd7Z+5daqR2rFs38dT40y/GkrN5aiwfr1WvseR0sUljcmN2efnakSeXpblNPp1pxH/wr53rf5f484OP8eZXZg+uPnfxYbd1m9z/j+o9bthNFv/cBvf/Gz3m8d3z1//cbd36+NfOSYxvNCgAAAAAAAAoqTS/Bpuk1cfpNK0WF95+H7vS2pWl5b8tXLl+eS7iYP57yNG0eaV7sjGfZPMzxe9hm/NH2ub/HhF7I+Ktyng+Xz1/pTY36OABAAAAAAAAAAAAAAAAAABgSOwu7v9/VDwP7JtKmlargy4VsG36+YA5YLip/1Beef3fnuetAUNG+w/l1bH++1KAUlDVobzUfygv9R/KS/2H8lL/oby61/91a+72uywAAAAAwJbZ+5fV+yMRsfLv8XzIjBXrRgdaMqDf1HEor8qgCwAMzOML/G7/h9Lpqf//ffHPAftfHGAAkpb0SjORdw7qT678q0nfywYAAAAAAAAAAAAANBzYt3o/cf8/lJLb/qC8Nnb/f2XjfwoMjU7/+t/jQKAcHONDyfVwEmBntxXu/wcAAAAAAAAAAACAbTORD0laLX4GPBFpWq1G/CYi9sRosrBYm5+OiN9GxGeV0R3Z/MygCw0AAAAAAAAAAAAAAAAAAADPmKWbty7O1mrz11oTP6xb8mwnmk88HZbytCYi6XsWabQtGY+IYYi9P4mRliVJxEq257filZPNf35iGN6fIjHgLyYAAAAAAAAAAAAAAAAAACihlnuPO9v/zjaXCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC239rz//uXGHSMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCv008BAAD//xS+O5U=") 481.189582ms ago: executing program 0 (id=263): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x4}], 0x4) r1 = socket$kcm(0x2, 0xa, 0x2) r2 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) 293.40425ms ago: executing program 1 (id=264): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18a3000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x9, 0x8, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb598}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r2, 0x0, 0x0}, 0x10) 91.53154ms ago: executing program 3 (id=265): syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000001c0)='./file0\x00', 0x810082, &(0x7f0000000040)=ANY=[@ANYBLOB="756e695f786c6174653d312c726f6469722c757466383d302c73686f72746e616d653d77696e6e742c757466383d302c757466383d312c756e695f786c6174653d302c696f636861727365743d63703433372c756e695f786c6174653d302c6572726f72733d72656d6f756e742d726f2c757466383d312c757466383d312c73686f72746e616d653d77696e39352c6e66733d6e6f7374616c655f726f2c756e695f786c6174653d312c73686f72746e616d653d77696e39352c646973636172642c004338cb8631b26441e86414f461975e105d02960776fcb7ddfd80b96c1b2ffd13d5cc37784797dbc9e26b7c39310b49940995ce6e6ce1c218890b59506de99e2dd234abcde0be50d3de656741fee78f74e94ee73bd6d7162f0d2a8275e0a6125615ce223c21fe303d561d81b2681dce1c0b7061c5a347b2040e7b6c9210507527467dad005f3e38c47d4daa9d76c69f51ffeb2f81123fe54df14c6c02413e51ba63c35f11"], 0x0, 0x2b9, &(0x7f0000000280)="$eJzs3T9rc1UYAPDnpmkSdUgGJxG8oIPTy9t3dUmVFqqZlAzqoMW2IE0QWij4B9NOri6OfgJBcHP1A7j4DQRXwc0OhSv35t4kbdPYaNP65/db+vTc85zznNPTlA45ef/54eFeGgdnn/0crVYStW504zyJTtSichqXdL8MAODf7DzL4rdsbJm8JCJaqysLAFihpf/+f7fykgCAFXvr7Xfe2Oz1tt5M01ZsD7846ef/2edfx883D+LDGMR+PI52XERkE+N4O8uyUT3NdeKl4eikn2cO3/uxHH/z14gifyPa0SmaLufv9LY20rGZ/FFex9Pl/N08/0m049k58+/0tp7MyY9+I15+cab+R9GOnz6Ij2IQe0UR0/zPN9L0teyr3z99Ny8vz09GJ/1m0W8qW7vnHw0AAAAAAAAAAAAAAAAAAAAAAP9hj8q7c5pR3N+TN5X376xd5N+sR1rpXL6fZ5yfVANduR9olMXX1f06j9M0zcqO0/x6PFeP+sOsGgAAAAAAAAAAAAAAAAAAAP5Zjj/+5HB3MNg/KoLXszKYtCwXVLcBVG/r/6vjdCct9aMXYnHn5nSuWhkuGDnWqj5JxMIy8kX8vd24dfDUTTV/8+2yA7b+vM/6dK7olJtxx+uqTtfhbjJ/D5tRtbSqQ/L9bJ9G3HKuxk2PsqWOX2Puo/bSa288UwSjBX0iWVTYK7+Md65sKX+hTid9GsWuzk1fL4OZ9CtnY6nzfP21Iknu/OUHAAAAAAAAAAAAAAAAAACYMX3T75yHZwtTa1lzZWUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwL2afv7/JKhfa7kajMrkccsPry7o3Iij4wdeIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8DfwQAAP//4wFdTQ==") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0}, 0x18) open(&(0x7f0000000040)='./bus\x00', 0x400141042, 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r1 = open(&(0x7f0000002a40)='./bus\x00', 0x8000, 0xa0) ioctl$BLKFLSBUF(r1, 0x1261, 0x0) 0s ago: executing program 1 (id=266): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x3, 0x8}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd22, 0x6000000, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_FLAGS={0x8, 0x8, 0x100001}, @TCA_BPF_ACT={0x4}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x4000800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.158' (ED25519) to the list of known hosts. syzkaller login: [ 75.805110][ T5758] cgroup: Unknown subsys name 'net' [ 75.943344][ T5758] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 77.549813][ T5758] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.061721][ T5769] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.075665][ T5769] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.085394][ T5769] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.096049][ T5769] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.105671][ T5769] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 79.113046][ T5769] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.150601][ T5773] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.159136][ T5773] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.166783][ T5773] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.175228][ T5773] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.183246][ T5773] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 79.190856][ T5773] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.236318][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.246627][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.254424][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.263901][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.272814][ T51] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 79.280497][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.332079][ T5779] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.345365][ T5779] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.355241][ T5779] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.367472][ T5779] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.376644][ T5779] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 79.385784][ T5779] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.681511][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 79.899872][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 79.919977][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.927537][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.935273][ T5768] bridge_slave_0: entered allmulticast mode [ 79.942438][ T5768] bridge_slave_0: entered promiscuous mode [ 79.954047][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.961244][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.968488][ T5768] bridge_slave_1: entered allmulticast mode [ 79.975768][ T5768] bridge_slave_1: entered promiscuous mode [ 79.983407][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 80.064609][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.078860][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.164210][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.171634][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.179451][ T5772] bridge_slave_0: entered allmulticast mode [ 80.187344][ T5772] bridge_slave_0: entered promiscuous mode [ 80.194572][ T5775] chnl_net:caif_netlink_parms(): no params data found [ 80.213751][ T5768] team0: Port device team_slave_0 added [ 80.224402][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.232036][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.239275][ T5772] bridge_slave_1: entered allmulticast mode [ 80.246531][ T5772] bridge_slave_1: entered promiscuous mode [ 80.261556][ T5768] team0: Port device team_slave_1 added [ 80.343206][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.350383][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.376416][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.390220][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.397456][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.424294][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.447311][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.454525][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.461903][ T5771] bridge_slave_0: entered allmulticast mode [ 80.469591][ T5771] bridge_slave_0: entered promiscuous mode [ 80.479334][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.492068][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.517370][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.524576][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.532051][ T5771] bridge_slave_1: entered allmulticast mode [ 80.539611][ T5771] bridge_slave_1: entered promiscuous mode [ 80.630365][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.642729][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.656451][ T5772] team0: Port device team_slave_0 added [ 80.706899][ T5772] team0: Port device team_slave_1 added [ 80.712919][ T5775] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.723289][ T5775] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.730932][ T5775] bridge_slave_0: entered allmulticast mode [ 80.741058][ T5775] bridge_slave_0: entered promiscuous mode [ 80.752878][ T5768] hsr_slave_0: entered promiscuous mode [ 80.759846][ T5768] hsr_slave_1: entered promiscuous mode [ 80.793328][ T5775] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.800636][ T5775] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.807941][ T5775] bridge_slave_1: entered allmulticast mode [ 80.814879][ T5775] bridge_slave_1: entered promiscuous mode [ 80.844036][ T5771] team0: Port device team_slave_0 added [ 80.854260][ T5771] team0: Port device team_slave_1 added [ 80.895735][ T5775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.917976][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.924960][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.951139][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.965135][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.972110][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.998218][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.017006][ T5775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.045710][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.052698][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.078748][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.119472][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.127386][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.153604][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.205852][ T5779] Bluetooth: hci0: command tx timeout [ 81.232712][ T5775] team0: Port device team_slave_0 added [ 81.260309][ T5771] hsr_slave_0: entered promiscuous mode [ 81.267673][ T5771] hsr_slave_1: entered promiscuous mode [ 81.274060][ T5771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.281983][ T5771] Cannot create hsr debugfs directory [ 81.289040][ T5775] team0: Port device team_slave_1 added [ 81.296015][ T5779] Bluetooth: hci1: command tx timeout [ 81.306964][ T5772] hsr_slave_0: entered promiscuous mode [ 81.313202][ T5772] hsr_slave_1: entered promiscuous mode [ 81.320030][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.327707][ T5772] Cannot create hsr debugfs directory [ 81.365634][ T5779] Bluetooth: hci2: command tx timeout [ 81.409775][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.416848][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.442846][ T5775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.455329][ T5779] Bluetooth: hci3: command tx timeout [ 81.463350][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.470412][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.496350][ T5775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.641347][ T5775] hsr_slave_0: entered promiscuous mode [ 81.648592][ T5775] hsr_slave_1: entered promiscuous mode [ 81.654763][ T5775] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.662690][ T5775] Cannot create hsr debugfs directory [ 81.969698][ T5768] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 81.993974][ T5768] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 82.048017][ T5768] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 82.065665][ T5768] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 82.205387][ T5772] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 82.229178][ T5772] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 82.259100][ T5772] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 82.271916][ T5772] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 82.321316][ T5771] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.338613][ T5771] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.349123][ T5771] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.374528][ T5771] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.448469][ T5775] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 82.464114][ T5775] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 82.477643][ T5775] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 82.488149][ T5775] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 82.613776][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.670086][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.702048][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.709393][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.739001][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.750073][ T1085] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.757268][ T1085] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.779782][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.809336][ T5775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.849168][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.867819][ T5775] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.891958][ T1074] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.899181][ T1074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.922901][ T1074] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.930158][ T1074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.947788][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.988443][ T1074] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.995708][ T1074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.004995][ T1074] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.012239][ T1074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.022906][ T1074] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.030043][ T1074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.041551][ T1074] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.048728][ T1074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.285395][ T5779] Bluetooth: hci0: command tx timeout [ 83.376430][ T5779] Bluetooth: hci1: command tx timeout [ 83.445749][ T5779] Bluetooth: hci2: command tx timeout [ 83.458281][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.520682][ T5768] veth0_vlan: entered promiscuous mode [ 83.526794][ T5779] Bluetooth: hci3: command tx timeout [ 83.542003][ T5768] veth1_vlan: entered promiscuous mode [ 83.677752][ T5768] veth0_macvtap: entered promiscuous mode [ 83.727937][ T5768] veth1_macvtap: entered promiscuous mode [ 83.783321][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.800095][ T5775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.828069][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.861305][ T5768] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.873443][ T5768] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.883271][ T5768] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.892060][ T5768] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.939654][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.958036][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.024627][ T5775] veth0_vlan: entered promiscuous mode [ 84.051746][ T5775] veth1_vlan: entered promiscuous mode [ 84.124654][ T5772] veth0_vlan: entered promiscuous mode [ 84.162634][ T5771] veth0_vlan: entered promiscuous mode [ 84.199371][ T5771] veth1_vlan: entered promiscuous mode [ 84.220911][ T5772] veth1_vlan: entered promiscuous mode [ 84.244389][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.259250][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.269284][ T5775] veth0_macvtap: entered promiscuous mode [ 84.308143][ T5772] veth0_macvtap: entered promiscuous mode [ 84.335467][ T5775] veth1_macvtap: entered promiscuous mode [ 84.351227][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.362205][ T5772] veth1_macvtap: entered promiscuous mode [ 84.369032][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.397870][ T5771] veth0_macvtap: entered promiscuous mode [ 84.409801][ T5771] veth1_macvtap: entered promiscuous mode [ 84.442515][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.459242][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.471507][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.482566][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.503350][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.514182][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.525154][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.538697][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.549315][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.566061][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.579113][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.590166][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.600223][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.610923][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.627714][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.660215][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.672983][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.690967][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.703497][ T5775] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.717590][ T5775] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.734419][ T5775] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.758632][ T5775] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.765316][ T5854] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 84.802472][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.819017][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.834339][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.851425][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.863694][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.878701][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.901491][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.920650][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.941739][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.973227][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.985576][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.001414][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.041627][ T5771] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.059955][ T5771] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.079332][ T5771] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.088473][ T5771] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.112732][ T5772] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.123017][ T5772] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.137454][ T5772] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.146485][ T5772] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.357557][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.375762][ T5779] Bluetooth: hci0: command tx timeout [ 85.384495][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.445420][ T5779] Bluetooth: hci1: command tx timeout [ 85.482054][ T1074] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.493797][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.525349][ T5779] Bluetooth: hci2: command tx timeout [ 85.531149][ T1074] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.545961][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.605303][ T5779] Bluetooth: hci3: command tx timeout [ 85.638481][ T1095] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.646742][ T1095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.687046][ T1095] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.694921][ T1095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.810795][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.821451][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.074896][ T5867] syz.3.4[5867]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 86.155527][ T5867] loop3: detected capacity change from 0 to 2048 [ 86.267641][ T5867] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 86.440985][ T5874] loop0: detected capacity change from 0 to 64 [ 86.562956][ T28] audit: type=1800 audit(1768192426.159:2): pid=5874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.8" name="file2" dev="loop0" ino=21 res=0 errno=0 [ 86.603275][ T5874] syz.0.8: attempt to access beyond end of device [ 86.603275][ T5874] loop0: rw=34817, sector=39, nr_sectors = 125 limit=64 [ 86.688937][ T5874] syz.0.8: attempt to access beyond end of device [ 86.688937][ T5874] loop0: rw=34817, sector=167, nr_sectors = 1 limit=64 [ 86.771293][ T5874] syz.0.8: attempt to access beyond end of device [ 86.771293][ T5874] loop0: rw=34817, sector=169, nr_sectors = 1 limit=64 [ 86.821757][ T5874] syz.0.8: attempt to access beyond end of device [ 86.821757][ T5874] loop0: rw=34817, sector=171, nr_sectors = 7 limit=64 [ 86.863777][ T5874] syz.0.8: attempt to access beyond end of device [ 86.863777][ T5874] loop0: rw=34817, sector=179, nr_sectors = 263 limit=64 [ 87.445741][ T5779] Bluetooth: hci0: command tx timeout [ 87.525838][ T5779] Bluetooth: hci1: command tx timeout [ 87.606315][ T5779] Bluetooth: hci2: command tx timeout [ 87.685151][ T5779] Bluetooth: hci3: command tx timeout [ 88.637834][ T5945] loop1: detected capacity change from 0 to 4096 [ 88.702946][ T5945] NILFS (loop1): invalid segment: Checksum error in segment payload [ 88.728440][ T5945] NILFS (loop1): trying rollback from an earlier position [ 88.819546][ T5945] NILFS (loop1): recovery complete [ 88.856389][ T5933] loop3: detected capacity change from 0 to 32768 [ 88.874056][ T5933] ======================================================= [ 88.874056][ T5933] WARNING: The mand mount option has been deprecated and [ 88.874056][ T5933] and is ignored by this kernel. Remove the mand [ 88.874056][ T5933] option from the mount to silence this warning. [ 88.874056][ T5933] ======================================================= [ 88.909101][ C1] vkms_vblank_simulate: vblank timer overrun [ 88.945913][ T5951] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 89.022664][ T5933] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 89.303150][ T5933] XFS (loop3): Ending clean mount [ 89.387742][ T5933] XFS (loop3): Quotacheck needed: Please wait. [ 89.480842][ T5933] XFS (loop3): Quotacheck: Done. [ 90.318974][ T5775] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 90.345330][ T8] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 90.375290][ T787] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 90.535140][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 90.566117][ T8] usb 2-1: config 2 has an invalid interface number: 88 but max is 0 [ 90.585210][ T8] usb 2-1: config 2 has no interface number 0 [ 90.593293][ T787] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 90.601862][ T787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 90.615260][ T8] usb 2-1: config 2 interface 88 has no altsetting 0 [ 90.632356][ T8] usb 2-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 90.647177][ T787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 90.657106][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.678289][ T8] usb 2-1: Product: syz [ 90.682588][ T8] usb 2-1: Manufacturer: syz [ 90.692492][ T787] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 90.716607][ T8] usb 2-1: SerialNumber: syz [ 90.726080][ T787] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 90.768712][ T787] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.788734][ T787] usb 1-1: config 0 descriptor?? [ 91.257124][ T787] plantronics 0003:047F:FFFF.0001: unknown main item tag 0xd [ 91.272392][ T787] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 91.336494][ T787] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 91.368730][ T5973] loop3: detected capacity change from 0 to 32768 [ 91.418095][ T5973] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 91.553479][ T5973] XFS (loop3): Ending clean mount [ 91.572217][ T787] usb 1-1: USB disconnect, device number 2 [ 91.583535][ T5973] XFS (loop3): Quotacheck needed: Please wait. [ 91.684231][ T5973] XFS (loop3): Quotacheck: Done. [ 91.794831][ T5858] XFS (loop3): Metadata CRC error detected at xfs_refcountbt_read_verify+0x42/0xd0, xfs_refcountbt block 0x28 [ 91.825233][ T5858] XFS (loop3): Unmount and run xfs_repair [ 91.831118][ T5858] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 91.850133][ T5858] 00000000: 52 ff ff ff 7f 00 00 00 ff ff ff ff ff ff ff ff R............... [ 91.859435][ T5858] 00000010: 00 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 .......(........ [ 91.868784][ T5858] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 91.895498][ T5858] 00000030: 00 00 00 00 bd e7 de 5d 00 00 00 00 00 00 00 00 .......]........ [ 91.917398][ T5858] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 91.927682][ T5858] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 91.936970][ T5858] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 91.946352][ T5858] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 91.964395][ T5973] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x1d7/0x2d0" at daddr 0x28 len 8 error 74 [ 91.977921][ T23] cfg80211: failed to load regulatory.db [ 92.015539][ T5973] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x182e/0x1e00 (fs/xfs/libxfs/xfs_defer.c:598). Shutting down filesystem. [ 92.044533][ T5973] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 92.104260][ T5775] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 92.254711][ T8] asix 2-1:2.88 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 92.301766][ T8] asix 2-1:2.88 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 92.337511][ T8] asix: probe of 2-1:2.88 failed with error -71 [ 92.366597][ T8] usb 2-1: USB disconnect, device number 2 [ 93.149393][ T5988] loop0: detected capacity change from 0 to 32768 [ 93.185131][ T5988] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.36 (5988) [ 93.277222][ T5995] loop1: detected capacity change from 0 to 16 [ 93.292749][ T5988] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 93.315341][ T5995] erofs: (device loop1): mounted with root inode @ nid 36. [ 93.335719][ T5988] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 93.400297][ T5988] BTRFS info (device loop0): turning off barriers [ 93.412454][ T5988] BTRFS info (device loop0): setting nodatasum [ 93.452202][ T5988] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 93.456133][ T5995] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 93.509792][ T5995] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 93.514049][ T5988] BTRFS info (device loop0): use zstd compression, level 3 [ 93.536116][ T5995] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 93.555423][ T5995] erofs: (device loop1): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 93.573511][ T5988] BTRFS info (device loop0): using free space tree [ 93.583683][ T5996] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 93.605462][ T5996] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 93.635165][ T5996] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 93.655173][ T5996] erofs: (device loop1): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 94.528375][ T5771] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 94.733066][ T5938] Set syz1 is full, maxelem 65536 reached [ 95.638130][ T6051] loop1: detected capacity change from 0 to 1024 [ 95.660440][ T6051] EXT4-fs: inline encryption not supported [ 95.691910][ T6051] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 95.736652][ T6051] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.840442][ T6035] loop0: detected capacity change from 0 to 32768 [ 95.925240][ T6035] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 96.000343][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.022413][ T6067] Bluetooth: MGMT ver 1.22 [ 96.122073][ T6035] XFS (loop0): Ending clean mount [ 96.152063][ T6035] XFS (loop0): Quotacheck needed: Please wait. [ 96.258977][ T6035] XFS (loop0): Quotacheck: Done. [ 96.323111][ T6071] loop3: detected capacity change from 0 to 1024 [ 96.419093][ T6071] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 96.485942][ T6071] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 96.642596][ T6071] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.59: bg 0: block 112: padding at end of block bitmap is not set [ 96.762483][ T5771] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 96.776316][ T6071] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 43 with error 117 [ 96.820907][ T6071] EXT4-fs (loop3): This should not happen!! Data will be lost [ 96.820907][ T6071] [ 96.862001][ T6074] EXT4-fs error (device loop3): ext4_free_blocks:6692: comm syz.3.59: Freeing blocks not in datazone - block = 0, count = 16 [ 96.952912][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 96.995037][ C0] sched: RT throttling activated [ 97.412557][ T6078] loop1: detected capacity change from 0 to 1024 [ 97.458913][ T6078] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 97.516962][ T6078] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 97.576513][ T6078] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 97.618967][ T6078] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869) [ 97.659368][ T6078] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 97.708943][ T6078] EXT4-fs error (device loop1): ext4_get_journal_inode:5816: comm syz.1.58: inode #1: comm syz.1.58: iget: illegal inode # [ 97.750929][ T6078] EXT4-fs (loop1): no journal found [ 97.986822][ T6076] loop3: detected capacity change from 0 to 32768 [ 98.009668][ T6076] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.61 (6076) [ 98.493113][ T6069] loop2: detected capacity change from 0 to 262144 [ 98.531757][ T6076] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 98.545758][ T6069] BTRFS: device fsid f14e9105-5c88-4782-b968-4539b9a731cb devid 1 transid 8 /dev/loop2 scanned by syz.2.57 (6069) [ 98.571179][ T6069] BTRFS info (device loop2): first mount of filesystem f14e9105-5c88-4782-b968-4539b9a731cb [ 98.581501][ T6069] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 98.590277][ T6069] BTRFS info (device loop2): using free space tree [ 98.597290][ T6076] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 98.619910][ T6076] BTRFS info (device loop3): using free space tree [ 98.772222][ T6069] BTRFS info (device loop2): enabling ssd optimizations [ 98.779441][ T6069] BTRFS info (device loop2): auto enabling async discard [ 98.815226][ T6076] BTRFS info (device loop3): enabling ssd optimizations [ 98.823760][ T6076] BTRFS info (device loop3): auto enabling async discard [ 98.847131][ T6115] Illegal XDP return value 4294967262 on prog (id 10) dev syz_tun, expect packet loss! [ 99.126638][ T5768] BTRFS info (device loop2): last unmount of filesystem f14e9105-5c88-4782-b968-4539b9a731cb [ 99.383199][ T5775] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 99.582905][ T6086] loop0: detected capacity change from 0 to 32768 [ 99.701194][ T6086] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 99.824303][ T28] audit: type=1800 audit(1768192439.419:3): pid=6086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.60" name="file1" dev="loop0" ino=14674 res=0 errno=0 [ 100.023313][ T6134] trusted_key: syz.2.68 sent an empty control message without MSG_MORE. [ 100.182474][ T6139] loop3: detected capacity change from 0 to 2048 [ 100.222131][ T6139] NILFS (loop3): invalid segment: Inconsistency found [ 100.258424][ T6139] NILFS (loop3): trying rollback from an earlier position [ 100.331306][ T6139] NILFS (loop3): recovery complete [ 100.354114][ T6140] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 100.480165][ T6086] syz.0.60 (6086) used greatest stack depth: 18736 bytes left [ 100.705345][ T6142] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 100.713823][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 100.883642][ T5771] ocfs2: Unmounting device (7,0) on (node local) [ 101.384783][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 102.859027][ T28] audit: type=1326 audit(1768192442.459:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6184 comm="syz.3.86" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff4d7d8f749 code=0x0 [ 103.857261][ T6201] loop3: detected capacity change from 0 to 512 [ 103.910716][ T6201] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 103.950602][ T6201] EXT4-fs (loop3): 1 truncate cleaned up [ 103.957988][ T6201] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.047100][ T6200] syz.3.90 (pid 6200) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 104.200292][ T6201] block device autoloading is deprecated and will be removed. [ 104.315853][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.413694][ T6205] loop3: detected capacity change from 0 to 256 [ 105.395307][ T6218] Zero length message leads to an empty skb [ 105.967254][ T6215] loop0: detected capacity change from 0 to 32768 [ 105.986649][ T6215] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.96 (6215) [ 106.022369][ T6215] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 106.040006][ T6215] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 106.072155][ T6215] BTRFS info (device loop0): using free space tree [ 106.162862][ T6215] BTRFS info (device loop0): enabling ssd optimizations [ 106.184784][ T6215] BTRFS info (device loop0): auto enabling async discard [ 106.332430][ T6215] capability: warning: `syz.0.96' uses deprecated v2 capabilities in a way that may be insecure [ 106.433924][ T5771] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 106.644198][ T6256] loop1: detected capacity change from 0 to 1024 [ 106.655584][ T6256] EXT4-fs: Ignoring removed mblk_io_submit option [ 106.680587][ T6256] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 106.730612][ T6256] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 106.804022][ T6259] netlink: 24 bytes leftover after parsing attributes in process `syz.0.107'. [ 106.817524][ T6256] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869) [ 106.847488][ T5780] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 9 /dev/loop0 scanned by udevd (5780) [ 106.864691][ T6256] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 106.888130][ T6256] EXT4-fs error (device loop1): ext4_get_journal_inode:5816: comm syz.1.106: inode #1: comm syz.1.106: iget: illegal inode # [ 106.906556][ T6256] EXT4-fs (loop1): no journal found [ 107.075227][ T6266] netlink: 'syz.2.109': attribute type 10 has an invalid length. [ 107.134987][ T6266] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 107.555147][ T23] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 107.604016][ T6276] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3901428352 (7802856704 ns) > initial count (110847878 ns). Using initial count to start timer. [ 107.757282][ T23] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 107.775386][ T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 107.795419][ T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 107.815143][ T23] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 107.847042][ T23] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 107.866404][ T23] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 107.874613][ T23] usb 1-1: Manufacturer: syz [ 107.910480][ T23] usb 1-1: config 0 descriptor?? [ 108.057646][ T6268] loop1: detected capacity change from 0 to 32768 [ 108.083700][ T6281] loop2: detected capacity change from 0 to 7 [ 108.108406][ T5984] Dev loop2: unable to read RDB block 7 [ 108.114239][ T5984] loop2: unable to read partition table [ 108.127799][ T6268] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 108.137864][ T5984] loop2: partition table beyond EOD, truncated [ 108.152814][ T6281] Dev loop2: unable to read RDB block 7 [ 108.175948][ T6281] loop2: unable to read partition table [ 108.184384][ T6281] loop2: partition table beyond EOD, truncated [ 108.212507][ T6281] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 108.242423][ T6268] XFS (loop1): Ending clean mount [ 108.272033][ T6268] XFS (loop1): Quotacheck needed: Please wait. [ 108.280618][ T6279] loop3: detected capacity change from 0 to 32768 [ 108.319313][ T6279] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.115 (6279) [ 108.379462][ T6268] XFS (loop1): Quotacheck: Done. [ 108.385929][ T6279] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 108.401496][ T23] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 108.413977][ T6279] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 108.454013][ T6279] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 108.457716][ T23] appleir 0003:05AC:8243.0002: No inputs registered, leaving [ 108.488737][ T6279] BTRFS info (device loop3): use zstd compression, level 3 [ 108.526788][ T6279] BTRFS info (device loop3): using free space tree [ 108.526995][ T23] appleir 0003:05AC:8243.0002: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 108.740935][ T5772] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 108.784797][ T6279] BTRFS info (device loop3): enabling ssd optimizations [ 108.805172][ T6279] BTRFS info (device loop3): auto enabling async discard [ 109.339171][ T5775] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 109.494924][ T5780] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 10 /dev/loop3 scanned by udevd (5780) [ 110.316958][ T6324] loop3: detected capacity change from 0 to 32768 [ 110.342432][ T6324] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.121 (6324) [ 110.362023][ T6324] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 110.392053][ T6324] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 110.423151][ T6324] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 110.466090][ T6324] BTRFS info (device loop3): use zstd compression, level 3 [ 110.473404][ T6324] BTRFS info (device loop3): use zlib compression, level 3 [ 110.520743][ T6324] BTRFS info (device loop3): setting nodatasum [ 110.529333][ T6324] BTRFS info (device loop3): turning off barriers [ 110.536237][ T6324] BTRFS info (device loop3): using free space tree [ 110.673365][ T6324] BTRFS info (device loop3): auto enabling async discard [ 110.711894][ T5813] usb 1-1: USB disconnect, device number 3 [ 110.847731][ T6356] syz.0.127 uses obsolete (PF_INET,SOCK_PACKET) [ 111.042076][ T6331] loop1: detected capacity change from 0 to 40427 [ 111.129427][ T6331] F2FS-fs (loop1): Image doesn't support compression [ 111.155338][ T6331] F2FS-fs (loop1): heap/no_heap options were deprecated [ 111.240570][ T6331] F2FS-fs (loop1): invalid crc value [ 111.295144][ T6331] F2FS-fs (loop1): Found nat_bits in checkpoint [ 111.349064][ T5775] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 111.416306][ T6361] loop0: detected capacity change from 0 to 2048 [ 111.504968][ T6363] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 111.556767][ T6331] F2FS-fs (loop1): Start checkpoint disabled! [ 111.655624][ T6331] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 111.829879][ T6363] NILFS (loop0): vblocknr = 15 has abnormal lifetime: start cno (= 1407374883553282) > current cno (= 3) [ 111.889916][ T6363] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=16) [ 111.907930][ T6370] loop2: detected capacity change from 0 to 2048 [ 111.968953][ T6370] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 111.970139][ T6331] syz.1.124: attempt to access beyond end of device [ 111.970139][ T6331] loop1: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 111.980007][ T6363] Remounting filesystem read-only [ 112.028775][ T6370] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 112.084464][ T6373] syz.1.124: attempt to access beyond end of device [ 112.084464][ T6373] loop1: rw=2049, sector=53264, nr_sectors = 8 limit=40427 [ 112.174169][ T6331] syz.1.124: attempt to access beyond end of device [ 112.174169][ T6331] loop1: rw=2049, sector=53272, nr_sectors = 24 limit=40427 [ 112.243007][ T6373] syz.1.124: attempt to access beyond end of device [ 112.243007][ T6373] loop1: rw=2049, sector=53328, nr_sectors = 8 limit=40427 [ 112.257537][ T5771] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 112.275334][ T6331] syz.1.124: attempt to access beyond end of device [ 112.275334][ T6331] loop1: rw=2049, sector=53352, nr_sectors = 16 limit=40427 [ 112.298532][ T6373] syz.1.124: attempt to access beyond end of device [ 112.298532][ T6373] loop1: rw=2049, sector=53400, nr_sectors = 8 limit=40427 [ 112.305243][ T5771] NILFS (loop0): discard dirty page: offset=61440, ino=16 [ 112.330967][ T6331] syz.1.124: attempt to access beyond end of device [ 112.330967][ T6331] loop1: rw=2049, sector=53408, nr_sectors = 24 limit=40427 [ 112.335948][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.352808][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.360668][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.368343][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.376453][ T5771] NILFS (loop0): discard dirty page: offset=65536, ino=16 [ 112.383736][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.395128][ T6331] syz.1.124: attempt to access beyond end of device [ 112.395128][ T6331] loop1: rw=2049, sector=53464, nr_sectors = 24 limit=40427 [ 112.414111][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.448003][ T6376] loop3: detected capacity change from 0 to 2048 [ 112.456569][ T6373] syz.1.124: attempt to access beyond end of device [ 112.456569][ T6373] loop1: rw=2049, sector=53264, nr_sectors = 32 limit=40427 [ 112.473723][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.490698][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.499716][ T6373] syz.1.124: attempt to access beyond end of device [ 112.499716][ T6373] loop1: rw=2049, sector=53328, nr_sectors = 8 limit=40427 [ 112.514922][ T5771] NILFS (loop0): discard dirty page: offset=69632, ino=16 [ 112.522197][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.529575][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.556154][ T6376] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 112.573634][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.595770][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.603069][ T5771] NILFS (loop0): discard dirty page: offset=73728, ino=16 [ 112.606637][ T6376] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 112.659811][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.679768][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.696573][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.706932][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.714191][ T5771] NILFS (loop0): discard dirty page: offset=77824, ino=16 [ 112.738231][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.756530][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.763789][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.790328][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.814731][ T5771] NILFS (loop0): discard dirty page: offset=81920, ino=16 [ 112.829791][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.845283][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.860338][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.875569][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.899601][ T5771] NILFS (loop0): discard dirty page: offset=86016, ino=16 [ 112.916013][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.935278][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.950309][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.955142][ T28] audit: type=1804 audit(1768192452.549:5): pid=6376 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.132" name="/newroot/37/file0/file1" dev="loop3" ino=1346 res=1 errno=0 [ 112.979839][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.994115][ T5771] NILFS (loop0): discard dirty page: offset=90112, ino=16 [ 113.034344][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.050924][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.079512][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.107124][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.114397][ T5771] NILFS (loop0): discard dirty page: offset=94208, ino=16 [ 113.151323][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.183328][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.201403][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.225114][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.233668][ T5771] NILFS (loop0): discard dirty page: offset=98304, ino=16 [ 113.248423][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.270590][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.289842][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.308758][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.325219][ T5771] NILFS (loop0): discard dirty page: offset=102400, ino=16 [ 113.344625][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.362348][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.377993][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.395102][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.408087][ T5771] NILFS (loop0): discard dirty page: offset=106496, ino=16 [ 113.425119][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.442421][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.462362][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.482817][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.515089][ T5771] NILFS (loop0): discard dirty page: offset=110592, ino=16 [ 113.522350][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.545127][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.552390][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.565100][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.572362][ T5771] NILFS (loop0): discard dirty page: offset=114688, ino=16 [ 113.595141][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.602481][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.625108][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.643851][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.676139][ T5771] NILFS (loop0): discard dirty page: offset=118784, ino=16 [ 113.693698][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.713964][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.733565][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.744164][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.775225][ T5771] NILFS (loop0): discard dirty page: offset=122880, ino=16 [ 113.782494][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.815142][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.837725][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.853398][ T1085] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 113.860748][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.876917][ T1085] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 113.884795][ T5771] NILFS (loop0): discard dirty page: offset=126976, ino=16 [ 113.920549][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.930144][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.938459][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.960228][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 113.975993][ T5771] NILFS (loop0): discard dirty page: offset=131072, ino=16 [ 113.993510][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 114.019699][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 114.046280][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 114.063800][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 114.071332][ T5771] NILFS (loop0): discard dirty page: offset=135168, ino=16 [ 114.085337][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 114.099467][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 114.126228][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 114.153169][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 114.187769][ T5771] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 114.209696][ T5771] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 114.226241][ T5771] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 114.251293][ T5771] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 114.275425][ T5771] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 114.296199][ T5771] NILFS (loop0): discard dirty page: offset=0, ino=5 [ 114.309740][ T5771] NILFS (loop0): discard dirty block: blocknr=41, size=1024 [ 114.329175][ T5771] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 114.345084][ T5771] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 114.367562][ T5771] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 114.385576][ T5771] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 114.412734][ T5771] NILFS (loop0): discard dirty block: blocknr=42, size=1024 [ 114.433017][ T5771] NILFS (loop0): discard dirty block: blocknr=43, size=1024 [ 114.462421][ T5771] NILFS (loop0): discard dirty block: blocknr=44, size=1024 [ 114.480862][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 114.495568][ T5771] NILFS (loop0): discard dirty page: offset=4096, ino=3 [ 114.512243][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 114.524543][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 114.536038][ T5771] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 114.544698][ T5771] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 115.002697][ T6394] loop1: detected capacity change from 0 to 8192 [ 115.026761][ T6383] loop2: detected capacity change from 0 to 40427 [ 115.039026][ T6394] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 115.069406][ T6383] F2FS-fs (loop2): invalid crc value [ 115.088077][ T6394] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 115.104088][ T6394] REISERFS (device loop1): using ordered data mode [ 115.110865][ T6394] reiserfs: using flush barriers [ 115.123815][ T6383] F2FS-fs (loop2): Found nat_bits in checkpoint [ 115.132363][ T6394] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 115.149589][ T6394] REISERFS (device loop1): checking transaction log (loop1) [ 115.344083][ T28] audit: type=1800 audit(1768192454.939:6): pid=6380 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.132" name="file1" dev="loop3" ino=1346 res=0 errno=0 [ 115.394651][ T6383] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 115.424565][ T6394] REISERFS (device loop1): Using tea hash to sort names [ 115.453899][ T6394] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 115.707949][ T28] audit: type=1800 audit(1768192455.309:7): pid=6394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.138" name="file1" dev="loop1" ino=8 res=0 errno=0 [ 115.731249][ T5768] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 116.825428][ T5813] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 116.910103][ T6442] netlink: 24 bytes leftover after parsing attributes in process `syz.1.152'. [ 117.029354][ T5813] usb 3-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 117.048819][ T5813] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.063546][ T6444] loop0: detected capacity change from 0 to 512 [ 117.066193][ T5859] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 117.074340][ T5813] usb 3-1: Product: syz [ 117.084110][ T6444] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 117.104136][ T5813] usb 3-1: Manufacturer: syz [ 117.110297][ T5813] usb 3-1: SerialNumber: syz [ 117.123662][ T6444] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e12c, mo2=0002] [ 117.133156][ T5813] usb 3-1: config 0 descriptor?? [ 117.145382][ T6444] System zones: 1-12 [ 117.160325][ T6444] EXT4-fs (loop0): orphan cleanup on readonly fs [ 117.172264][ T6444] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.153: bg 0: block 361: padding at end of block bitmap is not set [ 117.196849][ T6444] EXT4-fs (loop0): Remounting filesystem read-only [ 117.206468][ T6444] EXT4-fs (loop0): 1 truncate cleaned up [ 117.213599][ T6444] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 117.295116][ T5859] usb 4-1: Using ep0 maxpacket: 8 [ 117.313747][ T5859] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 117.333690][ T5859] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 117.353191][ T5859] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 117.380191][ T5859] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 117.404447][ T5859] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 117.424494][ T5859] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.441625][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 117.725126][ T5859] usb 4-1: GET_CAPABILITIES returned 0 [ 117.730792][ T5859] usbtmc 4-1:16.0: can't read capabilities [ 117.983451][ C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 118.007388][ T5859] usb 4-1: USB disconnect, device number 2 [ 118.157972][ T6453] loop1: detected capacity change from 0 to 32768 [ 118.173434][ T6453] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.157 (6453) [ 118.193344][ T6453] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 118.207574][ T6453] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 118.216961][ T6453] BTRFS info (device loop1): using free space tree [ 118.351665][ T6453] BTRFS info (device loop1): enabling ssd optimizations [ 118.362139][ T6453] BTRFS info (device loop1): auto enabling async discard [ 118.554654][ T6484] loop0: detected capacity change from 0 to 1024 [ 118.590688][ T5813] usb 3-1: f81604_read: reg: 200f failed: -EPROTO [ 118.638974][ T5813] usb 3-1: USB disconnect, device number 2 [ 118.673931][ T6484] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.749336][ T5813] usb 3-1: f81604_read: reg: 100f failed: -ENODEV [ 118.818660][ T5435] usb 3-1: f81604_read: reg: 200f failed: -ENODEV [ 118.869387][ T5813] usb 3-1: f81604_read: reg: 200f failed: -ENODEV [ 118.886204][ T6484] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2852: Unable to expand inode 13. Delete some EAs or run e2fsck. [ 119.021933][ T5772] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 119.291804][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.832872][ T6489] loop3: detected capacity change from 0 to 32768 [ 119.908591][ T6489] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 119.991147][ T6518] process 'syz.0.167' launched './file0' with NULL argv: empty string added [ 120.117214][ T6522] loop0: detected capacity change from 0 to 512 [ 120.207189][ T6489] XFS (loop3): Ending clean mount [ 120.233817][ T6489] XFS (loop3): Quotacheck needed: Please wait. [ 120.277181][ T6506] loop2: detected capacity change from 0 to 32768 [ 120.303804][ T6506] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.166 (6506) [ 120.390378][ T6489] XFS (loop3): Quotacheck: Done. [ 120.439000][ T6506] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 120.502752][ T6506] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 120.530383][ T6506] BTRFS info (device loop2): setting nodatacow, compression disabled [ 120.545955][ T6506] BTRFS info (device loop2): enabling auto defrag [ 120.555700][ T6506] BTRFS info (device loop2): max_inline at 0 [ 120.561757][ T6506] BTRFS info (device loop2): using free space tree [ 120.603890][ T6530] warning: `syz.0.169' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 120.618056][ T28] audit: type=1800 audit(1768192460.219:8): pid=6489 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.163" name="bus" dev="loop3" ino=9292 res=0 errno=0 [ 120.766107][ T6506] BTRFS info (device loop2): auto enabling async discard [ 121.053225][ T5775] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 121.495656][ T6561] loop0: detected capacity change from 0 to 512 [ 121.548906][ T5768] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 121.551966][ T6561] EXT4-fs: Ignoring removed oldalloc option [ 121.626144][ T6561] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 121.717859][ T6561] EXT4-fs (loop0): 1 truncate cleaned up [ 121.724857][ T6561] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.906105][ T6561] loop0: detected capacity change from 512 to 64 [ 122.245979][ T5771] EXT4-fs error (device loop0): mb_free_blocks:1954: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 122.323528][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.625135][ T5859] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 122.835100][ T5859] usb 3-1: Using ep0 maxpacket: 8 [ 122.841976][ T5859] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 122.854961][ T5859] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 122.870105][ T5859] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 122.887670][ T5859] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 122.908245][ T5859] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 122.919578][ T5859] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.072379][ T6605] loop1: detected capacity change from 0 to 1024 [ 123.204628][ T5859] usb 3-1: usb_control_msg returned -32 [ 123.220553][ T5859] usbtmc 3-1:16.0: can't read capabilities [ 123.626676][ T6610] loop0: detected capacity change from 0 to 256 [ 123.651624][ C0] usbtmc 3-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 123.717355][ T6610] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 124.081014][ T6613] input: syz1 as /devices/virtual/input/input6 [ 124.153150][ T5780] udevd[5780]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 124.223695][ T6611] loop1: detected capacity change from 0 to 32768 [ 124.257976][ T6611] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.184 (6611) [ 124.311147][ T6611] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 124.322594][ T6611] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 124.355178][ T6611] BTRFS info (device loop1): setting nodatasum [ 124.361503][ T6611] BTRFS info (device loop1): force zlib compression, level 3 [ 124.405157][ T6611] BTRFS info (device loop1): metadata ratio 1 [ 124.411308][ T6611] BTRFS info (device loop1): enabling ssd optimizations [ 124.445498][ T6611] BTRFS info (device loop1): allowing degraded mounts [ 124.452374][ T6611] BTRFS info (device loop1): using free space tree [ 124.553961][ T6615] loop0: detected capacity change from 0 to 4096 [ 124.613546][ T28] audit: type=1804 audit(1768192464.199:9): pid=6611 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.184" name="/newroot/46/file1/file1" dev="loop1" ino=260 res=1 errno=0 [ 124.658367][ T6635] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 124.944048][ T5772] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 125.002874][ T6641] loop0: detected capacity change from 0 to 128 [ 125.009950][ T6639] loop3: detected capacity change from 0 to 1024 [ 125.054725][ T6639] EXT4-fs: Ignoring removed nobh option [ 125.068787][ T6639] EXT4-fs: Ignoring removed bh option [ 125.079109][ T6641] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 125.103164][ T6639] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 125.143646][ T6641] ext4 filesystem being mounted at /46/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 125.206721][ T6639] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.400129][ T787] usb 3-1: USB disconnect, device number 3 [ 125.413171][ T5771] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 125.545630][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.612564][ T6649] netlink: 8 bytes leftover after parsing attributes in process `syz.0.193'. [ 125.745306][ T6650] fuse: root generation should be zero [ 125.885327][ T786] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 126.105912][ T786] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 126.114901][ T786] usb 2-1: config 0 has no interface number 0 [ 126.163898][ T786] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 126.190898][ T786] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 126.216038][ T786] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 126.235122][ T786] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.256857][ T786] usb 2-1: config 0 descriptor?? [ 126.265518][ T6652] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 126.344030][ T786] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 126.375930][ T6670] kvm: apic: phys broadcast and lowest prio [ 126.431482][ T6673] kvm: vcpu 3: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 126.538178][ T5813] usb 2-1: USB disconnect, device number 3 [ 126.538414][ C1] iowarrior 2-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 126.662270][ T6681] overlayfs: upper fs does not support file handles, falling back to index=off. [ 126.676971][ T6679] loop0: detected capacity change from 0 to 4096 [ 126.723857][ T6679] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.761064][ T6685] netlink: 4 bytes leftover after parsing attributes in process `syz.3.206'. [ 126.802202][ T6679] EXT4-fs (loop0): shut down requested (1) [ 126.820202][ T6679] fs-verity: sha256 using implementation "sha256-avx2" [ 126.936067][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.232341][ T6728] loop3: detected capacity change from 0 to 256 [ 128.314433][ T6728] FAT-fs (loop3): error, clusters badly computed (2 != 1) [ 128.938408][ T6728] FAT-fs (loop3): error, fat_get_cluster: detected the cluster chain loop (i_pos 198) [ 129.106223][ T6743] loop2: detected capacity change from 0 to 1024 [ 129.153502][ T6743] EXT4-fs: Ignoring removed oldalloc option [ 129.185133][ T6743] EXT4-fs: Ignoring removed bh option [ 129.216928][ T6743] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 129.273627][ T6743] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.432694][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.681363][ T6759] dccp_xmit_packet: Payload too large (65475) for featneg. [ 129.859274][ T6764] loop2: detected capacity change from 0 to 512 [ 129.900051][ T6764] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 129.954793][ T6764] EXT4-fs (loop2): Errors on filesystem, clearing orphan list. [ 129.963999][ T6764] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.986468][ T6764] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.121406][ T6770] loop0: detected capacity change from 0 to 128 [ 130.146057][ T6770] EXT4-fs: Ignoring removed oldalloc option [ 130.162516][ T6770] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 130.202499][ T6770] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 130.217596][ T6770] ext4 filesystem being mounted at /63/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 130.346430][ T5771] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 130.690280][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.901637][ T6784] loop2: detected capacity change from 0 to 2048 [ 130.932538][ T6784] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 130.964017][ T6784] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 131.091238][ T28] audit: type=1804 audit(1768192470.689:10): pid=6787 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.241" name="/newroot/55/file0/file1" dev="loop2" ino=1346 res=1 errno=0 [ 131.388369][ T6782] loop3: detected capacity change from 0 to 32768 [ 131.413580][ T6782] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.240 (6782) [ 131.464715][ T6782] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 131.490703][ T6782] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 131.500721][ T6782] BTRFS info (device loop3): using free space tree [ 131.645106][ T6782] BTRFS info (device loop3): enabling ssd optimizations [ 131.652214][ T6782] BTRFS info (device loop3): auto enabling async discard [ 131.791392][ T5775] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 132.076416][ T28] audit: type=1800 audit(1768192471.679:11): pid=6784 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.241" name="file1" dev="loop2" ino=1346 res=0 errno=0 [ 132.260003][ T6779] loop0: detected capacity change from 0 to 65536 [ 132.343412][ T6779] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 132.368071][ T787] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 132.451809][ T6779] XFS (loop0): Ending clean mount [ 132.464734][ T6779] XFS (loop0): Quotacheck needed: Please wait. [ 132.554497][ T6779] XFS (loop0): Quotacheck: Done. [ 132.646234][ T787] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.663038][ T787] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8 [ 132.712021][ T787] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 132.745209][ T787] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.775347][ T787] usb 4-1: Product: syz [ 132.784635][ T787] usb 4-1: Manufacturer: syz [ 132.801904][ T787] usb 4-1: SerialNumber: syz [ 132.890597][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.903993][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.916607][ T5771] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 133.024856][ T6835] input: syz0 as /devices/virtual/input/input7 [ 133.052497][ T6814] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 133.507257][ T6845] loop2: detected capacity change from 0 to 128 [ 133.898971][ T6814] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 134.110825][ T787] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 134.120953][ T787] cdc_ncm 4-1:1.0: dwNtbInMaxSize=5 is too small. Using 2048 [ 134.129266][ T787] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 134.168765][ T1085] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.303731][ T1085] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.339453][ T787] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 134.359251][ T787] usb 4-1: USB disconnect, device number 3 [ 134.367764][ T787] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 134.479175][ T1085] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.589955][ T6858] loop1: detected capacity change from 0 to 1024 [ 134.600636][ T1085] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.617326][ T6858] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 134.654453][ T6858] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 134.685797][ T6858] EXT4-fs (loop1): orphan cleanup on readonly fs [ 134.694984][ T6858] EXT4-fs error (device loop1): ext4_free_blocks:6692: comm syz.1.262: Freeing blocks not in datazone - block = 0, count = 4096 [ 134.715204][ T6858] EXT4-fs (loop1): 1 orphan inode deleted [ 134.722493][ T6858] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 134.786720][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.056606][ T6867] loop3: detected capacity change from 0 to 256 [ 135.174248][ T6867] [ 135.176641][ T6867] ====================================================== [ 135.183683][ T6867] WARNING: possible circular locking dependency detected [ 135.190752][ T6867] syzkaller #0 Not tainted [ 135.195209][ T6867] ------------------------------------------------------ [ 135.202247][ T6867] syz.3.265/6867 is trying to acquire lock: [ 135.208199][ T6867] ffff88807ad7a0e0 (&type->s_umount_key#70){++++}-{3:3}, at: super_lock+0x167/0x360 [ 135.217839][ T6867] [ 135.217839][ T6867] but task is already holding lock: [ 135.225222][ T6867] ffff888148c8dd08 (&bdev->bd_holder_lock){+.+.}-{3:3}, at: blkdev_common_ioctl+0x815/0x2460 [ 135.235478][ T6867] [ 135.235478][ T6867] which lock already depends on the new lock. [ 135.235478][ T6867] [ 135.245892][ T6867] [ 135.245892][ T6867] the existing dependency chain (in reverse order) is: [ 135.254916][ T6867] [ 135.254916][ T6867] -> #4 (&bdev->bd_holder_lock){+.+.}-{3:3}: [ 135.263104][ T6867] __mutex_lock+0x129/0xcc0 [ 135.268147][ T6867] bd_finish_claiming+0x22f/0x3f0 [ 135.273717][ T6867] blkdev_get_by_dev+0x45c/0x600 [ 135.279200][ T6867] bdev_open_by_dev+0x77/0x100 [ 135.284509][ T6867] setup_bdev_super+0x59/0x660 [ 135.289806][ T6867] mount_bdev+0x1dd/0x2d0 [ 135.294666][ T6867] legacy_get_tree+0xea/0x180 [ 135.299879][ T6867] vfs_get_tree+0x8c/0x280 [ 135.304858][ T6867] do_new_mount+0x24b/0xa40 [ 135.310003][ T6867] init_mount+0xd2/0x120 [ 135.314803][ T6867] do_mount_root+0x97/0x230 [ 135.319850][ T6867] mount_root_generic+0x195/0x3c0 [ 135.325421][ T6867] prepare_namespace+0xc2/0x100 [ 135.330836][ T6867] kernel_init_freeable+0x413/0x570 [ 135.336576][ T6867] kernel_init+0x1d/0x1c0 [ 135.341447][ T6867] ret_from_fork+0x48/0x80 [ 135.346403][ T6867] ret_from_fork_asm+0x11/0x20 [ 135.351711][ T6867] [ 135.351711][ T6867] -> #3 (bdev_lock){+.+.}-{3:3}: [ 135.358860][ T6867] __mutex_lock+0x129/0xcc0 [ 135.363896][ T6867] bd_prepare_to_claim+0x1ba/0x480 [ 135.369568][ T6867] truncate_bdev_range+0x4e/0x260 [ 135.375135][ T6867] blkdev_fallocate+0x428/0x6a0 [ 135.380529][ T6867] vfs_fallocate+0x58e/0x700 [ 135.385655][ T6867] do_madvise+0x15fe/0x3710 [ 135.390696][ T6867] __x64_sys_madvise+0xa6/0xc0 [ 135.396011][ T6867] do_syscall_64+0x55/0xb0 [ 135.400963][ T6867] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 135.407391][ T6867] [ 135.407391][ T6867] -> #2 (mapping.invalidate_lock){++++}-{3:3}: [ 135.415755][ T6867] down_write+0x97/0x1f0 [ 135.420542][ T6867] set_blocksize+0x249/0x4b0 [ 135.425665][ T6867] sb_min_blocksize+0xbe/0x190 [ 135.430966][ T6867] ext4_fill_super+0x6d8/0x66f0 [ 135.436356][ T6867] get_tree_bdev+0x3e4/0x510 [ 135.441481][ T6867] vfs_get_tree+0x8c/0x280 [ 135.446433][ T6867] do_new_mount+0x24b/0xa40 [ 135.451472][ T6867] init_mount+0xd2/0x120 [ 135.456258][ T6867] do_mount_root+0x97/0x230 [ 135.461307][ T6867] mount_root_generic+0x195/0x3c0 [ 135.466868][ T6867] prepare_namespace+0xc2/0x100 [ 135.472276][ T6867] kernel_init_freeable+0x413/0x570 [ 135.478021][ T6867] kernel_init+0x1d/0x1c0 [ 135.482888][ T6867] ret_from_fork+0x48/0x80 [ 135.487851][ T6867] ret_from_fork_asm+0x11/0x20 [ 135.493162][ T6867] [ 135.493162][ T6867] -> #1 (&sb->s_type->i_mutex_key#8){++++}-{3:3}: [ 135.501813][ T6867] down_write+0x97/0x1f0 [ 135.506606][ T6867] set_blocksize+0x201/0x4b0 [ 135.511762][ T6867] sb_min_blocksize+0xbe/0x190 [ 135.517074][ T6867] fat_fill_super+0x1b21/0x4c00 [ 135.522463][ T6867] mount_bdev+0x22b/0x2d0 [ 135.527339][ T6867] legacy_get_tree+0xea/0x180 [ 135.532559][ T6867] vfs_get_tree+0x8c/0x280 [ 135.537550][ T6867] do_new_mount+0x24b/0xa40 [ 135.542600][ T6867] __se_sys_mount+0x2da/0x3c0 [ 135.547827][ T6867] do_syscall_64+0x55/0xb0 [ 135.552787][ T6867] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 135.559223][ T6867] [ 135.559223][ T6867] -> #0 (&type->s_umount_key#70){++++}-{3:3}: [ 135.567512][ T6867] __lock_acquire+0x2ddb/0x7c80 [ 135.572912][ T6867] lock_acquire+0x197/0x410 [ 135.577955][ T6867] down_read+0x46/0x2e0 [ 135.582653][ T6867] super_lock+0x167/0x360 [ 135.587559][ T6867] fs_bdev_sync+0xa4/0x170 [ 135.592523][ T6867] blkdev_common_ioctl+0x881/0x2460 [ 135.598298][ T6867] blkdev_ioctl+0x4eb/0x6f0 [ 135.603349][ T6867] __se_sys_ioctl+0xfd/0x170 [ 135.608490][ T6867] do_syscall_64+0x55/0xb0 [ 135.613446][ T6867] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 135.619911][ T6867] [ 135.619911][ T6867] other info that might help us debug this: [ 135.619911][ T6867] [ 135.630161][ T6867] Chain exists of: [ 135.630161][ T6867] &type->s_umount_key#70 --> bdev_lock --> &bdev->bd_holder_lock [ 135.630161][ T6867] [ 135.643850][ T6867] Possible unsafe locking scenario: [ 135.643850][ T6867] [ 135.651321][ T6867] CPU0 CPU1 [ 135.656701][ T6867] ---- ---- [ 135.662097][ T6867] lock(&bdev->bd_holder_lock); [ 135.667063][ T6867] lock(bdev_lock); [ 135.673501][ T6867] lock(&bdev->bd_holder_lock); [ 135.680973][ T6867] rlock(&type->s_umount_key#70); [ 135.686111][ T6867] [ 135.686111][ T6867] *** DEADLOCK *** [ 135.686111][ T6867] [ 135.694266][ T6867] 1 lock held by syz.3.265/6867: [ 135.699213][ T6867] #0: ffff888148c8dd08 (&bdev->bd_holder_lock){+.+.}-{3:3}, at: blkdev_common_ioctl+0x815/0x2460 [ 135.709861][ T6867] [ 135.709861][ T6867] stack backtrace: [ 135.715776][ T6867] CPU: 0 PID: 6867 Comm: syz.3.265 Not tainted syzkaller #0 [ 135.723073][ T6867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 135.733156][ T6867] Call Trace: [ 135.736487][ T6867] [ 135.739435][ T6867] dump_stack_lvl+0x16c/0x230 [ 135.744150][ T6867] ? load_image+0x3b0/0x3b0 [ 135.748681][ T6867] ? show_regs_print_info+0x20/0x20 [ 135.753904][ T6867] ? print_circular_bug+0x12b/0x1a0 [ 135.759133][ T6867] check_noncircular+0x2bd/0x3c0 [ 135.764099][ T6867] ? print_deadlock_bug+0x5d0/0x5d0 [ 135.769319][ T6867] ? lockdep_lock+0xe0/0x220 [ 135.773934][ T6867] ? _find_first_zero_bit+0xd3/0x100 [ 135.779244][ T6867] __lock_acquire+0x2ddb/0x7c80 [ 135.784132][ T6867] ? verify_lock_unused+0x140/0x140 [ 135.789341][ T6867] ? stack_trace_save+0x9c/0xe0 [ 135.794209][ T6867] ? bpf_trace_run2+0x26f/0x3e0 [ 135.799086][ T6867] ? bpf_trace_run2+0xde/0x3e0 [ 135.803870][ T6867] lock_acquire+0x197/0x410 [ 135.808394][ T6867] ? super_lock+0x167/0x360 [ 135.812918][ T6867] ? __might_sleep+0xe0/0xe0 [ 135.817552][ T6867] ? __mutex_trylock_common+0x153/0x250 [ 135.823130][ T6867] ? read_lock_is_recursive+0x20/0x20 [ 135.828523][ T6867] ? trace_raw_output_contention_end+0xd0/0xd0 [ 135.834707][ T6867] down_read+0x46/0x2e0 [ 135.838883][ T6867] ? super_lock+0x167/0x360 [ 135.843403][ T6867] super_lock+0x167/0x360 [ 135.847791][ T6867] ? user_get_super+0x180/0x180 [ 135.852657][ T6867] ? mutex_lock_nested+0x20/0x20 [ 135.857624][ T6867] fs_bdev_sync+0xa4/0x170 [ 135.862049][ T6867] ? fs_bdev_mark_dead+0x1f0/0x1f0 [ 135.867167][ T6867] blkdev_common_ioctl+0x881/0x2460 [ 135.872408][ T6867] ? tomoyo_path_number_perm+0x4dc/0x590 [ 135.878081][ T6867] ? blkdev_bszset+0x1f0/0x1f0 [ 135.882879][ T6867] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 135.888393][ T6867] blkdev_ioctl+0x4eb/0x6f0 [ 135.892930][ T6867] ? blkdev_compat_ptr_ioctl+0xd0/0xd0 [ 135.898416][ T6867] ? bpf_lsm_file_ioctl+0x9/0x10 [ 135.903373][ T6867] ? security_file_ioctl+0x80/0xa0 [ 135.908536][ T6867] ? blkdev_compat_ptr_ioctl+0xd0/0xd0 [ 135.914023][ T6867] __se_sys_ioctl+0xfd/0x170 [ 135.918633][ T6867] do_syscall_64+0x55/0xb0 [ 135.923062][ T6867] ? clear_bhb_loop+0x40/0x90 [ 135.927767][ T6867] ? clear_bhb_loop+0x40/0x90 [ 135.932484][ T6867] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 135.938405][ T6867] RIP: 0033:0x7ff4d7d8f749 [ 135.942864][ T6867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.962497][ T6867] RSP: 002b:00007ff4d8b99038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 135.970934][ T6867] RAX: ffffffffffffffda RBX: 00007ff4d7fe5fa0 RCX: 00007ff4d7d8f749 [ 135.978923][ T6867] RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000007 [ 135.986912][ T6867] RBP: 00007ff4d7e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 135.994900][ T6867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 136.002884][ T6867] R13: 00007ff4d7fe6038 R14: 00007ff4d7fe5fa0 R15: 00007ffd6a678d88 [ 136.010897][ T6867] [ 137.541419][ T1085] hsr_slave_0: left promiscuous mode [ 137.549159][ T1085] hsr_slave_1: left promiscuous mode [ 137.558952][ T1085] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 137.567958][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 137.577741][ T1085] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 137.586891][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 137.594588][ T1085] bridge_slave_1: left allmulticast mode [ 137.600355][ T1085] bridge_slave_1: left promiscuous mode [ 137.607784][ T1085] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.618588][ T1085] bridge_slave_0: left allmulticast mode [ 137.624265][ T1085] bridge_slave_0: left promiscuous mode [ 137.633845][ T1085] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.648067][ T1085] veth1_macvtap: left promiscuous mode [ 137.653622][ T1085] veth0_macvtap: left promiscuous mode [ 137.661185][ T1085] veth1_vlan: left promiscuous mode [ 137.668030][ T1085] veth0_vlan: left promiscuous mode [ 137.924953][ T1085] team0 (unregistering): Port device team_slave_1 removed [ 137.958336][ T1085] team0 (unregistering): Port device team_slave_0 removed [ 137.988122][ T1085] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 138.017234][ T1085] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 138.132690][ T1085] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 138.170770][ T1085] bond0 (unregistering): Released all slaves [ 139.044852][ T1085] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.103316][ T1085] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.163197][ T1085] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.203177][ T1085] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.362745][ T1085] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.425493][ T1085] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.483428][ T1085] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.552919][ T1085] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.549694][ T1085] hsr_slave_0: left promiscuous mode [ 140.558139][ T1085] hsr_slave_1: left promiscuous mode [ 140.564151][ T1085] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 140.572223][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 140.584472][ T1085] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 140.592732][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 140.601769][ T1085] bridge_slave_1: left allmulticast mode [ 140.607700][ T1085] bridge_slave_1: left promiscuous mode [ 140.613428][ T1085] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.623547][ T1085] bridge_slave_0: left allmulticast mode [ 140.629638][ T1085] bridge_slave_0: left promiscuous mode [ 140.635994][ T1085] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.650470][ T1085] hsr_slave_0: left promiscuous mode [ 140.656527][ T1085] hsr_slave_1: left promiscuous mode [ 140.662494][ T1085] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 140.670756][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 140.678743][ T1085] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 140.687627][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 140.695618][ T1085] bridge_slave_1: left allmulticast mode [ 140.701285][ T1085] bridge_slave_1: left promiscuous mode [ 140.707260][ T1085] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.716487][ T1085] bridge_slave_0: left allmulticast mode [ 140.722169][ T1085] bridge_slave_0: left promiscuous mode [ 140.728334][ T1085] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.743051][ T1085] veth1_macvtap: left promiscuous mode [ 140.749373][ T1085] veth0_macvtap: left promiscuous mode [ 140.755512][ T1085] veth1_vlan: left promiscuous mode [ 140.760876][ T1085] veth0_vlan: left promiscuous mode [ 140.769217][ T1085] veth1_macvtap: left promiscuous mode [ 140.774776][ T1085] veth0_macvtap: left promiscuous mode [ 140.780631][ T1085] veth1_vlan: left promiscuous mode [ 140.786130][ T1085] veth0_vlan: left promiscuous mode [ 141.106759][ T1085] team0 (unregistering): Port device team_slave_1 removed [ 141.121586][ T1085] team0 (unregistering): Port device team_slave_0 removed [ 141.150232][ T1085] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 141.178622][ T1085] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 141.251061][ T1085] bond0 (unregistering): Released all slaves [ 141.440943][ T1085] team0 (unregistering): Port device team_slave_1 removed [ 141.472710][ T1085] team0 (unregistering): Port device team_slave_0 removed [ 141.498022][ T1085] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 141.524636][ T1085] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 141.603715][ T1085] bond0 (unregistering): Released all slaves