last executing test programs: 49.675119687s ago: executing program 5 (id=47): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x97, 0xff, 0x82, 0x8, 0x2058, 0x1005, 0xc19b, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x8f, 0x0, 0x0, 0xbf, 0x57, 0x5a}}]}}]}}, 0x0) 48.006410662s ago: executing program 5 (id=57): setrlimit(0x1, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='syscall\x00') ftruncate(r0, 0x7fffffffffffffff) 47.759571694s ago: executing program 5 (id=60): r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10) sendmmsg$sock(r0, &(0x7f00000005c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@mark={{0x10, 0x1, 0x24, 0x3}}], 0x10}}], 0x1, 0x20000000) 47.373074693s ago: executing program 5 (id=64): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4000, &(0x7f0000000580)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000102,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000011,fileset=00000000000000000011,uid=', @ANYBLOB="d6d84c0df937ed4a0cd30000f2e9ea9568eab74a46c525dc386983eade0b0ce5f1dd911706cf7d32d7d508d1823b8871e001000000eb4ce0a008f5cdea622fc6675e5486860a752ed0298a948efa72b2c8d8525181644a3124f3544a50f192b98f055ad125fd4674534413c6044136ea5aefac5267e43739626ea9391d8f346c4694f70400000000000000cee1f628d1cec3462830606bb612bfed91181cdc107bb91a2e86de2ad5", @ANYBLOB="2c000100000000000030303030003030303030303030303030303030352c00d745dcab34ff634099d402406184d688f81f99d01ce1164bfd68777e4bdfe2e9fae18a6c91c70bc34f974b265a58d1889c9c38e7e32895b1921f8e4b4b41f3ef0debac34b19aa687221a6b942eb396159ef6de9645e4b33865d6b62e564277ed35923544b6379822861ec79f423c1b0372e2b26bdba81fcea8c4d1eb657869c87c4d7cf2b187c387d632e58f44956d2d7b16ba93153514087b38676f72cab9f62f53f331bb7f952ef5ab05e9403afa22e65743c583ba30683ac5e30173cdb5c216d879ead8b3ee56d602a39e33c63ba2754ccfe231c2e1b660f2a68cc14a9186ee2e834be5f10b09"], 0x12, 0xc49, &(0x7f0000001cc0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThq3m6ZIZcVy9S+mYhXuqqbZBpBlIRRzC8CVuFIXpkiCpBrZSAumlx56CFAUPeREoDUKpGhgNEWQI9O6QHLxocipJ6KFjaDogW0D+BQwmNm34pKiIloUJUr+fGzquzv73ux7M6s3FME3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiD945dzxE2m7pT9Y293WAAAPwoWxrxw/ue3rPwDwOLj0of79DwAAAAAAAAAAAAAAPAQpingyUsxeWE0T1fOu+vnOwI2b4yOjW1c7kKqa+6ry5Vf9xMlTp7/4wvCZXp7vTK/XH9ztbnw6Xhu7dK7x8sz12bn2/Hx7sjE+3bkyM9ne9h52Wn+zo9UBaFx//cbk1avzjZPPn9rw8s2h9wefODx0dvjZY8/0yo6PjI6OrRep95ev3XNDuu40w2N/FHEsUjz33Z+mVkQUsfNjUd9w7h+4A1UnjladGB8ZrToy1WlNL5QvXuwdiCKi0Vep2TtGW5+LqA080D7cWTNisWx+2eCjZffGZltzrctT7cbF1txCZ6EzM30xdVtb9qcRRZxJEUsRsbLFX8OBKKIWKb59aDVdjoh9vePwhWpi8J3bUexiH7ehbGdjIGKpeATO2R42GEW8Gil+9s6RuJLHmWqs+XzEq2V+P+KtMl+KSOUH43TEe7s+nPOg1KKIvyzP/9nVNFmNB71x5fxXG1+evjrTV7Y3rnzI68NtI8VDuj4c2JQPxh4fm+pRRKsa8VfTvX+zAwAAAAAAAAAAAAAAAMD9diCK+FSkeOXf/6SaVxzVvPRDZ4f/cOhX++eMP32X/ZRln4+IxWJ7c3L354mBF9PFlB7yXOKPsnoU8ad5/t83H3ZjAAAAAAAAAAAAAAAAAAAAPtKK+EmkePHdI2kp+tcU70xfa1xqXZ7qrgrbW/u3t2b62traWiN1s5lzIudizqWcyzlXckaR6+ds5pzIuZhzKedyzpWcsS/Xz9nMOZFzMedSzuWcKzmjluvnbOacyLmYcykvur+cn6/kjD2ydi8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOOkiCJ+Him+9fXVFCkimhET0c3lwYfdOgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNJiK+F6kaPxR89a2WkSk6v+uI+Ufp6O5v8yPR3O4zJeieS5nq8pa85sPof3szEAq4seRYrD+9q0Tns//QPfZrY9BvPWN9WefrnVzX+/FofcHnzh86Ozw6G88fafHaasGHD3fmb5xszE+Mjo61re5lt/9433bhvL7Fven60TE/Btvvt6ammrP3fuD8iOwg+qP0INU+6j09NF+8Jv3a4dR2wvdeTgP7j52/P+DGKDYVeX1/71I8bvv/kfvgt+9/tfjV7rPbl3h44M/W7/+v7h5R9u8/tc218vX//KavtX1/8m+bS/m70YGahH1heuzA4cj6vNvvHmsc711rX2tPX36+PEvDQ9/6dTxgf0R9audqXb3UYqp9vH7crgAAAAAAAAAAAAAAAAAHpxUxO9HitaPV1MjIm5W87WGzg4/e+yZfbGvmm+1Yd72a2OXzjVenrk+O9een29PNsanO1dmJtvbfbt6Nd1rfGR0VzpzVwd2uf0H6i/PzL4x17n2xwtbvn6wfu7y/MJc68rWL8eBKCKa/VuOVg0eHxmtGj3VaU1XVS9uOZn+wxtIRfxnpLhyupE+m7fl+f+bZ/hvmP+/uHlHuzT//2N928r3TKmIDyLF7/zV0/HZqp0H47Zjlsv9XaQ4euYzuVzsL8v12tC9r0B3jmBZ9n8jxT/9fGPZ3nzIJ9fLntj2gX1ElOf/UKT43l98J34rb9t4/4etz//BzTvapfP/VN+2gxvuV7DjrpPP/7FI8dKTb8fn8rZfdv+P3r03juTCt+7PsUvn/xN924by+/72/ek6AAAAAAAAAADAI20gFfH3keKHo7X0Qt62nd//m9y8o136/a9P9m2bvD/rFd31wY4PKgAAAADsEQOpiJ9EimsLb9+aQ71x/nff/M/fW5//OZI2vVr9nO/XqvsG3M+f//Ubyu87sfNuAwAAAAAAAAAAAAAAAAAAwJ6SUhEv5PXUJ6r5/JN3XE99OVK88t/P5XLpcFmutw78UPVn/cLM9LFzU1MzV1oLrctT7cbYbOtKu6z7VKRY/dvP5LpFtb56b7357hrv62uxz0WK0X/ole2uxd5bm/yp9bInyrIfixT/9Y8by34ul/vEetmTZdm/iRRf+8HtZUuH18ueKst+J1L86GuNXtmDZdne/VE/uV72+R/cuiMCAAAAAAAAAAAAAAAAAAAA3LuBVMSfR4r/ub50ay5/Xv9/oO9p5a1v9K33v8nNap3/oWr9/zs9vpf1/6v7Cize6V0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODxlKKINyPF7IXVtDxYPu+qn+9M37g5PjK6dbUDqaq5rypfftVPnDx1+osvDJ/p5S+vf799Kl4bu3Su8fLM9dm59vx8e7IxPt25MjPZ3vYedlp/s6PVAWhcf/3G5NWr842Tz5/a8PLNofcHnzg8dHb42WPP9MqOj4yOjvWVqQ3c87vfJt1h+/4o4q8jxXPf/Wn64WBEETs/Fnf57Oy2A1UnjladGB8ZrToy1WlNL5QvXuwdiCKi0Vep2TtGD+Bc7EgzYrFsftngo2X3xmZbc63LU+3GxdbcQmehMzN9MXVbW/anEUWcSRFLEbEyePvuBqKI1yPFtw+tpn8ZjNjXOw5fuDD2leMn79yOYhf7uA1lOxsDEUvFI3DO9rDBKOKfI8XP3jkS/zoYUYvuV3w+4tUyvx/xVnTPdyo/GKcj3tvic8SjqRZF/F95/s+upncGy/GgN66c/2rjy9NXZ/rK9saVR/768CDt8bGpHkX8qBrxV9O/+XsNAAAAAAAAAAAAAAAAsIcU8euR4sV3j6RqfvCtOcWd6WuNS63LU91pfb25f70502tra2uN1M1mzomcizmXci7nXMkZRa6fs1lmfW1tIj9fzLmUcznnSs7Yl+vnbOacyLmYcynncs6VnFHL9XM2c07kXMy5lHM550rO2CNz9wAAAAAAAAAAAAAAAAAAgMdLUf2X4ltfX01rg931pSeim8vWA33s/SIAAP//YnX2fg==") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x2, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 46.700133804s ago: executing program 5 (id=71): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, &(0x7f0000000400)="9f", &(0x7f0000000480)=""/180}, 0x20) 45.985371988s ago: executing program 5 (id=76): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10) mincore(&(0x7f0000ff5000/0x4000)=nil, 0x4000, 0x0) 45.415936714s ago: executing program 32 (id=76): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10) mincore(&(0x7f0000ff5000/0x4000)=nil, 0x4000, 0x0) 15.645118661s ago: executing program 1 (id=282): syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x4080, &(0x7f00000001c0)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000002,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000002,nostrict,uid=', @ANYRESOCT=0x0, @ANYRES16], 0x2, 0xc36, &(0x7f0000002540)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIRRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2SEmV9Pjb13Z19b/a9eeMZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr56+qz7PwA8Vq75/38AAAAAAAAAAAAAADjoUhTxZKSYvbKaxqr3HfXL7b7bd0aHhreudiRVNQ9V5cuf+pmz585/6YXBC9283J7+gPp77bPx2si1S42XZ27Nzk3Oz09ONEan2+MzE5M73sNu6292sjoAjVuv3564cWO+cfb5cxs+vjPwfv8TxwcuDj576plu2dGh4eGR9SL13vK1+25Ix3YzPA5HEacixXPf+2lqRUQRuz8W9Qc79psdqTpxsurE6NBw1ZGpdmt6ofzwavdAFBGNnkrN7jHaeiyi1vdA+7C9ZsRi2fyywSfL7o3MtuZa16cmG1dbcwvthfbM9NXUaW3Zn0YUcSFFLEXESv+9u+uLImqR4jvHVtP1iDjUPQ5frCYGb9+OYh/7uANlOxt9EUvFIzBmB1h/FPFqpPjZOydiPF9nqmvNFyJeLfMHEW+V+VJEKk+M8xHvbXEe8WiqRRF/WY7/xdU0UV0PuteVy19rfGX6xkxP2e515SPeH+65Ujyk+8ORTflgHPBrUz2KaFVX/NV0/7/ZAQAAAAAAAAAAAAAAAGCvHYkiPhMpXvmPP6nmFUc1L/3YxcE/HPjV3jnjT3/Ifsqyz0fEYrGzObmH88TAq+lqSg95LvHjrB5F/Gme//eth90YAAAAAAAAAAAAAAAAAACAx1oRP4kUL757Ii1F75ri7embjWut61OdVWG7a/9210xfW1tba6RONnOO5VzMuZRzOedKzihy/ZzNnGM5F3Mu5VzOuZIzDuX6OZs5x3Iu5lzKuZxzJWfUcv2czZxjORfLrK93dDlvX8kZB2TtXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAj5MiivhFpPj2N1ZTpIhoRoxFJ5f7H3brAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBSfyri+5Gi8UfNu9tqEZGqfztOlL+cj+bhMj8ZzcEyX4rmpZytKmvNbz2E9rM7famIH0eK/vrbdwc8j39f593d0yDe+ub6u8/WOnmo++HA+/1PHD92cXD4N57e7nXaqgEnL7enb99pjA4ND4/0bK7lb/9kz7aB/L3F3nSdiJh/483XW1NTk3P3/6I8BXZR/RF6kWqPS08f1ovFvTgh9+5F1A5EMx5O33kMlPf/9yLF7777n90bfuf+X49f6by7e4ePn//Z+v3/xc072uH9v7a5Xr7/l/f0re7/T/ZsezH/bqSvFlFfuDXbdzyiPv/Gm6fat1o3J29OTp8/ffrLg4NfPne673BE/UZ7arLn1Z4cLgAAAAAAAAAAAAAAAIAHJxXx+5Gi9ePV1IiIO9V8rYGLg8+eeuZQHKrmW22Yt/3ayLVLjZdnbs3OTc7PT040Rqfb4zMTkzv9uno13Wt0aHhfOvOhjuxz+4/UX56ZfWOuffOPF7b8/Gj90vX5hbnW+NYfx5EoIpq9W05WDR4dGq4aPdVuTVdVr245mf6j60tF/FekGD/fSJ/P2/L8/80z/DfM/1/cvKN9mv//iZ5t5XemVMTPI8Xv/NXT8fmqnUfjnmOWy/1dpDh54XO5XBwuy3Xb0HmuQGdmYFn2/yLFP/1iY9nufMgn18ue2fGBfUSU438sUnz/L74bv5m3bXz+w9bjf3TzjvZp/J/q2XZ0w/MKdt118vifihQvPfl2/Fbe9kHP/+g+e+NELnz3+Rz7NP6f6tk2kL/3t/em6wAAAAAAAAAAAI+0vlTE30eKHw7X0gt5207+/t/E5h3t09//+nTPtom9Wa/oQ1/s+qACAAAAwAHRl4r4SaS4ufD23TnUG+d/98z//L31+Z9DadOn1Z/z/Vr13IC9/PO/XgP5e8d2320AAAAAAAAAAAAAAAAAAAA4UFIq4oW8nvpYNZ9/Ytv11JcjxSv/81wul46X5brrwA9Uv9avzEyfujQ1NTPeWmhdn5psjMy2xifLuk9FitW//VyuW1Trq3fXm++s8b6+FvtcpBj+h27Zzlrs3bXJn1ove6Ys+4lI8d//uLFsdx3rT62XPVuW/ZtI8fV/2brs8fWy58qy340UP/p6o1v2aFm2+3zUT6+XfX58ptiHUQEAAAAAAAAAAAAAAAAAAOBx05eK+PNI8b+3lu7O5c/r//f1vK289c2e9f43uVOt8z9Qrf+/3ev7Wf+/eq7A4nbfCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH08pingzUsxeWU3L/eX7jvrl9vTtO6NDw1tXO5Kqmoeq8uVP/czZc+e/9MLghW5+cP299pl4beTapcbLM7dm5ybn5ycnGqPT7fGZickd72G39Tc7WR2Axq3Xb0/cuDHfOPv8uQ0f3xl4v/+J4wMXB5899Uy37OjQ8PBIT5la331/+z3SNtsPRxF/HSme+95P0w/7I4rY/bH4kHNnvx2pOnGy6sTo0HDVkal2a3qh/PBq90AUEY2eSs3uMXoAY7ErzYjFsvllg0+W3RuZbc21rk9NNq625hbaC+2Z6aup09qyP40o4kKKWIqIlf57d9cXRbweKb5zbDX9a3/Eoe5x+OKVka+ePrt9O4p97OMOlO1s9EUsFY/AmB1g/VHEP0eKn71zIv6tP6IWnZ/4QsSrZf4g4q3ojHcqT4zzEe9tcR7xaKpFEf9fjv/F1fROf3k96F5XLn+t8ZXpGzM9ZbvXlUf+/vAgHfBrUz2K+FF1xV9N/+6/awAAAAAAAAAAAAAAAIADpIhfjxQvvnsiVfOD784pbk/fbFxrXZ/qTOvrzv3rzpleW1tba6RONnOO5VzMuZRzOedKzihy/ZzNMutra2P5/WLOpZzLOVdyxqFcP2cz51jOxZxLOZdzruSMWq6fs5lzLOdizqWcyzlXcsYBmbsHAAAAAAAAAAAAAAAAAAB8vBTVPym+/Y3VtNbfWV96LDq5bD3Qj71fBgAA//8dq/O8") fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xcc48, 0x0) 15.03348472s ago: executing program 1 (id=284): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xf1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x9, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe5}, 0x94) 14.386432457s ago: executing program 1 (id=290): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file2\x00', 0x10, &(0x7f0000000180)={[{@nodiscard}, {@nocheckpoint_merge}, {@fault_type={'fault_type', 0x3d, 0x7fff}}, {@errors_remount}, {@noflush_merge}, {@fault_injection={'fault_injection', 0x3d, 0x4ee}}, {@acl}, {@fastboot}, {@compress_cache}, {@alloc_mode_def}, {@noinline_xattr}, {@grpjquota}, {@checkpoint_diasble}]}, 0x5, 0x550e, &(0x7f00000020c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DKJjT9WPRWdRc/sEtZ9eBJ0ySN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmYmul0VhE0bu/39YPLM++bNM88bloVnpiSAM2s++fXnUlyLSxExGxFXI7LzUnFk1vPwXERcj4iZh45SMf/nxPmIuBwR10bJ85yl4q3Pbw5vrP305i/ffHfh3JUvvv5+ersGpu35iOju5Of73TymrTzeL+Zrw3YWu6vDIuZvdB8U4zSP+82tLMN+bbyulsWVVr4+3dnrj+J2p1YfxVZ7O5vf6eUX7A9b4zzZB+7XdrNxo7mVxXY/zWLrMK/r4DD/v+2wP8jzNIp8H2XpYzAYx3y+edDM97PzIIv13qCYz/OmjebBKA6LWFwu6mmnkdWx9Tjf9P/bW+3e3kEybO7222kvWatUX6xUb5Wru2mjOWiulmvdxq3VZKHVGS0rD5q17norTVudZqWedheThVa9Xq5Wk4Xbza12rZdUq5WVylJ5bbE4u5m8dvfdpNNIFkbxlXZvb9Du9JPtdDfJP7GYLFdWXlpMblSTtzc2k817d+5sbL7z/u337r688carxaK/lfVCLC8tL5erS+Xl6uIZ2v8nRdHJwsT2D4+lNO0CAE4f/T8wDcfX/+/eizj+/j/0/xNxqvrfcVmP9L8fnvH9w9To/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzqwf5r58PTuZz8dXivmniqlninEpImYi4vd/MBvnj+ScLfLM/cv6uUdq+LYUWYbRNS4Ux+WIWC+O354+7m8BAAAAnlxffXz9s7xbz1/mp10QJym/aTNz9YMJ5StFxNz8jxPKNjN6eXZCybJ/3+fiYELZshtYFyeULL/ldm5S2f6T2SPh4kOhlIeZEy0HAAA4EUc7gZPtQgAAADhJn067AKajFONHmeNnwdlf3v/1QPDSkREAAABwCpWmXQAAAABw7LL+3+//AQAAwJMt//0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4g537uU0ciOIA/Gzwwv7TotXet5W9QRlbwh73GFFAmqCAHEgLaYAayC0lRBDhcQhEHCJ5bCvR90nOZCzz4w2Cw8xIAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTpvlovbq9+X7fN2e3byTMaAAAA4JJttV7U/8xS/2tz/3tz62fTLyKijIhLc/dRfDrLHDU51cvzN6fPV69quIuoEw7vMWmuLxHxp7kef3T9KQAAAMDHtVmu5mm2nv7Mhi6IPqVFm/Lb30x5RURUs4dMaeUh71emsPr7PY7/mdLqBaxpprC05DbOlfYm9c/9uGo3PWmK1JQXX3YsMtvYAQCAHo3Omn5nIQAAAPTp39AFMIwinrcyj1uBk9Q023ufz3oAAADAO1QMXQAAAADQuXr+39P5f3vn/wEAAMAw0vl/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdGlbrReb5WreNme3byfPaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4In9eUeBEAiDMNi7vjOZ+x9WGjQ1NakC4eNvDAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADe/O4v/yemxplk7rWx9DySrJ0aW6fG3rlx9Ifx9WsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALvbnJQVCIAiiYM7430nf/7CSoGcQIQIaHlXUogEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC/63S//J6bGmWTutLF0PJKsXTW2rhp7DxpHD8bbvwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnbu5zWOKg4A+JudnU1bFdcqe4iIggcFsdttbe1NPCjBg3+CENJtjd36o83BliLm4k1y7kX0KCIo8db/oecWcom3HPYQwbMyv3YnP8D118wm+XzgzfvuMMz7vlkI+c57CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACl8dvTOE4P3TxuFece7d5bSfvH+/rUg42txbSlcVRn0kfDC9UPUW8S7jaRDAAAACdDXNb3IYTtZHMp7VvdrP5PymvSmv/bp/K4rOf31/1lX9b+afvl553nJgN183HSm15bHQ3PH0yl/f/Ncr49/ZdXtLMnn717ibMvpPXe+rPjJHue0dcPH77TycKFOrIFAP6Jc2VfBOXvQ2k/aDIxAE6MdqXwLuv/uNtsTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1GK+HJ8o4CiEstqdx6vHuvZXD+gcbW4tlu3z//kb4cnrP9BZJCOHa6mh4vtbZzLfbd+7eWB6NhrfqD14MITQ1+lvF9G98MMPFITTyfAT/TfDHQvFlz0k+RyRo8IcSAADHUlK0tK7fTjaX0nPRayGE7/bW/69U4jBj/b/z4eVH1bGq9f+gthnOv/7azU/7t+/cfX315vL14fXhx29cGLw5uHjl0qUr/exdSd8bEwAAAP6dTtGq9X/r7MH1/zOVOMxY/3/2zeCL6lix+n+vU3k3XfRrOiEAAICT7ZmXfv8tOuR81OmEz5fX1m4N8uPk84X82ECqf9tC0ar1f3y26awAAACAOozXoz3r/1crcZhx/f/J75//sXrPOIRwulj/P7fyyehqfdOZa3X8OXHTcwQAAKBZp4tWXf9Psv3/rcmWh1YI4dWX87j4N4Az1f/xu1/9UB2ruv//Yn1TnEutXv48sr4XQrvXdEYAAAAcZ6eKlhb7vyabSx/9dOb9jv3/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHX7MwAA//8Wtz96") r0 = open(&(0x7f0000000140)='./file1\x00', 0x64042, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x1}], 0x1, 0x2000, 0x0, 0x10) 11.297661884s ago: executing program 1 (id=310): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080)) mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000001100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}], [], 0x2c}) 7.970232457s ago: executing program 1 (id=330): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b160000000000000000020000084c00048018000180080001006f7366000c000280080001400000000430000180080001006e6174002400028008000140000000000800054000000017080006400000003208000240000000020900010073797a30000000000900020073797a32"], 0xa0}, 0x1, 0x0, 0x0, 0x850}, 0x4040080) 6.925150945s ago: executing program 1 (id=340): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00') preadv(r0, &(0x7f0000000580)=[{&(0x7f0000000200)=""/122, 0x7a}], 0x1, 0x45, 0x0) lseek(r0, 0x4, 0x1) 6.348380002s ago: executing program 33 (id=340): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00') preadv(r0, &(0x7f0000000580)=[{&(0x7f0000000200)=""/122, 0x7a}], 0x1, 0x45, 0x0) lseek(r0, 0x4, 0x1) 5.697072406s ago: executing program 3 (id=350): sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48c05}, 0x4040150) syz_usb_connect$hid(0x6, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000000010ac0100000001000000010902240001000000000904000001030000000921ffff000122050009058103"], 0x0) syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000dae11c105e048402"], 0x0) 4.207676536s ago: executing program 3 (id=365): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x44, r1, 0x1, 0x4, 0x1, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vcan0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x48c1}, 0x0) 3.929692847s ago: executing program 3 (id=368): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000080)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@init_itable}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f0000000500), &(0x7f0000000540)=ANY=[], 0x835, 0x1) rename(&(0x7f0000000180)='./file3\x00', &(0x7f0000000240)='./file1\x00') 3.719402603s ago: executing program 0 (id=369): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x53b1ef44c4498a4d}) 3.465056874s ago: executing program 3 (id=371): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f00000001c0)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c757466383d312c696f636861727365743d61736369692c73686f72746e616d653d77696e39352c73686f77657865632c6e66732c636865636b3d7374726963742c756e695f786c6174653d302c757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c726f6469722c726f6469722c64656275672c757466383d302c726f6469722c71756965742c6572726f72733d72656d6f756e742d726f2c009c8a8fc4f74784ad79ec08fb556262ebc972ef94821f3565ef5f75f11e30ef1f72a065c510b17cae352940538b7b2c5d72f4627c25306b2479725add28f511a68f5f6f47f9facdd0cc574286d00ab52d6b9374b6a58eac694336ebe971f41860d01084c1a0fa6b51d80fa9f9d2c5a2e7a5284f93296217ef8f28e0a36e573296a0bfb38b94191f4b82873563f3759b5e193ecfab6ed7892542364757e47d656ad6a0fbb6e8bf138bddae620a3602991821d4844f628e6bdd8b62cca73744332f0185a54b"], 0x6, 0x2c1, &(0x7f00000005c0)="$eJzs3T+LI2UcB/DfZLOTUYuksBLhBrzC6nCvE5sscgfiVh4p1EIX7w5kE4Q7WPAPxqtsbSwsfAWC4Au5xncg2Ap2rrAwMpOZzWSNMZHNyu1+Ps0++8zznfk9k4fsbJEnH748Obqfx8MnX/wSWZZEZxjDOEliEJ1ofBULht8EAPAsOymK+L2Y2SSXRES2vbIAgC1a7+9/d9786VLKAgC26N677729f3Bw550ssrg7+fp4VP5nX/6cHd9/GB/HOB7Ea9GP04jqQWE3qqeFsnm3KIppNy8N4uZkejwqk5MPntbn3/8tosrvRT8GVdfZ00aVf+vgzl4+08pPyzqer68/LPO3ox8vnoUX8reX5GOUxquvtOq/Ff34+aP4JMZxvypinv9yL8/fLL794/P3y/LKfDI9HvWqcXPFziW/NAAAAAAAAAAAAAAAAAAAAAAAXGG36r1zepHfiJuTsqvef2fnNNLy17wxWNyfZ5ZPmhO19wcqimJaxPetLQXzoh44z3fjpW57Y0EAAAAAAAAAAAAAAAAAAAC4vh5/+tnR4Xj84NGFNJrdALoR8ee9iP96nmGr50asHtyrr3k4Hnfq5sKYp2m7J3aaMUnEyjLKSVzQbfm3xnPna24aP/xYTnCTE2atnteXT3B3+/NqVtfRYbL8Wr1oerJ6kXyXRszHpLHmtdJ/OlTEJssvXXqov/Hc0xeqxnTFmEhWFfbGr7M7V/ck52eRVnd1aXy3brTi59bGWq97ZLP4398rkmq3jt723owAAAAAAAAAAAAAAAAAAOCam3/6d8nBJyujncJHgQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4Iubf/79BY1qH1xicxqPH//MUAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuAb+CgAA//8HIVi7") mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0) 3.42699372s ago: executing program 0 (id=373): syz_mount_image$hfs(&(0x7f0000000040), &(0x7f00000004c0)='./file1\x00', 0x1218001, &(0x7f0000000700)={[{@gid}, {@type={'type', 0x3d, "5ed07ee6"}}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@codepage={'codepage', 0x3d, 'koi8-u'}}]}, 0x2, 0x342, &(0x7f0000000100)="$eJzs3T1rFEEcBvBn9uWyZ0Jck0jASqIBq5DEQrExSLDxC1hIMCYXCFkjaAQNiNFaxE4QLO2sRb+CNuIX0CqFWGkTLFyZ2Z19u9nN5XLJ5sjzA4+93Zmd/9zM7M0kxAERHVvX5r+/u7gt/wkXgA3gCmAB8AAHwGmMew/XN9pzDuTf2smRQJRTtGVZWm+ZYvAQ54j58p2Doew5OhhhGIY/dk31+1BiofqI7AjOsKKB7ugR7h16ZAdjq+0BdgxkWljsYAePMFxnOEREVL/4+9+KvyWG4vm7ZQGT8Ty837//c/ObnfriOBKS738reh8K+fmcVJfkem91I2gtR0s42fqWXiWa7mXsE2H6cTcQ9Sx7MDPlypRipmKxmiurQWtqS93gOa7GMsnG1OsydEWUsmgbUaoJw9q0QlXdqw2qOriyDrMl8Y9WlWhcAH/6idfm4ha+mM4W6io+i69iQfh4g+Vk/ueEQjaTaim/MFSi+KcraqnDDFrTuVqm4Z9ShZyJS8DH92ktm2WfqwdbxpLXSOtRnL/7Os5XDfMN1ekR5H+sENVuprx2Ktco4Ai1asjmmk0S/TXmGiuW1Vxxg9bU0r2grNP3lnFFJ16Km2ICv/AB85n5vyVTT6J8ZOZGuVAp455RWR9HpWxrRwM1NO/uaWSScj0/XjvK8wJ3cBnDDx5vri0GQet+/Qd6qHSZ/WyP44k6Ytwd5RmoJ1ySBp48cAH0rNB/YRgaLzk4jCZwVVUvvU2rvLm2KOJn3v6KkE/OwqW58sQA5gDEZ/QToZvSnya5BtIb7pLLV2X9ka2tzuQ6pKsPdFTqku66B9M6uqjcJRsDHY2UZheF3niythh09SSiPpM2OsZv1R0M1UHOF0S0/susV6bVU0e++BXrHzf/ttmWIHPHmZIV0Ih6PdHZCi65bek8cVAf7LLmOncBOF8o0YIu8Vnxtn4cJ47ibyX3/qsMMY9vuM2f/xMRERERERERERERERERERERERER9Zu9/jVCN39OkC9x+xj+xxtERERERERERERERERERERERERERERERPuT2f8XsNWOMQ3T/r9VOzUpdrRDjNeL/X/tDvb/FVv9vBcZ0ZHwPwAA//+ekVe5") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101080, 0x129) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 3.087711429s ago: executing program 0 (id=376): r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2) ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f0000000000)=0x1) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000900)={0x0, @bt={0x2d0, 0x190, 0x1, 0x2, 0xdd9f83, 0x1, 0x5, 0x1, 0x2, 0x8, 0x722, 0x13, 0x7, 0x7f, 0x3f, 0x38, {0x0, 0x6fd8e84b}, 0x3, 0xed}}) 2.934484134s ago: executing program 6 (id=377): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="05000000050000000200000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000007000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r1}, 0x10) 2.856754038s ago: executing program 3 (id=378): r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) unshare(0x2040400) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000100)=@generic={0x0, r0}, 0x18) 2.803357426s ago: executing program 0 (id=379): r0 = syz_usb_connect(0x3, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f00000001c0)={0x14, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000000200)=ANY=[@ANYBLOB="7c2f0aec9d222ea5ee20e6b25cf191669d6293d87d67cbc22a8dca55b40c545d1439d9ab278a279afd807e25e3c9aacca664836fec718e063c9b06cd66442b6407fec5c3a4256ee0e5cd9d0f1001c90a801c4fadce8e13a5e0209edf5c5693acccefa24d4f5a2ef062e701d054d19e9e6340a1651e05fd87b70942c679234426f9b19c0723563d0e38ec970aec02a6154ab61081aae03050d00192bd9d59977bb2f1297a7cd0571a0dfc5688a8e3d5f4a226b7e397b43c186967c74821bc70005059ab5606c70045a6a9915285c8215b9abd839f50530dde8ad500d70d8f7c1a0093293e6d632f8e8939f3199ab4ec92caed14c26975b57578c8ea666a2e4253ca9516f3c07bdc5ad27c2ff29e1569795f9dfbd1b92919432e423ff4f9a35b77419d6a8540fc9431ca78e05e278bef5a21b1423a3c9f7c1e2bd16a1ecdfde51cfa4aef38e6afb92770bcefb5fcb277ccede1ddc8647db538661b3d10effa1b6f705ef1b74e5bea20b4f98421b7b4be4c5c6be101f5503a4ecaffae335ef565920d678ed5b41031122b21f9d9b7f270b95f94624a7ddc657c83d3722a8d01f321fd7f685fc74d61a4e1914dda6df4be639c4910c56a84c24a41b9ef07eee4083dd9a30a53a58b50186c120400a4186fe5845b6b325fd112378a82d53bee449bc9d4c2d4331a1323c69c99c778560fc2142d138b23000c5403156cd8223f07a73811ab5b81e287bd6ad95c2fefce002ac77a1ac74d5e868870f29277da69987652b0055b3072efab2fe56fe0fe287f7d51aa772b2e3ae77954a938be2792442e1ab2e6fc078d821c70222142568b6db9609f1db23e8a4a460b9fbbeb48469e6bf0acffd85af86e69535a95c02c30d5ad776002c48e19e134688780bbafaf81097358b0c8f63bcefb61d8f29aacb3dc1a485bb7343539387f1e83b9286948439f4b4a20e2832c560c743e4c2d37eddbf341c47f71a93101a08a533e96601f98752531428944d88c836c7d7a082859a3120721afd99130e83f689720638e889ddf4a23228dc23e955ae67fe5447e134b63f4c72e5664d2ed8a7406568e08f3582661006cf5800615fc4a5ec88ef3361ea027d2a1a550ac3e017a212570cd145fcc2e1984e4fca28bf4110f33a5ac847fcd3605e546ee8ea49a7de5d4b599926a76028e9d5259db7fd6f908c7a8657d42f895380c88ac85cdc183f6b61172b966a41888ceae895eaf18cb8da8d1918411b297959a8abacf8c4cee15ca87048aae13ffe068dee23a9edc2b259aeb8895b7ed2633431067a999f915934aef1be5f360f0db726f24e8eb89adb8db535de6fd7c06678831d17e47c67cd22f047b92d8fba83a49a1285def4dfdf634408cb05ae73f24df76e7393d1e90d40c50bd388bb53e281b889084a1a19efdfa6be16aed1a621d964c1ac332b65765e7440ccc75ef44851409c458905127bd161bf98cb6a3681af073e3650f52d5ee691c347e86360c3aebae4a691b2485d68c57d09e269656b1efbfd3413d54c8d3e467c0bfa84669d0cc5e9cfd50b9c79171f8b6a5e66e8c6f66c0916083b8e8a464498aed3badd2f267fb56adb0953b9ebd0370f941d796abffa81722d502c8d1e9d844802f4197067598b2394dddf76641f9c2ec0403bd379e8f712668b98e1121a27888b227104875999cd562fa9833458879652bfeffabc6bbb5c354dc36ad91354ccb5050d69b28b562a72bbf277f96bd1d5dc6408329f6f850a96762a6aebf2a7b5bacbbc032be8b29c453867a47094289f6b8aa38f85051fc4d4478a02af664b3250a396583001a7971cfa6f5a4931e32e7bfb7b4c3f7be3bc5f91ba46554773b9102dbd4aba4344c6fe87bd050f79175d7918d57bc137cde33a884bba63a1adf6e7e71ba783eb1fe689b23d3ad18627b0b229c0d982631308a88c4bf1e2079eb0fcc486ef864e7c6a75cce17b133577fa88d62807398b8a795ae2bb7610f8b17cfc56ff11b8ffc4aa316e612fc76955dc44e66467c4d632657d4cac3cc1bda8c2c6207915a89f76bf1fd61c156ba8720bb8048601cd1221f6996e6f04e44b842e00a4487cd59501a65db1f6ade7f22ba5d7ee8e67125e284eef41ad5f2069a48cc71c621eb08d832ef8592874199c5c03249d3ee03422535c2be6919c43724277d56a885ab67753ae8d7f1317b7e534bb1a111a0edb5d298c1374c7824a80fb00ae268f2fd641f1b2a12f712d9a5e027957941ffb4218c6d8a8e7950dca0b4c9018dcfb67244a30080d54781b5111c85cd89e08f51c55975301ff389baf2242ef0fb662122a2eb89c1dcaf82d6391906a1b235635e6c484cd5fa32bc80ce68d505df9a9c6b21e222c3b9330243b8e02a3e661c20e0da633d88f7debaf6643654050ab73613dbea6176109b5c35c4d280739aee77f81a1b58efa9e606259f45745b69523bc81828cfcfffd185ad51b4b183b7a1ef86757172ef67a4f153b7c3a3e99f15"]) 2.657184973s ago: executing program 6 (id=381): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x6, 0xfffff034}, {0x20, 0x0, 0x0, 0xfffff038}, {0x6, 0x3}]}, 0x10) sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0) 2.526949875s ago: executing program 2 (id=382): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f00000000c0), 0xf00) close(r0) 2.32107231s ago: executing program 3 (id=384): r0 = socket(0x2, 0x3, 0xff) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x7ff, 0x4) syz_emit_ethernet(0x46, &(0x7f0000000200)={@random="a94fdfd02d25", @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x1, 0xb, 0x38, 0x67, 0x0, 0x5, 0x1, 0x0, @rand_addr=0x64010102, @remote}, @parameter_prob={0xc, 0x0, 0x0, 0x5f, 0x1, 0x0, {0x5, 0x4, 0x0, 0x2a, 0x7, 0x66, 0x81, 0xfe, 0xff, 0xf818, @private=0xa010102, @broadcast}, "718781dfc8e58160"}}}}}, 0x0) 1.965779929s ago: executing program 34 (id=384): r0 = socket(0x2, 0x3, 0xff) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x7ff, 0x4) syz_emit_ethernet(0x46, &(0x7f0000000200)={@random="a94fdfd02d25", @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x1, 0xb, 0x38, 0x67, 0x0, 0x5, 0x1, 0x0, @rand_addr=0x64010102, @remote}, @parameter_prob={0xc, 0x0, 0x0, 0x5f, 0x1, 0x0, {0x5, 0x4, 0x0, 0x2a, 0x7, 0x66, 0x81, 0xfe, 0xff, 0xf818, @private=0xa010102, @broadcast}, "718781dfc8e58160"}}}}}, 0x0) 1.95792657s ago: executing program 2 (id=386): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), r0) sendmsg$TIPC_CMD_RESET_LINK_STATS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x30, r1, 0x1, 0x70bd2d, 0x25dfdbfc, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}, 0x1, 0x0, 0x0, 0x804}, 0x14) 1.942532643s ago: executing program 6 (id=388): unshare(0x26020480) r0 = openat$vsock(0xffffff9c, &(0x7f0000000000), 0x2004c0, 0x0) mq_notify(r0, 0x0) 1.784804756s ago: executing program 6 (id=389): r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, r0) add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f00000002c0)="0000000000000002ff690000000000010000001800000006000200861f4104bfeacdd5a9007d16dcdc2850b5", 0x2c, r1) 1.687007593s ago: executing program 2 (id=390): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x7, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000500000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bc8900000000000035090100000500009500000000000000b7080000000100007b9a00fe00000000b509ffffff1f0000c3aaf0fff1000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018220000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608ebff76000000bf9800000000000056080000000000008500000000000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) 1.513129152s ago: executing program 6 (id=391): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) 1.451459168s ago: executing program 2 (id=392): rseq(&(0x7f0000001080)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x80000000, 0xffffffffffffffff) 1.336901349s ago: executing program 6 (id=393): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3801"], 0x138}}, 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000000c0)=ANY=[]) 1.02967818s ago: executing program 2 (id=395): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x10, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000005000000000000008000000018000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 840.480189ms ago: executing program 2 (id=397): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000001300)=ANY=[@ANYBLOB="0015f700000004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000280)={0x40, 0x17, 0xe, "f0a8939b15a39be20090291073ee"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x80}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000380)={0x20, 0x80, 0x1c, {0x4b, 0x2, 0x0, 0x7f, 0x9, 0x800, 0x402, 0x3, 0x2, 0x7f, 0x9, 0x4ac7}}, 0x0, &(0x7f0000000400)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000440)={0x20, 0x87, 0x2, 0xcd0f}, &(0x7f0000000480)={0x20, 0x89, 0x2}}) 762.254662ms ago: executing program 4 (id=398): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x84022, &(0x7f0000000240)={[{@nr_inodes={'nr_inodes', 0x3d, [0x35]}}, {@size={'size', 0x3d, [0x34]}}]}) 525.103397ms ago: executing program 4 (id=399): socket$tipc(0x1e, 0x5, 0x0) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e2357f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200c54c1960b89c40ebb373", 0x39}], 0x1}, 0x0) 439.917856ms ago: executing program 4 (id=400): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000240)=0x1, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x4e23, 0xfd, @mcast2, 0x2}], 0x1c) 344.420712ms ago: executing program 0 (id=401): r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001640), 0x2, 0x0) read$FUSE(r0, &(0x7f0000001ec0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_ATTR(r0, &(0x7f0000003fc0)={0x78, 0x0, r1, {0x7, 0x0, 0x0, {0x1, 0x1, 0x0, 0x0, 0x0, 0xc000, 0x0, 0x15, 0x10001}}}, 0x78) 274.457954ms ago: executing program 4 (id=402): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000140)=[{0x6, 0x5, 0x3, 0x7fff0000}]}) fsopen(&(0x7f0000000700)='affs\x00', 0x1) close_range(r0, 0xffffffffffffffff, 0x0) 141.729494ms ago: executing program 0 (id=403): r0 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000000)={0x20, 0x2}, 0x8) close(r0) 96.564201ms ago: executing program 4 (id=404): r0 = socket$kcm(0x2, 0x922000000001, 0x106) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) setsockopt$sock_attach_bpf(r0, 0x1, 0xc, &(0x7f00000002c0), 0x4) 0s ago: executing program 4 (id=405): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = inotify_init1(0x80000) inotify_add_watch(r0, 0x0, 0x36000002) kernel console output (not intermixed with test programs): retrying later): interface not active [ 93.087331][ T5832] hsr_slave_0: entered promiscuous mode [ 93.094412][ T5832] hsr_slave_1: entered promiscuous mode [ 93.100932][ T5832] debugfs: 'hsr0' already exists in 'hsr' [ 93.106716][ T5832] Cannot create hsr debugfs directory [ 93.151632][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.158604][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.184672][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.228309][ T5830] hsr_slave_0: entered promiscuous mode [ 93.234967][ T5830] hsr_slave_1: entered promiscuous mode [ 93.241579][ T5830] debugfs: 'hsr0' already exists in 'hsr' [ 93.247300][ T5830] Cannot create hsr debugfs directory [ 93.336925][ T5829] hsr_slave_0: entered promiscuous mode [ 93.343527][ T5829] hsr_slave_1: entered promiscuous mode [ 93.349652][ T5829] debugfs: 'hsr0' already exists in 'hsr' [ 93.355428][ T5829] Cannot create hsr debugfs directory [ 93.431672][ T5844] hsr_slave_0: entered promiscuous mode [ 93.438108][ T5844] hsr_slave_1: entered promiscuous mode [ 93.444572][ T5844] debugfs: 'hsr0' already exists in 'hsr' [ 93.450441][ T5844] Cannot create hsr debugfs directory [ 93.594165][ T5833] hsr_slave_0: entered promiscuous mode [ 93.601040][ T5833] hsr_slave_1: entered promiscuous mode [ 93.607190][ T5833] debugfs: 'hsr0' already exists in 'hsr' [ 93.613275][ T5833] Cannot create hsr debugfs directory [ 93.872115][ T5853] Bluetooth: hci2: command tx timeout [ 93.877584][ T5836] Bluetooth: hci0: command tx timeout [ 93.880923][ T5841] Bluetooth: hci5: command tx timeout [ 93.888438][ T5839] Bluetooth: hci1: command tx timeout [ 93.950402][ T5841] Bluetooth: hci4: command tx timeout [ 93.955894][ T5839] Bluetooth: hci3: command tx timeout [ 94.115347][ T5828] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.128089][ T5828] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 94.162833][ T5828] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.186647][ T5828] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 94.243536][ T5832] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 94.256011][ T5832] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 94.267147][ T5832] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 94.292216][ T5832] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 94.355298][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.385188][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.396455][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.414426][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.567313][ T5829] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.586128][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.601617][ T5829] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.616300][ T5829] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.626512][ T5829] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.669234][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.712843][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.720123][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.749213][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.756358][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.800015][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.822126][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.838523][ T5844] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.864166][ T5844] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.875881][ T5844] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.887064][ T5844] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.925038][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.971455][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.019524][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.026677][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.057956][ T5833] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.069025][ T5833] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.083003][ T5833] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.096898][ T5833] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.128401][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.135539][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.145396][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.152599][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.184854][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.192003][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.533763][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.568565][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.628295][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.677331][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.694861][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.728314][ T1321] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.735510][ T1321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.778034][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.803385][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.810569][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.833221][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.840389][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.874794][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.923284][ T3525] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.930644][ T3525] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.955342][ T5839] Bluetooth: hci1: command tx timeout [ 95.968666][ T5841] Bluetooth: hci5: command tx timeout [ 95.968689][ T5853] Bluetooth: hci2: command tx timeout [ 95.976663][ T5839] Bluetooth: hci0: command tx timeout [ 96.030591][ T5839] Bluetooth: hci3: command tx timeout [ 96.036196][ T5841] Bluetooth: hci4: command tx timeout [ 96.062577][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.073746][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.143162][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.150350][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.209067][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.216238][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.427062][ T5828] veth0_vlan: entered promiscuous mode [ 96.447151][ T5830] veth0_vlan: entered promiscuous mode [ 96.489270][ T5828] veth1_vlan: entered promiscuous mode [ 96.543976][ T5830] veth1_vlan: entered promiscuous mode [ 96.693703][ T5828] veth0_macvtap: entered promiscuous mode [ 96.705015][ T5828] veth1_macvtap: entered promiscuous mode [ 96.717903][ T5832] veth0_vlan: entered promiscuous mode [ 96.728515][ T5830] veth0_macvtap: entered promiscuous mode [ 96.779298][ T5830] veth1_macvtap: entered promiscuous mode [ 96.791181][ T5832] veth1_vlan: entered promiscuous mode [ 96.856785][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.872414][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.904147][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.923311][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.953173][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.964759][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.983875][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.000097][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.008964][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.025643][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.042534][ T5832] veth0_macvtap: entered promiscuous mode [ 97.069370][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.089553][ T5832] veth1_macvtap: entered promiscuous mode [ 97.105840][ T36] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.115635][ T36] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.140732][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.173368][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.258358][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.275872][ T1321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.286902][ T5829] veth0_vlan: entered promiscuous mode [ 97.300030][ T1321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.314842][ T5844] veth0_vlan: entered promiscuous mode [ 97.328812][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.349319][ T5829] veth1_vlan: entered promiscuous mode [ 97.368323][ T5844] veth1_vlan: entered promiscuous mode [ 97.403695][ T5833] veth0_vlan: entered promiscuous mode [ 97.414874][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.423534][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.431762][ T1321] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.441786][ T1321] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.472383][ T1321] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.482006][ T1321] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.514637][ T5833] veth1_vlan: entered promiscuous mode [ 97.528328][ T1321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.544057][ T1321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.564475][ T5830] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.588587][ T5844] veth0_macvtap: entered promiscuous mode [ 97.617418][ T5844] veth1_macvtap: entered promiscuous mode [ 97.716465][ T5829] veth0_macvtap: entered promiscuous mode [ 97.755884][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.774971][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.787889][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.797067][ T5829] veth1_macvtap: entered promiscuous mode [ 97.803375][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.816780][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.828467][ T5833] veth0_macvtap: entered promiscuous mode [ 97.846418][ T5972] loop0: detected capacity change from 0 to 4096 [ 97.854473][ T5972] ======================================================= [ 97.854473][ T5972] WARNING: The mand mount option has been deprecated and [ 97.854473][ T5972] and is ignored by this kernel. Remove the mand [ 97.854473][ T5972] option from the mount to silence this warning. [ 97.854473][ T5972] ======================================================= [ 97.962740][ T5972] ntfs3(loop0): ino=3, Correct links count -> 2. [ 97.973072][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.006374][ T5833] veth1_macvtap: entered promiscuous mode [ 98.029507][ T1321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.047090][ T1321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.048216][ T5841] Bluetooth: hci0: command tx timeout [ 98.054925][ T5839] Bluetooth: hci5: command tx timeout [ 98.059826][ T5841] Bluetooth: hci2: command tx timeout [ 98.065417][ T5853] Bluetooth: hci1: command tx timeout [ 98.108263][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.114643][ T5841] Bluetooth: hci4: command tx timeout [ 98.117935][ T5853] Bluetooth: hci3: command tx timeout [ 98.134238][ T1321] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.165492][ T1321] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.204237][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.213156][ T5972] ntfs3(loop0): failed to convert "0080" to cp855 [ 98.232635][ T5972] ntfs3(loop0): failed to convert name for inode 1e. [ 98.253454][ T5972] ntfs3(loop0): ino=1f, mi_enum_attr [ 98.262639][ T5972] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 98.279148][ T1321] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.295637][ T1321] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.322096][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.343374][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.398214][ T1321] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.469985][ T1321] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.511091][ T1321] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.520057][ T1321] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.560165][ T1321] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.589147][ T5980] loop5: detected capacity change from 0 to 64 [ 98.615848][ T1321] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.645473][ T5945] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.691561][ T1321] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.738288][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.769374][ T5832] hfs: node 4:3 still has 1 user(s)! [ 98.785129][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.893080][ T1321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.918526][ T1321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.937913][ T5983] loop5: detected capacity change from 0 to 4096 [ 99.022568][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.060575][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.069979][ T5983] ntfs3(loop5): failed to convert "0080" to cp861 [ 99.099200][ T5983] ntfs3(loop5): failed to convert name for inode 1e. [ 99.115858][ T5983] ntfs3(loop5): ino=1f, mi_enum_attr [ 99.128634][ T5983] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 99.139840][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.158078][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.252069][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.290226][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.299234][ T5976] loop4: detected capacity change from 0 to 32768 [ 99.343482][ T5976] btrfs: Deprecated parameter 'usebackuproot' [ 99.400440][ T5976] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 99.400549][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.411428][ T5985] loop2: detected capacity change from 0 to 256 [ 99.456920][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.464582][ T5976] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.7 (5976) [ 99.641525][ T5976] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 99.688930][ T5985] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 99.722383][ T5976] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm [ 99.770364][ T5976] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 99.811414][ T5985] FAT-fs (loop2): Filesystem has been set read-only [ 99.910416][ T5924] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 100.169786][ T5924] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 100.220679][ T5976] BTRFS info (device loop4): rebuilding free space tree [ 100.240354][ T5924] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 100.311427][ T5924] usb 1-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00 [ 100.366313][ T5976] BTRFS info (device loop4): disabling free space tree [ 100.374598][ T5924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.405293][ T5976] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 100.408071][ T5924] usb 1-1: config 0 descriptor?? [ 100.463642][ T5976] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 100.524591][ T5976] BTRFS info (device loop4): enabling ssd optimizations [ 100.539031][ T6023] loop1: detected capacity change from 0 to 64 [ 100.548155][ T6023] hfs: Unknown parameter 'ð' [ 100.566603][ T5976] BTRFS info (device loop4): turning on flush-on-commit [ 100.625135][ T5976] BTRFS info (device loop4): enabling disk space caching [ 100.628646][ T6019] loop5: detected capacity change from 0 to 4096 [ 100.633255][ T5976] BTRFS info (device loop4): force clearing of disk cache [ 100.649617][ T5976] BTRFS info (device loop4): trying to use backup root at mount time [ 100.661284][ T5976] BTRFS info (device loop4): force zlib compression, level 3 [ 100.794839][ T6019] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 100.811104][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 100.928116][ T5924] kye 0003:0458:4018.0001: unknown main item tag 0x0 [ 100.935494][ T6019] ntfs3(loop5): ino=1a, mi_enum_attr [ 100.961090][ T6019] ntfs3(loop5): ino=1a, mi_enum_attr [ 100.966686][ T5924] kye 0003:0458:4018.0001: unknown main item tag 0x0 [ 100.983715][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 100.999157][ T6019] ntfs3(loop5): Failed to initialize $Extend/$Reparse. [ 101.009405][ T5924] kye 0003:0458:4018.0001: unknown main item tag 0x0 [ 101.021167][ T10] usb 2-1: config index 0 descriptor too short (expected 65, got 36) [ 101.029523][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 254, changing to 11 [ 101.050518][ T5924] kye 0003:0458:4018.0001: unknown main item tag 0x0 [ 101.071661][ T5924] kye 0003:0458:4018.0001: unknown main item tag 0x0 [ 101.084480][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 25721, setting to 1024 [ 101.131434][ T5828] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 101.145395][ T5924] kye 0003:0458:4018.0001: hidraw0: USB HID v0.00 Device [HID 0458:4018] on usb-dummy_hcd.0-1/input0 [ 101.182897][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 101.215774][ T10] usb 2-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 101.237319][ T5924] usb 1-1: USB disconnect, device number 2 [ 101.249499][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.322367][ T10] usb 2-1: config 0 descriptor?? [ 101.352266][ T6023] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 101.428909][ T10] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input5 [ 101.535954][ T6027] fido_id[6027]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 101.791570][ T10] usb 2-1: USB disconnect, device number 2 [ 101.791746][ C1] pxrc 2-1:0.0: pxrc_usb_irq - usb_submit_urb failed with result: -19 [ 101.826107][ T6031] loop5: detected capacity change from 0 to 512 [ 101.864162][ T6031] EXT4-fs: Ignoring removed bh option [ 101.875088][ T6017] loop2: detected capacity change from 0 to 32768 [ 101.901877][ T6031] EXT4-fs: Ignoring removed mblk_io_submit option [ 101.941007][ T6031] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 101.986684][ T6021] loop3: detected capacity change from 0 to 32768 [ 102.026570][ T6017] JBD2: Ignoring recovery information on journal [ 102.070711][ T6021] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.16 (6021) [ 102.081260][ T6031] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 102.111608][ T6031] EXT4-fs (loop5): orphan cleanup on readonly fs [ 102.180923][ T6031] Quota error (device loop5): do_insert_tree: Free block already used in tree: block 4 [ 102.245554][ T6017] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 102.255515][ T6021] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 102.306651][ T6021] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm [ 102.318798][ T6031] Quota error (device loop5): qtree_write_dquot: Error -5 occurred while creating quota [ 102.327687][ T6017] (syz.2.13,6017,1):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options [ 102.432166][ T6031] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.19: Failed to acquire dquot type 1 [ 102.514932][ T5844] ocfs2: Unmounting device (7,2) on (node local) [ 102.522540][ T6031] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:483: comm syz.5.19: Invalid block bitmap block 0 in block_group 0 [ 102.632673][ T6031] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:483: comm syz.5.19: Invalid block bitmap block 0 in block_group 0 [ 102.646531][ T6021] BTRFS info (device loop3): turning on flush-on-commit [ 102.675607][ T6021] BTRFS info (device loop3): turning on async discard [ 102.715684][ T6021] BTRFS info (device loop3): enabling free space tree [ 102.722224][ T6031] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:483: comm syz.5.19: Invalid block bitmap block 0 in block_group 0 [ 102.773829][ T6031] Quota error (device loop5): write_blk: dquota write failed [ 102.820392][ T6031] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota [ 102.857275][ T6031] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.19: Failed to acquire dquot type 1 [ 102.925540][ T6031] Quota error (device loop5): write_blk: dquota write failed [ 102.939506][ T6021] BTRFS info (device loop3): balance: start [ 102.959260][ T6034] loop0: detected capacity change from 0 to 40427 [ 102.966228][ T6031] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota [ 102.976481][ T6021] BTRFS info (device loop3): balance: ended with status: 0 [ 103.000551][ T6031] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.19: Failed to acquire dquot type 1 [ 103.030870][ T6034] F2FS-fs (loop0): Small segment_count (9 < 1 * 24) [ 103.050695][ T6034] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 103.066383][ T6031] EXT4-fs (loop5): 1 orphan inode deleted [ 103.099525][ T6031] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 103.176697][ T5829] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 103.454360][ T5832] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.556232][ T6065] loop4: detected capacity change from 0 to 4096 [ 103.565731][ T6065] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 103.569762][ T6034] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 103.681868][ T6034] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 103.693765][ T6065] ntfs3(loop4): ino=19, mi_enum_attr [ 103.699073][ T6065] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 103.720432][ T6034] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 104.045971][ T5830] syz-executor: attempt to access beyond end of device [ 104.045971][ T5830] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 104.086424][ T6060] loop2: detected capacity change from 0 to 32768 [ 104.120588][ T5830] CPU: 0 UID: 0 PID: 5830 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 104.120619][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 104.120633][ T5830] Call Trace: [ 104.120643][ T5830] [ 104.120653][ T5830] dump_stack_lvl+0x189/0x250 [ 104.120695][ T5830] ? __pfx_dump_stack_lvl+0x10/0x10 [ 104.120736][ T5830] ? __pfx_queue_work_on+0x10/0x10 [ 104.120763][ T5830] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 104.120795][ T5830] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 104.120839][ T5830] f2fs_handle_critical_error+0x37c/0x540 [ 104.120884][ T5830] f2fs_write_end_io+0x886/0xb60 [ 104.120929][ T5830] __submit_merged_bio+0x27a/0x6a0 [ 104.120974][ T5830] __submit_merged_write_cond+0x255/0x530 [ 104.121017][ T5830] f2fs_write_data_pages+0x261d/0x3000 [ 104.121040][ T5830] ? unwind_next_frame+0xa5/0x2390 [ 104.121109][ T5830] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 104.121183][ T5830] ? srso_alias_return_thunk+0x5/0xfbef5 [ 104.121211][ T5830] ? check_path+0x21/0x40 [ 104.121238][ T5830] ? srso_alias_return_thunk+0x5/0xfbef5 [ 104.121264][ T5830] ? check_noncircular+0xe0/0x160 [ 104.121349][ T5830] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 104.121374][ T5830] do_writepages+0x32e/0x550 [ 104.121412][ T5830] ? srso_alias_return_thunk+0x5/0xfbef5 [ 104.121444][ T5830] ? srso_alias_return_thunk+0x5/0xfbef5 [ 104.121471][ T5830] ? do_raw_spin_unlock+0x122/0x240 [ 104.121509][ T5830] filemap_fdatawrite+0x199/0x240 [ 104.121542][ T5830] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 104.121621][ T5830] ? srso_alias_return_thunk+0x5/0xfbef5 [ 104.121655][ T5830] ? do_raw_spin_unlock+0x122/0x240 [ 104.121692][ T5830] f2fs_sync_dirty_inodes+0x31f/0x830 [ 104.121740][ T5830] f2fs_write_checkpoint+0x93e/0x2440 [ 104.121801][ T5830] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 104.121826][ T5830] ? kasan_record_aux_stack+0xbd/0xd0 [ 104.121916][ T5830] kill_f2fs_super+0x2cc/0x6d0 [ 104.121941][ T5830] ? srso_alias_return_thunk+0x5/0xfbef5 [ 104.121974][ T5830] ? __pfx_kill_f2fs_super+0x10/0x10 [ 104.122017][ T5830] ? srso_alias_return_thunk+0x5/0xfbef5 [ 104.122047][ T5830] ? shrinker_free+0x2ce/0x3e0 [ 104.122078][ T5830] deactivate_locked_super+0xbc/0x130 [ 104.122112][ T5830] cleanup_mnt+0x425/0x4c0 [ 104.122138][ T5830] ? srso_alias_return_thunk+0x5/0xfbef5 [ 104.122165][ T5830] ? lockdep_hardirqs_on+0x9c/0x150 [ 104.122200][ T5830] task_work_run+0x1d4/0x260 [ 104.122240][ T5830] ? __pfx_task_work_run+0x10/0x10 [ 104.122272][ T5830] ? __x64_sys_umount+0x122/0x160 [ 104.122311][ T5830] ? exit_to_user_mode_loop+0x40/0x130 [ 104.122339][ T5830] exit_to_user_mode_loop+0xe9/0x130 [ 104.122363][ T5830] do_syscall_64+0x2bd/0xfa0 [ 104.122395][ T5830] ? lockdep_hardirqs_on+0x9c/0x150 [ 104.122427][ T5830] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.122450][ T5830] ? srso_alias_return_thunk+0x5/0xfbef5 [ 104.122477][ T5830] ? exc_page_fault+0xab/0x100 [ 104.122516][ T5830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.122539][ T5830] RIP: 0033:0x7eff983909f7 [ 104.122559][ T5830] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 104.122578][ T5830] RSP: 002b:00007ffe543af6c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 104.122602][ T5830] RAX: 0000000000000000 RBX: 00007eff98411d7d RCX: 00007eff983909f7 [ 104.122618][ T5830] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe543af780 [ 104.122633][ T5830] RBP: 00007ffe543af780 R08: 0000000000000000 R09: 0000000000000000 [ 104.122648][ T5830] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe543b0810 [ 104.122664][ T5830] R13: 00007eff98411d7d R14: 00000000000195c4 R15: 00007ffe543b0850 [ 104.122703][ T5830] [ 104.135907][ T6060] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.21 (6060) [ 104.174307][ T5830] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 104.258310][ T6056] loop1: detected capacity change from 0 to 32768 [ 104.587013][ T6060] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 104.635272][ T6056] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.22 (6056) [ 104.680332][ T6060] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 104.755664][ T6056] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 104.796660][ T6056] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 104.850428][ T6056] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 104.929729][ T6060] BTRFS info (device loop2): enabling ssd optimizations [ 104.976217][ T6060] BTRFS info (device loop2): turning on async discard [ 105.019032][ T6060] BTRFS info (device loop2): enabling free space tree [ 105.142794][ T6056] BTRFS info (device loop1): rebuilding free space tree [ 105.239790][ T6056] BTRFS info (device loop1): disabling free space tree [ 105.249410][ T6056] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 105.270278][ T6056] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 105.324422][ T5844] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 105.352589][ T6056] BTRFS info (device loop1): enabling ssd optimizations [ 105.382948][ T6056] BTRFS info (device loop1): enabling disk space caching [ 105.418418][ T6056] BTRFS info (device loop1): force clearing of disk cache [ 105.443705][ T6056] BTRFS info (device loop1): force zstd compression, level 3 [ 105.670521][ T6076] loop3: detected capacity change from 0 to 32768 [ 105.741900][ T6115] mmap: syz.4.28 (6115) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 105.885479][ T5833] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 106.243541][ T6121] comedi comedi3: 8255: I/O port conflict (0x7,4) [ 106.297384][ T6121] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 106.347994][ T6121] comedi comedi3: 8255: I/O port conflict (0x16,4) [ 106.348193][ T6121] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 106.348300][ T6121] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 106.348346][ T6121] comedi comedi3: 8255: I/O port conflict (0x8,4) [ 106.348391][ T6121] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 106.348436][ T6121] comedi comedi3: 8255: I/O port conflict (0xa,4) [ 106.348481][ T6121] comedi comedi3: 8255: I/O port conflict (0xfd,4) [ 106.348526][ T6121] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 106.348571][ T6121] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 106.348618][ T6121] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 106.348663][ T6121] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 106.348709][ T6121] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 106.348760][ T6121] comedi comedi3: 8255: I/O port conflict (0x8000c,4) [ 106.348805][ T6121] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4) [ 106.348852][ T6121] comedi comedi3: 8255: I/O port conflict (0x7f,4) [ 106.643454][ T6098] loop5: detected capacity change from 0 to 32768 [ 106.692022][ T6098] [ 106.692022][ T6098] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 106.692022][ T6098] [ 106.737559][ T6098] [ 106.737559][ T6098] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 106.737559][ T6098] [ 106.737640][ T6098] [ 106.737640][ T6098] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 106.737640][ T6098] [ 106.737685][ T6098] [ 106.737685][ T6098] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 106.737685][ T6098] [ 106.737730][ T6098] [ 106.737730][ T6098] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 106.737730][ T6098] [ 106.737855][ T6098] [ 106.737855][ T6098] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 106.737855][ T6098] [ 106.737902][ T6098] [ 106.737902][ T6098] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 106.737902][ T6098] [ 106.762491][ T110] [ 106.762491][ T110] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 106.762491][ T110] [ 106.891254][ T5832] [ 106.891254][ T5832] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 106.891254][ T5832] [ 106.902772][ T5832] [ 106.902772][ T5832] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 106.902772][ T5832] [ 107.335645][ T6139] [U] ÿ [ 107.838261][ T6152] loop1: detected capacity change from 0 to 2048 [ 107.902016][ T6152] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 108.020325][ T5924] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 108.212043][ T5924] usb 6-1: Using ep0 maxpacket: 8 [ 108.245197][ T5924] usb 6-1: config 0 has an invalid interface number: 143 but max is 0 [ 108.286286][ T5924] usb 6-1: config 0 has no interface number 0 [ 108.302521][ T5924] usb 6-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b [ 108.332189][ T5924] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.363880][ T5924] usb 6-1: config 0 descriptor?? [ 108.454951][ T6167] loop4: detected capacity change from 0 to 512 [ 108.500317][ T5924] viperboard 6-1:0.143: version 0.00 found at bus 006 address 002 [ 108.527439][ T6167] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 108.560266][ T6167] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 108.560692][ T10] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 108.594418][ T5924] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100 [ 108.643502][ T5924] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5 [ 108.663245][ T6167] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.53: inode has both inline data and extents flags [ 108.722032][ T5924] usb 6-1: USB disconnect, device number 2 [ 108.737834][ T6167] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.53: couldn't read orphan inode 15 (err -117) [ 108.780612][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 108.792792][ T6167] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.825527][ T10] usb 2-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 108.872166][ T10] usb 2-1: config 0 interface 0 has no altsetting 0 [ 108.890377][ T10] usb 2-1: New USB device found, idVendor=05ac, idProduct=029f, bcdDevice= 0.00 [ 108.909709][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.936536][ T10] usb 2-1: config 0 descriptor?? [ 108.953139][ T6161] loop0: detected capacity change from 0 to 32768 [ 108.993526][ T6161] [ 108.993526][ T6161] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 108.993526][ T6161] [ 109.011716][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.037254][ T6161] [ 109.037254][ T6161] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.037254][ T6161] [ 109.099235][ T6161] [ 109.099235][ T6161] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.099235][ T6161] [ 109.141796][ T6161] [ 109.141796][ T6161] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.141796][ T6161] [ 109.199628][ T6161] [ 109.199628][ T6161] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.199628][ T6161] [ 109.271916][ T6161] [ 109.271916][ T6161] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.271916][ T6161] [ 109.323566][ T6161] [ 109.323566][ T6161] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.323566][ T6161] [ 109.372014][ T111] [ 109.372014][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.372014][ T111] [ 109.403293][ T10] apple 0003:05AC:029F.0002: unknown main item tag 0x0 [ 109.423310][ T10] apple 0003:05AC:029F.0002: unknown main item tag 0x0 [ 109.450352][ T10] apple 0003:05AC:029F.0002: unknown main item tag 0x0 [ 109.477653][ T10] apple 0003:05AC:029F.0002: unknown main item tag 0x0 [ 109.498380][ T10] apple 0003:05AC:029F.0002: unknown main item tag 0x0 [ 109.517781][ T5830] [ 109.517781][ T5830] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.517781][ T5830] [ 109.557882][ T10] apple 0003:05AC:029F.0002: hidraw0: USB HID v0.05 Device [HID 05ac:029f] on usb-dummy_hcd.1-1/input0 [ 109.577272][ T5830] [ 109.577272][ T5830] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.577272][ T5830] [ 109.618367][ T10] usb 2-1: USB disconnect, device number 3 [ 109.700529][ T6169] loop3: detected capacity change from 0 to 32768 [ 109.806289][ T6181] fido_id[6181]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 109.842979][ T6169] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 109.879540][ T6190] loop4: detected capacity change from 0 to 64 [ 109.977231][ T6196] loop5: detected capacity change from 0 to 2048 [ 110.002934][ T6196] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found! [ 110.098575][ T6196] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 110.098773][ T6169] XFS (loop3): Ending clean mount [ 110.189434][ T6196] overlayfs: upper fs needs to support d_type. [ 110.208518][ T6169] XFS (loop3): Quotacheck needed: Please wait. [ 110.253495][ T6196] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 110.305706][ T6196] overlayfs: failed to set xattr on upper [ 110.322235][ T6169] XFS (loop3): Quotacheck: Done. [ 110.353432][ T6196] overlayfs: ...falling back to redirect_dir=nofollow. [ 110.370939][ T6196] overlayfs: ...falling back to index=off. [ 110.390297][ T6196] overlayfs: ...falling back to uuid=null. [ 110.561417][ T6210] loop2: detected capacity change from 0 to 512 [ 110.585817][ T5832] UDF-fs: error (device loop5): udf_read_inode: (ino 1317) failed !bh [ 110.627493][ T6210] EXT4-fs warning (device loop2): dx_probe:861: inode #2: comm syz.2.69: dx entry: limit 0 != root limit 125 [ 110.641330][ T5832] UDF-fs: error (device loop5): udf_read_inode: (ino 1317) failed !bh [ 110.659534][ T5829] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 110.661032][ T6210] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.69: Corrupt directory, running e2fsck is recommended [ 110.682981][ T6210] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 110.691310][ T6210] EXT4-fs error (device loop2): ext4_iget_extra_inode:5075: inode #15: comm syz.2.69: corrupted in-inode xattr: invalid ea_ino [ 110.712957][ T6210] EXT4-fs (loop2): Remounting filesystem read-only [ 110.753762][ T6210] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.015691][ T6210] EXT4-fs warning (device loop2): dx_probe:861: inode #2: comm syz.2.69: dx entry: limit 0 != root limit 125 [ 111.065785][ T6210] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.69: Corrupt directory, running e2fsck is recommended [ 111.147892][ T6218] sp0: Synchronizing with TNC [ 111.225779][ T5844] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.504557][ T6214] loop4: detected capacity change from 0 to 32768 [ 111.532170][ T6214] BTRFS warning: excessive commit interval 2147483648, use with care [ 111.545130][ T6214] btrfs: Deprecated parameter 'usebackuproot' [ 111.558055][ T6214] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 111.581061][ T6214] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.70 (6214) [ 111.622950][ T13] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.658232][ T6214] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 111.681024][ T6214] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm [ 111.814100][ T13] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.833966][ T12] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 111.887846][ T6214] BTRFS error (device loop4): failed to load root extent [ 111.916025][ T6214] BTRFS warning (device loop4): try to load backup roots slot 1 [ 111.965493][ T5945] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 111.979645][ T6242] netlink: 'syz.0.78': attribute type 3 has an invalid length. [ 112.013019][ T6214] BTRFS warning (device loop4): couldn't read tree root [ 112.022888][ T6242] netlink: 8 bytes leftover after parsing attributes in process `syz.0.78'. [ 112.042264][ T6214] BTRFS warning (device loop4): try to load backup roots slot 2 [ 112.050333][ T12] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 112.080505][ T6214] BTRFS warning (device loop4): couldn't read tree root [ 112.089416][ T13] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.110393][ T6214] BTRFS warning (device loop4): try to load backup roots slot 3 [ 112.162805][ T6214] BTRFS info (device loop4): rebuilding free space tree [ 112.223866][ T6214] BTRFS info (device loop4): checking UUID tree [ 112.291250][ T6214] BTRFS info (device loop4): setting nodatasum [ 112.299359][ T6214] BTRFS info (device loop4): enabling ssd optimizations [ 112.338082][ T6214] BTRFS info (device loop4): turning off barriers [ 112.372500][ T6214] BTRFS info (device loop4): turning on flush-on-commit [ 112.379472][ T6214] BTRFS info (device loop4): turning on async discard [ 112.426536][ T13] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.437638][ T6214] BTRFS info (device loop4): enabling free space tree [ 112.465098][ T6214] BTRFS info (device loop4): force clearing of disk cache [ 112.493301][ T6214] BTRFS info (device loop4): enabling auto defrag [ 112.496201][ T6249] loop2: detected capacity change from 0 to 512 [ 112.499746][ T6214] BTRFS info (device loop4): trying to use backup root at mount time [ 112.603200][ T6253] loop1: detected capacity change from 0 to 512 [ 112.642352][ T6249] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.80: inode has both inline data and extents flags [ 112.678390][ T6253] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 112.722965][ T6223] loop3: detected capacity change from 0 to 40427 [ 112.730953][ T6223] F2FS-fs: heap/no_heap options were deprecated [ 112.738109][ T6223] F2FS-fs (loop3): Image doesn't support compression [ 112.761448][ T6223] F2FS-fs (loop3): invalid crc value [ 112.770399][ T6249] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.80: couldn't read orphan inode 15 (err -117) [ 112.799631][ T6253] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 112.827160][ T6249] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.880406][ T5941] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 112.935582][ T6253] EXT4-fs (loop1): 1 truncate cleaned up [ 112.989127][ T5828] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 113.043851][ T6253] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 113.057050][ T5941] usb 1-1: Using ep0 maxpacket: 32 [ 113.096058][ T13] bridge_slave_1: left allmulticast mode [ 113.101120][ T5941] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 113.122830][ T13] bridge_slave_1: left promiscuous mode [ 113.130519][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.160469][ T5941] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 113.170654][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 113.176256][ T5941] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 113.178993][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 113.187591][ T5941] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.205036][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 113.213317][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 113.221832][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 113.276593][ T6223] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 113.287891][ T5844] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.301764][ T5941] usb 1-1: config 0 descriptor?? [ 113.323432][ T30] audit: type=1800 audit(1762268011.191:2): pid=6253 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.82" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 113.358435][ T6223] F2FS-fs (loop3): Start checkpoint disabled! [ 113.366959][ T13] bridge_slave_0: left allmulticast mode [ 113.407920][ T13] bridge_slave_0: left promiscuous mode [ 113.446754][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.455283][ T6223] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0 [ 113.496630][ T6223] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 113.638293][ T5833] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.749128][ T5941] ft260 0003:0403:6030.0003: item fetching failed at offset 0/2 [ 113.793493][ T5941] ft260 0003:0403:6030.0003: failed to parse HID [ 113.829077][ T5941] ft260 0003:0403:6030.0003: probe with driver ft260 failed with error -22 [ 113.843031][ T5945] kworker/u8:8: attempt to access beyond end of device [ 113.843031][ T5945] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 113.937216][ T5945] CPU: 0 UID: 0 PID: 5945 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(full) [ 113.937246][ T5945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 113.937261][ T5945] Workqueue: writeback wb_workfn (flush-7:3) [ 113.937296][ T5945] Call Trace: [ 113.937305][ T5945] [ 113.937315][ T5945] dump_stack_lvl+0x189/0x250 [ 113.937352][ T5945] ? __pfx_dump_stack_lvl+0x10/0x10 [ 113.937384][ T5945] ? __pfx_queue_work_on+0x10/0x10 [ 113.937408][ T5945] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 113.937438][ T5945] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 113.937479][ T5945] f2fs_handle_critical_error+0x37c/0x540 [ 113.937521][ T5945] f2fs_write_end_io+0x886/0xb60 [ 113.937564][ T5945] __submit_merged_bio+0x27a/0x6a0 [ 113.937610][ T5945] __submit_merged_write_cond+0x255/0x530 [ 113.937651][ T5945] f2fs_write_data_pages+0x261d/0x3000 [ 113.937710][ T5945] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 113.937747][ T5945] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 113.937772][ T5945] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.937835][ T5945] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 113.937869][ T5945] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.937893][ T5945] ? look_up_lock_class+0x74/0x170 [ 113.937934][ T5945] ? trace_f2fs_writepages+0x7f/0x200 [ 113.937975][ T5945] ? f2fs_write_node_pages+0x478/0x6e0 [ 113.938013][ T5945] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 113.938050][ T5945] ? __lock_acquire+0xab9/0xd20 [ 113.938081][ T5945] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 113.938104][ T5945] do_writepages+0x32e/0x550 [ 113.938139][ T5945] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.938164][ T5945] ? reacquire_held_locks+0x127/0x1d0 [ 113.938189][ T5945] ? writeback_sb_inodes+0x384/0x1010 [ 113.938231][ T5945] __writeback_single_inode+0x145/0xff0 [ 113.938262][ T5945] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.938287][ T5945] ? do_raw_spin_unlock+0x122/0x240 [ 113.938323][ T5945] writeback_sb_inodes+0x6c7/0x1010 [ 113.938363][ T5945] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 113.938410][ T5945] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 113.938491][ T5945] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.938517][ T5945] ? rcu_is_watching+0x15/0xb0 [ 113.938543][ T5945] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.938578][ T5945] wb_writeback+0x43b/0xaf0 [ 113.938618][ T5945] ? queue_io+0x3d1/0x590 [ 113.938653][ T5945] ? __pfx_wb_writeback+0x10/0x10 [ 113.938694][ T5945] ? _raw_spin_unlock_irq+0x23/0x50 [ 113.938727][ T5945] wb_workfn+0x409/0xef0 [ 113.938770][ T5945] ? __pfx_wb_workfn+0x10/0x10 [ 113.938801][ T5945] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.938826][ T5945] ? __lock_acquire+0xab9/0xd20 [ 113.938860][ T5945] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.938888][ T5945] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.938918][ T5945] ? _raw_spin_unlock_irq+0x23/0x50 [ 113.938944][ T5945] ? process_scheduled_works+0x9ef/0x17b0 [ 113.938973][ T5945] ? process_scheduled_works+0x9ef/0x17b0 [ 113.939000][ T5945] process_scheduled_works+0xae1/0x17b0 [ 113.939057][ T5945] ? __pfx_process_scheduled_works+0x10/0x10 [ 113.939090][ T5945] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.939125][ T5945] worker_thread+0x8a0/0xda0 [ 113.939154][ T5945] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 113.939191][ T5945] ? __kthread_parkme+0x7b/0x200 [ 113.939229][ T5945] kthread+0x711/0x8a0 [ 113.939264][ T5945] ? __pfx_worker_thread+0x10/0x10 [ 113.939288][ T5945] ? __pfx_kthread+0x10/0x10 [ 113.939315][ T5945] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.939345][ T5945] ? _raw_spin_unlock_irq+0x23/0x50 [ 113.939371][ T5945] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.939396][ T5945] ? lockdep_hardirqs_on+0x9c/0x150 [ 113.939425][ T5945] ? __pfx_kthread+0x10/0x10 [ 113.939459][ T5945] ret_from_fork+0x4bc/0x870 [ 113.939486][ T5945] ? __pfx_ret_from_fork+0x10/0x10 [ 113.939518][ T5945] ? __switch_to_asm+0x39/0x70 [ 113.939536][ T5945] ? __switch_to_asm+0x33/0x70 [ 113.939554][ T5945] ? __pfx_kthread+0x10/0x10 [ 113.939587][ T5945] ret_from_fork_asm+0x1a/0x30 [ 113.939627][ T5945] [ 113.979616][ T5941] usb 1-1: USB disconnect, device number 3 [ 114.050301][ T5945] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 114.285408][ T6279] loop4: detected capacity change from 0 to 512 [ 114.413764][ T6267] Falling back ldisc for ptm0. [ 114.452654][ T6279] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 114.663618][ T6279] EXT4-fs (loop4): 1 truncate cleaned up [ 114.693218][ T6279] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 114.775446][ T6279] EXT4-fs error (device loop4): ext4_generic_delete_entry:2668: inode #2: block 13: comm syz.4.88: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 114.799163][ T6275] loop1: detected capacity change from 0 to 32768 [ 114.837693][ T6275] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.85 (6275) [ 114.889378][ T6279] EXT4-fs error (device loop4) in ext4_delete_entry:2739: Corrupt filesystem [ 114.912206][ T6275] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 114.922484][ T6290] genirq: Flags mismatch irq 4. 00200000 (pcl816) vs. 00200080 (ttyS0) [ 115.003997][ T6275] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm [ 115.134372][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.313303][ T5841] Bluetooth: hci4: command tx timeout [ 115.388103][ T6275] BTRFS info (device loop1): enabling ssd optimizations [ 115.413753][ T6275] BTRFS info (device loop1): turning on async discard [ 115.439236][ T6314] loop4: detected capacity change from 0 to 512 [ 115.452836][ T6275] BTRFS info (device loop1): enabling free space tree [ 115.513699][ T6275] BTRFS info (device loop1): device stats zeroed by syz.1.85 (6275) [ 115.543281][ T6314] EXT4-fs: Ignoring removed nobh option [ 115.625800][ T6314] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.711023][ T5833] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 115.947869][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.364848][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 116.401281][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 116.429325][ T13] bond0 (unregistering): Released all slaves [ 116.803347][ T6339] loop1: detected capacity change from 0 to 1024 [ 116.878997][ T6323] loop3: detected capacity change from 0 to 40427 [ 116.893103][ T6323] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 116.900941][ T6323] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 116.928009][ T6316] loop0: detected capacity change from 0 to 40427 [ 116.938858][ T6323] F2FS-fs (loop3): build fault injection rate: 17008 [ 116.950893][ T6316] F2FS-fs (loop0): invalid crc value [ 116.960228][ T6323] F2FS-fs (loop3): build fault injection type: 0x1f8 [ 117.014122][ T6323] F2FS-fs (loop3): invalid crc value [ 117.364370][ T6316] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 117.392577][ T5841] Bluetooth: hci4: command tx timeout [ 117.463815][ T6316] F2FS-fs (loop0): Start checkpoint disabled! [ 117.472672][ T6323] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 117.491976][ T6316] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0 [ 117.537882][ T6316] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 117.560901][ T6323] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 117.567967][ T6323] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 117.853384][ T5829] syz-executor: attempt to access beyond end of device [ 117.853384][ T5829] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 117.910381][ T5829] CPU: 1 UID: 0 PID: 5829 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 117.910413][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 117.910427][ T5829] Call Trace: [ 117.910436][ T5829] [ 117.910446][ T5829] dump_stack_lvl+0x189/0x250 [ 117.910488][ T5829] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.910521][ T5829] ? __pfx_queue_work_on+0x10/0x10 [ 117.910548][ T5829] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 117.910580][ T5829] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 117.910624][ T5829] f2fs_handle_critical_error+0x37c/0x540 [ 117.910669][ T5829] f2fs_write_end_io+0x886/0xb60 [ 117.910714][ T5829] __submit_merged_bio+0x27a/0x6a0 [ 117.910764][ T5829] __submit_merged_write_cond+0x255/0x530 [ 117.910807][ T5829] f2fs_write_data_pages+0x261d/0x3000 [ 117.910869][ T5829] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 117.910943][ T5829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.910975][ T5829] ? folio_unqueue_deferred_split+0x93/0x230 [ 117.911007][ T5829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.911033][ T5829] ? folios_put_refs+0x584/0x670 [ 117.911073][ T5829] ? __pfx_folios_put_refs+0x10/0x10 [ 117.911099][ T5829] ? rcu_is_watching+0x15/0xb0 [ 117.911137][ T5829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.911163][ T5829] ? __lock_acquire+0xab9/0xd20 [ 117.911205][ T5829] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 117.911231][ T5829] do_writepages+0x32e/0x550 [ 117.911268][ T5829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.911300][ T5829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.911326][ T5829] ? do_raw_spin_unlock+0x122/0x240 [ 117.911365][ T5829] filemap_fdatawrite+0x199/0x240 [ 117.911398][ T5829] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 117.911477][ T5829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.911509][ T5829] ? do_raw_spin_unlock+0x122/0x240 [ 117.911548][ T5829] f2fs_sync_dirty_inodes+0x31f/0x830 [ 117.911592][ T5829] f2fs_write_checkpoint+0x93e/0x2440 [ 117.911616][ T5829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.911643][ T5829] ? __lock_acquire+0xab9/0xd20 [ 117.911698][ T5829] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 117.911795][ T5829] kill_f2fs_super+0x2cc/0x6d0 [ 117.911821][ T5829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.911854][ T5829] ? __pfx_kill_f2fs_super+0x10/0x10 [ 117.911899][ T5829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.911926][ T5829] ? shrinker_free+0x2ce/0x3e0 [ 117.911957][ T5829] deactivate_locked_super+0xbc/0x130 [ 117.911991][ T5829] cleanup_mnt+0x425/0x4c0 [ 117.912018][ T5829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.912045][ T5829] ? lockdep_hardirqs_on+0x9c/0x150 [ 117.912081][ T5829] task_work_run+0x1d4/0x260 [ 117.912120][ T5829] ? __pfx_task_work_run+0x10/0x10 [ 117.912153][ T5829] ? __x64_sys_umount+0x122/0x160 [ 117.912192][ T5829] ? exit_to_user_mode_loop+0x40/0x130 [ 117.912219][ T5829] exit_to_user_mode_loop+0xe9/0x130 [ 117.912242][ T5829] do_syscall_64+0x2bd/0xfa0 [ 117.912274][ T5829] ? lockdep_hardirqs_on+0x9c/0x150 [ 117.912305][ T5829] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.912328][ T5829] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.912354][ T5829] ? exc_page_fault+0xab/0x100 [ 117.912389][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.912412][ T5829] RIP: 0033:0x7f4b02f909f7 [ 117.912432][ T5829] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 117.912451][ T5829] RSP: 002b:00007ffd874dbb28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 117.912476][ T5829] RAX: 0000000000000000 RBX: 00007f4b03011d7d RCX: 00007f4b02f909f7 [ 117.912492][ T5829] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd874dbbe0 [ 117.912507][ T5829] RBP: 00007ffd874dbbe0 R08: 0000000000000000 R09: 0000000000000000 [ 117.912522][ T5829] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd874dcc70 [ 117.912538][ T5829] R13: 00007f4b03011d7d R14: 000000000001cbe2 R15: 00007ffd874dccb0 [ 117.912576][ T5829] [ 117.912586][ T5829] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 118.531232][ T13] hsr_slave_0: left promiscuous mode [ 118.581318][ T13] hsr_slave_1: left promiscuous mode [ 118.588746][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 118.633991][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 118.673722][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.703484][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 118.897470][ T13] veth1_macvtap: left promiscuous mode [ 118.911435][ T13] veth0_macvtap: left promiscuous mode [ 118.917114][ T13] veth1_vlan: left promiscuous mode [ 118.951485][ T13] veth0_vlan: left promiscuous mode [ 119.177993][ T6392] loop1: detected capacity change from 0 to 1024 [ 119.211995][ T6392] EXT4-fs: Ignoring removed nomblk_io_submit option [ 119.268201][ T6392] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 119.425370][ T6392] EXT4-fs error (device loop1): __ext4_new_inode:1073: comm syz.1.118: reserved inode found cleared - inode=18 [ 119.470327][ T5841] Bluetooth: hci4: command tx timeout [ 119.574787][ T5833] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.628133][ T6380] loop4: detected capacity change from 0 to 32768 [ 119.969519][ T6414] netlink: 8 bytes leftover after parsing attributes in process `syz.3.125'. [ 120.631177][ T6429] loop2: detected capacity change from 0 to 4096 [ 120.769645][ T6429] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 120.781026][ T6415] loop1: detected capacity change from 0 to 32768 [ 120.813153][ T6415] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.127 (6415) [ 120.884029][ T6415] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 120.910663][ T6415] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm [ 121.130029][ T6445] loop2: detected capacity change from 0 to 512 [ 121.170731][ T6415] BTRFS info (device loop1): rebuilding free space tree [ 121.191134][ T6445] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.135: bad orphan inode 15 [ 121.202416][ T6421] loop3: detected capacity change from 0 to 40427 [ 121.223269][ T6445] ext4_test_bit(bit=14, block=5) = 0 [ 121.233871][ T13] team0 (unregistering): Port device team_slave_1 removed [ 121.267242][ T6421] F2FS-fs (loop3): build fault injection rate: 14 [ 121.271258][ T6415] BTRFS info (device loop1): disabling free space tree [ 121.290535][ T6445] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.303973][ T6421] F2FS-fs (loop3): build fault injection type: 0x3bfe8c [ 121.356201][ T6415] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 121.377631][ T6421] F2FS-fs (loop3): invalid crc value [ 121.378610][ T6445] EXT4-fs error (device loop2): __ext4_new_inode:1073: comm syz.2.135: reserved inode found cleared - inode=1 [ 121.412818][ C0] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60 [ 121.439474][ T6415] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 121.459378][ C0] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60 [ 121.490320][ T13] team0 (unregistering): Port device team_slave_0 removed [ 121.518906][ T6451] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 7987 vs 220 free clusters [ 121.520819][ T6415] BTRFS info (device loop1): setting nodatasum [ 121.560463][ T6415] BTRFS info (device loop1): setting nodatacow [ 121.560751][ T6451] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem [ 121.566640][ T6415] BTRFS info (device loop1): turning off barriers [ 121.566663][ T6415] BTRFS info (device loop1): force clearing of disk cache [ 121.590858][ T5841] Bluetooth: hci4: command tx timeout [ 121.631804][ T6427] loop4: detected capacity change from 0 to 32768 [ 121.777070][ T6427] jfs_lookup: iget failed on inum 4 [ 121.794643][ T6427] jfs_lookup: iget failed on inum 4 [ 121.808188][ T6421] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 121.837824][ T5844] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.857197][ T6421] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0 [ 121.910316][ T6421] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 121.924339][ T5833] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 122.141366][ T6455] loop2: detected capacity change from 0 to 1024 [ 122.239848][ T6455] hfsplus: xattr searching failed [ 122.920675][ T6467] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 123.077532][ T6471] loop3: detected capacity change from 0 to 1024 [ 123.172693][ T6473] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 123.172925][ T6471] hfsplus: bad catalog entry type [ 123.330781][ T5945] hfsplus: b-tree write err: -5, ino 4 [ 123.510720][ T6479] loop2: detected capacity change from 0 to 4096 [ 123.525820][ T6465] loop1: detected capacity change from 0 to 32768 [ 123.547016][ T6465] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.143 (6465) [ 123.590585][ T6465] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 123.613350][ T6465] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm [ 123.627875][ T6390] netlink: 20 bytes leftover after parsing attributes in process `syz.0.111'. [ 123.710635][ T24] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 123.859543][ T6465] BTRFS info (device loop1): enabling ssd optimizations [ 123.896458][ T6465] BTRFS info (device loop1): turning on async discard [ 123.930348][ T6465] BTRFS info (device loop1): enabling free space tree [ 123.932120][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.982279][ T24] usb 4-1: New USB device found, idVendor=045e, idProduct=00f9, bcdDevice= 0.00 [ 124.007449][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.026246][ T6505] capability: warning: `syz.0.151' uses deprecated v2 capabilities in a way that may be insecure [ 124.051225][ T6260] chnl_net:caif_netlink_parms(): no params data found [ 124.081467][ T24] usb 4-1: config 0 descriptor?? [ 124.325639][ T5833] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 124.378119][ T6512] devtmpfs: Cannot disable swap on remount [ 124.541836][ T24] microsoft 0003:045E:00F9.0004: unbalanced delimiter at end of report description [ 124.910814][ T6520] loop4: detected capacity change from 0 to 40427 [ 124.919010][ T6520] F2FS-fs (loop4): Wrong segment_count / block_count (31 > 0) [ 124.926705][ T6520] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 124.937994][ T6520] F2FS-fs (loop4): invalid crc value [ 124.944054][ T24] microsoft 0003:045E:00F9.0004: parse failed [ 124.956132][ T24] microsoft 0003:045E:00F9.0004: probe with driver microsoft failed with error -22 [ 125.059189][ T6520] F2FS-fs (loop4): inconsistent node block, node_type:1, nid:3, node_footer[nid:3,ino:4278190083,ofs:2097151,cpver:1207959552,blkaddr:4098] [ 125.077028][ T24] usb 4-1: USB disconnect, device number 2 [ 125.086952][ T6520] F2FS-fs (loop4): Failed to read root inode [ 125.234029][ T6260] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.250351][ T6260] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.272243][ T6260] bridge_slave_0: entered allmulticast mode [ 125.310375][ T6260] bridge_slave_0: entered promiscuous mode [ 125.346605][ T6260] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.384503][ T6260] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.410993][ T6260] bridge_slave_1: entered allmulticast mode [ 125.430795][ T6538] netlink: 20 bytes leftover after parsing attributes in process `syz.2.161'. [ 125.441557][ T6260] bridge_slave_1: entered promiscuous mode [ 125.561697][ T6542] loop1: detected capacity change from 0 to 256 [ 125.903759][ T6260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 125.989154][ T6260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 126.252387][ T6260] team0: Port device team_slave_0 added [ 126.356277][ T6566] loop3: detected capacity change from 0 to 512 [ 126.370834][ T6260] team0: Port device team_slave_1 added [ 126.398947][ T6566] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 126.457894][ T6566] EXT4-fs (loop3): 1 truncate cleaned up [ 126.581673][ T6566] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.706162][ T6566] EXT4-fs error (device loop3): ext4_get_parent:1838: comm syz.3.171: inode #2: comm syz.3.171: iget: illegal inode # [ 126.724977][ T6260] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 126.740289][ T6260] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 126.812618][ T6580] loop1: detected capacity change from 0 to 2048 [ 126.829161][ T6260] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 126.833527][ T6578] loop2: detected capacity change from 0 to 512 [ 126.887367][ T6260] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 126.893961][ T5829] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.920379][ T6583] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 126.923388][ T6260] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 126.941324][ T6578] EXT4-fs: Ignoring removed nobh option [ 127.010279][ T6260] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 127.051114][ T6583] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 127.075058][ T6578] fscrypt (loop2, inode 2): Error -61 getting encryption context [ 127.078056][ T6583] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4) [ 127.097917][ T6583] Remounting filesystem read-only [ 127.130971][ T6578] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -61 [ 127.190390][ T6578] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #13: comm syz.2.174: inode has both inline data and extents flags [ 127.253980][ T6578] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.174: couldn't read orphan inode 13 (err -117) [ 127.294688][ T5833] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 127.307113][ T6578] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.729124][ T5844] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.752876][ T6260] hsr_slave_0: entered promiscuous mode [ 127.811295][ T6260] hsr_slave_1: entered promiscuous mode [ 127.828018][ T6260] debugfs: 'hsr0' already exists in 'hsr' [ 127.840085][ T6260] Cannot create hsr debugfs directory [ 128.756187][ T6636] netlink: 12 bytes leftover after parsing attributes in process `syz.1.199'. [ 128.800671][ T5903] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 128.971723][ T6260] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 129.004142][ T5903] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 129.007701][ T6260] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 129.033597][ T5903] usb 5-1: config 0 has no interface number 0 [ 129.056354][ T6260] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 129.057039][ T5903] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 129.088932][ T6260] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 129.106050][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.132447][ T5903] usb 5-1: Product: syz [ 129.141172][ T5903] usb 5-1: Manufacturer: syz [ 129.149646][ T5903] usb 5-1: SerialNumber: syz [ 129.224292][ T5903] usb 5-1: config 0 descriptor?? [ 129.477146][ T5903] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 129.488122][ T6260] 8021q: adding VLAN 0 to HW filter on device bond0 [ 129.494844][ T5940] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 129.523070][ T5903] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 129.546255][ T5903] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 129.592349][ T6629] loop3: detected capacity change from 0 to 32768 [ 129.594759][ T6260] 8021q: adding VLAN 0 to HW filter on device team0 [ 129.606572][ T5903] usb 5-1: media controller created [ 129.647934][ T6629] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.195 (6629) [ 129.652230][ T1321] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.667834][ T1321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 129.702777][ T5903] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 129.725733][ T5940] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 129.739176][ T6629] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 129.762799][ T5940] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 129.794017][ T6629] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm [ 129.811098][ T1321] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.818433][ T1321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 129.824259][ T5903] usb 5-1: DVB: registering adapter 1 frontend 0 (E3C EC100 DVB-T)... [ 129.830054][ T5940] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 129.855335][ T5903] dvbdev: dvb_create_media_entity: media entity 'E3C EC100 DVB-T' registered. [ 129.873876][ T5940] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.953938][ T5903] DVB: Unable to find symbol mxl5005s_attach() [ 129.977666][ T6658] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 130.052089][ T5903] usb 5-1: USB disconnect, device number 2 [ 130.059512][ T5940] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 130.114975][ T6629] BTRFS info (device loop3): enabling ssd optimizations [ 130.151099][ T6629] BTRFS info (device loop3): turning on async discard [ 130.180068][ T6629] BTRFS info (device loop3): enabling free space tree [ 130.378621][ T6649] loop2: detected capacity change from 0 to 32768 [ 130.464833][ T10] usb 1-1: USB disconnect, device number 4 [ 130.518454][ T6649] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 130.648315][ T6702] BTRFS info (device loop3): device stats zeroed by syz.3.195 (6702) [ 130.676926][ T6649] XFS (loop2): Ending clean mount [ 130.858046][ T6706] loop4: detected capacity change from 0 to 256 [ 130.882303][ T6706] exfat: Deprecated parameter 'namecase' [ 130.946709][ T5844] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 131.019368][ T6260] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.028187][ T5829] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 131.061862][ T6706] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 131.481489][ T6715] warning: `syz.0.214' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 131.782856][ T6728] loop1: detected capacity change from 0 to 64 [ 132.118522][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.128854][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.202661][ T6733] loop0: detected capacity change from 0 to 4096 [ 132.309739][ T6260] veth0_vlan: entered promiscuous mode [ 132.413344][ T6260] veth1_vlan: entered promiscuous mode [ 132.453903][ T6742] loop2: detected capacity change from 0 to 1024 [ 132.481406][ T6733] ntfs3(loop0): ino=1f, mi_enum_attr [ 132.533975][ T6733] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 132.593324][ T6260] veth0_macvtap: entered promiscuous mode [ 132.638532][ T6260] veth1_macvtap: entered promiscuous mode [ 132.661304][ T6744] ntfs3(loop0): ino=9, attr_set_size [ 132.765198][ T6260] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 132.803367][ T6260] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 132.884216][ T1157] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.912704][ T6750] loop2: detected capacity change from 0 to 1024 [ 132.948933][ T6719] loop4: detected capacity change from 0 to 32768 [ 132.972779][ T6719] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.215 (6719) [ 132.995834][ T1157] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.052153][ T1157] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.092939][ T1157] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.097923][ T6719] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 133.191278][ T6719] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 133.206687][ T6756] loop3: detected capacity change from 0 to 1024 [ 133.241231][ T1321] hfsplus: b-tree write err: -5, ino 4 [ 133.267726][ T6756] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 133.472665][ T6756] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 133.521035][ T1321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.563828][ T1321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.574237][ T6719] BTRFS info (device loop4): enabling ssd optimizations [ 133.598360][ T6779] sg_write: data in/out 65500/14 bytes for SCSI command 0x8-- guessing data in; [ 133.598360][ T6779] program syz.2.230 not setting count and/or reply_len properly [ 133.600376][ T6719] BTRFS info (device loop4): turning on async discard [ 133.688239][ T6781] loop1: detected capacity change from 0 to 1024 [ 133.708400][ T1157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.720805][ T6719] BTRFS info (device loop4): enabling free space tree [ 133.738408][ T1157] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.782565][ T5829] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.049392][ T6785] loop3: detected capacity change from 0 to 128 [ 134.085795][ T6785] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 134.096792][ T5828] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 134.158317][ T6785] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 134.198364][ T6752] loop0: detected capacity change from 0 to 32768 [ 134.311604][ T6752] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 134.407311][ T36] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 134.660470][ T6752] XFS (loop0): Ending clean mount [ 134.692960][ T6752] XFS (loop0): Quotacheck needed: Please wait. [ 134.846146][ T6752] XFS (loop0): Quotacheck: Done. [ 135.112859][ T5830] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 135.166337][ T6817] netlink: 20 bytes leftover after parsing attributes in process `syz.1.244'. [ 135.926223][ T6789] loop2: detected capacity change from 0 to 40427 [ 135.950091][ T6789] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 135.980477][ T5997] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 135.998183][ T6789] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 136.028085][ T6789] F2FS-fs (loop2): invalid crc value [ 136.161565][ T5997] usb 2-1: config 0 interface 0 altsetting 255 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 136.184274][ T5997] usb 2-1: config 0 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 136.266290][ T5997] usb 2-1: config 0 interface 0 has no altsetting 0 [ 136.295632][ T5997] usb 2-1: New USB device found, idVendor=8380, idProduct=1850, bcdDevice= 0.00 [ 136.325162][ T5997] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.374199][ T5997] usb 2-1: config 0 descriptor?? [ 136.631791][ T6789] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 136.699068][ T6789] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 136.721295][ T6789] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 136.867962][ T5997] betop 0003:8380:1850.0005: item fetching failed at offset 0/2 [ 136.924354][ T5997] betop 0003:8380:1850.0005: parse failed [ 136.944014][ T5997] betop 0003:8380:1850.0005: probe with driver betop failed with error -22 [ 136.956906][ T6823] loop3: detected capacity change from 0 to 32768 [ 137.052892][ T6835] syz.0.245: vmalloc error: size 1075838976, failed to allocated page array size 2101248, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 137.073438][ T6835] CPU: 0 UID: 0 PID: 6835 Comm: syz.0.245 Not tainted syzkaller #0 PREEMPT(full) [ 137.073468][ T6835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 137.073482][ T6835] Call Trace: [ 137.073491][ T6835] [ 137.073501][ T6835] dump_stack_lvl+0x189/0x250 [ 137.073544][ T6835] ? __pfx_dump_stack_lvl+0x10/0x10 [ 137.073579][ T6835] ? __pfx__printk+0x10/0x10 [ 137.073606][ T6835] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 137.073641][ T6835] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 137.073677][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.073706][ T6835] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 137.073744][ T6835] warn_alloc+0x214/0x310 [ 137.073790][ T6835] ? __pfx_warn_alloc+0x10/0x10 [ 137.073836][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.073865][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.073892][ T6835] ? __get_vm_area_node+0x28f/0x300 [ 137.073929][ T6835] ? hash_netiface_create+0x358/0xfe0 [ 137.073968][ T6835] __vmalloc_node_range_noprof+0x690/0x12d0 [ 137.074012][ T6835] ? __alloc_frozen_pages_noprof+0x9f/0x370 [ 137.074067][ T6835] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 137.074104][ T6835] ? hash_netiface_create+0x358/0xfe0 [ 137.074141][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.074169][ T6835] ? rcu_is_watching+0x15/0xb0 [ 137.074199][ T6835] ? hash_netiface_create+0x358/0xfe0 [ 137.074233][ T6835] __kvmalloc_node_noprof+0x674/0x910 [ 137.074272][ T6835] ? hash_netiface_create+0x358/0xfe0 [ 137.074303][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.074331][ T6835] ? __kmalloc_cache_noprof+0x3d5/0x6f0 [ 137.074367][ T6835] ? hash_netiface_create+0x2fe/0xfe0 [ 137.074408][ T6835] hash_netiface_create+0x358/0xfe0 [ 137.074450][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.074478][ T6835] ? __nla_parse+0x40/0x60 [ 137.074506][ T6835] ? __pfx_hash_netiface_create+0x10/0x10 [ 137.074543][ T6835] ip_set_create+0xa97/0x1940 [ 137.074578][ T6835] ? ip_set_create+0x4a2/0x1940 [ 137.074627][ T6835] ? __pfx_ip_set_create+0x10/0x10 [ 137.074695][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.074731][ T6835] nfnetlink_rcv_msg+0xb4d/0x1130 [ 137.074768][ T6835] ? nfnetlink_rcv_msg+0x20d/0x1130 [ 137.074826][ T6835] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 137.074863][ T6835] ? kasan_save_track+0x4f/0x80 [ 137.074956][ T6835] netlink_rcv_skb+0x208/0x470 [ 137.074994][ T6835] ? lockdep_hardirqs_on+0x9c/0x150 [ 137.075034][ T6835] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 137.075072][ T6835] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 137.075124][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.075152][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.075180][ T6835] ? security_capable+0x7e/0x2e0 [ 137.075217][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.075250][ T6835] nfnetlink_rcv+0x282/0x2590 [ 137.075288][ T6835] ? __dev_queue_xmit+0x27b/0x3b50 [ 137.075319][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.075346][ T6835] ? __dev_queue_xmit+0x1d79/0x3b50 [ 137.075377][ T6835] ? kasan_save_track+0x3e/0x80 [ 137.075411][ T6835] ? __kasan_slab_alloc+0x6c/0x80 [ 137.075459][ T6835] ? __dev_queue_xmit+0x27b/0x3b50 [ 137.075502][ T6835] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 137.075538][ T6835] ? __pfx___dev_queue_xmit+0x10/0x10 [ 137.075583][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.075611][ T6835] ? ref_tracker_free+0x63a/0x7d0 [ 137.075635][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.075662][ T6835] ? __asan_memcpy+0x40/0x70 [ 137.075694][ T6835] ? __pfx_ref_tracker_free+0x10/0x10 [ 137.075737][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.075764][ T6835] ? skb_clone+0x246/0x3a0 [ 137.075795][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.075823][ T6835] ? __netlink_deliver_tap+0x807/0x850 [ 137.075846][ T6835] ? netlink_deliver_tap+0x2e/0x1b0 [ 137.075873][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.075904][ T6835] ? netlink_deliver_tap+0x2e/0x1b0 [ 137.075937][ T6835] netlink_unicast+0x82f/0x9e0 [ 137.075983][ T6835] ? __pfx_netlink_unicast+0x10/0x10 [ 137.076026][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.076054][ T6835] ? skb_put+0x11b/0x210 [ 137.076076][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.076109][ T6835] netlink_sendmsg+0x805/0xb30 [ 137.076145][ T6835] ? __pfx_netlink_sendmsg+0x10/0x10 [ 137.076172][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.076200][ T6835] ? aa_sock_msg_perm+0xf1/0x1d0 [ 137.076239][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.076266][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.076295][ T6835] ? __pfx_netlink_sendmsg+0x10/0x10 [ 137.076320][ T6835] __sock_sendmsg+0x21c/0x270 [ 137.076358][ T6835] ____sys_sendmsg+0x505/0x830 [ 137.076391][ T6835] ? __pfx_____sys_sendmsg+0x10/0x10 [ 137.076428][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.076456][ T6835] ? import_iovec+0x74/0xa0 [ 137.076493][ T6835] ___sys_sendmsg+0x21f/0x2a0 [ 137.076523][ T6835] ? __pfx____sys_sendmsg+0x10/0x10 [ 137.076558][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.076619][ T6835] ? __fget_files+0x2a/0x420 [ 137.076641][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.076669][ T6835] ? __fget_files+0x3a0/0x420 [ 137.076704][ T6835] __x64_sys_sendmsg+0x19b/0x260 [ 137.076735][ T6835] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 137.076781][ T6835] ? do_syscall_64+0xbe/0xfa0 [ 137.076821][ T6835] do_syscall_64+0xfa/0xfa0 [ 137.076853][ T6835] ? lockdep_hardirqs_on+0x9c/0x150 [ 137.076886][ T6835] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.076909][ T6835] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.076937][ T6835] ? exc_page_fault+0xab/0x100 [ 137.076973][ T6835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.077002][ T6835] RIP: 0033:0x7eff9838f6c9 [ 137.077023][ T6835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.077042][ T6835] RSP: 002b:00007eff99303038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 137.077067][ T6835] RAX: ffffffffffffffda RBX: 00007eff985e5fa0 RCX: 00007eff9838f6c9 [ 137.077086][ T6835] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003 [ 137.077102][ T6835] RBP: 00007eff98411f91 R08: 0000000000000000 R09: 0000000000000000 [ 137.077117][ T6835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 137.077131][ T6835] R13: 00007eff985e6038 R14: 00007eff985e5fa0 R15: 00007ffe543b0438 [ 137.077170][ T6835] [ 137.077180][ T6835] Mem-Info: [ 137.113376][ T24] usb 2-1: USB disconnect, device number 4 [ 137.126634][ T6835] active_anon:19587 inactive_anon:0 isolated_anon:0 [ 137.126634][ T6835] active_file:3765 inactive_file:40056 isolated_file:0 [ 137.126634][ T6835] unevictable:768 dirty:549 writeback:0 [ 137.126634][ T6835] slab_reclaimable:10950 slab_unreclaimable:99633 [ 137.126634][ T6835] mapped:35116 shmem:13744 pagetables:1386 [ 137.126634][ T6835] sec_pagetables:0 bounce:0 [ 137.126634][ T6835] kernel_misc_reclaimable:0 [ 137.126634][ T6835] free:1271039 free_pcp:12990 free_cma:0 [ 137.129550][ T6823] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 137.134730][ T6835] Node 0 active_anon:78348kB inactive_anon:0kB active_file:15060kB inactive_file:160020kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:140464kB dirty:2196kB writeback:0kB shmem:53440kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12900kB pagetables:5312kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 137.557963][ T6823] XFS (loop3): Ending clean mount [ 137.621081][ T6835] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:244kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 137.738807][ T6844] loop4: detected capacity change from 0 to 40427 [ 137.824043][ T6835] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 137.824125][ T6835] lowmem_reserve[]: 0 2505 2505 2505 2505 [ 137.824184][ T6835] Node 0 DMA32 free:1168904kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:86480kB inactive_anon:0kB active_file:15060kB inactive_file:160252kB unevictable:1536kB writepending:2228kB zspages:0kB present:3129332kB managed:2565168kB mlocked:0kB bounce:0kB free_pcp:33036kB local_pcp:11536kB free_cma:0kB [ 137.824260][ T6835] lowmem_reserve[]: 0 0 0 0 0 [ 137.824316][ T6835] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 137.824386][ T6835] lowmem_reserve[]: 0 0 0 0 0 [ 137.824442][ T6835] Node 1 Normal free:3893260kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:16760kB local_pcp:12372kB free_cma:0kB [ 137.824517][ T6835] lowmem_reserve[]: 0 0 0 0 0 [ 137.824574][ T6835] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 137.824770][ T6835] Node 0 DMA32: 3*4kB (UME) 1*8kB (U) 2*16kB (UE) 3*32kB (UME) 3*64kB (ME) 1*128kB (E) 34*256kB (UM) 21*512kB (ME) 8*1024kB (UME) 1*2048kB (E) 278*4096kB (M) = 1168852kB [ 137.825020][ T6835] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 137.825169][ T6835] Node 1 Normal: 35*4kB (UE) 34*8kB (UME) 32*16kB (UME) 63*32kB [ 138.046061][ T6823] XFS (loop3): Quotacheck needed: Please wait. [ 138.085854][ T6835] (UME) 20*64kB (UME) 7*128kB (UME) 6*256kB (UM) 3*512kB (UM) 4*1024kB (UME) 1*2048kB (E) 947*4096kB (M) = 3893244kB [ 138.114819][ T6823] XFS (loop3): Quotacheck: Done. [ 138.136087][ T6844] F2FS-fs (loop4): invalid crc value [ 138.136219][ T6835] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 138.151906][ T6835] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 138.161302][ T6835] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 138.171666][ T6835] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 138.182862][ T6835] 59746 total pagecache pages [ 138.187589][ T6835] 0 pages in swap cache [ 138.192534][ T6835] Free swap = 124996kB [ 138.196779][ T6835] Total swap = 124996kB [ 138.201090][ T6835] 2097051 pages RAM [ 138.205014][ T6835] 0 pages HighMem/MovableOnly [ 138.209775][ T6835] 424117 pages reserved [ 138.216677][ T6872] loop1: detected capacity change from 0 to 512 [ 138.234709][ T6835] 0 pages cma reserved [ 138.317345][ T6872] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.441470][ T5829] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 138.554064][ T6844] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 138.629799][ T6844] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 138.650620][ T5833] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.773564][ T10] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 138.964234][ T10] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 138.998094][ T10] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 139.045506][ T10] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 139.080633][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.113116][ T6877] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 139.121967][ T6882] loop1: detected capacity change from 0 to 512 [ 139.125315][ T10] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 139.216928][ T6882] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.268: inode has both inline data and extents flags [ 139.350976][ T6882] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.268: couldn't read orphan inode 15 (err -117) [ 139.383016][ T5903] usb 3-1: new low-speed USB device number 2 using dummy_hcd [ 139.418505][ T6882] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 139.536728][ T5997] usb 7-1: USB disconnect, device number 2 [ 139.592900][ T5903] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 139.645141][ T5903] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 139.683301][ T5903] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 139.705083][ T5833] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.730709][ T5903] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 139.796639][ T5903] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 139.842640][ T5903] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 139.860474][ T5903] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 139.914576][ T5903] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 139.970896][ T5903] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 140.010636][ T5903] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 140.061165][ T5903] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 140.070125][ T5903] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 140.125259][ T5903] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 140.160759][ T30] audit: type=1326 audit(1762268038.011:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6896 comm="syz.3.272" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4b02f8f6c9 code=0x0 [ 140.186096][ T5903] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 140.209740][ T5903] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 140.245429][ T5903] usb 3-1: string descriptor 0 read error: -22 [ 140.252114][ T5903] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 140.265624][ T5903] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.319341][ T5903] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 140.515128][ T10] usb 3-1: USB disconnect, device number 2 [ 140.817977][ T6909] loop6: detected capacity change from 0 to 512 [ 140.908352][ T6909] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -13 [ 141.015295][ T6909] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #13: comm syz.6.275: iget: bad i_size value: 12154757448730 [ 141.098403][ T6909] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.275: couldn't read orphan inode 13 (err -117) [ 141.193446][ T6909] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 141.313637][ T6921] loop2: detected capacity change from 0 to 512 [ 141.422125][ T6921] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 141.442274][ T6895] loop4: detected capacity change from 0 to 40427 [ 141.492579][ T6921] EXT4-fs (loop2): orphan cleanup on readonly fs [ 141.506993][ T6260] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.537741][ T6895] F2FS-fs (loop4): invalid crc value [ 141.632086][ T6921] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #16: comm syz.2.278: corrupted inode contents [ 141.710570][ T6921] EXT4-fs (loop2): Remounting filesystem read-only [ 141.723000][ T6921] EXT4-fs (loop2): 1 truncate cleaned up [ 141.741051][ T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 141.749206][ T12] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 141.822359][ T12] Quota error (device loop2): write_blk: dquota write failed [ 141.829765][ T12] Quota error (device loop2): remove_free_dqentry: Can't write block (5) with free entries [ 141.885489][ T6935] loop1: detected capacity change from 0 to 2048 [ 141.894660][ T12] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 141.895279][ T6895] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 141.932262][ T12] Quota error (device loop2): write_blk: dquota write failed [ 141.945110][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 141.972911][ T6935] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 141.980548][ T10] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 141.991786][ T12] Quota error (device loop2): free_dqentry: Can't move quota data block (5) to free list [ 142.015201][ T6895] F2FS-fs (loop4): Start checkpoint disabled! [ 142.021673][ T10] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.053262][ T12] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 142.070835][ T6895] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0 [ 142.078398][ T10] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 142.104251][ T12] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 142.132560][ T10] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 142.142190][ T6895] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 142.152808][ T12] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 142.185299][ T10] usb 4-1: Product: syz [ 142.189485][ T10] usb 4-1: Manufacturer: syz [ 142.190007][ T6921] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 142.319386][ T10] hub 4-1:4.0: USB hub found [ 142.429451][ T10] hub 4-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 142.452921][ T5844] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.780529][ T10] usb 4-1: USB disconnect, device number 3 [ 144.013428][ T6978] loop4: detected capacity change from 0 to 512 [ 144.092161][ T6978] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 144.134433][ T6978] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=00c2] [ 144.159696][ T6978] System zones: 0-2, 18-18, 34-34 [ 144.190541][ T6978] EXT4-fs (loop4): orphan cleanup on readonly fs [ 144.240451][ T6978] EXT4-fs error (device loop4): ext4_quota_enable:7136: inode #15: comm syz.4.295: iget: bad i_size value: 360287970189639690 [ 144.361687][ T6978] EXT4-fs error (device loop4): ext4_quota_enable:7139: comm syz.4.295: Bad quota inode: 15, type: 2 [ 144.425535][ T6978] EXT4-fs warning (device loop4): ext4_enable_quotas:7180: Failed to enable quota tracking (type=2, err=-117, ino=15). Please run e2fsck to fix. [ 144.513880][ T6978] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 144.552186][ T6978] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 144.733953][ T6958] loop1: detected capacity change from 0 to 40427 [ 144.763508][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.790566][ T6958] F2FS-fs (loop1): Image doesn't support compression [ 144.821062][ T6958] F2FS-fs (loop1): build fault injection rate: 690 [ 144.829757][ T6958] F2FS-fs (loop1): build fault injection type: 0x35f7 [ 144.899203][ T6958] F2FS-fs (loop1): invalid crc value [ 145.267834][ T6975] loop0: detected capacity change from 0 to 32768 [ 145.333555][ T6975] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.293 (6975) [ 145.373541][ T6958] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 145.384731][ T6997] loop4: detected capacity change from 0 to 4096 [ 145.462951][ T6958] F2FS-fs (loop1): Start checkpoint disabled! [ 145.492413][ T6958] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0 [ 145.522394][ T6975] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 145.534880][ T6958] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 145.587390][ T6975] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm [ 145.779844][ T30] audit: type=1800 audit(1762268043.641:4): pid=6958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.290" name="file1" dev="loop1" ino=10 res=0 errno=0 [ 146.085498][ T6975] BTRFS info (device loop0): rebuilding free space tree [ 146.097288][ T12] kworker/u8:0: attempt to access beyond end of device [ 146.097288][ T12] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 146.177394][ T6975] BTRFS info (device loop0): disabling free space tree [ 146.184396][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) [ 146.184422][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 146.184438][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 146.184475][ T12] Call Trace: [ 146.184484][ T12] [ 146.184494][ T12] dump_stack_lvl+0x189/0x250 [ 146.184535][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 146.184569][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 146.184596][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 146.184628][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 146.184676][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 146.184723][ T12] f2fs_write_end_io+0x886/0xb60 [ 146.184774][ T12] __submit_merged_bio+0x27a/0x6a0 [ 146.184820][ T12] __submit_merged_write_cond+0x255/0x530 [ 146.184867][ T12] f2fs_write_data_pages+0x261d/0x3000 [ 146.184940][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 146.184984][ T12] ? unwind_next_frame+0xa5/0x2390 [ 146.185058][ T12] ? arch_stack_walk+0x110/0x150 [ 146.185097][ T12] ? ret_from_fork_asm+0x1a/0x30 [ 146.185144][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 146.185186][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 146.185240][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 146.185267][ T12] do_writepages+0x32e/0x550 [ 146.185307][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 146.185334][ T12] ? reacquire_held_locks+0x127/0x1d0 [ 146.185363][ T12] ? writeback_sb_inodes+0x384/0x1010 [ 146.185412][ T12] __writeback_single_inode+0x145/0xff0 [ 146.185447][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 146.185475][ T12] ? do_raw_spin_unlock+0x122/0x240 [ 146.185517][ T12] writeback_sb_inodes+0x6c7/0x1010 [ 146.185591][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 146.185688][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 146.185715][ T12] ? rcu_is_watching+0x15/0xb0 [ 146.185744][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 146.185785][ T12] wb_writeback+0x43b/0xaf0 [ 146.185833][ T12] ? queue_io+0x3d1/0x590 [ 146.185873][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 146.185921][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 146.185960][ T12] wb_workfn+0x409/0xef0 [ 146.186024][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 146.186059][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 146.186086][ T12] ? __lock_acquire+0xab9/0xd20 [ 146.186127][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 146.186159][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 146.186193][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 146.186222][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 146.186248][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 146.186278][ T12] process_scheduled_works+0xae1/0x17b0 [ 146.186348][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 146.186386][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 146.186426][ T12] worker_thread+0x8a0/0xda0 [ 146.186494][ T12] kthread+0x711/0x8a0 [ 146.186533][ T12] ? __pfx_worker_thread+0x10/0x10 [ 146.186560][ T12] ? __pfx_kthread+0x10/0x10 [ 146.186590][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 146.186623][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 146.186652][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 146.186679][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 146.186709][ T12] ? __pfx_kthread+0x10/0x10 [ 146.186745][ T12] ret_from_fork+0x4bc/0x870 [ 146.186775][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 146.186813][ T12] ? __switch_to_asm+0x39/0x70 [ 146.186832][ T12] ? __switch_to_asm+0x33/0x70 [ 146.186851][ T12] ? __pfx_kthread+0x10/0x10 [ 146.186887][ T12] ret_from_fork_asm+0x1a/0x30 [ 146.186935][ T12] [ 146.186945][ T12] F2FS-fs (loop1): Remounting filesystem read-only [ 146.502369][ T6975] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 146.742172][ T6975] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 146.863964][ T6975] BTRFS info (device loop0): enabling ssd optimizations [ 146.886388][ T6975] BTRFS info (device loop0): turning on async discard [ 146.902090][ T6975] BTRFS info (device loop0): force clearing of disk cache [ 146.951326][ T6975] BTRFS info (device loop0): enabling auto defrag [ 146.967424][ T7052] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 146.989962][ T6975] BTRFS info (device loop0): max_inline set to 4096 [ 147.190740][ T5830] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 147.596123][ T7067] loop6: detected capacity change from 0 to 1024 [ 147.965777][ T12] hfsplus: b-tree write err: -5, ino 4 [ 148.127560][ T7042] loop2: detected capacity change from 0 to 32768 [ 148.245611][ T7080] netlink: 256 bytes leftover after parsing attributes in process `syz.6.336'. [ 148.324114][ T7042] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 148.352765][ T7080] netlink: 24 bytes leftover after parsing attributes in process `syz.6.336'. [ 148.376889][ T7087] loop1: detected capacity change from 0 to 512 [ 148.440668][ T7089] netlink: 16 bytes leftover after parsing attributes in process `syz.0.338'. [ 148.510280][ T7087] EXT4-fs (loop1): Test dummy encryption mode enabled [ 148.517072][ T7087] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 148.647196][ T7087] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.310: bad orphan inode 131083 [ 148.706709][ T5844] ocfs2: Unmounting device (7,2) on (node local) [ 148.760624][ T5903] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 148.772698][ T7087] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.889389][ T7087] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 148.937638][ T5903] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 148.976533][ T7087] overlayfs: upper fs needs to support d_type. [ 149.000712][ T5903] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 149.021362][ T7087] fscrypt: AES-256-XTS using implementation "xts-aes-vaes-avx2" [ 149.043511][ T5903] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 149.080748][ T5903] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.157411][ T7091] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 149.222322][ T5903] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 149.252586][ T5833] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 13: comm syz-executor: path /66/bus: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 149.553064][ T7072] loop3: detected capacity change from 0 to 40427 [ 149.592175][ T24] usb 5-1: USB disconnect, device number 3 [ 149.931363][ T7072] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 149.991054][ T7072] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 150.143195][ T7118] loop0: detected capacity change from 0 to 1764 [ 150.206928][ T7097] loop6: detected capacity change from 0 to 32768 [ 150.237235][ T5833] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.282435][ T7097] read_mapping_page failed! [ 150.287078][ T7097] ERROR: (device loop6): txCommit: [ 150.287078][ T7097] [ 150.335709][ T7122] find_entry called with index = 0 [ 150.341777][ T7122] read_mapping_page failed! [ 150.346285][ T7122] ERROR: (device loop6): txCommit: [ 150.346285][ T7122] [ 150.409625][ T7123] loop4: detected capacity change from 0 to 128 [ 151.043820][ T7131] loop0: detected capacity change from 0 to 2048 [ 151.125566][ T7131] EXT4-fs (loop0): Test dummy encryption mode enabled [ 151.226888][ T7131] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 151.291467][ T7138] Illegal XDP return value 1586324771 on prog (id 23) dev N/A, expect packet loss! [ 151.291671][ T7145] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 151.291671][ T7145] The task syz.6.347 (7145) triggered the difference, watch for misbehavior. [ 151.303108][ T7131] EXT4-fs error (device loop0): ext4_search_dir:1474: inode #12: block 9: comm syz.0.343: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=13, rec_len=21, size=56 fake=0 [ 151.361972][ T7142] loop2: detected capacity change from 0 to 512 [ 151.412538][ T7131] EXT4-fs (loop0): Remounting filesystem read-only [ 151.450697][ T7142] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 151.528664][ T7142] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002] [ 151.578024][ T7142] System zones: 1-12 [ 151.611920][ T7142] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 151.640824][ T5853] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 151.642641][ T7142] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #11: comm syz.2.348: corrupted inode contents [ 151.665840][ T5853] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 151.673101][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.693975][ T5853] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 151.703278][ T5853] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 151.724066][ T5853] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 151.730480][ T7142] EXT4-fs error (device loop2): ext4_dirty_inode:6517: inode #11: comm syz.2.348: mark_inode_dirty error [ 151.753601][ T7142] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.348: invalid indirect mapped block 1 (level 1) [ 151.804895][ T7142] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #11: comm syz.2.348: corrupted inode contents [ 151.850323][ T5941] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 151.861558][ T7142] EXT4-fs error (device loop2) in ext4_orphan_del:301: Corrupt filesystem [ 151.878399][ T7142] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #11: comm syz.2.348: corrupted inode contents [ 151.900231][ T7142] EXT4-fs error (device loop2): ext4_truncate:4637: inode #11: comm syz.2.348: mark_inode_dirty error [ 151.919686][ T7157] 9pnet_fd: p9_fd_create_tcp (7157): problem binding to privport [ 151.927951][ T7142] EXT4-fs error (device loop2) in ext4_process_orphan:343: Corrupt filesystem [ 151.948390][ T7142] EXT4-fs (loop2): 1 truncate cleaned up [ 151.969722][ T7142] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.022525][ T5941] usb 4-1: Using ep0 maxpacket: 16 [ 152.050355][ T5941] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 152.079518][ T5941] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1164, setting to 1024 [ 152.187270][ T5941] usb 4-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice= 1.00 [ 152.217070][ T5941] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.229291][ T5941] usb 4-1: config 0 descriptor?? [ 152.242642][ T7150] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 152.307209][ T5844] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.390274][ T5941] rc_core: IR keymap rc-xbox-dvd not found [ 152.396096][ T5941] Registered IR keymap rc-empty [ 152.443355][ T5941] rc rc0: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 152.499410][ T5941] input: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input7 [ 152.551553][ T5903] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 152.567372][ T5941] usb 4-1: USB disconnect, device number 4 [ 152.573407][ C1] xbox_remote 4-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19 [ 152.681610][ T7151] chnl_net:caif_netlink_parms(): no params data found [ 152.725679][ T5903] usb 5-1: Using ep0 maxpacket: 16 [ 152.754770][ T5903] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 152.770273][ T24] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 152.782858][ T5903] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice=4f.14 [ 152.810572][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.829301][ T5903] usb 5-1: Product: syz [ 152.835548][ T5903] usb 5-1: Manufacturer: syz [ 152.835577][ T7181] loop0: detected capacity change from 0 to 256 [ 152.865503][ T5903] usb 5-1: SerialNumber: syz [ 152.879654][ T7181] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66f6fd, utbl_chksum : 0xe619d30d) [ 152.886565][ T5903] usb 5-1: config 0 descriptor?? [ 152.940518][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 152.951992][ T24] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 153.014564][ T24] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.090251][ T24] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 153.100012][ T24] usb 3-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 153.121946][ T24] usb 3-1: config 7 interface 0 has no altsetting 0 [ 153.129833][ T24] usb 3-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 153.135678][ T10] usb 5-1: USB disconnect, device number 4 [ 153.139700][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.239665][ T7192] IPVS: sync thread started: state = MASTER, mcast_ifn = vcan0, syncid = 0, id = 0 [ 153.261085][ T7151] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.268255][ T7151] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.291309][ T7151] bridge_slave_0: entered allmulticast mode [ 153.299567][ T7151] bridge_slave_0: entered promiscuous mode [ 153.325459][ T7151] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.340361][ T7151] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.347606][ T7151] bridge_slave_1: entered allmulticast mode [ 153.409366][ T7151] bridge_slave_1: entered promiscuous mode [ 153.468300][ T7197] loop3: detected capacity change from 0 to 1024 [ 153.491632][ T7197] EXT4-fs: Ignoring removed orlov option [ 153.514721][ T7151] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 153.546864][ T7197] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 153.559506][ T7151] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 153.658178][ T24] input: HID 0458:5010 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:7.0/0003:0458:5010.0006/input/input8 [ 153.734534][ T7151] team0: Port device team_slave_0 added [ 153.764082][ T7151] team0: Port device team_slave_1 added [ 153.790824][ T5841] Bluetooth: hci3: command tx timeout [ 153.834970][ T5829] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.852893][ T24] kye 0003:0458:5010.0006: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.2-1/input0 [ 153.875088][ T24] usb 3-1: USB disconnect, device number 3 [ 153.987232][ T7209] loop0: detected capacity change from 0 to 64 [ 154.101360][ T7214] loop3: detected capacity change from 0 to 256 [ 154.114712][ T7215] netlink: 112 bytes leftover after parsing attributes in process `syz.6.375'. [ 154.227568][ T7151] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 154.264691][ T7151] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 154.290652][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.357456][ T5829] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 154.360519][ T7151] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 154.369181][ T7217] fido_id[7217]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 154.413969][ T5829] FAT-fs (loop3): Filesystem has been set read-only [ 154.431554][ T5829] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 154.461988][ T7151] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 154.488549][ T7151] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 154.622915][ T7151] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 154.820296][ T5902] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 155.012980][ T5902] usb 1-1: Using ep0 maxpacket: 16 [ 155.026412][ T5902] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 155.037168][ T5902] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 155.070732][ T5902] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 155.085408][ T5902] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 155.095607][ T5902] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 155.135119][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.168493][ T5902] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 155.178022][ T5902] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 155.192772][ T5902] usb 1-1: Manufacturer: syz [ 155.207464][ T5902] usb 1-1: config 0 descriptor?? [ 155.246505][ T7151] hsr_slave_0: entered promiscuous mode [ 155.254850][ T7151] hsr_slave_1: entered promiscuous mode [ 155.261746][ T7151] debugfs: 'hsr0' already exists in 'hsr' [ 155.267502][ T7151] Cannot create hsr debugfs directory [ 155.352796][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.367285][ T7236] loop4: detected capacity change from 0 to 256 [ 155.455524][ T7236] FAT-fs (loop4): Directory bread(block 64) failed [ 155.505750][ T7236] FAT-fs (loop4): Directory bread(block 65) failed [ 155.540910][ T7236] FAT-fs (loop4): Directory bread(block 66) failed [ 155.572198][ T7236] FAT-fs (loop4): Directory bread(block 67) failed [ 155.578808][ T7236] FAT-fs (loop4): Directory bread(block 68) failed [ 155.641398][ T7236] FAT-fs (loop4): Directory bread(block 69) failed [ 155.650626][ T5902] rc_core: IR keymap rc-hauppauge not found [ 155.656521][ T5902] Registered IR keymap rc-empty [ 155.671687][ T7236] FAT-fs (loop4): Directory bread(block 70) failed [ 155.679482][ T5902] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 155.707018][ T7236] FAT-fs (loop4): Directory bread(block 71) failed [ 155.724264][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.733943][ T5902] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 155.741823][ T7236] FAT-fs (loop4): Directory bread(block 72) failed [ 155.751637][ T7236] FAT-fs (loop4): Directory bread(block 73) failed [ 155.803876][ T5902] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 155.870845][ T5841] Bluetooth: hci3: command tx timeout [ 155.889525][ T5902] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input9 [ 155.973852][ T5902] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 156.028419][ T5853] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 156.041513][ T5853] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 156.053032][ T5902] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 156.060838][ T5853] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 156.078532][ T5853] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 156.086321][ T5902] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 156.095509][ T5853] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 156.103355][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.122031][ T5902] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 156.171302][ T5902] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 156.200987][ T5902] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 156.230317][ T5902] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 156.250357][ T5902] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 156.274268][ T5902] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 156.310802][ T5902] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 156.340777][ T5903] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 156.374270][ T5902] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 156.395092][ T5902] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 156.423353][ T5902] usb 1-1: USB disconnect, device number 5 [ 156.550263][ T5903] usb 7-1: Using ep0 maxpacket: 8 [ 156.573465][ T5903] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 156.578374][ T7266] tmpfs: Too few inodes for current use [ 156.584638][ T5903] usb 7-1: config 179 has no interface number 0 [ 156.595552][ T5903] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 156.608172][ T5903] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 156.631075][ T5903] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 156.643077][ T5903] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 156.667974][ T5903] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 156.695947][ T5903] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 156.706327][ T5903] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.733856][ T7256] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 156.900698][ T10] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 157.064900][ T12] bridge_slave_1: left allmulticast mode [ 157.080958][ T12] bridge_slave_1: left promiscuous mode [ 157.093606][ T10] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 157.110684][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.118737][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.147312][ T12] bridge_slave_0: left allmulticast mode [ 157.176958][ T10] usb 3-1: config 0 descriptor?? [ 157.191047][ T12] bridge_slave_0: left promiscuous mode [ 157.197027][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.216870][ T10] cp210x 3-1:0.0: cp210x converter detected [ 157.251883][ T5997] usb 7-1: USB disconnect, device number 3 [ 157.251988][ C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 157.266112][ C0] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 157.274900][ C0] ================================================================== [ 157.282965][ C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x23d/0x290 [ 157.290960][ C0] Read of size 4 at addr ffff88807c2d405c by task kworker/u8:0/12 [ 157.298795][ C0] [ 157.301119][ C0] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) [ 157.301149][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 157.301166][ C0] Workqueue: netns cleanup_net [ 157.301192][ C0] Call Trace: [ 157.301201][ C0] [ 157.301211][ C0] dump_stack_lvl+0x189/0x250 [ 157.301247][ C0] ? __kasan_check_byte+0x12/0x40 [ 157.301273][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 157.301306][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.301335][ C0] ? lock_release+0x4b/0x3e0 [ 157.301363][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.301391][ C0] ? __virt_addr_valid+0x4a5/0x5c0 [ 157.301428][ C0] print_report+0xca/0x240 [ 157.301457][ C0] ? do_raw_spin_lock+0x23d/0x290 [ 157.301489][ C0] kasan_report+0x118/0x150 [ 157.301514][ C0] ? do_raw_spin_lock+0x23d/0x290 [ 157.301552][ C0] do_raw_spin_lock+0x23d/0x290 [ 157.301586][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.301615][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 157.301651][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.301682][ C0] _raw_spin_lock_irqsave+0xb3/0xf0 [ 157.301713][ C0] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 157.301744][ C0] ? kcov_remote_stop+0x78/0x6d0 [ 157.301778][ C0] __wake_up_common_lock+0x2f/0x1f0 [ 157.301818][ C0] __usb_hcd_giveback_urb+0x3b0/0x540 [ 157.301852][ C0] dummy_timer+0x85f/0x44c0 [ 157.301884][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.301923][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 157.301971][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.302003][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 157.302032][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 157.302058][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 157.302084][ C0] __hrtimer_run_queues+0x52c/0xc60 [ 157.302111][ C0] ? ktime_get_update_offsets_now+0x67/0x3d0 [ 157.302149][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.302189][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 157.302215][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.302244][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 157.302276][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 157.302308][ C0] handle_softirqs+0x286/0x870 [ 157.302335][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 157.302364][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 157.302393][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.302423][ C0] __irq_exit_rcu+0xca/0x1f0 [ 157.302446][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 157.302480][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.302511][ C0] irq_exit_rcu+0x9/0x30 [ 157.302535][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 157.302567][ C0] [ 157.302575][ C0] [ 157.302585][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 157.302610][ C0] RIP: 0010:devlink_port_netdevice_event+0x5c/0x4f0 [ 157.302649][ C0] Code: 89 df e8 c7 f1 f9 f7 4c 8b 33 49 8d 9e 90 0c 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 a7 f1 f9 f7 48 8b 1b <48> 85 db 74 57 4c 8d 63 20 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 [ 157.302670][ C0] RSP: 0018:ffffc900001174e0 EFLAGS: 00000246 [ 157.302691][ C0] RAX: 1ffff1100f939d92 RBX: 0000000000000000 RCX: ffff88801c6b5ac0 [ 157.302708][ C0] RDX: 0000000000000000 RSI: 000000000000000a RDI: ffffffff8f410a60 [ 157.302725][ C0] RBP: 00000000fffffff5 R08: ffffffff8f7cdc77 R09: 1ffffffff1ef9b8e [ 157.302743][ C0] R10: dffffc0000000000 R11: ffffffff8a2bc9c0 R12: ffffffff8f410a60 [ 157.302761][ C0] R13: dffffc0000000000 R14: ffff88807c9ce000 R15: 000000000000000a [ 157.302790][ C0] ? __pfx_devlink_port_netdevice_event+0x10/0x10 [ 157.302837][ C0] notifier_call_chain+0x1b6/0x3e0 [ 157.302871][ C0] __dev_close_many+0x106/0x6f0 [ 157.302910][ C0] ? __pfx___dev_close_many+0x10/0x10 [ 157.302951][ C0] netif_close_many+0x225/0x410 [ 157.302989][ C0] ? __pfx_netif_close_many+0x10/0x10 [ 157.303029][ C0] unregister_netdevice_many_notify+0xb29/0x2390 [ 157.303070][ C0] ? unregister_netdevice_queue+0x1b3/0x380 [ 157.303099][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 157.303133][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 157.303162][ C0] ? net_generic+0x1e/0x240 [ 157.303190][ C0] ? net_generic+0x1e/0x240 [ 157.303216][ C0] ? net_generic+0x1e/0x240 [ 157.303245][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.303277][ C0] ops_undo_list+0x3dc/0x990 [ 157.303303][ C0] ? __pfx_ops_undo_list+0x10/0x10 [ 157.303323][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.303354][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.303382][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 157.303417][ C0] cleanup_net+0x4d8/0x820 [ 157.303439][ C0] ? __pfx_cleanup_net+0x10/0x10 [ 157.303459][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.303490][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 157.303519][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 157.303544][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 157.303572][ C0] process_scheduled_works+0xae1/0x17b0 [ 157.303615][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 157.303646][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.303679][ C0] worker_thread+0x8a0/0xda0 [ 157.303722][ C0] kthread+0x711/0x8a0 [ 157.303756][ C0] ? __pfx_worker_thread+0x10/0x10 [ 157.303788][ C0] ? __pfx_kthread+0x10/0x10 [ 157.303818][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.303848][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 157.303877][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.303905][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 157.303935][ C0] ? __pfx_kthread+0x10/0x10 [ 157.303968][ C0] ret_from_fork+0x4bc/0x870 [ 157.303994][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 157.304023][ C0] ? __switch_to_asm+0x39/0x70 [ 157.304043][ C0] ? __switch_to_asm+0x33/0x70 [ 157.304063][ C0] ? __pfx_kthread+0x10/0x10 [ 157.304095][ C0] ret_from_fork_asm+0x1a/0x30 [ 157.304127][ C0] [ 157.304136][ C0] [ 157.869568][ C0] Allocated by task 5903: [ 157.873886][ C0] kasan_save_track+0x3e/0x80 [ 157.878569][ C0] __kasan_kmalloc+0x93/0xb0 [ 157.883246][ C0] __kmalloc_cache_noprof+0x3d5/0x6f0 [ 157.888620][ C0] xpad_probe+0x428/0x1fc0 [ 157.893035][ C0] usb_probe_interface+0x668/0xc30 [ 157.898147][ C0] really_probe+0x26d/0x9e0 [ 157.902649][ C0] __driver_probe_device+0x18c/0x2f0 [ 157.907933][ C0] driver_probe_device+0x4f/0x430 [ 157.912955][ C0] __device_attach_driver+0x2ce/0x530 [ 157.918329][ C0] bus_for_each_drv+0x251/0x2e0 [ 157.923164][ C0] __device_attach+0x2b8/0x400 [ 157.927921][ C0] bus_probe_device+0x185/0x260 [ 157.932768][ C0] device_add+0x7b6/0xb50 [ 157.937094][ C0] usb_set_configuration+0x1a87/0x20e0 [ 157.942539][ C0] usb_generic_driver_probe+0x8d/0x150 [ 157.947987][ C0] usb_probe_device+0x1c4/0x390 [ 157.952828][ C0] really_probe+0x26d/0x9e0 [ 157.957327][ C0] __driver_probe_device+0x18c/0x2f0 [ 157.962605][ C0] driver_probe_device+0x4f/0x430 [ 157.967623][ C0] __device_attach_driver+0x2ce/0x530 [ 157.972990][ C0] bus_for_each_drv+0x251/0x2e0 [ 157.977838][ C0] __device_attach+0x2b8/0x400 [ 157.982603][ C0] bus_probe_device+0x185/0x260 [ 157.987448][ C0] device_add+0x7b6/0xb50 [ 157.991771][ C0] usb_new_device+0xa39/0x16f0 [ 157.996538][ C0] hub_event+0x2958/0x4a20 [ 158.000940][ C0] process_scheduled_works+0xae1/0x17b0 [ 158.006473][ C0] worker_thread+0x8a0/0xda0 [ 158.011053][ C0] kthread+0x711/0x8a0 [ 158.015117][ C0] ret_from_fork+0x4bc/0x870 [ 158.019694][ C0] ret_from_fork_asm+0x1a/0x30 [ 158.024444][ C0] [ 158.026749][ C0] Freed by task 5997: [ 158.030705][ C0] kasan_save_track+0x3e/0x80 [ 158.035383][ C0] __kasan_save_free_info+0x46/0x50 [ 158.040572][ C0] __kasan_slab_free+0x5c/0x80 [ 158.045333][ C0] kfree+0x19a/0x6d0 [ 158.049219][ C0] xpad_disconnect+0x350/0x480 [ 158.053986][ C0] usb_unbind_interface+0x26e/0x910 [ 158.059174][ C0] device_release_driver_internal+0x4d9/0x800 [ 158.065237][ C0] bus_remove_device+0x34d/0x410 [ 158.070158][ C0] device_del+0x511/0x8e0 [ 158.074483][ C0] usb_disable_device+0x3e9/0x8a0 [ 158.079491][ C0] usb_disconnect+0x330/0x950 [ 158.084163][ C0] hub_event+0x1cf5/0x4a20 [ 158.088573][ C0] process_scheduled_works+0xae1/0x17b0 [ 158.094110][ C0] worker_thread+0x8a0/0xda0 [ 158.098708][ C0] kthread+0x711/0x8a0 [ 158.102796][ C0] ret_from_fork+0x4bc/0x870 [ 158.107380][ C0] ret_from_fork_asm+0x1a/0x30 [ 158.112136][ C0] [ 158.114445][ C0] The buggy address belongs to the object at ffff88807c2d4000 [ 158.114445][ C0] which belongs to the cache kmalloc-1k of size 1024 [ 158.128488][ C0] The buggy address is located 92 bytes inside of [ 158.128488][ C0] freed 1024-byte region [ffff88807c2d4000, ffff88807c2d4400) [ 158.142283][ C0] [ 158.144594][ C0] The buggy address belongs to the physical page: [ 158.150993][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c2d0 [ 158.159747][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 158.168231][ C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 158.175781][ C0] page_type: f5(slab) [ 158.179755][ C0] raw: 00fff00000000040 ffff88801a026dc0 dead000000000100 dead000000000122 [ 158.188331][ C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 158.196912][ C0] head: 00fff00000000040 ffff88801a026dc0 dead000000000100 dead000000000122 [ 158.205571][ C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 158.214234][ C0] head: 00fff00000000003 ffffea0001f0b401 00000000ffffffff 00000000ffffffff [ 158.222897][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 158.231545][ C0] page dumped because: kasan: bad access detected [ 158.237938][ C0] page_owner tracks the page as allocated [ 158.243630][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5945, tgid 5945 (kworker/u8:8), ts 103327027476, free_ts 103146815536 [ 158.264549][ C0] post_alloc_hook+0x240/0x2a0 [ 158.269319][ C0] get_page_from_freelist+0x2365/0x2440 [ 158.274852][ C0] __alloc_frozen_pages_noprof+0x181/0x370 [ 158.280646][ C0] alloc_pages_mpol+0x232/0x4a0 [ 158.285482][ C0] allocate_slab+0x96/0x350 [ 158.289978][ C0] ___slab_alloc+0xe94/0x18a0 [ 158.294655][ C0] __slab_alloc+0x65/0x100 [ 158.299062][ C0] __kmalloc_node_track_caller_noprof+0x5c7/0x800 [ 158.305647][ C0] kmalloc_reserve+0x136/0x290 [ 158.310403][ C0] pskb_expand_head+0x18e/0x1150 [ 158.315339][ C0] batadv_skb_head_push+0x169/0x200 [ 158.320536][ C0] batadv_send_skb_packet+0xc8/0x690 [ 158.325816][ C0] batadv_iv_send_outstanding_bat_ogm_packet+0x62f/0x7e0 [ 158.332833][ C0] process_scheduled_works+0xae1/0x17b0 [ 158.338367][ C0] worker_thread+0x8a0/0xda0 [ 158.342946][ C0] kthread+0x711/0x8a0 [ 158.347013][ C0] page last free pid 5842 tgid 5842 stack trace: [ 158.353319][ C0] __free_frozen_pages+0xbc4/0xd30 [ 158.358429][ C0] __put_partials+0x146/0x170 [ 158.363106][ C0] put_cpu_partial+0x1f2/0x2e0 [ 158.367864][ C0] __slab_free+0x2b9/0x390 [ 158.372270][ C0] qlist_free_all+0x97/0x140 [ 158.376861][ C0] kasan_quarantine_reduce+0x148/0x160 [ 158.382318][ C0] __kasan_slab_alloc+0x22/0x80 [ 158.387167][ C0] kmem_cache_alloc_lru_noprof+0x35d/0x6d0 [ 158.393060][ C0] shmem_alloc_inode+0x28/0x40 [ 158.397829][ C0] alloc_inode+0x6a/0x1b0 [ 158.402208][ C0] new_inode+0x22/0x170 [ 158.406351][ C0] shmem_get_inode+0x346/0xe90 [ 158.411111][ C0] shmem_mknod+0x18c/0x3e0 [ 158.415514][ C0] path_openat+0x14f4/0x3830 [ 158.420094][ C0] do_filp_open+0x1fa/0x410 [ 158.424588][ C0] do_sys_openat2+0x121/0x1c0 [ 158.429258][ C0] [ 158.431568][ C0] Memory state around the buggy address: [ 158.437181][ C0] ffff88807c2d3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 158.445226][ C0] ffff88807c2d3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 158.453272][ C0] >ffff88807c2d4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 158.461321][ C0] ^ [ 158.468241][ C0] ffff88807c2d4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 158.476377][ C0] ffff88807c2d4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 158.484421][ C0] ================================================================== [ 158.492466][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 158.499649][ C0] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) [ 158.508925][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 158.518973][ C0] Workqueue: netns cleanup_net [ 158.523741][ C0] Call Trace: [ 158.527014][ C0] [ 158.529851][ C0] dump_stack_lvl+0x99/0x250 [ 158.534446][ C0] ? __asan_memcpy+0x40/0x70 [ 158.539042][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 158.544241][ C0] ? __pfx__printk+0x10/0x10 [ 158.548827][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.554453][ C0] vpanic+0x237/0x6d0 [ 158.558436][ C0] ? __pfx_vpanic+0x10/0x10 [ 158.562945][ C0] panic+0xb9/0xc0 [ 158.566665][ C0] ? __pfx_panic+0x10/0x10 [ 158.571078][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.576708][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.582337][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 158.588233][ C0] ? do_raw_spin_lock+0x23d/0x290 [ 158.593254][ C0] check_panic_on_warn+0x89/0xb0 [ 158.598198][ C0] ? do_raw_spin_lock+0x23d/0x290 [ 158.603227][ C0] end_report+0x78/0x160 [ 158.607464][ C0] kasan_report+0x129/0x150 [ 158.611956][ C0] ? do_raw_spin_lock+0x23d/0x290 [ 158.616991][ C0] do_raw_spin_lock+0x23d/0x290 [ 158.621843][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.627467][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 158.632845][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.638478][ C0] _raw_spin_lock_irqsave+0xb3/0xf0 [ 158.643671][ C0] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 158.649557][ C0] ? kcov_remote_stop+0x78/0x6d0 [ 158.654486][ C0] __wake_up_common_lock+0x2f/0x1f0 [ 158.659696][ C0] __usb_hcd_giveback_urb+0x3b0/0x540 [ 158.665066][ C0] dummy_timer+0x85f/0x44c0 [ 158.669568][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.675207][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 158.680595][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.686224][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 158.691153][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 158.696081][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 158.701010][ C0] __hrtimer_run_queues+0x52c/0xc60 [ 158.706213][ C0] ? ktime_get_update_offsets_now+0x67/0x3d0 [ 158.712192][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.717834][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 158.723546][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.729172][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 158.735067][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 158.740184][ C0] handle_softirqs+0x286/0x870 [ 158.744967][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 158.749737][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 158.755026][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.760803][ C0] __irq_exit_rcu+0xca/0x1f0 [ 158.765388][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 158.770583][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.776209][ C0] irq_exit_rcu+0x9/0x30 [ 158.780438][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 158.786068][ C0] [ 158.788983][ C0] [ 158.791898][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 158.797873][ C0] RIP: 0010:devlink_port_netdevice_event+0x5c/0x4f0 [ 158.804463][ C0] Code: 89 df e8 c7 f1 f9 f7 4c 8b 33 49 8d 9e 90 0c 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 a7 f1 f9 f7 48 8b 1b <48> 85 db 74 57 4c 8d 63 20 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 [ 158.824067][ C0] RSP: 0018:ffffc900001174e0 EFLAGS: 00000246 [ 158.830134][ C0] RAX: 1ffff1100f939d92 RBX: 0000000000000000 RCX: ffff88801c6b5ac0 [ 158.838097][ C0] RDX: 0000000000000000 RSI: 000000000000000a RDI: ffffffff8f410a60 [ 158.846062][ C0] RBP: 00000000fffffff5 R08: ffffffff8f7cdc77 R09: 1ffffffff1ef9b8e [ 158.854027][ C0] R10: dffffc0000000000 R11: ffffffff8a2bc9c0 R12: ffffffff8f410a60 [ 158.861989][ C0] R13: dffffc0000000000 R14: ffff88807c9ce000 R15: 000000000000000a [ 158.870046][ C0] ? __pfx_devlink_port_netdevice_event+0x10/0x10 [ 158.876475][ C0] notifier_call_chain+0x1b6/0x3e0 [ 158.881619][ C0] __dev_close_many+0x106/0x6f0 [ 158.886483][ C0] ? __pfx___dev_close_many+0x10/0x10 [ 158.891862][ C0] netif_close_many+0x225/0x410 [ 158.896716][ C0] ? __pfx_netif_close_many+0x10/0x10 [ 158.902091][ C0] unregister_netdevice_many_notify+0xb29/0x2390 [ 158.908509][ C0] ? unregister_netdevice_queue+0x1b3/0x380 [ 158.914401][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 158.921163][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 158.927402][ C0] ? net_generic+0x1e/0x240 [ 158.931902][ C0] ? net_generic+0x1e/0x240 [ 158.936406][ C0] ? net_generic+0x1e/0x240 [ 158.940907][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.946538][ C0] ops_undo_list+0x3dc/0x990 [ 158.951123][ C0] ? __pfx_ops_undo_list+0x10/0x10 [ 158.956305][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.961930][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.967558][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 158.973015][ C0] cleanup_net+0x4d8/0x820 [ 158.977425][ C0] ? __pfx_cleanup_net+0x10/0x10 [ 158.982350][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.988013][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 158.993295][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 158.999010][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 159.004722][ C0] process_scheduled_works+0xae1/0x17b0 [ 159.010278][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 159.016274][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.021923][ C0] worker_thread+0x8a0/0xda0 [ 159.026521][ C0] kthread+0x711/0x8a0 [ 159.030586][ C0] ? __pfx_worker_thread+0x10/0x10 [ 159.035688][ C0] ? __pfx_kthread+0x10/0x10 [ 159.040275][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.045909][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 159.051105][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.056729][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 159.061926][ C0] ? __pfx_kthread+0x10/0x10 [ 159.066513][ C0] ret_from_fork+0x4bc/0x870 [ 159.071106][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 159.076209][ C0] ? __switch_to_asm+0x39/0x70 [ 159.080982][ C0] ? __switch_to_asm+0x33/0x70 [ 159.085734][ C0] ? __pfx_kthread+0x10/0x10 [ 159.090323][ C0] ret_from_fork_asm+0x1a/0x30 [ 159.095082][ C0] [ 159.098430][ C0] Kernel Offset: disabled [ 159.102742][ C0] Rebooting in 86400 seconds..