last executing test programs: 14.555485945s ago: executing program 3 (id=267): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000380)={[{@debug}, {@quota}, {@resuid}, {@test_dummy_encryption}, {@nodiscard}, {@data_err_ignore}, {@acl}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x1, 0xbb4, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnHy2zb2TXi6X27tpLpdLC+I0raTYIthKxY0LQbdCQzopIdMPkkhNmsVE/wFR14IbQS1KF3bdjYJbN1q3FhdCkdgoiGjkzEeSJjNJ2k5yYvL7wZvzvvOcOe/z5DBzzgszE8CeNZD9SSMORcT5JKJQfzyNiO5qrzeiUttvYX525Jf52ZEkFhdf/jGJJCLuz8+ONI6V1LcH6oPeiPjquST+8ebaeSenZ8aHy+XSRH18bOrS1WOT0zNPjl0avli6WLp8/OTTQyeGTg6eGmpbrb9+d+bWz/994fvKbx/9fuOndz5I4kz01WMr66hX/dgGYmDpf7JSZ0QMt+H4O0FHvZ6VdSadGzwp3eKkAABoKV1xD/evKERHLN+8FeLzr3NNDgAAAGiLxY6IRQAAAGCXS6z/AQAAYJdrfA7g/vzsSKPl+4mE7XXvbET01+pfqLdapDMq1W1vdEXE/vtJrPxaa1J72mMbiIi73576NGvR5HvIW60yFxH/bnb+k2r9/fVvQq+uP42IwTbMP7Bq/Feq/0wb5s+7fgD2pttnaxeytde/dOn+J5pc/zqbXLseRd7Xv8b938Ka+7/l+jta3P+9tMk5rn/43rVWsaz+Z249/0mjZfNn28cq6iHcm4v4T2ez+pOl+pMW9Z/f5ByFP66VWsXyrn/x/Ygj0bz+hmT93yc6NjpWLg3W/jadY+7LoY9bzZ93/dn539+i/o3O/9UHjtT6R31ePXfuZqvYxvWnP3Qnr1R73fVHXh+empo4HtGdvLj28RPr19vYp3GMrP6j/1v/9d+s/uw9oVL/P2SVz9W32fiNVXM+e+P6Z+vVn6398jz/Fx7x/L+1yTn+/8XbR1vFVq5/s5bNfzeprYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGNiL5I0mJEJNV+mhaLEQci4p+xPy1fmZx6YvTKa5cvZLGI/uhKR8fKpcGIKNTGSTY+Xu0vj0+sGj8VEQcj4t3Cvuq4OHKlfCHv4gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhyICL6IkmLEZFGxEIhTYvFvLMCAAAA2q4/7wQAAACALWf9DwAAALuf9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABb7ODh23eSiKic3ldtme56rCvXzICtluadAJCbjrwTAHLTmXcCQG4eco3vdgF2oWSDeG/LSE/bcwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg5zpy6PadJCIqp/dVW6a7Hutq+ozD25gdsJXSvBMActOxXrBz+/IAtp+XOOxdzdf4wF6SbBDvXd6n8mCkZ8tyAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDn6au2JC1GRFrtp2mxGPG3iOiPrmR0rFwajIi/R8Q3ha6ebNyTd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC03eT0zPhwuVya0NHRybeT7Iw0ap2835kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMjD5PTM+HC5XJqYzDsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIG+T0zPjw+VyaWITnZsPs/OKTt41AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQnz8DAAD//9b4DfQ=") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080)) chdir(&(0x7f00000000c0)='./bus\x00') r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100) getdents(r0, 0x0, 0x1800) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) 13.424459873s ago: executing program 3 (id=276): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f00000004c0)='./file0\x00') llistxattr(&(0x7f0000000340)='./bus\x00', 0x0, 0x0) 13.161064269s ago: executing program 3 (id=278): rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffff9]}, 0x0, 0x8) r0 = gettid() r1 = gettid() tkill(r0, 0x12) tkill(r0, 0x1) tkill(r1, 0x14) 13.048932424s ago: executing program 3 (id=279): syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000fc0)={[{@nouid32}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x44d, &(0x7f0000000900)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v") syz_mount_image$fuse(0x0, &(0x7f0000000740)='./bus\x00', 0x283016, 0x0, 0x11, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000a80)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) 12.810329003s ago: executing program 3 (id=281): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a3100000000080005400000002b0c0009"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b000100627269646765000018000280050019"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4008050) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 12.269666575s ago: executing program 3 (id=284): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000040)={'bond0\x00', 0x200}) 11.974864674s ago: executing program 32 (id=284): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000040)={'bond0\x00', 0x200}) 4.07107361s ago: executing program 1 (id=341): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xb) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="340200c82cc3", @ANYRES32=0x0, @ANYBLOB="0052498687186d0e0c0012800c0006006d6163766c616e000c"], 0x34}}, 0x0) syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c0900030424020204240200042402024424"], 0x0) syz_usb_connect$uac1(0x6, 0x71, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100f7cc0000406b1d010140000102030109025f0003010560720904000000010100000a"], 0x0) syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0) 3.116206119s ago: executing program 4 (id=355): madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) 2.715360062s ago: executing program 4 (id=359): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_ext_remove_space_done\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x18000, &(0x7f0000000000), 0x80, 0x62d, &(0x7f0000000c40)="$eJzs3c9rHNcdAPDvzEqyZauVXUqpTUsFPdhQvJZcU7c92e6hPhhqqA8h5GBhSY7w+geWDLZjsAw5JJBACLmG4Ev+gZBr0DXkFgKJbzkHnBCc5JAEb5jZWWuz2rU3kla78Xw+MDNv3szue98dvZ03MzuaAEprKhulEfsi4lwSMdmybCIaC6eK9R5+fft8NiRRr///qySSIq+5/qNiujsbJY3XfHwy4neV9eUu3bx1cbZWb7gTcXj50tXDSzdvHVq8NHth/sL85Zkj/zx6bPpfMx9uTZy7i+mp0//70+svv/iPhU9qh5I4HmdHX5qLtji2ylTj040sxNb8kYg4liU6fC6wnSrF3+NoRPwhJqOSzzVMxuJrA60c0Ff1SmP/VB+rA6WTxKBrAAxGsx/QPLbvx3HwMHtwIhvf6BD/SHH0vjM/Ntr1MGk5MspyI/ZsQfkrEfHj7f1vZ0N0OQ8xsgXldC3/bkT8sdP2T/L49+SRZvGnkba8LktPF+c2svr9ZxN1SFrSvf393dlEaT/3S+Jv3Q5Z/MeLaZZ/ssv7P+0Uz1TbfNnaHwCDsXqi2JFnHZFY2/9lPcNm/yfa+z/19/NrQ+37ro3ovv9Lt+Ddny7v/4102v839/c783142tYPS2Ll2zOd33K0PePzV0+92a38qZb+XzZk5Tf7gj3YdNfwwd2I/W3xv5J/9Mnj7Z906P9mq5zrsYz/fvrlqW7LNhn/ptXvRRzoePyz1ivNUm3XJ5NoXp88OnN4YbE2P90Ydyzjg49eeLdb+YOOP9v+u7rE/6Ttn+Vd7bGM987cu9RI7Vi3bOKp8adfjCVn89RYPl5rXmPJ6WKVxuTG7PLytSNPrktznXw604j/4F87t/8u8ecHH+PNr8weXH3u4sNuyza5/R/Ve1yxmyz+uQ1u/zd6LOO756//uduy9fGvnZMY32hQAAAAAAAAUFJpfg02SauP02laLS68/T52pbUrS8t/W7hy/fJcxMH895CjafNK92RjPsnmZ4rfwzbnj7TN/z0i9kbEW5XxfL56/kptbtDBAwAAAAAAAAAAAAAAAAAAwJDYXdz//6h4Htg3lTStVgddK2Db9PMBc8Bw0/6hvPL2vz3PWwOGjP0/lFfH9u9LAUpBU4fy0v6hvLR/KC/tH8pL+4fy6t7+1y252++6AAAAAABbZu9fVu+PRMTKv8fzITNWLBsdaM2AftPGobwqg64AMDCPL/C7/R9Kp6f+//fFPwfsf3WAAUg6Zeadg/qTG/9qx1cCAAAAAAAAAAAAAH1wYN/q/cT9/1BKbvuD8trY/f+Vjb8UGBqd/vW/x4FAOTjGh5Lr4STAzm4L3P8PAAAAAAAAAAAAANtmIh+StFr8DHgi0rRajfhNROyJ0WRhsTY/HRG/jYjPKqM7svmZQVcaAAAAAAAAAAAAAAAAAAAAnjFLN29dnK3V5q+1Jn5Yl/NsJ5pPPB2W+rQmIul7EWm05YxHxDDE3p/ESEtOErGSbfmteOdk838/MQyfT5EY8BcTAAAAAAAAAAAAAAAAAACUUMu9x53tf2ebawQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA22/t+f/9Sww6RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg1+mnAAAA//+EYjvS") 2.556473726s ago: executing program 1 (id=361): mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave']) chdir(&(0x7f0000000240)='./file0\x00') r0 = open(&(0x7f0000000040)='./bus\x00', 0x80242, 0x0) ftruncate(r0, 0x2007ffc) sendfile(r0, r0, 0x0, 0x800000009) 2.278115011s ago: executing program 2 (id=362): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="4800000010003704000000020000000000000000", @ANYRES32=r2, @ANYBLOB="83040500000000002800128008000100736974001c00028006000f000200000006001000b190000008000300ac"], 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) sendmmsg$inet(r0, &(0x7f0000000640)=[{{&(0x7f0000000040)={0x2, 0x4e1b, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @dev={0xac, 0x14, 0x14, 0x3b}, @multicast1}}}], 0x20}}], 0x1, 0x4880) 2.161053871s ago: executing program 1 (id=363): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_GET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x3c, r3, 0x1, 0x0, 0x0, {0x7}, [@L2TP_ATTR_RECV_TIMEOUT={0xc}, @L2TP_ATTR_IFNAME={0x14}, @L2TP_ATTR_LNS_MODE={0x5}]}, 0x3c}}, 0x0) 2.089208156s ago: executing program 4 (id=364): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x30, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB="24000000190001000000000000c3b2000a0000000003c8000000000008000600ffffffff"], 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0) read$rfkill(r0, &(0x7f0000000040), 0x8) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) read$FUSE(r1, 0x0, 0x0) 1.91234134s ago: executing program 2 (id=365): r0 = socket$inet6(0xa, 0x3, 0x8) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}], 0x20, 0x10}, 0x40000) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000000)=0x10001, 0x4) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000540)=0x2, 0x4) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)'], 0x28}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000001e00)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x0, 0x0) 1.889580996s ago: executing program 4 (id=366): r0 = socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1e000000000000000700490009"], 0x50) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16, @ANYBLOB="01002abd7000fcdbdf254f00000008000300", @ANYRES32, @ANYBLOB="50007a800c"], 0x6c}, 0x1, 0x0, 0x0, 0x20002804}, 0x10) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) r1 = socket$kcm(0xa, 0x2, 0x0) sendmsg$inet(r1, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x1b, &(0x7f0000000180)=[{&(0x7f0000000080)="a2", 0xff0e}], 0x4, 0x0, 0x0, 0xa6820000}, 0x0) 1.865583717s ago: executing program 1 (id=367): syz_emit_ethernet(0x46, &(0x7f00000002c0)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, "000001", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xff, 0x2, 0x8, 0x1, 0x3}}}}}}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x4, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0xfffd, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x2, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@multicast2, 0x2, 0x2b}, 0xa, @in6=@empty, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r2, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) 1.740646266s ago: executing program 2 (id=369): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4408}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_UDP_CSUM={0x5, 0x8, 0x1}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 1.621937449s ago: executing program 4 (id=370): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="840000000002010400000000000000000a00000004000180300003802c00018014000300fc00000000000000000000100000000014004400fe800000001f610000000000000000bb3c0002800c00028005000100000000002c00018014000300fc02000000000000000000000000000014"], 0x84}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$NFT_MSG_GETCHAIN(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="48010000040a0500000000000000000002000008680004801400030076657468315f6d6163767461700000000800014000000000140003"], 0x148}, 0x1, 0x0, 0x0, 0x24001005}, 0x2c77edc509eea7a8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYRES32, @ANYBLOB="14000100ff010000000000000000000000000001140006"], 0x70}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r1, @ANYBLOB="0200000000008000800012000800010076746936740002"], 0xa0}}, 0x0) 1.569665018s ago: executing program 1 (id=371): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000440)={&(0x7f0000800000/0x800000)=nil, &(0x7f000051f000/0x4000)=nil, 0x800000, 0x1, 0xfe}) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x3c) syz_io_uring_setup(0x3490, &(0x7f0000000400)={0x0, 0x4, 0xc003, 0x1000, 0x170}, 0x0, 0x0) 1.353468845s ago: executing program 1 (id=372): r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000002c0)={0x1, 0x6}, 0x2) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001517ee40f00a057a0000010203010902"], 0x0) write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0)={0x0, 0x4}, 0x2) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000140), 0x2) 1.247063056s ago: executing program 4 (id=373): syz_mount_image$ocfs2(&(0x7f00000026c0), &(0x7f0000004780)='./file0\x00', 0x1008814, &(0x7f0000000340)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c636f686572656e63793d66756c6c2c6572726f72733d636f6e74696e75652c6865617274626561743d6e6f6e652c6572726f72733d636f6e74696e75652c6e6f696e74722c67727071756f74612c001796fa694353e3807803df5ea6fd4d6e6a2613d336eb62b863dcd89e37b45f8bd04199a14c48b3e553e035ab300ba3c60c27682a8ab5656969d829535c0862f6e3a35f15fe4d50c0d5c74631344625d6224c436474bb101ff47a14c51e342ca291c09c35d9d31b06b6b86cb9dccae387b5f1e7c5e1d445d52845a3fa4c77234ea9d37c8a277c85e69a85cc6ffeb225bebbca91b569b80ee303c9a21c58db5d96fb87f1713e0e9b896e37becae2e7a978259a0847e9fb08dcb8b9f84f616463da2507db1b3489769e99"], 0x2, 0x4707, &(0x7f0000008f40)="$eJzs2muIXFcBB/BzJ6vZTZPtPtImafqYJIKLlmXTT9X6Ia5VG02bh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQdVofRLLYiBfqlFKPhAWoVSUbR+ESlUwQ8GbaArM3Nvdu6d2d7JTh+0/f0gmb2Pc+6Z/e89Z849U4jVTi+uFhdXi6VKsTp37+pNxc9Vy/Wl+VB4lbzW16c3r0ROsn/tHH3fBz5y100h/OH41z60tra2FhpGQlcH236+8O8zc+2viUKmTKPe7rW1/LH+0As/f8tLnZHnZAhhZ0e7GraEED72ixC2hhBG431j8etQCGF7CCEKITz8m3/9eLCfJrQ5d/dzzxw/e2T/2elHH3nq4sKxDU+MQvhuec+NC0vPH9hyy7PveJkuDwAAL+mDJ47eeWzqYHg8CsPnBzo/r++KX5PPx7e/7VN3PDiwfnyN3mx5FUMFAACAjPX5/0j0Ypf1umRlLVkSfOy+k3c+Ea0fN7F9fTt8x9Fb3z91MF7/jTqO3xzv+ud7tzTXULPrvtn139FM+e7rv+vXefCrT/+y8tbNtz9pX3LdkRAVJlPbhcLkZAjHp1vbu6NthXJ1tfbOe6v1yqnNX/eNIp1/dvV+fUG/1/zHMsXz1v/3fOLzPxsa6OcdjIfsX21ju9j5p0wX6fw37st/8qWop/zHM+Xy8r/tyR0XfrW1n3eQvSKXI51/60bc335CsdUBNPL/5kB+/jsz9efl//3p8w+f3MT3fxr9zEjUaOtgqgd4Md6/wVeYyEjn3woi1XXGv8iN7v//ZfK/KlN/Xv63V//xu7/1Mf5v1P9PTPdT55tHOv9WEMXUGev3/2gh//6/OlN/Xv6/Pf3npz/Z11jdmX+j/RPG/56k848H4nTn2fxN9tr/78rUn5f/7vF7HljcRLs/PBS3czgK423fOj3fGMKG19erm1OaxuHlTVzkTSCdf+u3lrp1hlsvzft/JL//352pPy//B/Z+/T1n+vr+b/f+f0r/35N0/kPNfZeT/wuZ/Pdk6s/L/4dn/v6Xe/r68nX3/A/Jvyfp/Ld1HF9//lPoaf53TaZ83vOf/WNPPPTXPub/SfuS6ybPf5LnEBNR6/kP3aXzv2LD83od//dmyuXd/9/6z7NPHuin/48GPQHoQzr/7a2dXSaAveZ/bab+vPy/cNeXP/6nTcz/mp/4BpP82+b/W1v7j+n/e5LOf0drZ2o8vr/5f3P8jzpz/28m/+sy9eflf/Hw5MBX+pmrDXaO/432T3R5lE2ndP7DG57XyP/3PYz/12fK5eX/xX0/ff7Gvj7/hzBlrr9p6fyv3PC85v0/mJ//DZlyefl/5xu/fuz+Ptr/9j7Kks2/Ndanbqf4s3mv8/9ipv68/H80ceHcgZf5+V9j+2bjf0/S+bdWzS8n/+z8f1+m/rz8v3f0BysDr8Dzn9vkDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsClj8etIiAqTqe1CYXIyhPF4e3fYFs2WTs3Mlqtzn1kNYWe8vxjGooVydbZUnlmsVE/Nz5TK5epcCFfFx3eGwWi1XK3NLJWWr75U11B0er60UpudL9VCCLvi/deGHUlds4u1pdJy89ykzBVR6bP1aq00WV+dXwl7Lu3fnuxfWKnWl6+5VNeVherK8ulSZebU4sq7p6ampsLeS20ejebvq81Xaq3Wto42yiRlR6K2N9M8fF3b9T5dra9USuXm/uvbypSrc6VyW5kb2q5XW6lX5kq1+ZlydSG5XrGtbNt7ax7eFx+bCKOp95eUzToUv956+MRHTxw52HG8GKXzrtSX5qd2dP+bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCN6/Fb3vXtEMKW1lYhhHAo+SGK/6Wcu/u5Z46fPbL/7PSjjzx1ceFYt3MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh535equjiOACfGd/7WiCltBFyGRgiojsJC/pFJJXXyJZtWge1SsigKDCMaFkQBEHtooKgVVD5F0QtXLaqNrVoYRBBxehMXu4IN7zQMed5YDgzzL1nvjBw78z5HA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfpzdsdiVtZd2bV7auvtD6MzP/R9CGE2W9z/v7Qg9IYSvX2ZOh1XaQk9T/28m58bLV01+7+0ff3h9NFl7/cV3i+t2hyQdajjemaTp0NDa+9+o7gw+mx5MQkhjF0IUC2NPztRCCB2xCyGKnx/nL2a/7//FLoQo+j/c7crufy12IUSxdfenvlr+jEf1nK9fGGz872/1CN7GIzrr0NuTV96lbmrlvczf/5N88z5YDbMnjrx/HrsIopmdmzoauwYAAODvOtci/w9blvfvX05CT3c59//WlP/3NvW/ev6/4t72G2MzbYUQ20pjk9nx8L52+tz4Tg1cvf26ZrynquT/1Sb/rzb5f7XJ/6tN/l9t8n8yr+T/lfT45p7FF7GLIBr5PwAAVM+h4xNT9eGR7OV/04/Ocl7fl7f1PE9/cGt64FHDuJH88N92+NjEgYPDI/l9Lw8Irqz/kC6d/Z7P92huC5NN8y5arf/Q+3Rh/lpn+RP1P5y/UdRXXNf6DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/2J17GgbBKAyj321F1EarogkLPwk+0MCIAKQwowEdTBiAgRBQwEDOWe5NnuUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOf7V3ldfH9pjPRaI9JUdtm1f46n2c/ct8PyPnvcuBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjYgQMZAAAAAGH+1nm0HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCpAAAA//+uFMtJ") syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804071, 0x0, 0x0, 0x0, &(0x7f0000000000)) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x100000a, 0x11, r0, 0x0) 1.22702234s ago: executing program 2 (id=374): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newtfilter={0x5c, 0x2c, 0xd3f, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xc, 0x4}, {0x0, 0x9}, {0xf, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x2c, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_OPTS={0x20, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x1c, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_MPLS_OPT_LSE_BOS={0x5}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_TTL={0x5, 0x2, 0x8}]}}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x20040054) 718.661446ms ago: executing program 2 (id=376): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = fsopen(&(0x7f0000001140)='hugetlbfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) syz_read_part_table(0x5c3, &(0x7f00000005c0)="$eJzs2z9I22kYB/A31lBohw7XqVPbocPRpaVjM7QlSVsqhKiL3KCgiJgpghC5gKAHmkExgzi6iJDFP5Mxg5Oi4Czi4CE4uNyhi+BiDvG97e7wUI8rfD7w48n75vu+T54h4y/wXWsJvzebzUQIofnwrxPNfzjdWUtnvjzPfch3xMvCfPWXH64+Jv48HW99GdeHcb0w/6gxefY5WTtoP3/VvVlpid+PxufxYr3zDsbjni2ltp6MjRezU6XUwH62fDyxt9u2fJrO179Vqitfk596Y2471tZYh0IpjITB0BMKoRD6QvGO+s/Vjt5cPsvW1vrfX2Qa0xtvYy53yzlv2n/4xUxXtfzx9erT2Xel9Z38yYPrXOFv/l0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPy/LKW2noyNF7NTpdTAfrZ8PLG327Z8ms7Xv1WqK1+Tn3pjbjvW1liHQimMhMHQEwohEfpC8Y76z9WO3lw+y9bW+t9fZBrTG29jLnfLOW/af/jFTFe1/PH16tPZd6X1nfzJg+tc4eE9/QAAAAAAAAAAAAAAAAAAAAAIIaQzX57nPuQ7QkiEn0Jr+PG3n1uu9pvxffdEzL2M9TDuL8w/akyefU7WDtrPX3VvVn6N+6PxebxY7/zPh+Ff+yMAAP//17OV3g==") 678.266634ms ago: executing program 0 (id=377): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x7}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000003c0)={0x0, 0x1}, 0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x948}, &(0x7f0000000040)=0x8) 567.824202ms ago: executing program 0 (id=378): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000140)={'sit0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x700, 0x40, 0x9, 0x5, {{0x5, 0x4, 0x2, 0x37, 0x14, 0x65, 0x0, 0xcf, 0x2f, 0x0, @multicast1, @dev={0xac, 0x14, 0x14, 0x3d}}}}}) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x3, 0x4) r1 = socket(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000080)="3303200071fd140000007ef52f555f2a0c9fe67025c1d97bfbf719143baa4b1f0f858c6632f47042195e", 0xfdef, 0x40008c1, &(0x7f00000000c0)={0x11, 0x86dd, r2, 0x1, 0x62}, 0x14) 388.254941ms ago: executing program 0 (id=379): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmmsg$unix(r1, &(0x7f000000bbc0)=[{{0x0, 0x0, &(0x7f00000070c0)=[{&(0x7f0000004dc0)=""/13, 0xd}, {&(0x7f0000004e00)=""/253, 0xfd}], 0x2}}], 0x1, 0x0, 0x0) 358.482114ms ago: executing program 2 (id=380): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) listen(r1, 0x80) accept$netrom(r1, 0x0, 0x0) 304.087173ms ago: executing program 5 (id=286): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x2000) readv(r0, &(0x7f0000001400)=[{&(0x7f0000001440)=""/4096, 0x1000}], 0x1) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0201, 0x0) write$dsp(r1, &(0x7f0000000040)="c7", 0x1) ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) 231.127277ms ago: executing program 0 (id=381): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000800000/0x800000)=nil, 0x802000}, 0x2}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}}) madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x3) 109.533732ms ago: executing program 0 (id=382): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x20) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff) 0s ago: executing program 0 (id=383): r0 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1) r1 = dup(r0) write$binfmt_elf32(r1, &(0x7f0000002800)=ANY=[@ANYBLOB="7f454c464a03011301000000000000000200030004000000eb01000038000000d600000097700000fe032000010007000c0007000000000003000000060000000200000000040000d50e"], 0xa58) r2 = fanotify_init(0x200, 0x101000) fanotify_mark(r2, 0x5, 0x8000019, r1, 0x0) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.176' (ED25519) to the list of known hosts. [ 83.507051][ T5814] cgroup: Unknown subsys name 'net' [ 83.621612][ T5814] cgroup: Unknown subsys name 'cpuset' [ 83.631199][ T5814] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.212733][ T5814] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.045642][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.054843][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.064384][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.079695][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.086544][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.088810][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.100986][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.108011][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.109048][ T5844] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.122676][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.126888][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.139003][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.139042][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.146497][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.157257][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.163547][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.176360][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.184905][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.185769][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.203977][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.211843][ T5844] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.219767][ T5844] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.227838][ T5149] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.235182][ T5843] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.265001][ T5843] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.843316][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 88.942259][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 89.188755][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.196637][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.204520][ T5827] bridge_slave_0: entered allmulticast mode [ 89.212277][ T5827] bridge_slave_0: entered promiscuous mode [ 89.257806][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.265158][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.277892][ T5827] bridge_slave_1: entered allmulticast mode [ 89.285961][ T5827] bridge_slave_1: entered promiscuous mode [ 89.303094][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 89.393398][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 89.408038][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.417489][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 89.465473][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.514470][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.522443][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.530018][ T5825] bridge_slave_0: entered allmulticast mode [ 89.539610][ T5825] bridge_slave_0: entered promiscuous mode [ 89.594622][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.602631][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.610141][ T5825] bridge_slave_1: entered allmulticast mode [ 89.617461][ T5825] bridge_slave_1: entered promiscuous mode [ 89.696265][ T5827] team0: Port device team_slave_0 added [ 89.750939][ T5827] team0: Port device team_slave_1 added [ 89.779008][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.786271][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.793672][ T5826] bridge_slave_0: entered allmulticast mode [ 89.801090][ T5826] bridge_slave_0: entered promiscuous mode [ 89.812039][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.847869][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.855248][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.863414][ T5829] bridge_slave_0: entered allmulticast mode [ 89.871288][ T5829] bridge_slave_0: entered promiscuous mode [ 89.879283][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.886541][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.894118][ T5826] bridge_slave_1: entered allmulticast mode [ 89.902297][ T5826] bridge_slave_1: entered promiscuous mode [ 89.911974][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.946454][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.953710][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.961552][ T5829] bridge_slave_1: entered allmulticast mode [ 89.969223][ T5829] bridge_slave_1: entered promiscuous mode [ 90.016502][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.023726][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.055008][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.118608][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.125585][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.151994][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.163628][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.171471][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.179980][ T5831] bridge_slave_0: entered allmulticast mode [ 90.188477][ T5831] bridge_slave_0: entered promiscuous mode [ 90.200029][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.213899][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.225717][ T5825] team0: Port device team_slave_0 added [ 90.240514][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.247941][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.255136][ T5831] bridge_slave_1: entered allmulticast mode [ 90.262666][ T5831] bridge_slave_1: entered promiscuous mode [ 90.271985][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.281964][ T5841] Bluetooth: hci1: command tx timeout [ 90.282307][ T5843] Bluetooth: hci3: command tx timeout [ 90.288256][ T5841] Bluetooth: hci2: command tx timeout [ 90.293968][ T5843] Bluetooth: hci0: command tx timeout [ 90.306077][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.317647][ T5825] team0: Port device team_slave_1 added [ 90.357862][ T5844] Bluetooth: hci4: command tx timeout [ 90.462315][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.474354][ T5829] team0: Port device team_slave_0 added [ 90.482586][ T5826] team0: Port device team_slave_0 added [ 90.490003][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.496986][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.523395][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.551242][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.563063][ T5829] team0: Port device team_slave_1 added [ 90.571031][ T5826] team0: Port device team_slave_1 added [ 90.577511][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.585070][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.611299][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.628512][ T5827] hsr_slave_0: entered promiscuous mode [ 90.635255][ T5827] hsr_slave_1: entered promiscuous mode [ 90.733047][ T5831] team0: Port device team_slave_0 added [ 90.740244][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.747243][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.773534][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.786167][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.793996][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.820214][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.832972][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.840116][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.866167][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.891623][ T5831] team0: Port device team_slave_1 added [ 90.898518][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.905490][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.931582][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.018812][ T5825] hsr_slave_0: entered promiscuous mode [ 91.025627][ T5825] hsr_slave_1: entered promiscuous mode [ 91.032328][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 91.038296][ T5825] Cannot create hsr debugfs directory [ 91.106559][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.113920][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.140464][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.186514][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.193659][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.220524][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.236332][ T5826] hsr_slave_0: entered promiscuous mode [ 91.243826][ T5826] hsr_slave_1: entered promiscuous mode [ 91.250725][ T5826] debugfs: 'hsr0' already exists in 'hsr' [ 91.256508][ T5826] Cannot create hsr debugfs directory [ 91.299307][ T5829] hsr_slave_0: entered promiscuous mode [ 91.306321][ T5829] hsr_slave_1: entered promiscuous mode [ 91.312907][ T5829] debugfs: 'hsr0' already exists in 'hsr' [ 91.318945][ T5829] Cannot create hsr debugfs directory [ 91.509074][ T5831] hsr_slave_0: entered promiscuous mode [ 91.515687][ T5831] hsr_slave_1: entered promiscuous mode [ 91.522438][ T5831] debugfs: 'hsr0' already exists in 'hsr' [ 91.528349][ T5831] Cannot create hsr debugfs directory [ 91.980673][ T5827] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.007413][ T5827] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.026478][ T5827] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.064570][ T5827] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.161457][ T5826] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.177373][ T5826] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.191066][ T5826] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.203715][ T5826] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.349120][ T5825] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.358183][ T5843] Bluetooth: hci3: command tx timeout [ 92.361529][ T5841] Bluetooth: hci1: command tx timeout [ 92.363971][ T5844] Bluetooth: hci2: command tx timeout [ 92.371125][ T5841] Bluetooth: hci0: command tx timeout [ 92.389978][ T5825] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.434010][ T5825] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.440903][ T5841] Bluetooth: hci4: command tx timeout [ 92.452116][ T5825] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.564412][ T5829] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.584767][ T5829] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.608881][ T5829] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.620695][ T5829] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.645762][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.776791][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.821561][ T5831] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.834692][ T4499] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.842025][ T4499] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.862101][ T5831] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.875093][ T5831] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.892493][ T4499] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.899764][ T4499] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.911517][ T5831] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.932403][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.021651][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.060598][ T4499] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.067845][ T4499] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.112825][ T4499] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.120014][ T4499] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.142514][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.172757][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.225081][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.276048][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.293973][ T3550] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.301333][ T3550] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.337502][ T3550] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.344769][ T3550] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.355433][ T3550] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.362633][ T3550] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.372780][ T3550] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.380007][ T3550] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.489611][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.576468][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.651721][ T1127] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.658979][ T1127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.683640][ T1127] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.690899][ T1127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.723431][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.935583][ T5827] veth0_vlan: entered promiscuous mode [ 93.991764][ T5827] veth1_vlan: entered promiscuous mode [ 94.100270][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.132779][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.182599][ T5827] veth0_macvtap: entered promiscuous mode [ 94.226036][ T5827] veth1_macvtap: entered promiscuous mode [ 94.287023][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.301579][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.354826][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.406344][ T4499] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.420971][ T4499] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.434785][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.441162][ T5841] Bluetooth: hci0: command tx timeout [ 94.442629][ T5844] Bluetooth: hci1: command tx timeout [ 94.447115][ T5149] Bluetooth: hci3: command tx timeout [ 94.452880][ T5843] Bluetooth: hci2: command tx timeout [ 94.471811][ T5826] veth0_vlan: entered promiscuous mode [ 94.479714][ T4499] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.496944][ T4499] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.518456][ T5844] Bluetooth: hci4: command tx timeout [ 94.534806][ T5829] veth0_vlan: entered promiscuous mode [ 94.600522][ T5826] veth1_vlan: entered promiscuous mode [ 94.615099][ T5829] veth1_vlan: entered promiscuous mode [ 94.770765][ T3429] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.780978][ T5829] veth0_macvtap: entered promiscuous mode [ 94.789871][ T3429] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.812081][ T5831] veth0_vlan: entered promiscuous mode [ 94.835076][ T5826] veth0_macvtap: entered promiscuous mode [ 94.861412][ T5829] veth1_macvtap: entered promiscuous mode [ 94.886829][ T5831] veth1_vlan: entered promiscuous mode [ 94.894156][ T5826] veth1_macvtap: entered promiscuous mode [ 94.905293][ T3429] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.913830][ T3429] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.937979][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.002807][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.013922][ T5825] veth0_vlan: entered promiscuous mode [ 95.028868][ T5827] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.063894][ T3429] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.084299][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.096875][ T3429] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.126879][ T5825] veth1_vlan: entered promiscuous mode [ 95.158856][ T3429] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.185758][ T3429] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.203131][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.236657][ T5831] veth0_macvtap: entered promiscuous mode [ 95.268670][ T3429] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.325687][ T3500] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.339765][ T3500] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.357049][ T5831] veth1_macvtap: entered promiscuous mode [ 95.366010][ T3500] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.395133][ T3500] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.422292][ T3500] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.496816][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.522752][ T151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.547500][ T151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.572113][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.582219][ T5825] veth0_macvtap: entered promiscuous mode [ 95.625897][ T4499] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.659203][ T5825] veth1_macvtap: entered promiscuous mode [ 95.685094][ T4499] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.708309][ T4499] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.731184][ T3550] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.760533][ T4499] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.778560][ T3550] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.797408][ T5959] loop1: detected capacity change from 0 to 4096 [ 95.841176][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.871232][ T5961] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 95.932972][ T30] audit: type=1800 audit(1768461470.724:2): pid=5959 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.7" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 95.987302][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.020518][ T3550] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.032280][ T3550] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.048114][ T5963] loop3: detected capacity change from 0 to 2048 [ 96.077179][ T5963] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 96.125828][ T3550] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.157970][ T3550] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.209117][ T5963] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 1345: 0xe0 != 0xe2 [ 96.250406][ T3550] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.279458][ T3500] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.294708][ T5963] UDF-fs: error (device loop3): udf_read_inode: (ino 1345) failed !bh [ 96.338071][ T5963] overlayfs: failed to resolve './file0': -5 [ 96.433179][ T1127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.471250][ T1127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.520236][ T5843] Bluetooth: hci0: command tx timeout [ 96.527332][ T5149] Bluetooth: hci2: command tx timeout [ 96.527496][ T5844] Bluetooth: hci3: command tx timeout [ 96.541375][ T5841] Bluetooth: hci1: command tx timeout [ 96.598664][ T5844] Bluetooth: hci4: command tx timeout [ 96.736275][ T1882] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.767280][ T5971] loop1: detected capacity change from 0 to 64 [ 96.778100][ T3429] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.785976][ T3429] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.787087][ T1882] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.914298][ T5971] syz.1.8: attempt to access beyond end of device [ 96.914298][ T5971] loop1: rw=8390657, sector=161, nr_sectors = 1 limit=64 [ 96.998069][ T5971] Buffer I/O error on dev loop1, logical block 161, lost async page write [ 97.019843][ T1127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.035555][ T5971] syz.1.8: attempt to access beyond end of device [ 97.035555][ T5971] loop1: rw=8390657, sector=162, nr_sectors = 1 limit=64 [ 97.055073][ T1127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.145201][ T5971] Buffer I/O error on dev loop1, logical block 162, lost async page write [ 97.170325][ T924] cfg80211: failed to load regulatory.db [ 97.205797][ T5971] syz.1.8: attempt to access beyond end of device [ 97.205797][ T5971] loop1: rw=8390657, sector=163, nr_sectors = 1 limit=64 [ 97.280083][ T5971] Buffer I/O error on dev loop1, logical block 163, lost async page write [ 97.338493][ T5971] syz.1.8: attempt to access beyond end of device [ 97.338493][ T5971] loop1: rw=8390657, sector=167, nr_sectors = 1 limit=64 [ 97.367724][ T5971] Buffer I/O error on dev loop1, logical block 167, lost async page write [ 97.425446][ T5971] syz.1.8: attempt to access beyond end of device [ 97.425446][ T5971] loop1: rw=8390657, sector=169, nr_sectors = 1 limit=64 [ 97.475237][ T5971] Buffer I/O error on dev loop1, logical block 169, lost async page write [ 97.518967][ T5971] syz.1.8: attempt to access beyond end of device [ 97.518967][ T5971] loop1: rw=8390657, sector=171, nr_sectors = 1 limit=64 [ 97.583326][ T5971] Buffer I/O error on dev loop1, logical block 171, lost async page write [ 97.630836][ T5971] syz.1.8: attempt to access beyond end of device [ 97.630836][ T5971] loop1: rw=8390657, sector=172, nr_sectors = 1 limit=64 [ 97.664526][ T5980] loop4: detected capacity change from 0 to 2048 [ 97.672815][ T5971] Buffer I/O error on dev loop1, logical block 172, lost async page write [ 97.967737][ T5982] syz.3.12 (5982) used greatest stack depth: 17528 bytes left [ 98.156176][ T5993] loop1: detected capacity change from 0 to 512 [ 98.336178][ T5993] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.419512][ T5993] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 98.492669][ T5993] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 98.560197][ T5993] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28 [ 98.666027][ T5993] EXT4-fs (loop1): This should not happen!! Data will be lost [ 98.666027][ T5993] [ 98.799432][ T5993] EXT4-fs (loop1): Total free blocks count 0 [ 98.857328][ T5993] EXT4-fs (loop1): Free/Dirty block details [ 98.885245][ T5993] EXT4-fs (loop1): free_blocks=65280 [ 98.915477][ T5993] EXT4-fs (loop1): dirty_blocks=33 [ 98.935728][ T5993] EXT4-fs (loop1): Block reservation details [ 98.954388][ T5993] EXT4-fs (loop1): i_reserved_data_blocks=33 [ 99.013279][ T5993] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28 [ 99.037918][ T5989] loop4: detected capacity change from 0 to 32768 [ 99.095578][ T5989] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.15 (5989) [ 99.176564][ T5989] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 99.220352][ T5989] BTRFS info (device loop4): using sha256 checksum algorithm [ 99.263276][ T5989] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 99.541848][ T5989] BTRFS info (device loop4): rebuilding free space tree [ 99.729621][ T5989] BTRFS info (device loop4): disabling free space tree [ 99.736798][ T5989] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 99.779752][ T6031] loop1: detected capacity change from 0 to 4096 [ 99.899445][ T5989] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 100.049049][ T5989] BTRFS info (device loop4): enabling ssd optimizations [ 100.079780][ T5989] BTRFS info (device loop4): enabling disk space caching [ 100.087210][ T5989] BTRFS info (device loop4): force clearing of disk cache [ 100.095323][ T5989] BTRFS info (device loop4): enabling auto defrag [ 100.103878][ T5989] BTRFS info (device loop4): max_inline set to 0 [ 100.113627][ T6035] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 100.511464][ T13] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 100.795849][ T5825] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 101.044112][ T6011] loop0: detected capacity change from 0 to 40427 [ 101.172806][ T6011] F2FS-fs (loop0): invalid crc value [ 101.448658][ T5839] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 101.618205][ T5839] usb 4-1: Using ep0 maxpacket: 16 [ 101.658929][ T5839] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 101.701162][ T5839] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 101.724717][ T6011] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 101.747164][ T5839] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 101.796244][ T6011] F2FS-fs (loop0): Start checkpoint disabled! [ 101.797715][ T5839] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 101.867632][ T5839] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 101.870777][ T6011] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0 [ 101.920717][ T5839] usb 4-1: config 1 interface 0 has no altsetting 0 [ 101.946705][ T5839] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 101.964709][ T6011] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 101.980508][ T5839] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.086454][ T5839] ums-sddr09 4-1:1.0: USB Mass Storage device detected [ 102.166748][ T6050] loop2: detected capacity change from 0 to 2048 [ 102.192303][ T6011] syz.0.22: attempt to access beyond end of device [ 102.192303][ T6011] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 102.272600][ T6050] hpfs: filesystem error: dir band size mismatch: dir_band_start==7b318cc2, dir_band_end==7b318cc3, n_dir_band==00000000; already mounted read-only [ 102.295307][ T6054] loop4: detected capacity change from 0 to 2048 [ 102.362510][ T5839] scsi host1: usb-storage 4-1:1.0 [ 102.449783][ T6054] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 102.512310][ T6054] EXT4-fs error (device loop4): ext4_iget_extra_inode:5072: inode #12: comm syz.4.31: corrupted in-inode xattr: invalid size in ea xattr [ 102.526438][ T35] kworker/u8:2: attempt to access beyond end of device [ 102.526438][ T35] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 102.538150][ T6062] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 102.569579][ T35] CPU: 0 UID: 0 PID: 35 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) [ 102.569615][ T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 102.569629][ T35] Workqueue: writeback wb_workfn (flush-7:0) [ 102.569680][ T35] Call Trace: [ 102.569689][ T35] [ 102.569698][ T35] dump_stack_lvl+0xe8/0x150 [ 102.569729][ T35] f2fs_handle_critical_error+0x37c/0x540 [ 102.569762][ T35] f2fs_write_end_io+0x886/0xb60 [ 102.569811][ T35] __submit_merged_bio+0x256/0x660 [ 102.569844][ T35] __submit_merged_write_cond+0x398/0x4b0 [ 102.569878][ T35] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 102.569931][ T35] f2fs_write_data_pages+0x2756/0x3290 [ 102.569998][ T35] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 102.570082][ T35] ? pick_next_task_fair+0x1bae/0x1e00 [ 102.570117][ T35] ? __lock_acquire+0x6b6/0x2cf0 [ 102.570160][ T35] ? finish_task_switch+0x162/0x950 [ 102.570180][ T35] ? lock_acquire+0x107/0x340 [ 102.570226][ T35] ? __lock_acquire+0x6b6/0x2cf0 [ 102.570257][ T35] ? __lock_acquire+0x6b6/0x2cf0 [ 102.570281][ T35] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 102.570309][ T35] do_writepages+0x32e/0x550 [ 102.570350][ T35] ? reacquire_held_locks+0x104/0x190 [ 102.570379][ T35] ? writeback_sb_inodes+0x3bd/0x1870 [ 102.570407][ T35] __writeback_single_inode+0x133/0x1070 [ 102.570431][ T35] ? do_raw_spin_unlock+0xf6/0x210 [ 102.570465][ T35] writeback_sb_inodes+0x93a/0x1870 [ 102.570519][ T35] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 102.570538][ T35] ? do_raw_spin_lock+0x121/0x290 [ 102.570609][ T35] ? rcu_is_watching+0x15/0xb0 [ 102.570651][ T35] wb_writeback+0x42b/0xaa0 [ 102.570690][ T35] ? queue_io+0x201/0x450 [ 102.570715][ T35] ? __pfx_wb_writeback+0x10/0x10 [ 102.570733][ T35] ? do_raw_spin_lock+0x121/0x290 [ 102.570774][ T35] wb_workfn+0x3f9/0xed0 [ 102.570823][ T35] ? __pfx_wb_workfn+0x10/0x10 [ 102.570856][ T35] ? do_raw_spin_lock+0x121/0x290 [ 102.570874][ T35] ? lock_acquire+0x107/0x340 [ 102.570902][ T35] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 102.570927][ T35] ? process_one_work+0x868/0x15a0 [ 102.570954][ T35] ? process_one_work+0x868/0x15a0 [ 102.570995][ T35] ? process_one_work+0x868/0x15a0 [ 102.571018][ T35] process_one_work+0x93a/0x15a0 [ 102.571072][ T35] ? __pfx_process_one_work+0x10/0x10 [ 102.571094][ T35] ? do_raw_spin_lock+0x121/0x290 [ 102.571126][ T35] ? assign_work+0x3c7/0x5b0 [ 102.571158][ T35] worker_thread+0x9b0/0xee0 [ 102.571216][ T35] kthread+0x389/0x480 [ 102.571237][ T35] ? __pfx_worker_thread+0x10/0x10 [ 102.571261][ T35] ? __pfx_kthread+0x10/0x10 [ 102.571282][ T35] ret_from_fork+0x510/0xa50 [ 102.571312][ T35] ? __pfx_ret_from_fork+0x10/0x10 [ 102.571335][ T35] ? __switch_to+0xc9e/0x1480 [ 102.571362][ T35] ? __pfx_kthread+0x10/0x10 [ 102.571383][ T35] ret_from_fork_asm+0x1a/0x30 [ 102.571434][ T35] [ 102.571443][ T35] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 102.908560][ T924] usb 4-1: USB disconnect, device number 2 [ 103.030551][ T5825] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 103.585447][ T6072] netlink: 'syz.4.36': attribute type 1 has an invalid length. [ 103.636475][ T6072] netlink: 224 bytes leftover after parsing attributes in process `syz.4.36'. [ 104.146809][ T6089] input: syz0 as /devices/virtual/input/input5 [ 104.822967][ T6111] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 104.857194][ T6110] serio: Serial port ttyS3 [ 104.876242][ T6107] loop4: detected capacity change from 0 to 4096 [ 104.916092][ T6107] ======================================================= [ 104.916092][ T6107] WARNING: The mand mount option has been deprecated and [ 104.916092][ T6107] and is ignored by this kernel. Remove the mand [ 104.916092][ T6107] option from the mount to silence this warning. [ 104.916092][ T6107] ======================================================= [ 105.039034][ T6107] ntfs3(loop4): ino=3, Correct links count -> 2. [ 105.096123][ T6114] loop2: detected capacity change from 0 to 1764 [ 105.166327][ T6107] ntfs3(loop4): ino=1a, mi_enum_attr [ 105.189459][ T6107] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 105.227785][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 105.248080][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.307488][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 105.391493][ T6120] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 105.412287][ T6107] process 'syz.4.46' launched './file0' with NULL argv: empty string added [ 105.421911][ T0] NOHZ tick-stop error: local softirq work is pending, handler #210!!! [ 105.430564][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.448021][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.468034][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.495308][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 105.536034][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 105.536870][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 105.870962][ T6125] input: syz0 as /devices/virtual/input/input6 [ 105.921470][ T6123] sp0: Synchronizing with TNC [ 105.975428][ T6122] [U] è [ 105.991361][ T6129] loop4: detected capacity change from 0 to 512 [ 106.087148][ T6129] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.147782][ T6129] ext4 filesystem being mounted at /8/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 106.273327][ T6135] loop1: detected capacity change from 0 to 4096 [ 106.310787][ T6135] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512). [ 106.347959][ T6135] ntfs3(loop1): ino=1, mi_enum_attr [ 106.363578][ T6135] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 106.402288][ T6135] ntfs3(loop1): Failed to load $MFTMirr (-22). [ 106.426796][ T6136] loop2: detected capacity change from 0 to 4096 [ 106.466973][ T6135] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.57'. [ 106.547713][ T6142] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 106.619822][ T5825] EXT4-fs error (device loop4): ext4_empty_dir:3075: inode #12: comm syz-executor: invalid size [ 106.656589][ T30] audit: type=1800 audit(1768461481.444:3): pid=6136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.56" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 106.719601][ T5825] EXT4-fs (loop4): Remounting filesystem read-only [ 106.735079][ T6146] loop7: detected capacity change from 0 to 16384 [ 106.805517][ T5825] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.900238][ T6148] loop7: detected capacity change from 16384 to 0 [ 106.903635][ C1] I/O error, dev loop7, sector 16256 op 0x0:(READ) flags 0x880700 phys_seg 1 prio class 2 [ 106.938018][ C0] I/O error, dev loop7, sector 256 op 0x0:(READ) flags 0x80700 phys_seg 31 prio class 2 [ 107.674229][ T6144] loop3: detected capacity change from 0 to 32768 [ 107.710447][ T6144] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 107.857061][ T6144] XFS (loop3): Ending clean mount [ 107.949691][ T6144] XFS (loop3): Quotacheck needed: Please wait. [ 108.046161][ T6144] XFS (loop3): Quotacheck: Done. [ 108.153790][ T5829] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 108.568248][ T6196] Bluetooth: MGMT ver 1.23 [ 109.039273][ T6202] loop4: detected capacity change from 0 to 32768 [ 109.139832][ T6192] loop0: detected capacity change from 0 to 32768 [ 109.167967][ T6192] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.76 (6192) [ 109.182084][ T6202] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 109.236081][ T6202] XFS (loop4): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 [ 109.247657][ T6202] XFS (loop4): Unmount and run xfs_repair [ 109.253458][ T6202] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 109.262517][ T6202] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 20 00 XAGF.......... . [ 109.271579][ T6202] 00000010: 00 00 00 01 00 00 00 02 00 00 00 05 00 00 00 01 ................ [ 109.280539][ T6202] 00000020: 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 06 ................ [ 109.289469][ T6202] 00000030: 00 00 00 06 00 00 13 e3 00 00 13 e0 00 00 00 00 ................ [ 109.298403][ T6202] 00000040: d7 dc 42 4e 79 90 42 cb 9f 91 9c b7 20 0a 10 1d ..BNy.B..... ... [ 109.307289][ T6202] 00000050: 00 00 00 01 00 00 00 01 00 00 00 06 00 00 00 02 ................ [ 109.316200][ T6202] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 109.331617][ T6202] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 109.347406][ T6202] XFS (loop4): metadata I/O error in "xfs_read_agf+0x271/0x5a0" at daddr 0x1 len 1 error 74 [ 109.357759][ T6202] XFS (loop4): Error -117 reserving per-AG metadata reserve pool. [ 109.366127][ T6202] XFS (loop4): Corruption of in-memory data (0x8) detected at xfs_fs_reserve_ag_blocks+0x1f0/0x240 (fs/xfs/xfs_fsops.c:566). Shutting down filesystem. [ 109.381628][ T6202] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 109.390066][ T6202] XFS (loop4): Ending clean mount [ 109.395663][ T6202] XFS (loop4): Failed to initialize disk quotas, err -5. [ 109.403987][ T6202] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 109.432399][ T6192] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 109.443530][ T6192] BTRFS info (device loop0): using crc32c checksum algorithm [ 109.787471][ T6192] BTRFS info (device loop0): setting nodatasum [ 109.819122][ T6232] batadv_slave_1: entered promiscuous mode [ 109.834349][ T6192] BTRFS info (device loop0): setting nodatacow [ 109.849158][ T6231] batadv_slave_1: left promiscuous mode [ 109.867626][ T6192] BTRFS info (device loop0): turning on async discard [ 109.874590][ T6192] BTRFS info (device loop0): enabling free space tree [ 109.947762][ T6192] BTRFS info (device loop0): enabling auto defrag [ 109.985210][ T6192] BTRFS info (device loop0): max_inline set to 0 [ 110.211302][ T6241] loop4: detected capacity change from 0 to 2048 [ 110.223622][ T6207] loop2: detected capacity change from 0 to 40427 [ 110.263808][ T6241] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 110.275629][ T6207] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 110.302085][ T6207] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 110.354234][ T6241] UDF-fs: warning (device loop4): udf_rmdir: empty directory has nlink != 2 (0) [ 110.371401][ T6207] F2FS-fs (loop2): invalid crc value [ 110.398746][ T6241] UDF-fs: warning (device loop4): udf_rmdir: parent dir link count too low (2) [ 110.526546][ T5826] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 110.792865][ T6207] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 110.835560][ T6208] loop3: detected capacity change from 0 to 32768 [ 110.930710][ T6207] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 110.952130][ T6254] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 110.961519][ T6207] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 111.006075][ T6254] ntfs3(loop4): ino=19, mi_enum_attr [ 111.011581][ T6254] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 111.055690][ T6208] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 111.100897][ T30] audit: type=1800 audit(1768461485.904:4): pid=6254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.90" name="file1" dev="loop4" ino=30 res=0 errno=0 [ 111.231324][ T6263] netlink: 4 bytes leftover after parsing attributes in process `syz.1.92'. [ 111.310655][ T6208] XFS (loop3): Ending clean mount [ 111.347063][ T6208] XFS (loop3): Quotacheck needed: Please wait. [ 111.432982][ T6208] XFS (loop3): Quotacheck: Done. [ 111.644581][ T5831] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 111.676710][ T5831] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 111.710269][ T5831] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 111.737581][ T5831] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 111.769323][ T5831] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 111.781014][ T5829] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 111.804722][ T5831] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 111.822146][ T5831] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 112.232214][ T6278] set_capacity_and_notify: 1 callbacks suppressed [ 112.232235][ T6278] loop4: detected capacity change from 0 to 256 [ 112.748346][ T5912] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 112.833256][ T6297] loop4: detected capacity change from 0 to 2048 [ 112.860144][ T6298] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 112.922354][ T30] audit: type=1800 audit(1768461487.714:5): pid=6297 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.104" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 112.946198][ T5912] usb 4-1: config 0 has no interfaces? [ 112.946848][ T30] audit: type=1800 audit(1768461487.714:6): pid=6297 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.104" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 112.974080][ T5912] usb 4-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47 [ 112.987310][ T6297] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=15) [ 113.003451][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.052719][ T6297] Remounting filesystem read-only [ 113.062496][ T5912] usb 4-1: config 0 descriptor?? [ 113.092735][ T6297] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=15) [ 113.190230][ T5825] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 113.200802][ T6304] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 113.372667][ T6308] Bluetooth: hci0: invalid length 2, exp 1 for type 31 [ 113.435706][ T106] usb 4-1: USB disconnect, device number 3 [ 113.468965][ T5999] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 113.498474][ T6312] loop0: detected capacity change from 0 to 1024 [ 113.563958][ T6312] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 113.650398][ T5999] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 113.718540][ T5999] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 113.754333][ T5999] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 113.766722][ T6324] Bluetooth: hci0: unsupported parameter 433 [ 113.773441][ T6324] Bluetooth: hci0: invalid length 0, exp 2 for type 13 [ 113.778990][ T5999] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.802399][ T6303] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 113.823995][ T5999] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 113.895314][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.926606][ T6327] loop4: detected capacity change from 0 to 1024 [ 113.940984][ T6328] loop2: detected capacity change from 0 to 128 [ 113.961384][ T6328] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 113.976751][ T6327] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 113.996613][ T6328] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 114.010541][ T6328] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 114.019399][ T30] audit: type=1800 audit(1768461488.814:7): pid=6327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.116" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 114.022447][ T6328] UDF-fs: Scanning with blocksize 512 failed [ 114.052567][ T6328] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 114.067325][ T6328] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 114.077963][ T6328] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 114.085656][ T6328] UDF-fs: Scanning with blocksize 1024 failed [ 114.102331][ T6328] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 114.113766][ T6328] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 114.124907][ T6328] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 114.133078][ T6328] UDF-fs: Scanning with blocksize 2048 failed [ 114.143572][ T6328] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 114.169458][ T6328] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 114.188025][ T5999] usb 2-1: USB disconnect, device number 2 [ 114.209544][ T6328] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 114.217340][ T6328] UDF-fs: Scanning with blocksize 4096 failed [ 114.242597][ T6328] UDF-fs: warning (device loop2): udf_fill_super: No partition found (1) [ 114.295660][ T5825] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.492049][ T6328] loop2: detected capacity change from 0 to 4096 [ 114.707713][ T5920] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 114.889440][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.903132][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.913305][ T5920] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 114.937275][ T5920] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 114.964234][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.975295][ T5920] usb 5-1: config 0 descriptor?? [ 114.981448][ T5999] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 115.140384][ T6360] serio: Serial port ttyS3 [ 115.147789][ T5999] usb 1-1: Using ep0 maxpacket: 8 [ 115.156213][ T5999] usb 1-1: config index 0 descriptor too short (expected 5924, got 36) [ 115.167911][ T5999] usb 1-1: config 250 has an invalid interface number: 228 but max is -1 [ 115.176605][ T5999] usb 1-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 115.187892][ T6217] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 115.193552][ T5999] usb 1-1: config 250 has no interface number 0 [ 115.211547][ T5999] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 115.226150][ T5999] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 115.237328][ T5999] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 115.252507][ T6363] loop1: detected capacity change from 0 to 512 [ 115.258848][ T5999] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 115.258880][ T5999] usb 1-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 115.258909][ T5999] usb 1-1: config 250 interface 228 has no altsetting 0 [ 115.292941][ T5999] usb 1-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 115.302662][ T5999] usb 1-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 115.311522][ T5999] usb 1-1: Product: syz [ 115.316078][ T5999] usb 1-1: SerialNumber: syz [ 115.339612][ T5999] hub 1-1:250.228: bad descriptor, ignoring hub [ 115.345969][ T5999] hub 1-1:250.228: probe with driver hub failed with error -5 [ 115.353958][ T6363] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.132: inode has both inline data and extents flags [ 115.372600][ T6363] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.132: couldn't read orphan inode 15 (err -117) [ 115.387481][ T6363] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.387994][ T6217] usb 4-1: Using ep0 maxpacket: 16 [ 115.415743][ T6217] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 115.432958][ T5920] plantronics 0003:047F:FFFF.0001: item 0 1 0 8 parsing failed [ 115.442499][ T6217] usb 4-1: config 0 interface 0 has no altsetting 0 [ 115.450300][ T6217] usb 4-1: New USB device found, idVendor=1038, idProduct=12c2, bcdDevice= 0.00 [ 115.460291][ T5920] plantronics 0003:047F:FFFF.0001: parse failed [ 115.466712][ T5920] plantronics 0003:047F:FFFF.0001: probe with driver plantronics failed with error -22 [ 115.479569][ T6217] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.494290][ T6217] usb 4-1: config 0 descriptor?? [ 115.519942][ T6366] loop2: detected capacity change from 0 to 128 [ 115.532022][ T6366] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 115.561742][ T5999] usblp 1-1:250.228: usblp0: USB Bidirectional printer dev 2 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 115.637242][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.670709][ T24] usb 5-1: USB disconnect, device number 2 [ 115.800754][ T5999] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 115.917736][ T6217] steelseries 0003:1038:12C2.0002: unknown main item tag 0x0 [ 115.925230][ T6217] steelseries 0003:1038:12C2.0002: unknown main item tag 0x0 [ 115.933299][ T6217] steelseries 0003:1038:12C2.0002: unknown main item tag 0x0 [ 115.942971][ T6217] steelseries 0003:1038:12C2.0002: unknown main item tag 0x0 [ 115.951036][ T6217] steelseries 0003:1038:12C2.0002: unknown main item tag 0x0 [ 116.132343][ T6378] loop2: detected capacity change from 0 to 2048 [ 116.140947][ T6378] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 116.147708][ T24] usb 4-1: USB disconnect, device number 4 [ 116.178027][ T6379] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 116.241745][ T5999] usb 1-1: failed to restore interface 228 altsetting 255 (error=-71) [ 116.255090][ T5999] usb 1-1: USB disconnect, device number 2 [ 116.268454][ T5999] usblp0: removed [ 116.394622][ T6385] loop4: detected capacity change from 0 to 1764 [ 117.146912][ T6409] UHID_CREATE from different security context by process 74 (syz.2.141), this is not allowed. [ 117.215588][ T6411] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 117.227821][ T6217] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 117.243787][ T6411] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.267780][ T106] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 117.302120][ T5825] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.336520][ T5920] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 117.388526][ T6217] usb 1-1: Using ep0 maxpacket: 32 [ 117.403541][ T6217] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.418596][ T6217] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.429051][ T6217] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 117.438462][ T6217] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.445997][ T106] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 117.458682][ T6217] usb 1-1: config 0 descriptor?? [ 117.467324][ T6217] hub 1-1:0.0: USB hub found [ 117.479649][ T106] usb 4-1: config 0 interface 0 has no altsetting 0 [ 117.499569][ T106] usb 4-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 117.500457][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.518589][ T106] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.529838][ T106] usb 4-1: Product: syz [ 117.534068][ T106] usb 4-1: Manufacturer: syz [ 117.544534][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.554875][ T5920] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 117.557847][ T106] usb 4-1: SerialNumber: syz [ 117.581920][ T106] usb 4-1: config 0 descriptor?? [ 117.597726][ T5920] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 117.604176][ T106] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 117.617679][ T5920] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.633694][ T106] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 117.646402][ T5920] usb 2-1: config 0 descriptor?? [ 117.664288][ T106] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 117.673383][ T6217] hub 1-1:0.0: 28 ports detected [ 117.680410][ T6217] hub 1-1:0.0: insufficient power available to use all downstream ports [ 117.686364][ T106] usb 4-1: media controller created [ 117.715587][ T106] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 117.836472][ T106] DVB: Unable to find symbol tda10046_attach() [ 117.857713][ T106] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 117.866486][ T106] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 117.880896][ T6217] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 117.891367][ T6217] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 117.911314][ T6217] usbhid 1-1:0.0: can't add hid device: -71 [ 117.917451][ T6217] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 117.968855][ T6217] usb 1-1: USB disconnect, device number 3 [ 118.001022][ T6425] input: syz1 as /devices/virtual/input/input7 [ 118.114060][ T5920] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 118.248919][ T6417] set_capacity_and_notify: 2 callbacks suppressed [ 118.248939][ T6417] loop2: detected capacity change from 0 to 32768 [ 118.272296][ T6417] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 118.285422][ T6417] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 118.314874][ T6417] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 118.328337][ T6217] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 118.338030][ T6217] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 118.399652][ T6217] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 61ms [ 118.407749][ T6217] gfs2: fsid=syz:syz.0: jid=0: Done [ 118.414684][ T6417] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 118.523686][ T6417] gfs2: fsid=syz:syz.0: found 1 quota changes [ 118.556510][ T30] audit: type=1800 audit(1768461493.354:8): pid=6417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.154" name="file1" dev="loop2" ino=2341 res=0 errno=0 [ 118.638639][ T5831] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 11 2339, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 402 [ 118.657021][ T5831] gfs2: fsid=syz:syz.0: G: s:EX n:2/923 f:aqonN t:EX d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 118.667206][ T5831] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5831 [syz-executor] gfs2_quota_sync+0x359/0x460 [ 118.678919][ T5831] gfs2: fsid=syz:syz.0: I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0 [ 118.687251][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 118.687277][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 118.687289][ T5831] Call Trace: [ 118.687297][ T5831] [ 118.687305][ T5831] dump_stack_lvl+0xe8/0x150 [ 118.687338][ T5831] gfs2_withdraw+0xc3/0x1b0 [ 118.687371][ T5831] inode_go_instantiate+0xdd0/0x1210 [ 118.687403][ T5831] ? preempt_schedule_common+0x83/0xd0 [ 118.687431][ T5831] ? __pfx_inode_go_instantiate+0x10/0x10 [ 118.687472][ T5831] gfs2_instantiate+0x168/0x220 [ 118.687510][ T5831] gfs2_glock_wait+0x1d4/0x2a0 [ 118.687533][ T5831] do_sync+0x46f/0xc60 [ 118.687557][ T5831] ? _raw_spin_unlock+0x28/0x50 [ 118.687576][ T5831] ? gfs2_quota_sync+0x359/0x460 [ 118.687610][ T5831] ? __pfx_do_sync+0x10/0x10 [ 118.687643][ T5831] ? gfs2_quota_sync+0x359/0x460 [ 118.687673][ T5831] ? do_raw_spin_unlock+0xf6/0x210 [ 118.687699][ T5831] gfs2_quota_sync+0x359/0x460 [ 118.687737][ T5831] gfs2_sync_fs+0x4c/0xb0 [ 118.687761][ T5831] sync_filesystem+0xee/0x230 [ 118.687793][ T5831] generic_shutdown_super+0x6f/0x2c0 [ 118.687821][ T5831] kill_block_super+0x44/0x90 [ 118.687849][ T5831] deactivate_locked_super+0xbc/0x130 [ 118.687876][ T5831] cleanup_mnt+0x425/0x4c0 [ 118.687903][ T5831] ? _raw_spin_unlock_irq+0x23/0x50 [ 118.687928][ T5831] task_work_run+0x1d4/0x260 [ 118.687953][ T5831] ? __pfx_task_work_run+0x10/0x10 [ 118.687986][ T5831] exit_to_user_mode_loop+0xef/0x4e0 [ 118.688018][ T5831] ? rcu_is_watching+0x15/0xb0 [ 118.688050][ T5831] do_syscall_64+0x2c1/0xf80 [ 118.688074][ T5831] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.688092][ T5831] ? trace_irq_disable+0x37/0x100 [ 118.688109][ T5831] ? clear_bhb_loop+0x40/0x90 [ 118.688140][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.688160][ T5831] RIP: 0033:0x7fad68790a77 [ 118.688194][ T5831] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 118.688211][ T5831] RSP: 002b:00007ffed42f0db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 118.688232][ T5831] RAX: 0000000000000000 RBX: 00007fad68813d7d RCX: 00007fad68790a77 [ 118.688246][ T5831] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffed42f0e70 [ 118.688258][ T5831] RBP: 00007ffed42f0e70 R08: 0000000000000000 R09: 0000000000000000 [ 118.688270][ T5831] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffed42f1f00 [ 118.688283][ T5831] R13: 00007fad68813d7d R14: 000000000001cf09 R15: 00007ffed42f1f40 [ 118.688317][ T5831] [ 118.962047][ T5831] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 119.159787][ T106] dvb_usb_m920x 4-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 119.188494][ T106] usb 4-1: USB disconnect, device number 5 [ 119.399378][ T6438] loop4: detected capacity change from 0 to 32768 [ 119.454824][ T6438] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 119.510695][ T6438] XFS (loop4): Ending clean mount [ 119.526613][ T6438] XFS (loop4): Quotacheck needed: Please wait. [ 119.582164][ T6438] XFS (loop4): Quotacheck: Done. [ 119.617456][ T30] audit: type=1804 audit(1768461494.414:9): pid=6438 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.162" name="/newroot/40/file0/file1" dev="loop4" ino=4422 res=1 errno=0 [ 119.682094][ T5825] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 119.972473][ T6452] loop0: detected capacity change from 0 to 32768 [ 119.981538][ T6456] Illegal XDP return value 65535 on prog (id 22) dev syz_tun, expect packet loss! [ 120.095297][ T5920] usb 2-1: USB disconnect, device number 3 [ 120.240917][ T106] Process accounting resumed [ 120.369900][ T6471] loop0: detected capacity change from 0 to 1024 [ 120.416265][ T6473] loop1: detected capacity change from 0 to 2048 [ 120.449199][ T6473] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 120.477324][ T6473] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 120.580899][ T6481] warning: `syz.4.178' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 120.858585][ T30] audit: type=1326 audit(1768461495.644:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6484 comm="syz.0.180" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f948998f749 code=0x0 [ 121.044113][ T6494] IPv4: Oversized IP packet from 127.202.26.0 [ 121.666540][ T6509] loop4: detected capacity change from 0 to 1024 [ 121.694490][ T6509] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 121.722310][ T6509] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 121.742385][ T6509] EXT4-fs (loop4): orphan cleanup on readonly fs [ 121.759760][ T6509] EXT4-fs error (device loop4): ext4_free_blocks:6727: comm syz.4.189: Freeing blocks not in datazone - block = 0, count = 4096 [ 121.797755][ T106] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 121.906602][ T6509] EXT4-fs (loop4): 1 orphan inode deleted [ 121.988661][ T106] usb 4-1: Using ep0 maxpacket: 32 [ 122.077925][ T106] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 122.137958][ T106] usb 4-1: config 0 has no interface number 0 [ 122.156948][ T6509] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 122.170751][ T106] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 122.187617][ T106] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.195704][ T106] usb 4-1: Product: syz [ 122.218008][ T106] usb 4-1: Manufacturer: syz [ 122.241804][ T106] usb 4-1: SerialNumber: syz [ 122.265802][ T106] usb 4-1: config 0 descriptor?? [ 122.283008][ T106] smsc95xx v2.0.0 [ 122.354981][ T5825] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.715293][ T106] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 122.740595][ T106] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 123.117914][ T5912] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 123.160701][ T6540] vxcan1: tx drop: invalid da for name 0x0000000000000001 [ 123.290316][ T5912] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 123.303072][ T5912] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 123.314033][ T5912] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 123.323983][ T5912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 123.334385][ T5912] usb 1-1: SerialNumber: syz [ 123.370830][ T106] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71 [ 123.384603][ T106] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 123.409697][ T106] usb 4-1: USB disconnect, device number 6 [ 123.540748][ T6552] loop1: detected capacity change from 0 to 512 [ 123.575537][ T5912] usb 1-1: 0:2 : does not exist [ 123.596670][ T6552] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 123.619201][ T6552] EXT4-fs (loop1): orphan cleanup on readonly fs [ 123.626779][ T6552] EXT4-fs warning (device loop1): ext4_enable_quotas:7228: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 123.644821][ T6552] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 123.654264][ T6552] EXT4-fs error (device loop1): ext4_ext_check_inode:528: inode #13: comm syz.1.206: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 123.674977][ T6552] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.206: couldn't read orphan inode 13 (err -117) [ 123.692911][ T6552] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 123.717207][ T5912] usb 1-1: USB disconnect, device number 4 [ 123.754559][ T6552] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 123.765207][ T6552] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 123.776638][ T6552] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=2856c09c, mo2=0002] [ 123.798669][ T6552] System zones: 0-2, 18-18, 34-34 [ 123.805412][ T6552] EXT4-fs warning (device loop1): ext4_enable_quotas:7228: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 123.893361][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.972385][ T6563] loop3: detected capacity change from 0 to 128 [ 124.014476][ T6563] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 124.038858][ T6563] ext4 filesystem being mounted at /32/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 124.054024][ T5831] gfs2: fsid=syz:syz.0: warning: assertion "gfs2_log_is_empty(sdp)" failed - function = gfs2_make_fs_ro, file = fs/gfs2/super.c, line = 564 [ 124.054099][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 124.054137][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 124.054149][ T5831] Call Trace: [ 124.054157][ T5831] [ 124.054166][ T5831] dump_stack_lvl+0xe8/0x150 [ 124.054198][ T5831] gfs2_assert_warn_i+0x194/0x2c0 [ 124.054238][ T5831] gfs2_make_fs_ro+0x2f5/0x300 [ 124.054263][ T5831] ? __pfx_gfs2_make_fs_ro+0x10/0x10 [ 124.054284][ T5831] ? do_raw_spin_lock+0x121/0x290 [ 124.054303][ T5831] ? __pfx_autoremove_wake_function+0x10/0x10 [ 124.054332][ T5831] ? do_raw_spin_unlock+0xf6/0x210 [ 124.054358][ T5831] gfs2_put_super+0x220/0x860 [ 124.054387][ T5831] ? __pfx_gfs2_put_super+0x10/0x10 [ 124.054409][ T5831] generic_shutdown_super+0x135/0x2c0 [ 124.054437][ T5831] kill_block_super+0x44/0x90 [ 124.054472][ T5831] deactivate_locked_super+0xbc/0x130 [ 124.054498][ T5831] cleanup_mnt+0x425/0x4c0 [ 124.054524][ T5831] ? _raw_spin_unlock_irq+0x23/0x50 [ 124.054550][ T5831] task_work_run+0x1d4/0x260 [ 124.054573][ T5831] ? __pfx_task_work_run+0x10/0x10 [ 124.054604][ T5831] exit_to_user_mode_loop+0xef/0x4e0 [ 124.054629][ T5831] ? rcu_is_watching+0x15/0xb0 [ 124.054659][ T5831] do_syscall_64+0x2c1/0xf80 [ 124.054683][ T5831] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.054702][ T5831] ? trace_irq_disable+0x37/0x100 [ 124.054720][ T5831] ? clear_bhb_loop+0x40/0x90 [ 124.054744][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.054764][ T5831] RIP: 0033:0x7fad68790a77 [ 124.054783][ T5831] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 124.054800][ T5831] RSP: 002b:00007ffed42f0db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 124.054821][ T5831] RAX: 0000000000000000 RBX: 00007fad68813d7d RCX: 00007fad68790a77 [ 124.054835][ T5831] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffed42f0e70 [ 124.054847][ T5831] RBP: 00007ffed42f0e70 R08: 0000000000000000 R09: 0000000000000000 [ 124.054859][ T5831] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffed42f1f00 [ 124.054872][ T5831] R13: 00007fad68813d7d R14: 000000000001cf09 R15: 00007ffed42f1f40 [ 124.054905][ T5831] [ 124.113200][ T6569] loop4: detected capacity change from 0 to 2048 [ 124.343078][ T6569] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 124.419883][ T6569] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 124.452997][ T5829] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 124.526607][ T30] audit: type=1800 audit(1768461499.324:11): pid=6569 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.211" name="file0" dev="loop4" ino=13 res=0 errno=0 [ 124.575921][ T6575] loop0: detected capacity change from 0 to 2048 [ 124.646670][ T6582] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 124.696202][ T5825] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.712807][ T6575] NILFS (loop0): error -2 truncating bmap (ino=16) [ 124.739445][ T30] audit: type=1800 audit(1768461499.544:12): pid=6575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.212" name="file1" dev="loop0" ino=16 res=0 errno=0 [ 124.794569][ T6575] NILFS (loop0): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 4) [ 124.809426][ T6575] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=16) [ 124.826833][ T6575] Remounting filesystem read-only [ 124.861922][ T5826] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 124.908016][ T106] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 125.067807][ T106] usb 4-1: Using ep0 maxpacket: 8 [ 125.080825][ T6577] loop1: detected capacity change from 0 to 32768 [ 125.087398][ T106] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 125.100104][ T6577] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.214 (6577) [ 125.109085][ T106] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.129590][ T106] pvrusb2: Hardware description: Terratec Grabster AV400 [ 125.136891][ T106] pvrusb2: ********** [ 125.141286][ T106] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 125.152088][ T106] pvrusb2: Important functionality might not be entirely working. [ 125.160621][ T106] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 125.173089][ T106] pvrusb2: ********** [ 125.177615][ T6577] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 125.188701][ T6577] BTRFS info (device loop1): using crc32c checksum algorithm [ 125.275698][ T6577] BTRFS info (device loop1): enabling ssd optimizations [ 125.285869][ T6577] BTRFS info (device loop1): turning on async discard [ 125.293169][ T6577] BTRFS info (device loop1): enabling free space tree [ 125.340442][ T2344] pvrusb2: Invalid write control endpoint [ 125.367758][ T5920] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 125.423039][ T2344] pvrusb2: Invalid write control endpoint [ 125.430358][ T2344] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 125.445990][ T2344] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 125.455057][ T2344] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 125.465799][ T2344] pvrusb2: Device being rendered inoperable [ 125.474878][ T2344] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 125.484488][ T2344] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 125.497786][ T2344] pvrusb2: Attached sub-driver cx25840 [ 125.504419][ T2344] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 125.517483][ T2344] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 125.529456][ T5827] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 125.575901][ T5920] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 125.599364][ T5920] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 125.614588][ T5839] usb 4-1: USB disconnect, device number 7 [ 125.648513][ T5920] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 125.673775][ T5920] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.974318][ T6614] loop2: detected capacity change from 0 to 32768 [ 125.986925][ T6592] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 126.001991][ T5920] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 126.042764][ T6614] XFS (loop2): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 126.131186][ T6614] XFS (loop2): Starting recovery (logdev: internal) [ 126.171002][ T6614] XFS (loop2): Ending recovery (logdev: internal) [ 126.206652][ T6614] XFS (loop2): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_bnobt block 0x4 [ 126.219220][ T6614] XFS (loop2): Unmount and run xfs_repair [ 126.228086][ T6614] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 126.235539][ T6614] 00000000: 53 55 4d 59 00 00 00 02 ff ff ff ff ff ff ff ff SUMY............ [ 126.244844][ T6614] 00000010: 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 40 ...............@ [ 126.253837][ T6614] 00000020: 9f 91 83 2a 3b 79 45 c3 9d 6d ed 0b c7 35 7f e4 ...*;yE..m...5.. [ 126.262841][ T6614] 00000030: 00 00 00 00 25 47 cc 81 00 00 00 0d 00 00 00 03 ....%G.......... [ 126.272164][ T6614] 00000040: 00 00 0e a8 00 00 11 58 00 00 00 00 00 00 00 00 .......X........ [ 126.281698][ T6614] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 126.290669][ T6614] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 126.299680][ T6614] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 126.308856][ T6614] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x4 len 4 error 74 [ 126.321072][ T6614] XFS (loop2): page discard on page ffffea0001450dc0, inode 0x1d06, pos 134744064. [ 126.357154][ T5999] usb 1-1: USB disconnect, device number 5 [ 126.407449][ T5831] XFS (loop2): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 126.415225][ T6632] netlink: 'syz.3.226': attribute type 12 has an invalid length. [ 126.424085][ T6632] netlink: 'syz.3.226': attribute type 29 has an invalid length. [ 126.434513][ T6632] netlink: 148 bytes leftover after parsing attributes in process `syz.3.226'. [ 126.444462][ T6632] netlink: 43 bytes leftover after parsing attributes in process `syz.3.226'. [ 126.453943][ T6632] Zero length message leads to an empty skb [ 126.466343][ T5831] XFS (loop2): Uncorrected metadata errors detected; please run xfs_repair. [ 126.728428][ T6637] netlink: 8 bytes leftover after parsing attributes in process `syz.1.228'. [ 126.747810][ T6637] netlink: 8 bytes leftover after parsing attributes in process `syz.1.228'. [ 126.821433][ T6618] loop4: detected capacity change from 0 to 40427 [ 126.839331][ T6618] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 126.851011][ T6618] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 126.862775][ T6618] F2FS-fs (loop4): invalid crc value [ 126.878795][ T6640] syz.2.227 uses obsolete (PF_INET,SOCK_PACKET) [ 126.989738][ T6646] loop3: detected capacity change from 0 to 128 [ 127.012071][ T6618] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 127.029557][ T6646] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 127.065499][ T6618] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 127.073163][ T6618] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 127.078827][ T6646] ext4 filesystem being mounted at /37/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 127.325682][ T5829] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 127.417961][ T6659] loop2: detected capacity change from 0 to 256 [ 127.992137][ T6656] loop0: detected capacity change from 0 to 32768 [ 128.010076][ T6656] xfs: Deprecated parameter 'attr2' [ 128.024025][ T6656] XFS: attr2 mount option is deprecated. [ 128.062124][ T6656] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 128.142815][ T6656] XFS (loop0): Ending clean mount [ 128.184671][ T6656] XFS (loop0): Quotacheck needed: Please wait. [ 128.262182][ T6656] XFS (loop0): Quotacheck: Done. [ 128.311476][ T30] audit: type=1800 audit(1768461759.112:13): pid=6656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.234" name="file1" dev="loop0" ino=4422 res=0 errno=0 [ 128.346285][ T6656] XFS (loop0): Metadata CRC error detected at xfs_refcountbt_read_verify+0x42/0xe0, xfs_refcountbt block 0x28 [ 128.371680][ T6656] XFS (loop0): Unmount and run xfs_repair [ 128.377484][ T6656] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 128.407608][ T6656] 00000000: 52 ff ff ff 7f 00 00 00 ff ff ff ff ff ff ff ff R............... [ 128.416547][ T6656] 00000010: 00 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 .......(........ [ 128.465516][ T6656] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 128.497330][ T6656] 00000030: 00 00 00 00 bd e7 de 5d 00 00 00 00 00 00 00 00 .......]........ [ 128.527895][ T6656] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 128.547900][ T6656] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 128.556844][ T6656] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 128.598031][ T6656] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 128.618850][ T6707] sctp: [Deprecated]: syz.3.255 (pid 6707) Use of struct sctp_assoc_value in delayed_ack socket option. [ 128.618850][ T6707] Use struct sctp_sack_info instead [ 128.633504][ T6656] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x28 len 8 error 74 [ 128.687336][ T6656] XFS (loop0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x517/0x8a0 (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. [ 128.721540][ T6687] set_capacity_and_notify: 1 callbacks suppressed [ 128.721558][ T6687] loop1: detected capacity change from 0 to 32768 [ 128.743431][ T6656] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 128.841617][ T6687] JBD2: Ignoring recovery information on journal [ 128.922514][ T5826] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 129.036030][ T6687] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 129.223176][ T30] audit: type=1800 audit(1768461760.022:14): pid=6687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.247" name="file1" dev="loop1" ino=17059 res=0 errno=0 [ 129.447428][ T6730] loop0: detected capacity change from 0 to 512 [ 129.487970][ T6730] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 129.562131][ T6730] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.680737][ T6717] loop2: detected capacity change from 0 to 32768 [ 129.756063][ T6717] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.259 (6717) [ 129.770380][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.853097][ T6717] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 129.868967][ T5827] ocfs2: Unmounting device (7,1) on (node local) [ 129.926042][ T6717] BTRFS info (device loop2): using blake2b checksum algorithm [ 129.945143][ T6740] loop3: detected capacity change from 0 to 4096 [ 129.998682][ T6740] EXT4-fs (loop3): Test dummy encryption mode enabled [ 130.028775][ T6740] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a84ec018, mo2=0002] [ 130.038962][ T6740] System zones: 0-5 [ 130.055010][ T6717] BTRFS info (device loop2): enabling ssd optimizations [ 130.064068][ T6740] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.076894][ T6717] BTRFS info (device loop2): turning on async discard [ 130.084642][ T6717] BTRFS info (device loop2): enabling free space tree [ 130.129373][ T6740] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 130.153283][ T6761] loop0: detected capacity change from 0 to 512 [ 130.164011][ T6761] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 130.205428][ T6761] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.228511][ T6761] ext4 filesystem being mounted at /44/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 130.297027][ T30] audit: type=1800 audit(1768461761.092:15): pid=6761 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.270" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 130.331601][ T6767] loop1: detected capacity change from 0 to 2048 [ 130.346751][ T6767] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 130.389815][ T5831] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 130.415565][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.513175][ T5920] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 130.689235][ T5920] usb 5-1: Using ep0 maxpacket: 32 [ 130.701706][ T5920] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 130.738793][ T5920] usb 5-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= a.f5 [ 130.753210][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.764296][ T5920] usb 5-1: Product: syz [ 130.768864][ T5920] usb 5-1: Manufacturer: syz [ 130.781160][ T5829] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.794354][ T5920] usb 5-1: SerialNumber: syz [ 130.797876][ T5945] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 130.811962][ T5920] usb 5-1: config 0 descriptor?? [ 130.820202][ T6765] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 130.839660][ T5920] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 131.062000][ T5945] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.074628][ T6772] loop1: detected capacity change from 0 to 32768 [ 131.087793][ T5945] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.099926][ T5920] usb 5-1: USB disconnect, device number 3 [ 131.118421][ T5945] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 131.147847][ T5945] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 131.156960][ T5945] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.174159][ T6772] loop1: p9 p11 p16 [ 131.203524][ T6787] loop3: detected capacity change from 0 to 512 [ 131.205249][ T5945] usb 1-1: config 0 descriptor?? [ 131.215016][ T6787] EXT4-fs: Ignoring removed bh option [ 131.228080][ T6787] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 131.253522][ T6787] EXT4-fs (loop3): 1 truncate cleaned up [ 131.261922][ T6787] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 131.311165][ T6787] overlayfs: upper fs needs to support d_type. [ 131.333023][ T6787] EXT4-fs error (device loop3): ext4_lookup:1785: inode #14: comm syz.3.279: invalid fast symlink length 39 [ 131.431649][ T5829] EXT4-fs error (device loop3): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39 [ 131.452898][ T5829] EXT4-fs error (device loop3): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39 [ 131.660853][ T5945] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 131.805584][ T5829] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.884707][ T3458] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.930286][ T6790] loop1: detected capacity change from 0 to 32768 [ 131.975749][ T5945] usb 1-1: USB disconnect, device number 6 [ 132.021797][ T6790] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 132.095505][ T3458] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.106653][ T6790] XFS (loop1): Ending clean mount [ 132.126612][ T6790] XFS (loop1): Quotacheck needed: Please wait. [ 132.181598][ T6790] XFS (loop1): Quotacheck: Done. [ 132.241028][ T3458] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.329280][ T5827] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 132.358793][ T6811] ipip0: entered promiscuous mode [ 132.367817][ T6811] ipip0: entered allmulticast mode [ 132.426008][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 132.437372][ T5843] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 132.446478][ T5843] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 132.458463][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 132.468621][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 132.573845][ T3458] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.157999][ T5839] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 133.173246][ T6822] loop0: detected capacity change from 0 to 32768 [ 133.200134][ T6822] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.293 (6822) [ 133.220459][ T6822] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 133.257732][ T6822] BTRFS info (device loop0): using sha256 checksum algorithm [ 133.272010][ T3458] bridge_slave_1: left allmulticast mode [ 133.278372][ T3458] bridge_slave_1: left promiscuous mode [ 133.286582][ T3458] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.306136][ T3458] bridge_slave_0: left allmulticast mode [ 133.314185][ T3458] bridge_slave_0: left promiscuous mode [ 133.332256][ T5839] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 133.347840][ T3458] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.357222][ T5839] usb 2-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 133.378097][ T5839] usb 2-1: Product: syz [ 133.382350][ T5839] usb 2-1: Manufacturer: syz [ 133.386976][ T5839] usb 2-1: SerialNumber: syz [ 133.431874][ T5839] usb 2-1: config 0 descriptor?? [ 133.442653][ T5839] ch341 2-1:0.0: ch341-uart converter detected [ 133.461515][ T6822] BTRFS info (device loop0): enabling ssd optimizations [ 133.480531][ T6822] BTRFS info (device loop0): turning on async discard [ 133.487378][ T6822] BTRFS info (device loop0): enabling free space tree [ 133.611434][ T6824] btrfs: Deprecated parameter 'usebackuproot' [ 133.635160][ T6824] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 133.655460][ T6824] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.294 (6824) [ 133.679754][ T6824] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 133.704608][ T6824] BTRFS info (device loop2): using crc32c checksum algorithm [ 133.712333][ T6824] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 133.761813][ T5826] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 133.853447][ T6831] set_capacity_and_notify: 1 callbacks suppressed [ 133.853468][ T6831] loop4: detected capacity change from 0 to 32768 [ 133.957428][ T6831] JBD2: Ignoring recovery information on journal [ 134.044605][ T3429] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 134.079616][ T6824] BTRFS error (device loop2): failed to load root extent [ 134.086861][ T6824] BTRFS warning (device loop2): try to load backup roots slot 1 [ 134.095173][ T6831] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 134.120200][ T3429] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 134.133602][ T6824] BTRFS warning (device loop2): couldn't read tree root [ 134.163794][ T6824] BTRFS warning (device loop2): try to load backup roots slot 2 [ 134.190252][ T13] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 134.202319][ T6824] BTRFS warning (device loop2): couldn't read tree root [ 134.211643][ T6824] BTRFS warning (device loop2): try to load backup roots slot 3 [ 134.271620][ T6824] BTRFS info (device loop2): rebuilding free space tree [ 134.318871][ T6824] BTRFS info (device loop2): disabling free space tree [ 134.325853][ T6824] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 134.336632][ T6824] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 134.374492][ T6824] BTRFS info (device loop2): setting nodatasum [ 134.380948][ T6824] BTRFS info (device loop2): setting nodatacow [ 134.394432][ T6824] BTRFS info (device loop2): enabling ssd optimizations [ 134.414018][ T6824] BTRFS info (device loop2): using spread ssd allocation scheme [ 134.429837][ T6824] BTRFS info (device loop2): turning off barriers [ 134.441873][ T6824] BTRFS info (device loop2): turning on async discard [ 134.449141][ T6865] overlayfs: upper fs does not support tmpfile. [ 134.450851][ T3458] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 134.465884][ T6824] BTRFS info (device loop2): enabling disk space caching [ 134.475714][ T6824] BTRFS info (device loop2): force clearing of disk cache [ 134.493553][ T6865] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 134.496321][ T3458] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 134.510590][ T6824] BTRFS info (device loop2): enabling auto defrag [ 134.518114][ T5844] Bluetooth: hci3: command tx timeout [ 134.524541][ T6824] BTRFS info (device loop2): trying to use backup root at mount time [ 134.540451][ T6865] overlayfs: upper fs missing required features. [ 134.545804][ T6824] BTRFS info (device loop2): max_inline set to 0 [ 134.557813][ T3458] bond0 (unregistering): Released all slaves [ 134.670652][ T5825] ocfs2: Unmounting device (7,4) on (node local) [ 134.695395][ T5839] ch341-uart ttyUSB0: failed to read break control: -71 [ 134.726022][ T5839] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 134.761819][ T5839] usb 2-1: USB disconnect, device number 4 [ 134.778454][ T6813] chnl_net:caif_netlink_parms(): no params data found [ 134.799646][ T5839] ch341 2-1:0.0: device disconnected [ 134.875296][ T6873] Bluetooth: hci0: unsupported parameter 256 [ 134.887651][ T6873] Bluetooth: hci0: invalid length 0, exp 2 for type 7 [ 134.943136][ T5831] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 135.637832][ T3458] hsr_slave_0: left promiscuous mode [ 135.703597][ T3458] hsr_slave_1: left promiscuous mode [ 135.720660][ T3458] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 135.746319][ T3458] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 135.770823][ T3458] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 135.795353][ T3458] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 135.856097][ T3458] veth1_macvtap: left promiscuous mode [ 135.887803][ T3458] veth0_macvtap: left promiscuous mode [ 135.903841][ T3458] veth1_vlan: left promiscuous mode [ 135.909730][ T3458] veth0_vlan: left promiscuous mode [ 136.066714][ T6911] loop4: detected capacity change from 0 to 22 [ 136.132157][ T6911] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 136.183118][ T6911] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 136.254116][ T6911] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 136.336997][ T6903] loop0: detected capacity change from 0 to 32768 [ 136.351278][ T6903] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.311 (6903) [ 136.384364][ T6903] BTRFS info (device loop0): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 136.394665][ T6903] BTRFS info (device loop0): using blake2b checksum algorithm [ 136.473846][ T6903] BTRFS info (device loop0): enabling ssd optimizations [ 136.481224][ T6903] BTRFS info (device loop0): turning on async discard [ 136.488681][ T6903] BTRFS info (device loop0): enabling free space tree [ 136.495798][ T6903] BTRFS info (device loop0): use lzo compression, level 1 [ 136.598138][ T5844] Bluetooth: hci3: command tx timeout [ 136.656264][ T5826] BTRFS info (device loop0): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 136.878229][ T24] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 136.916511][ T6937] loop2: detected capacity change from 0 to 16 [ 136.973419][ T6937] erofs (device loop2): unsupported i_format 32 of nid 36 [ 137.047593][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 137.059886][ T24] usb 5-1: New USB device found, idVendor=2001, idProduct=4002, bcdDevice=df.bf [ 137.074911][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.096321][ T24] usb 5-1: config 0 descriptor?? [ 137.441606][ T6937] loop2: detected capacity change from 0 to 32768 [ 137.452965][ T6937] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.321 (6937) [ 137.471266][ T6945] netlink: 'syz.1.323': attribute type 9 has an invalid length. [ 137.474362][ T6937] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 137.501314][ T6937] BTRFS info (device loop2): using sha256 checksum algorithm [ 137.508291][ T6945] netlink: 'syz.1.323': attribute type 11 has an invalid length. [ 137.516627][ T6945] netlink: 'syz.1.323': attribute type 12 has an invalid length. [ 137.524561][ T6945] netlink: 210020 bytes leftover after parsing attributes in process `syz.1.323'. [ 137.534183][ T6945] netlink: 4 bytes leftover after parsing attributes in process `syz.1.323'. [ 137.546129][ T6937] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 137.716052][ T6937] BTRFS info (device loop2): rebuilding free space tree [ 137.759809][ T6937] BTRFS info (device loop2): disabling free space tree [ 137.766853][ T6937] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 137.781338][ T6937] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 137.795448][ T3458] team0 (unregistering): Port device team_slave_1 removed [ 137.805601][ T6963] netlink: 4 bytes leftover after parsing attributes in process `syz.1.325'. [ 137.819584][ T6937] BTRFS info (device loop2): allowing degraded mounts [ 137.826646][ T6937] BTRFS info (device loop2): enabling ssd optimizations [ 137.833779][ T6937] BTRFS info (device loop2): disabling tree log [ 137.840313][ T6937] BTRFS info (device loop2): enabling disk space caching [ 137.847393][ T6937] BTRFS info (device loop2): force clearing of disk cache [ 137.855971][ T6937] BTRFS info (device loop2): enabling auto defrag [ 137.902662][ T3458] team0 (unregistering): Port device team_slave_0 removed [ 137.939525][ T5831] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 138.134695][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.153640][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.359194][ T24] pegasus 5-1:0.0: can't reset MAC [ 138.383630][ T24] pegasus 5-1:0.0: probe with driver pegasus failed with error -5 [ 138.415779][ T24] usb 5-1: USB disconnect, device number 4 [ 138.677695][ T5844] Bluetooth: hci3: command tx timeout [ 138.755410][ T6813] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.764542][ T6813] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.772020][ T6813] bridge_slave_0: entered allmulticast mode [ 138.780469][ T6813] bridge_slave_0: entered promiscuous mode [ 138.798713][ T6963] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 138.889883][ T6963] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 139.012875][ T6813] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.027798][ T6813] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.058753][ T6813] bridge_slave_1: entered allmulticast mode [ 139.080351][ T6813] bridge_slave_1: entered promiscuous mode [ 139.116888][ T6974] trusted_key: syz.0.329 sent an empty control message without MSG_MORE. [ 139.191927][ T6976] input: syz1 as /devices/virtual/input/input8 [ 139.302276][ T6813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 139.365312][ T6981] capability: warning: `syz.1.334' uses 32-bit capabilities (legacy support in use) [ 139.392820][ T6813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 139.520708][ T6988] netlink: 20 bytes leftover after parsing attributes in process `syz.2.335'. [ 139.586049][ T6991] netlink: 20 bytes leftover after parsing attributes in process `syz.2.335'. [ 139.775856][ T6995] 9pnet: p9_errstr2errno: server reported unknown error ½ [ 139.946762][ T6813] team0: Port device team_slave_0 added [ 139.954727][ T6998] input: syz1 as /devices/virtual/input/input9 [ 139.968921][ T6813] team0: Port device team_slave_1 added [ 140.195162][ T6813] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 140.207570][ T6813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 140.310746][ T6813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 140.334549][ T6813] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 140.347797][ T6813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 140.376567][ T6813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 140.398355][ T5912] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 140.519836][ T6813] hsr_slave_0: entered promiscuous mode [ 140.537056][ T6813] hsr_slave_1: entered promiscuous mode [ 140.544194][ T6813] debugfs: 'hsr0' already exists in 'hsr' [ 140.553137][ T6813] Cannot create hsr debugfs directory [ 140.562192][ T5912] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 140.574126][ T5912] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 140.597681][ T5912] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 140.624476][ T5912] usb 2-1: config 220 has no interface number 2 [ 140.632694][ T5912] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 140.674392][ T5912] usb 2-1: config 220 interface 0 has no altsetting 0 [ 140.698384][ T5912] usb 2-1: config 220 interface 76 has no altsetting 0 [ 140.705393][ T5912] usb 2-1: config 220 interface 1 has no altsetting 0 [ 140.720006][ T5912] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 140.729381][ T5912] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.737440][ T5912] usb 2-1: Product: syz [ 140.754480][ T5912] usb 2-1: Manufacturer: syz [ 140.758133][ T5844] Bluetooth: hci3: command tx timeout [ 140.765026][ T5912] usb 2-1: SerialNumber: syz [ 140.772259][ C0] Unknown status report in ack skb [ 141.040763][ T5912] uvcvideo 2-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 141.054116][ T6813] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 141.072518][ T5912] uvcvideo 2-1:220.0: No valid video chain found. [ 141.080246][ T5912] usb 2-1: selecting invalid altsetting 0 [ 141.099142][ T5912] usb 2-1: selecting invalid altsetting 0 [ 141.108880][ T6813] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 141.119011][ T5912] usbtest 2-1:220.1: probe with driver usbtest failed with error -22 [ 141.154657][ T5912] usb 2-1: USB disconnect, device number 5 [ 141.167473][ T6813] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 141.193976][ T6813] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 141.436530][ T6813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 141.438813][ T7045] loop0: detected capacity change from 0 to 4096 [ 141.492808][ T6813] 8021q: adding VLAN 0 to HW filter on device team0 [ 141.503388][ T7049] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 141.531330][ T151] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.538627][ T151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.579391][ T151] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.586760][ T151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.629460][ T7045] overlayfs: upper fs does not support tmpfile. [ 141.650609][ T7051] loop4: detected capacity change from 0 to 1024 [ 141.659913][ T7045] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 141.667810][ T7045] overlayfs: failed to set xattr on upper [ 141.684387][ T7051] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 141.687665][ T7045] overlayfs: ...falling back to redirect_dir=nofollow. [ 141.727233][ T7051] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 141.739926][ T7045] overlayfs: ...falling back to index=off. [ 141.745810][ T7045] overlayfs: ...falling back to uuid=null. [ 141.752481][ T7051] EXT4-fs (loop4): orphan cleanup on readonly fs [ 141.764448][ T6813] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 141.800368][ T7051] EXT4-fs error (device loop4): ext4_free_blocks:6727: comm syz.4.359: Freeing blocks not in datazone - block = 0, count = 4096 [ 141.869218][ T7051] EXT4-fs (loop4): 1 orphan inode deleted [ 141.962919][ T7051] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 142.046104][ T6813] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.103451][ T5825] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.225136][ T7045] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 142.280730][ T7045] Remounting filesystem read-only [ 142.286444][ T7045] overlayfs: cleanup of 'work/#1a' failed (-30) [ 142.469058][ T7077] tipc: Started in network mode [ 142.474497][ T7077] tipc: Node identity ac14140f, cluster identity 4711 [ 142.498340][ T7077] tipc: New replicast peer: 255.255.255.255 [ 142.508713][ T7077] tipc: Enabled bearer , priority 10 [ 142.558142][ T7080] netlink: 'syz.2.369': attribute type 1 has an invalid length. [ 142.628328][ T7080] 8021q: adding VLAN 0 to HW filter on device bond1 [ 142.708952][ T7092] netlink: 'syz.4.370': attribute type 1 has an invalid length. [ 142.719455][ T7087] bond1: (slave geneve2): making interface the new active one [ 142.730470][ T7087] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 142.770757][ T7092] netlink: 'syz.4.370': attribute type 6 has an invalid length. [ 142.792309][ T7092] netlink: 'syz.4.370': attribute type 3 has an invalid length. [ 142.813606][ T7092] netlink: 24 bytes leftover after parsing attributes in process `syz.4.370'. [ 142.968256][ T6813] veth0_vlan: entered promiscuous mode [ 142.991201][ T6813] veth1_vlan: entered promiscuous mode [ 143.073663][ T6813] veth0_macvtap: entered promiscuous mode [ 143.102860][ T6813] veth1_macvtap: entered promiscuous mode [ 143.186484][ T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 143.211425][ T6813] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 143.235073][ T6813] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 143.322773][ T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.358713][ T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.369732][ T9] usb 2-1: config 0 has no interfaces? [ 143.378616][ T9] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 143.395652][ T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.407644][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.428998][ T9] usb 2-1: Product: syz [ 143.433296][ T9] usb 2-1: Manufacturer: syz [ 143.438651][ T9] usb 2-1: SerialNumber: syz [ 143.453985][ T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.475888][ T9] usb 2-1: config 0 descriptor?? [ 143.516185][ T5839] tipc: Node number set to 2886997007 [ 143.646306][ T7104] loop2: detected capacity change from 0 to 2048 [ 143.659543][ T3429] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.678924][ T3429] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.698302][ T7104] Alternate GPT is invalid, using primary GPT. [ 143.713497][ T7104] loop2: p1 p2 p3 [ 143.736183][ T3429] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.756160][ T3429] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.860905][ T7098] loop4: detected capacity change from 0 to 32768 [ 143.888171][ T7098] (syz.4.373,7098,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 143.918587][ T7098] (syz.4.373,7098,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 143.977756][ T7098] (syz.4.373,7098,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x42e49fb, computed 0x6b52b378. Applying ECC. [ 143.993757][ T7098] (syz.4.373,7098,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x42e49fb, computed 0x6b52b378. Applying ECC. [ 144.019111][ T7098] JBD2: Ignoring recovery information on journal [ 144.090528][ T7098] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 144.103288][ T7120] mmap: syz.0.382 (7120) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 144.190462][ T7098] [ 144.192857][ T7098] ====================================================== [ 144.199908][ T7098] WARNING: possible circular locking dependency detected [ 144.206983][ T7098] syzkaller #0 Tainted: G L [ 144.213013][ T7098] ------------------------------------------------------ [ 144.220166][ T7098] syz.4.373/7098 is trying to acquire lock: [ 144.226091][ T7098] ffff88806a6d06f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_calc_xattr_init+0x20a/0xd80 [ 144.236078][ T7098] [ 144.236078][ T7098] but task is already holding lock: [ 144.243474][ T7098] ffff88806a6da640 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x164/0x4600 [ 144.256827][ T7098] [ 144.256827][ T7098] which lock already depends on the new lock. [ 144.256827][ T7098] [ 144.267248][ T7098] [ 144.267248][ T7098] the existing dependency chain (in reverse order) is: [ 144.276300][ T7098] [ 144.276300][ T7098] -> #3 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}: [ 144.286943][ T7098] down_write+0x96/0x1f0 [ 144.291849][ T7098] ocfs2_evict_inode+0x1507/0x4040 [ 144.297509][ T7098] evict+0x5f4/0xae0 [ 144.302052][ T7098] ocfs2_dentry_iput+0x247/0x370 [ 144.307531][ T7098] __dentry_kill+0x209/0x660 [ 144.312669][ T7098] finish_dput+0xc9/0x480 [ 144.317532][ T7098] ovl_fill_super+0x4644/0x5a90 [ 144.322929][ T7098] get_tree_nodev+0xbb/0x150 [ 144.328062][ T7098] vfs_get_tree+0x92/0x2a0 [ 144.333020][ T7098] do_new_mount+0x31a/0xcf0 [ 144.338126][ T7098] __se_sys_mount+0x313/0x410 [ 144.343393][ T7098] do_syscall_64+0xec/0xf80 [ 144.348445][ T7098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.354906][ T7098] [ 144.354906][ T7098] -> #2 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}: [ 144.365445][ T7098] down_write+0x96/0x1f0 [ 144.370239][ T7098] ocfs2_del_inode_from_orphan+0x134/0x740 [ 144.376602][ T7098] ocfs2_dio_end_io+0x479/0x10f0 [ 144.382078][ T7098] dio_complete+0x25b/0x790 [ 144.387145][ T7098] __blockdev_direct_IO+0x2e63/0x3490 [ 144.393055][ T7098] ocfs2_direct_IO+0x25f/0x2d0 [ 144.398364][ T7098] generic_file_direct_write+0x1db/0x3e0 [ 144.404558][ T7098] __generic_file_write_iter+0x11d/0x230 [ 144.410762][ T7098] ocfs2_file_write_iter+0x1582/0x1cf0 [ 144.416772][ T7098] iter_file_splice_write+0x972/0x10b0 [ 144.422789][ T7098] direct_splice_actor+0x101/0x160 [ 144.428447][ T7098] splice_direct_to_actor+0x5a8/0xcc0 [ 144.434366][ T7098] do_splice_direct+0x181/0x270 [ 144.439924][ T7098] do_sendfile+0x4da/0x7e0 [ 144.445247][ T7098] __se_sys_sendfile64+0x13e/0x190 [ 144.451117][ T7098] do_syscall_64+0xec/0xf80 [ 144.456176][ T7098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.462612][ T7098] [ 144.462612][ T7098] -> #1 (&oi->ip_alloc_sem){++++}-{4:4}: [ 144.470548][ T7098] down_write+0x96/0x1f0 [ 144.475460][ T7098] ocfs2_try_remove_refcount_tree+0xb6/0x320 [ 144.481993][ T7098] ocfs2_xattr_set+0x595/0x11f0 [ 144.487390][ T7098] __vfs_removexattr+0x431/0x470 [ 144.492934][ T7098] __vfs_removexattr_locked+0xe2/0x280 [ 144.499079][ T7098] vfs_removexattr+0x7f/0x230 [ 144.504325][ T7098] ovl_fill_super+0x487b/0x5a90 [ 144.509743][ T7098] get_tree_nodev+0xbb/0x150 [ 144.514898][ T7098] vfs_get_tree+0x92/0x2a0 [ 144.519959][ T7098] do_new_mount+0x31a/0xcf0 [ 144.525014][ T7098] __se_sys_mount+0x313/0x410 [ 144.530238][ T7098] do_syscall_64+0xec/0xf80 [ 144.535282][ T7098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.541711][ T7098] [ 144.541711][ T7098] -> #0 (&oi->ip_xattr_sem){++++}-{4:4}: [ 144.549563][ T7098] __lock_acquire+0x15a6/0x2cf0 [ 144.554971][ T7098] lock_acquire+0x107/0x340 [ 144.560018][ T7098] down_read+0x47/0x2e0 [ 144.564722][ T7098] ocfs2_calc_xattr_init+0x20a/0xd80 [ 144.570649][ T7098] ocfs2_mknod+0xc7d/0x2030 [ 144.575704][ T7098] ocfs2_mkdir+0x181/0x420 [ 144.580917][ T7098] vfs_mkdir+0x414/0x630 [ 144.585713][ T7098] filename_mkdirat+0x27b/0x500 [ 144.591195][ T7098] __se_sys_mkdirat+0x35/0x150 [ 144.596512][ T7098] do_syscall_64+0xec/0xf80 [ 144.601562][ T7098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.607992][ T7098] [ 144.607992][ T7098] other info that might help us debug this: [ 144.607992][ T7098] [ 144.618236][ T7098] Chain exists of: [ 144.618236][ T7098] &oi->ip_xattr_sem --> &ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE] --> &ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE] [ 144.618236][ T7098] [ 144.637303][ T7098] Possible unsafe locking scenario: [ 144.637303][ T7098] [ 144.644787][ T7098] CPU0 CPU1 [ 144.650171][ T7098] ---- ---- [ 144.655554][ T7098] lock(&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]); [ 144.662953][ T7098] lock(&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]); [ 144.672784][ T7098] lock(&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]); [ 144.682693][ T7098] rlock(&oi->ip_xattr_sem); [ 144.687393][ T7098] [ 144.687393][ T7098] *** DEADLOCK *** [ 144.687393][ T7098] [ 144.695550][ T7098] 3 locks held by syz.4.373/7098: [ 144.700583][ T7098] #0: ffff88805853c420 (sb_writers#29){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 144.709845][ T7098] #1: ffff88806a6d09c0 (&type->i_mutex_dir_key#20/1){+.+.}-{4:4}, at: filename_create+0x1fb/0x360 [ 144.720586][ T7098] #2: ffff88806a6da640 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x164/0x4600 [ 144.734355][ T7098] [ 144.734355][ T7098] stack backtrace: [ 144.740274][ T7098] CPU: 1 UID: 0 PID: 7098 Comm: syz.4.373 Tainted: G L syzkaller #0 PREEMPT(full) [ 144.740302][ T7098] Tainted: [L]=SOFTLOCKUP [ 144.740314][ T7098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 144.740324][ T7098] Call Trace: [ 144.740333][ T7098] [ 144.740341][ T7098] dump_stack_lvl+0xe8/0x150 [ 144.740368][ T7098] print_circular_bug+0x2e2/0x300 [ 144.740396][ T7098] check_noncircular+0x12e/0x150 [ 144.740423][ T7098] __lock_acquire+0x15a6/0x2cf0 [ 144.740453][ T7098] ? ocfs2_calc_xattr_init+0x20a/0xd80 [ 144.740474][ T7098] lock_acquire+0x107/0x340 [ 144.740493][ T7098] ? ocfs2_calc_xattr_init+0x20a/0xd80 [ 144.740520][ T7098] down_read+0x47/0x2e0 [ 144.740541][ T7098] ? ocfs2_calc_xattr_init+0x20a/0xd80 [ 144.740561][ T7098] ? ocfs2_calc_xattr_init+0x1e0/0xd80 [ 144.740583][ T7098] ocfs2_calc_xattr_init+0x20a/0xd80 [ 144.740607][ T7098] ? __pfx_ocfs2_calc_xattr_init+0x10/0x10 [ 144.740628][ T7098] ? stack_trace_save+0x9c/0xe0 [ 144.740645][ T7098] ? ocfs2_init_security_get+0x139/0x1a0 [ 144.740669][ T7098] ocfs2_mknod+0xc7d/0x2030 [ 144.740689][ T7098] ? do_raw_spin_lock+0x121/0x290 [ 144.740706][ T7098] ? __pfx_ocfs2_mknod+0x10/0x10 [ 144.740723][ T7098] ? do_raw_spin_unlock+0xf6/0x210 [ 144.740739][ T7098] ? _raw_spin_unlock+0x28/0x50 [ 144.740754][ T7098] ? ocfs2_inode_lock_full_nested+0xabe/0x1b40 [ 144.740782][ T7098] ? kasan_quarantine_put+0xbb/0x1f0 [ 144.740806][ T7098] ? __lock_acquire+0x6b6/0x2cf0 [ 144.740830][ T7098] ? do_raw_spin_unlock+0xf6/0x210 [ 144.740847][ T7098] ? _raw_spin_unlock+0x28/0x50 [ 144.740864][ T7098] ? do_raw_spin_lock+0x121/0x290 [ 144.740882][ T7098] ? do_raw_spin_unlock+0xf6/0x210 [ 144.740900][ T7098] ? put_pid+0xe9/0x130 [ 144.740924][ T7098] ocfs2_mkdir+0x181/0x420 [ 144.740940][ T7098] ? __pfx_from_kgid+0x10/0x10 [ 144.740966][ T7098] ? __pfx_ocfs2_mkdir+0x10/0x10 [ 144.740983][ T7098] ? inode_permission+0x346/0x5f0 [ 144.740999][ T7098] ? bpf_lsm_inode_mkdir+0x9/0x20 [ 144.741019][ T7098] vfs_mkdir+0x414/0x630 [ 144.741045][ T7098] filename_mkdirat+0x27b/0x500 [ 144.741072][ T7098] ? __pfx_filename_mkdirat+0x10/0x10 [ 144.741098][ T7098] ? do_getname+0x152/0x250 [ 144.741113][ T7098] __se_sys_mkdirat+0x35/0x150 [ 144.741137][ T7098] do_syscall_64+0xec/0xf80 [ 144.741156][ T7098] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.741173][ T7098] ? trace_irq_disable+0x37/0x100 [ 144.741187][ T7098] ? clear_bhb_loop+0x40/0x90 [ 144.741205][ T7098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.741221][ T7098] RIP: 0033:0x7fcc5af8de97 [ 144.741237][ T7098] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.741251][ T7098] RSP: 002b:00007fcc5bd6ae68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 144.741270][ T7098] RAX: ffffffffffffffda RBX: 00007fcc5bd6aef0 RCX: 00007fcc5af8de97 [ 144.741282][ T7098] RDX: 00000000000001ff RSI: 00002000000000c0 RDI: 00000000ffffff9c [ 144.741293][ T7098] RBP: 0000200000000080 R08: 0000200000000000 R09: 0000000000000000 [ 144.741304][ T7098] R10: 0000200000000080 R11: 0000000000000246 R12: 00002000000000c0 [ 144.741321][ T7098] R13: 00007fcc5bd6aeb0 R14: 0000000000000000 R15: 0000000000000000 [ 144.741338][ T7098] [ 145.171930][ T30] audit: type=1800 audit(1768461775.972:16): pid=7098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.373" name="file1" dev="loop4" ino=16979 res=0 errno=0 [ 145.242840][ T5825] ocfs2: Unmounting device (7,4) on (node local) [ 145.882845][ T5912] usb 2-1: USB disconnect, device number 6