last executing test programs: 2m20.150786787s ago: executing program 1 (id=37): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file2\x00', 0x4204, &(0x7f0000003240)=ANY=[], 0x2, 0x334, &(0x7f0000002900)="$eJzs3M1LI2ccwPFfXk0imhxKSwvFh/bSXgZNey4NRaE0UFFTqoXCqJM2ZJpIJlhSStVTr6X3PS3sQTx6E3b3H/Cyt93LXvbmZWEP62F3Z5k3864xG4mr3w9InjzP80vmeUn4zeDk5Of//igXLa2o1yWcUBISETkVyUhYAiH/MeyW49JqV76cfPH40+XVtR9y+fz8klILuZWvskqp6Zn7f/6d9LsdTchx5teT59lnxx8ef3zyZuX3kqVKlqpU60pX69WndX3dNNRmySprSi2ahm4ZqlSxjJrXXvXai2Z1a6uh9MrmVGqrZliW0isNVTYaql5V9VpD6b/ppYrSNE1NpQQXKewvLem5IYM3RnwwuCK1Wk6PiEiyq6WwP5YDAgAAY9WZ/4edlH6o/F+m3fzf6dzM/w8+e1if/Olw2s//j+K98v+vn3iv1Zb/J0RkmPz/jlwi/+/OiG6Xd8r/cT3MxLuqQm3PnPw/5X9+XXu/HMy6BfJ/AAAAAAAAAAAAAAAAAAAAAADeB6e2nbZtOx08Bn/NWwj857iR+q3/hIgknNW3Wf+bbHl1TRLujXvOGpv/bhe2C96j0/ra9oghs5KWV+5+COrEtoM7j5QjIw/MHT9+Z7sQcVtyRSmJKYbMSVoynfG2vfB9fn5Oefz4s9uUUq3xWUnLB73js+3x/vvH5YvPW+I1ScujDamKKZvuvm7G/zOn1Hc/5jvik24/AAAAAABuAk2d6Xn+rmn92r1fGckV3ctEfa4PeOfXsz3Pz6PpT6LjHj0AAAAAALeD1firrJumUTunkJSL+wxfiA7WOd5REzuvc6RlhIMeT9y9kCHSr09kwBm7O+CsthWCf6Roa0r4lcNNbzD+ka3XbmtNWAaIinYe/IxToS757nv+QM5qgstG8T7zLIvdrxNu2wntsxob2X7+6P97L0f3AfnmMNgBF3fea6mJDbznTdNIdO46txDr/40RHsXXDgAAAIAxaCb9Qc23rc2hsRwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC3zJX8pF9HYdxjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK6LtwEAAP//04b4lA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r0, 0x0) write$binfmt_script(r0, &(0x7f0000000140)={'#! ', './file2'}, 0xb) write$P9_RCLUNK(r0, &(0x7f00000001c0)={0x7, 0x79, 0x2}, 0x7) 2m19.790399166s ago: executing program 1 (id=39): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={{0x14}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x28}}, 0x2400c000) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r1, @ANYBLOB=',wfdno=', @ANYRESOCT=r0]) 2m18.835330733s ago: executing program 1 (id=43): bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x62) listen(r0, 0x0) close(r0) 2m18.734871442s ago: executing program 1 (id=44): syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000005700)=ANY=[@ANYBLOB="6e6f657874656e745f63616368652c6a71666d743d7666736f6c642c6e6f71756f74612c6e6f71756f74612c66617374626f6f742c6e6f696e6c696e655f64656e7472792c6a71666d743d76667376312c6673796e635f6d6f64653d7374726963742c6772706a71756f74613d278c006c6c6f635f6d6f64653d64656661756c742c696e6c696e655f78617474722c00a2b4db502b6ba8210424f7f797a6ddd50d26e73f72a841707ea019cc81c223d959a991615e17b58a4e3ec9b2e54b87aafbaf0036421993a261bd97b95beab3b8db73ad782b6009737439da6f1d157405f23efa22e2b774ebcf1fbf96b0f516775ed21aecaa6ba0f6d45e71"], 0x1, 0x550f, &(0x7f00000001c0)="$eJzs3M9rI+UbAPAn7XZ/f/dbxIO3HViEFjZh0x+L3qru4g/sUlY9eNI0SUN2k0xp0rT25MGjePA/EQVPHv0bPHj2Jh4Ub0IlM1PdqgtC08RtPx+YPPO+efPM84Zl4ZkpCeDcmk9+/bkUN+JKRMxGxPWI7LxUHJm1PLwQETcjYuaJo1TM/zFxMSKuRsSNUfI8Z6l46/Pbw1urP731yzffXbpw7Yuvv5/eroFpezEiutv5+V43j2krj4+K+dqwncXuyrCI+Rvdx8U4zeNeczPLsFc7WlfL4nIrX59u7/ZHcatTq49iq72VzW/38gv2h62jPNkHHtV2snGjuZnFdj/NYusgr2v/IP+/7aA/yPM0inwfZeljMDiK+Xxzv5nvZ/txFuu9QTGf500bzf1RHBaxuFzU004jq2PzJN/0f9vb7d7ufjJs7vTbaS9ZrVRfqlTvlqs7aaM5aK6Ua93G3ZVkodUZLSsPmrXuWitNW51mpZ52F5OFVr1erlaThXvNzXatl1SrleXKnfLqYnF2O3n9wXtJp5EsjOKr7d7uoN3pJ1vpTpJ/YjFZqiy/vJjcqibvrG8kGw/v31/feDfuvf/glfU3XysW/a2sZGHpztJSuXqnvFRdPIP7/+Ap+/+kKHqM+4cTKU27AIBnj/4fmIbT6/93HsbhYTZ/mv1/6P/HYlz97+Ek+t/z3v+fwv7hRPT/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1g9zX76Rnczn42vF/P+KqeeKcSkiZiLi8B/MxsVjOWeLPHNPWT/3lxq+LUWWYXSNS8VxNSLWiuO3/5/2twAAAABn11cf3/ws79bzl/lpF8Qk5TdtZq5/OKZ8pYiYm/9xTNlmRi/PjylZ9u/7QuyPKVt2A+vymJLlt9wujCvbvzJ7LFx+IpTyMDPRcgAAgIk43glMtgsBAABgkj6ddgFMRymOHmUePQvO/vL+zweCV46NAAAAgGdQadoFAAAAAKcu6//9/h8AAACcbfnv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/M7O/dyoDURxAH62cSD/FBTlnla4QRkpIcccIwpIE5RAWkgD1EBuKSGCFR4vWlbsaiWP7d3V90kwjAU/ZhA+zBtpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjT33q7+v3z66+uOYdjN3lmAwAAAFyzr7er5sU89d+31z+2lz63/SIiyoi4tnav4s1FZtXm1A+8v743hj8RTcLpO6bt411ELKqIRUT8/9T3rwAAAACv1269WabVenqajz0ghpSKNuWHb5nyioio5/8ypZWnvC+Zwpr/9yR+ZEprClizTGGp5DbJlfYkze1+rtrN7jRFasrHP59t7gAAwICqi2bYVQgAAABD+j72ABhHEbdbmeetwGlq2u29txc9AAAA4AUqxh4AAAAA0Ltm/f+sz/8L5/8BAABAV+n8PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPq0r7er3Xqz7JpzOHaTZzYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3LA/7ygQAmEQBnvXdyZz/8NKg6amJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb373l/8TU+NMMvfaWHoeSdZOja1TY+/cOPrD+Po1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAX/e6X/xNT40wyd9pYOh5J1q4aW1eNvQeNowfj7d8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxc79u0ZSxQEAfzOzs/FOxTXKFhFRsNDGy+2dd14nFkqw8E8QQm7vjLcqnim84xDS2Enqa0RLEUGJ3f0PVyeQJnYptohgYbUyszPJ5Ae4/prZZD8fePO+Owzzvm8WQr7zXgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKXh24dxkh064zguzm3tP1jJ+u1jfebRxs5C1rI4qjPps+HF6oeo21wiAAAAzI6krO9DCLvp5lLWx528/k/La7Ka/9unx3FZzx+v+8u+rP2z9svPe88fDNQZj5Pd9NbqoH/5ZCqt/2+W0+2Zv7yilT/5/N1Lkn8h8Xvrzw3T/HlGXz9+/E47D+fqyBYA+CculX0RlL8PZX2vycQAmBmtSuFd1v9Jp9mcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOowXA9PlnEUQlhoHcaZ7f0HK6f1jzZ2Fsp2/eHDjeo9s1ukIYRbq4P+5RrnMu0+v3f/zvJg0L9bf/BSCKGp0d8qpn/ngwkuDqGR5yP4j4K4+LKnJZ+zETT4QwkAgHMpLVpW1++mm0vZuWg+hNF3R+v/VytxmLD+3/vw+lZ1rGr936tthg2am+yyxbU/RqPRvfuvr368fLt/u//JG1d6b/au3rh27cZi/q5k0RsTAAAA/p120ar1fzx/cv3/YiUOE9b/n33T+7I6VjJr9f+EDhf9ms4EAABgtj378u+/Raecj9rt8MXy2trd3vh48PnK+NhAqn/bXNGq9X8y33RWAAAAQB2G69GR9f+blThMuP7/1Pcv/Fi9ZxJCuFCs/19a+XRws77pTLU6/py46TkCAADQrAtFq67/p/n+//hgy0McQnjtlXFc/BvAier/5N2vfqiOVd3/f7W+KU6luDt+HnnfDaHVbTojAAAAzrMnipYV+7+mm0sf/XTx/bb9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1+zMAAP//H1NCtw==") openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/fscaps', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f0000000140)='.\x00', &(0x7f0000000180)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount(0x0, &(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x20, &(0x7f0000000140)='usrjquota=') 2m17.564310839s ago: executing program 1 (id=50): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNGETFILTER(r0, 0x400454cc, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) 2m16.124647184s ago: executing program 1 (id=60): syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000e00)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="009b7e91bf18cd9430f4e1ee26870d4e291b10f3af9c21afd779d0ef023223a551f81042fa1b4a3eac3fa71eab99124c75f5a0d624ae9caeb800"], 0x1, 0xdab, &(0x7f0000000e80)="$eJzs3ctvXNX9APBzx544L36x8wuNm6ZJSkigj9iQumklNkaii1KE1CVLmgaa1gmP0AUoi5RFV0i1hPgDipDIpuqi6oJNFbGiG1Sp+wqx6iaVkLJAUcCV7XPG429mdGcc2+PxfD7SnTP3fs+955x53LlzXycBI6ux8jg3N12l9N5H7z7zr7O/+NvylJOtHKdWHsfz2HxKqdmaL6XJsLz5idX0qy+uX2xPv85plc6nKlWt6en52615D6SUbqRT6VaaTE+9cOfeh4vPPrc4debm0Xc+vbs1rV9TbXUBAACwA3z58w9e+8djP70+dfcvJ+bTRGt62T6fz+MH83b/fN5QLtvL5X9A1ZZWHban94R843lohHxjHfK1l9MM+ca7lL8nLLfZJd9ETfljbdM6tRuG2dr/+Koxs2680ZiZWf1PvuyzsT3VzNXLCy9dG1BFgU1352TexWcwGEZuWDo06DUQwKp43PA+Nzb3SF1raeO9lX/76Ubn+WETbPfnX/nDVf4Hv7fGYfPs1k9TaVf5Hh3M4/E4wniYr9/vf1lePB7R7LGe3Y4jDMvxhW71HNvmemxUt/rHz8Vu9e2cltfhRIi3f3/iezos7zHQ2Zf2/xsMIzssDXoFBOxY8by5pazE43l9MT5RE99bE99XE99fEz9QE4dR9tc3/pgWq7X/+fE/fb/7w8p+tody+n991ifuj+y3/Hjeb78etPx4PjHsZL8898mf7/zu1j/j+f9fh/P/T+ff0sm8gij7C+N+9da5/+HC4EaXfIdDfR7qkH/l+ZH1+aoja8tJbeuZ++oxvX6+Q93yHV+fbzLk25+3RfaG+sbtk/1hvrL9Udar5fUaD+1thnbsCfUo78xUTveG9kx1a1fYkb0n5Gvm4f9Du46Edj0c5vtGaFc1vb5dcf95qc/RMD0eJyn5wtt23+9SfC/idRmP5PTtnL6f049z+nmHckdR+Tx2O/+/fD6nU7N66fLCpSfyePmcfjLWnFie/uQ21xt4cL1e/zOd1l//c7A1vdloXy8cWpteta8XJsP0812m/zCPl9+zX4/tW5k+c/GVhV9tduNhxF17863fvriwcOl1TzzxxJPWk0GvmYCtNvvGlVdnr7351rnLV158+dLLl65e+MmPzj8x9+MLF2ZXNutn2zfugV1l7Ud/0DUBAAAAAAAAAAAAelbt6zw5p3X3ty3Xk5fr0+P18QyH8r6VT0O5j0G5/rPbfV3K9ZtT21BHNt92XE406DYCnf3X/X8NhpEdlpbcxR/YGQbd/1+572FJr/79Z3uXh5Lt9tPr15fx/oXwIHZ6/3PK3139/7X6v+p5/Rd6zJrcWLlX7j16s63YdKzX8mP7y31gj/RX/tVcfmnN2dRb+Ut/CuXHG5X26JVQ/v4ey7+v/cc3Vv6rufzysj1+utfyV2tcNdbXI+43LvcBjPuNi9dC+8u9/fpu/wY7ans9lw+jbFj6mezXsPT/2U1ZblkP5tVz6zhduf927O+g3/qX+36X34GHw/Krmt83/X8Ot7r+P8vnb1b/n7DrfOb4n8EwssPS0tJAuz4Z1X5XdopBv/6D3oYcdPmDfv3rxP4/4/+l2P9njMf+P2M89v8Z47F/rRiP/X/G1zP2/xnjR8NyY/+g0zXxb9bEj9XEv1UTP14Tj//fYvxUTfxETfxkTfxwTfyRmvjpmvijNfEzNfHHauKP18R3u+/kdFTbD6Ms9hvp+w+joxz/6fb9P1ITB4ZX7Nc5fr/P1sSB4VXO8/D9hhFUdb5jR9zfXvbjvp3T93P6cU4/37IKsh2+m9Pv5fT7Of1BTs/ldCansznVNeRw+8N/jp1YrNbO8zsU4r2eTxqvB4j3iXmyx/rE43P9ns96tMdytqr8DV4OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA0GiuPc3PTVUrvffTuM/8+95vDy1NOtnKcWnkcz2PzKaVmSqnK4+NheTcmVtOvvrh+sVNapfMrj2U8PX+7Ne+B5fnTqXQrTaanXrhz78PFZ59bnDpz8+g7n97dmtavqba6AAAAABig/wUAAP//vrPsgA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r0, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 2m15.721260613s ago: executing program 32 (id=60): syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000e00)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="009b7e91bf18cd9430f4e1ee26870d4e291b10f3af9c21afd779d0ef023223a551f81042fa1b4a3eac3fa71eab99124c75f5a0d624ae9caeb800"], 0x1, 0xdab, &(0x7f0000000e80)="$eJzs3ctvXNX9APBzx544L36x8wuNm6ZJSkigj9iQumklNkaii1KE1CVLmgaa1gmP0AUoi5RFV0i1hPgDipDIpuqi6oJNFbGiG1Sp+wqx6iaVkLJAUcCV7XPG429mdGcc2+PxfD7SnTP3fs+955x53LlzXycBI6ux8jg3N12l9N5H7z7zr7O/+NvylJOtHKdWHsfz2HxKqdmaL6XJsLz5idX0qy+uX2xPv85plc6nKlWt6en52615D6SUbqRT6VaaTE+9cOfeh4vPPrc4debm0Xc+vbs1rV9TbXUBAACwA3z58w9e+8djP70+dfcvJ+bTRGt62T6fz+MH83b/fN5QLtvL5X9A1ZZWHban94R843lohHxjHfK1l9MM+ca7lL8nLLfZJd9ETfljbdM6tRuG2dr/+Koxs2680ZiZWf1PvuyzsT3VzNXLCy9dG1BFgU1352TexWcwGEZuWDo06DUQwKp43PA+Nzb3SF1raeO9lX/76Ubn+WETbPfnX/nDVf4Hv7fGYfPs1k9TaVf5Hh3M4/E4wniYr9/vf1lePB7R7LGe3Y4jDMvxhW71HNvmemxUt/rHz8Vu9e2cltfhRIi3f3/iezos7zHQ2Zf2/xsMIzssDXoFBOxY8by5pazE43l9MT5RE99bE99XE99fEz9QE4dR9tc3/pgWq7X/+fE/fb/7w8p+tody+n991ifuj+y3/Hjeb78etPx4PjHsZL8898mf7/zu1j/j+f9fh/P/T+ff0sm8gij7C+N+9da5/+HC4EaXfIdDfR7qkH/l+ZH1+aoja8tJbeuZ++oxvX6+Q93yHV+fbzLk25+3RfaG+sbtk/1hvrL9Udar5fUaD+1thnbsCfUo78xUTveG9kx1a1fYkb0n5Gvm4f9Du46Edj0c5vtGaFc1vb5dcf95qc/RMD0eJyn5wtt23+9SfC/idRmP5PTtnL6f049z+nmHckdR+Tx2O/+/fD6nU7N66fLCpSfyePmcfjLWnFie/uQ21xt4cL1e/zOd1l//c7A1vdloXy8cWpteta8XJsP0812m/zCPl9+zX4/tW5k+c/GVhV9tduNhxF17863fvriwcOl1TzzxxJPWk0GvmYCtNvvGlVdnr7351rnLV158+dLLl65e+MmPzj8x9+MLF2ZXNutn2zfugV1l7Ud/0DUBAAAAAAAAAAAAelbt6zw5p3X3ty3Xk5fr0+P18QyH8r6VT0O5j0G5/rPbfV3K9ZtT21BHNt92XE406DYCnf3X/X8NhpEdlpbcxR/YGQbd/1+572FJr/79Z3uXh5Lt9tPr15fx/oXwIHZ6/3PK3139/7X6v+p5/Rd6zJrcWLlX7j16s63YdKzX8mP7y31gj/RX/tVcfmnN2dRb+Ut/CuXHG5X26JVQ/v4ey7+v/cc3Vv6rufzysj1+utfyV2tcNdbXI+43LvcBjPuNi9dC+8u9/fpu/wY7ans9lw+jbFj6mezXsPT/2U1ZblkP5tVz6zhduf927O+g3/qX+36X34GHw/Krmt83/X8Ot7r+P8vnb1b/n7DrfOb4n8EwssPS0tJAuz4Z1X5XdopBv/6D3oYcdPmDfv3rxP4/4/+l2P9njMf+P2M89v8Z47F/rRiP/X/G1zP2/xnjR8NyY/+g0zXxb9bEj9XEv1UTP14Tj//fYvxUTfxETfxkTfxwTfyRmvjpmvijNfEzNfHHauKP18R3u+/kdFTbD6Ms9hvp+w+joxz/6fb9P1ITB4ZX7Nc5fr/P1sSB4VXO8/D9hhFUdb5jR9zfXvbjvp3T93P6cU4/37IKsh2+m9Pv5fT7Of1BTs/ldCansznVNeRw+8N/jp1YrNbO8zsU4r2eTxqvB4j3iXmyx/rE43P9ns96tMdytqr8DV4OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA0GiuPc3PTVUrvffTuM/8+95vDy1NOtnKcWnkcz2PzKaVmSqnK4+NheTcmVtOvvrh+sVNapfMrj2U8PX+7Ne+B5fnTqXQrTaanXrhz78PFZ59bnDpz8+g7n97dmtavqba6AAAAABig/wUAAP//vrPsgA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r0, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 46.242547121s ago: executing program 4 (id=714): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x3ff) mmap$dsp(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xd, 0x8012, r0, 0x0) syz_clone(0x41080, 0x0, 0x0, 0x0, 0x0, 0x0) 46.06733055s ago: executing program 4 (id=717): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) 45.577116618s ago: executing program 4 (id=723): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000001080)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000000)={r2}, 0x8) 45.361340488s ago: executing program 4 (id=727): syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file1\x00', 0x414, &(0x7f00000000c0)=ANY=[@ANYRES16=0x0, @ANYRES32=0x0, @ANYBLOB="4b57e847ca97fe4b6468d5e3b1c8af6e644d82834f7f6415192ea618955c73aa164df482345e086f4d3eeab8150027a48e918d4fd9625eb5bbbda3abcbfb81f62a9f0bae4cdf14f1c7e660836a0ff1efeefa49a8eb3e395e0b9b42eaccbae5f0ee105aad7dee86f62c9ac34d9c489aeccbdcc43e382876a434a4a8099a697b7c86c89ef92d75b2882a9a01bf753884e7da7774a4d679a40f14baa67f2d7a6a2d0b44ae0c7a0fa9c53168755777b5237011e10adc830aedcc6714b8af1c083a8f77221e0488737fc02a13fa91c152", @ANYRES16], 0x1, 0x2ab, &(0x7f0000000440)="$eJzs3M9qE1EUx/FjU5s0pU0EKSioB93oZmjjA2iQFsSAWpuiLoSpnWjImJSZUImIzUbc+hzFpTtBfYFuxI17d0UQXdiFOGIm0ybttE3/JI3p9wPlnpl7f8xtS4czhczK3ddPCjnXyJll6Yup9IlUZVUk+a+qO1Yf+2r1gDSqyqWhn1/O3Ll3/0Y6k5mYUp1MT19OqerIufdPn785/7E8NPN25F1UlpMPVr6nvi6PLp9a+TP9OO9q3tViqaymzpZKZXPWtnQu7xYM1Vu2ZbqW5ouu5TTN5+zS/HxFzeLccHzesVxXzWJFC1ZFyyUtOxU1H5n5ohqGocNxOdr6W1iTXZqaMtNbTnuRA90R2m4w7KTjpKvhk9mlDuwJAAB0me37f7/X37r/z8z44wH3/yL0/21SbTraof9HT3CctBmv//02o/8HAAAAAAAAAAAAAAAAAAAAAOB/sOp5Cc/zEsEYfEVFJCYiwfFh7xPtsdPv/0d47Eqn94n2aPjgXkzEfrWQXcj6oz+fzklebLFkTBLyu3Y/qPPryeuZiTGt+eV53mI9v7iQjUg0yAeSYfmzJ8b9vMoHuyF/XOKN109JQk6GXz8Vmh+4ffFCQ96QhHx6KCWxZa52X1vPvxhXvXYzsyE/WFsHAAAAAEAvMHRNsvn513/3o1FbEJPN835+F/8f2PB83S+nW3lFJQAAAAAA2De38qxg2rbl7KGIisg+4r1aRKQrtrGhuCoiXbCNThUxEfHP6B7io9/W4i2lvBbW9IvIof9YdlEc9p0JAAAAwEFbb/p3Efr8so07AgAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6Gn1fWDB+k1TwcQ28YbLRTr+DQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd5G8AAAD//8NxHaE=") mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x1101088, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) chroot(&(0x7f0000000380)='./file0/../file0/file0\x00') umount2(&(0x7f0000000100)='./file0\x00', 0x1) 45.031265337s ago: executing program 4 (id=730): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000380)={0xa, 0xfffe, 0x4, @remote, 0x9}, 0x1c) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000040000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 44.552966645s ago: executing program 4 (id=733): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000080)=0x4, 0x4) setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000040)=0x40, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth0_to_team\x00', 0x0}) sendmmsg$inet(r0, &(0x7f0000002240)=[{{&(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10, 0x0, 0x0, &(0x7f00000000c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @local, @multicast2}}}], 0x20}}], 0x1, 0x0) 44.018394353s ago: executing program 33 (id=733): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000080)=0x4, 0x4) setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000040)=0x40, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth0_to_team\x00', 0x0}) sendmmsg$inet(r0, &(0x7f0000002240)=[{{&(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10, 0x0, 0x0, &(0x7f00000000c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @local, @multicast2}}}], 0x20}}], 0x1, 0x0) 36.463285559s ago: executing program 3 (id=761): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ipvlan0\x00', 0x0}) bind$packet(r0, &(0x7f0000000100)={0x11, 0x0, r2, 0x1, 0x2, 0x6, @dev}, 0x14) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) 34.670971843s ago: executing program 3 (id=765): r0 = gettid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r1, &(0x7f0000000200)=""/202, 0xca) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x4058534c, &(0x7f00000000c0)={0x80, 0x0, {0x3}}) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0x40a85323, &(0x7f0000000140)={{0x8, 0x9}, 'port0\x00', 0x8, 0x20020, 0x6, 0x3, 0x64, 0x0, 0x80, 0x0, 0x4, 0x66}) tkill(r0, 0x7) 34.192652711s ago: executing program 3 (id=769): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file0\x00', 0x40, &(0x7f00000005c0), 0x1, 0x583, &(0x7f0000000bc0)="$eJzs3U9oHFUYAPBvZhNr22haUFDpoahQoXST9I9WT+lVLBR6ELzEsNmGkE02Zje1CT2k9yIWFJVeqicFPSoiHsSLR69eFM+CaFFpepDIZHf7J8mu27TZLdnfD2b73rzpfu9l9ns7M8ywAfSsg9lLGvF0RJxJIgbvaOuLeuPB2nYr1y8WbvZFIYnV1bN/JJFExI3rFwuN7ZP6v3sjYjkinoqI7/sjDqcb41YWl6bHS6XifL0+VJ2ZG6osLh2ZmhmfLE4WZ4+99PKJk8dPjBwdeWBjvfzLlXcu//jqtSuffXFgufD+eBKjMVBvu3McD1Ltb9Ifo+vWH9+OYF2UNG3ZZOfz0MjV87w/Ip6MwcjVsx7Y+VZ3RawCPSq55/zfHeYM2AkaxwHZ+W9j6eTxx++naicgWdyV+lJr6atdm4hH185N9vyV3HVmkp1v7utkR9mRli9FxHBf38bPf1L//G3d8IPoINvqu1O1HbVx/6fZ/n/r8/p26+efgca10/vUmP9WNsx/6a35L9dk/jvTZox/3/j1o6bxL0U8s2n85Fb8ZJP4aUS82Wb8q69/fbJZ2+rHEYdi8/gNSevrw0PnpkrF4drrpjG+PXTglVbj39Mk/miL8Wfr5toc/1c/fPnscov4LzzXev9vFj87Bn+3zfj7b3z6WrO2LP5Ek/G3ip+tu9Zm/BdHD/7c5qYAAAAAAAAAAMA9SNfuZUvS/K1ymubztWd4n4g9aalcqR4+V16Ynajd87Yv+tPGnVaDtXqS1Ufq9+M26kfX1Y9FxP6IeC+3e62eL5RLE90ePAAAAAAAAAAAAAAAAAAAADwk9q57/v/vXO35f6BH+Mlv6F3yH3rX3fmfdK0fQOf5/ofeJf+hdzXL/5vfdLgjQMc1/f7v72w/gM5z/A+9S/5D75L/0LvkPwAAAAAAAAAAAAAAAAAAAAAAAAAAbIszp09ny+rN6xcLWX3i/OLCdPn8kYliZTo/s1DIF8rzc/nJcnmyVMwXyjP/936lcnluOGYXLgxVi5XqUGVxaWymvDBbHZuaGZ8sjhX9oggAAAAAAAAAAAAAAAAAAABsNLC2JGk+ItK1cprm8xGPRcS+6E/OTZWKwxHxeET8lOvfldVHut1pAAAAAAAAAAAAAAAAAAAA2GEqi0vT46VScb51IW1jm51XiIjldWvu7X3G/ulcn7PObum/J8v3FT2Jbu8mhW368AMAAAAAAAAAAAAAAAAAAB11+6HfbvcEAAAAAAAAAAAAAAAAAAAAeln6W/aaRMShwecH1rc+kqzkIj4ZzMpvXz37wYXxanV+JFv/Z26tPSKqH9bXH+1C94G2NfK0kccAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAbZXFpenxUqk4v8XCrjbep8tDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANiS/wIAAP//7YjRGA==") r0 = open(&(0x7f0000000000)='./file1\x00', 0x109042, 0x0) fallocate(r0, 0x10, 0x5000000, 0x7000010) 33.452292639s ago: executing program 3 (id=773): syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file1\x00', 0x414, &(0x7f00000000c0)=ANY=[@ANYRES16=0x0, @ANYRES32=0x0, @ANYBLOB="4b57e847ca97fe4b6468d5e3b1c8af6e644d82834f7f6415192ea618955c73aa164df482345e086f4d3eeab8150027a48e918d4fd9625eb5bbbda3abcbfb81f62a9f0bae4cdf14f1c7e660836a0ff1efeefa49a8eb3e395e0b9b42eaccbae5f0ee105aad7dee86f62c9ac34d9c489aeccbdcc43e382876a434a4a8099a697b7c86c89ef92d75b2882a9a01bf753884e7da7774a4d679a40f14baa67f2d7a6a2d0b44ae0c7a0fa9c53168755777b5237011e10adc830aedcc6714b8af1c083a8f77221e0488737fc02a13fa91c152", @ANYRES16], 0x1, 0x2ab, &(0x7f0000000440)="$eJzs3M9qE1EUx/FjU5s0pU0EKSioB93oZmjjA2iQFsSAWpuiLoSpnWjImJSZUImIzUbc+hzFpTtBfYFuxI17d0UQXdiFOGIm0ybttE3/JI3p9wPlnpl7f8xtS4czhczK3ddPCjnXyJll6Yup9IlUZVUk+a+qO1Yf+2r1gDSqyqWhn1/O3Ll3/0Y6k5mYUp1MT19OqerIufdPn785/7E8NPN25F1UlpMPVr6nvi6PLp9a+TP9OO9q3tViqaymzpZKZXPWtnQu7xYM1Vu2ZbqW5ouu5TTN5+zS/HxFzeLccHzesVxXzWJFC1ZFyyUtOxU1H5n5ohqGocNxOdr6W1iTXZqaMtNbTnuRA90R2m4w7KTjpKvhk9mlDuwJAAB0me37f7/X37r/z8z44wH3/yL0/21SbTraof9HT3CctBmv//02o/8HAAAAAAAAAAAAAAAAAAAAAOB/sOp5Cc/zEsEYfEVFJCYiwfFh7xPtsdPv/0d47Eqn94n2aPjgXkzEfrWQXcj6oz+fzklebLFkTBLyu3Y/qPPryeuZiTGt+eV53mI9v7iQjUg0yAeSYfmzJ8b9vMoHuyF/XOKN109JQk6GXz8Vmh+4ffFCQ96QhHx6KCWxZa52X1vPvxhXvXYzsyE/WFsHAAAAAEAvMHRNsvn513/3o1FbEJPN835+F/8f2PB83S+nW3lFJQAAAAAA2De38qxg2rbl7KGIisg+4r1aRKQrtrGhuCoiXbCNThUxEfHP6B7io9/W4i2lvBbW9IvIof9YdlEc9p0JAAAAwEFbb/p3Efr8so07AgAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6Gn1fWDB+k1TwcQ28YbLRTr+DQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd5G8AAAD//8NxHaE=") mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x1101088, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) chroot(&(0x7f0000000380)='./file0/../file0/file0\x00') umount2(&(0x7f0000000100)='./file0\x00', 0x1) 33.067912507s ago: executing program 3 (id=775): bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000880)={'geneve1\x00', 0x0}) sendmsg$inet(r1, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x4e21, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000007000000890704e0faf16a001c000000000000000000000008000000", @ANYRES32=r2], 0x38}, 0x0) 32.460583515s ago: executing program 3 (id=776): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x30c004, &(0x7f0000000200)={[], [{@seclabel}]}, 0x1, 0x43d, &(0x7f0000000d40)="$eJzs281vG0UbAPBn7SR9+/FSU5WPpgUCBRHxkTRpKT1wAYHEASQkOJRjSNIq1G1QEyRaRRAQKkdUiTviiMRfwAkuCDghcYU7qlShXFrgYrTZ3cR27LQOTlzw7ydtMrM7zszj3bFnZ7IB9K2R9EcSsS8ifomI/Vm2scBI9uvmytL0HytL00nUaq//nqyWu7GyNF0ULV63t8gMRJQ+TuJwi3oXLl0+N1Wtzl7M8+OL598ZX7h0+em581NnZ8/OXpg8derE8YlnT04+05U407huDL8/f+TQy29efXX69NW3fvgqKeJviqNLRjY7+Fit1uXqeuv/delkoIcNoSPlrJvG4Gr/3x/lWD95++Olj3raOGBb1Wq12r3tDy/XgP+wJHrdAqA3ii/69P632HZo6HFHuP58dgOUxn0z37IjA1HKyww23d9200hEnF7+8/N0i+2ZhwAAaPBNOv55Kh//NSz8lKJ+XuiufA2lEhF3R8SBiDgZEQcj4p6I1bL3RcT9HdbfvEiycfxTutbhn+xIOv57Ll/bahz/FaO/qJQj/iqGy5UYTM7MVWeP5e/JaAzuSvMTm9Tx7Ys/f9ruWP34L93S+ouxYN6OawO7Gl8zM7U49U9irnf9w4jhgVbxJ2srAellcSgihrdYx9wTXx5pd+zW8Tcaqs90YZ2p9kXE49n5X46m+AvJ5uuT4/+L6uyx8eKq2OjHn6681q7+TuPvtvT872l5/a/FX0nq12sXOq/jyq+ftL2n2er1P5S80bDvvanFxYsTEUPJK1mj6/dPNpWbXC+fxj96tHX/PxDr78ThiEgv4gci4sGIeChv+8MR8UhEHN0k/u9fePTtxj1JB/FvrzT+mY7O/3piKJr3tE6Uz333dUOllegg/vT8n1hNjeZ7bufz73batbWrGQAAAP59ShGxL5LS2Fq6VBoby/6H/2DsKVXnFxafPDP/7oWZ7BmBSgyWipmubD44mw+dyG/ri/xkU/54Pm/8WXn3an5ser460+vgoc/tbdP/U7+Ve906YNt5Xgv6l/4P/Uv/h/6l/0P/atH/d/eiHcDOa/X9/0EP2gHsvKb+b9kP+oj7f+hf+j/0L/0f+tLC7rj1Q/ISEhsSUbojmiGxTYlefzIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0x98BAAD///1B6is=") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) chdir(&(0x7f0000000340)='./cgroup\x00') r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100) getdents(r1, &(0x7f0000001fc0)=""/184, 0xb8) 32.015094584s ago: executing program 34 (id=776): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x30c004, &(0x7f0000000200)={[], [{@seclabel}]}, 0x1, 0x43d, &(0x7f0000000d40)="$eJzs281vG0UbAPBn7SR9+/FSU5WPpgUCBRHxkTRpKT1wAYHEASQkOJRjSNIq1G1QEyRaRRAQKkdUiTviiMRfwAkuCDghcYU7qlShXFrgYrTZ3cR27LQOTlzw7ydtMrM7zszj3bFnZ7IB9K2R9EcSsS8ifomI/Vm2scBI9uvmytL0HytL00nUaq//nqyWu7GyNF0ULV63t8gMRJQ+TuJwi3oXLl0+N1Wtzl7M8+OL598ZX7h0+em581NnZ8/OXpg8derE8YlnT04+05U407huDL8/f+TQy29efXX69NW3fvgqKeJviqNLRjY7+Fit1uXqeuv/delkoIcNoSPlrJvG4Gr/3x/lWD95++Olj3raOGBb1Wq12r3tDy/XgP+wJHrdAqA3ii/69P632HZo6HFHuP58dgOUxn0z37IjA1HKyww23d9200hEnF7+8/N0i+2ZhwAAaPBNOv55Kh//NSz8lKJ+XuiufA2lEhF3R8SBiDgZEQcj4p6I1bL3RcT9HdbfvEiycfxTutbhn+xIOv57Ll/bahz/FaO/qJQj/iqGy5UYTM7MVWeP5e/JaAzuSvMTm9Tx7Ys/f9ruWP34L93S+ouxYN6OawO7Gl8zM7U49U9irnf9w4jhgVbxJ2srAellcSgihrdYx9wTXx5pd+zW8Tcaqs90YZ2p9kXE49n5X46m+AvJ5uuT4/+L6uyx8eKq2OjHn6681q7+TuPvtvT872l5/a/FX0nq12sXOq/jyq+ftL2n2er1P5S80bDvvanFxYsTEUPJK1mj6/dPNpWbXC+fxj96tHX/PxDr78ThiEgv4gci4sGIeChv+8MR8UhEHN0k/u9fePTtxj1JB/FvrzT+mY7O/3piKJr3tE6Uz333dUOllegg/vT8n1hNjeZ7bufz73batbWrGQAAAP59ShGxL5LS2Fq6VBoby/6H/2DsKVXnFxafPDP/7oWZ7BmBSgyWipmubD44mw+dyG/ri/xkU/54Pm/8WXn3an5ser460+vgoc/tbdP/U7+Ve906YNt5Xgv6l/4P/Uv/h/6l/0P/atH/d/eiHcDOa/X9/0EP2gHsvKb+b9kP+oj7f+hf+j/0L/0f+tLC7rj1Q/ISEhsSUbojmiGxTYlefzIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0x98BAAD///1B6is=") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) chdir(&(0x7f0000000340)='./cgroup\x00') r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100) getdents(r1, &(0x7f0000001fc0)=""/184, 0xb8) 4.385109304s ago: executing program 7 (id=952): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a1fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deec8ab3bd1b35bbc8ab8a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f8900000000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000f49e327c0b6e511494466cec78650f0a6267"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x7, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r1 = socket$kcm(0x29, 0x2, 0x0) r2 = socket$inet6(0xa, 0x803, 0x6) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000180)={r2, r0}) sendmmsg$inet(r1, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000380)='{', 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) 3.956623953s ago: executing program 7 (id=956): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x11, &(0x7f0000000300)=@generic={0x1, 0x0, 0x9, "fa32fa96", "ccb6fc3b4fdd5c5ed9"}) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000000c0)=ANY=[]) 3.39267641s ago: executing program 6 (id=961): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=@framed, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, r3, 0x25, 0x0, @val=@iter={0x0}}, 0x40) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r3}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 3.29994563s ago: executing program 5 (id=962): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x48, r2, 0x1, 0x70bd2c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x3}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_COOKIE={0xc, 0xf, 0x1000}]}, 0x48}, 0x1, 0x0, 0x0, 0x20044100}, 0x0) 2.692117868s ago: executing program 2 (id=965): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r0, 0x1, 0x2e, &(0x7f0000000000)=r0, 0x4) recvmsg(r0, &(0x7f0000000f40)={0x0, 0x0, 0x0}, 0x40000000) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10) 2.683404188s ago: executing program 5 (id=966): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x2000018, &(0x7f00000013c0)=ANY=[], 0xf, 0x6b4, &(0x7f00000000c0)="$eJzs3c9vHGf9B/D3rNcbO98qX6dN2ggVESVSQYpInFgphAsBIZRDhapy4IqVOI2VjVPZLnIrBC5FcELi0D+gIPmGOCBxDwrncuvVx0pIXCIOERyMZnbWXnvX8Tr+GXi9ovHzzDzPPPPZzz4z411ntQH+Z926lOajFLl16a2lcn11Zaq9ujJ1om5uJynrjaTZKVLMJcXj5GbZXvQs6Sn7fDJ7453Pn6x+0Vlr1kvVv/Gs/QYY0He5XnI+yUhd9hsd9hCbxrud5KW+Lq1hx2plbGOlTNrFuoQjt9ZneTe77+a8BY6Z7m2s6Nw3+0wkJ5PqFlb9TlBfHRqHF+HB2NVVDgAAAF5Qnz086ggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgxVN//39RL426zPkU3e//b3W31fUX2qOjDgAAAAAAAAAA9sFXnuZplnKqu75WVH/zv1CtnMm/1pL/y/tZyEzmczlLmc5iFjOfq0kmegZqLU0vLs5fXd+zNHjPawP3vHZYjxgAAAAAAAAA/iv9Irc2/v4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHQZGMdIpqOdOtT6TR7FTTKn8sJ3/r1l8QxaCNjw4/DgAAANiTsefY5/+f5mmWcirJH8v1taJ6zf9q9Xp5LO9nLouZzWLamcmd+jV0+aq/sboy1V5dmXpQLv3jfucfuwqjGjGd9x4GH/lc1WM8dzNbbbmc21Uwd9Ko9iyd68YzOK6PypiKb9eGjKxZp7U82G+3exdhX+z2rYiJMrhkPSOTdWxlNk53MlBUb9QkWzPx7Gfn3wOOlEZG1490NY31d37OHEDOT9Zl+Xh+daA53631TDRSZeJaz+x79dmZSL765z/86F577v69uwuXjs9D2sHINtu3zompnky8NigTvQMd60w0d9l/ssrE2fX1W/l+fphLOZ+3M5/Z/CTTWcxM1ur26Xo+lz8nnj1nbm5ae3unSFr189JJ9TAxnc/3qtp0LlT7nspsijzMnczkzerftVzNN3I913Oj5xk+u23c1WOrzvrG1rO++0z/ZWDwF79WV8aT/Lou+3KwxXazc790rv1lXk/35LUz65+s9zrdcx5M9mTp5W52RgcO/jzXxuaX6kp5jI/r8niYqDNRnkDdu0Q3ulc6mWhW96L+ef676txYaM/dn783/d424y9vWX+jLstptfLlYaMc/FTsr3K+vJyx+kqyeXaUba+sX2VOb7qrtuq/uHTaGn1tZ6u2ouieqT/oO1PL+Vqeqa36d7j+ka5Vba8NbJuq2s71tG36fSsP086dQ8gfAHs0kZOt8b+Pfzb+6fgvx++NvzX23RPfPPF6K6N/Hf1Wc3LkjcbrxZ/yaX5Wvf4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2aOGDD+9Pt9sz84Mrje2bdqjsNPKWSlF/oc+we/34ZPJ8gR1OZSzJpi2j5YZ9O8THQ3Ye3xpGX2Xt58mh56f7JYKD+/ymrDQzzIA3d+rz0ZHPhGNZGd040UYyeAIc8YUJOHBXFh+8d2Xhgw+/Pvtg+t2Zd2fmRq9fvzF54/qbU1fuzrZnJjs/jzpK4CBs3PSPOhIAAAAAAAAAAABgWIM+IXDhpZ0+NDLUZzz8z0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgX9y6lOajFLk6eXmyXF9dmWqXS7e+0bOZpNFIip8mxePkZjpLJnqGK/L7x1kbcJxPZm+88/mT1S82xmp2+ieNutyD5XrJ+SQjdblf493e83jFP7uPsEzYxW7i4Kj9JwAA//93mPQP") mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000080)=0xffff7b6e, 0x4) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f00000001c0)=0x7, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f00000000c0)=""/3, &(0x7f0000000100)=0x3) 2.582628958s ago: executing program 6 (id=967): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x9}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) shutdown(r0, 0x1) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) close(0x3) 2.481907778s ago: executing program 0 (id=968): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000000)=0x84, 0xfde1) sendto$inet6(r0, 0x0, 0x0, 0x200c8084, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) sendto$inet6(r0, &(0x7f0000001cc0)="2501d77b330b7e73d6b1d1b8a473ff7420b4b43ce0861f000000714fa228ee1f5b48", 0xfffffffffffffe57, 0x8000, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000040)=0x6, 0x4) recvmmsg(r0, &(0x7f0000002480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002003, 0x0) 2.229203027s ago: executing program 6 (id=969): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x85) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 2.088545556s ago: executing program 0 (id=970): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) shutdown(r0, 0x2) 1.998546876s ago: executing program 5 (id=971): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000200)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)={r3, r2, r2, 0x2000000, 0xffffffff, 0x80000004, 0x0, 0x0, 0x4000000, 0xd, 0xcd}) 1.892681865s ago: executing program 2 (id=972): ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x8912, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0xffffdffe, 0x1}, 0xc) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000640)={{{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @in=@local, 0x100, 0x0, 0x2, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1}, {0x0, 0x40000000, 0x0, 0xfd}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@empty, 0x0, 0x32}, 0x0, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0xfffffffe, 0x4}}, 0xe8) sendmmsg$inet6(r1, &(0x7f0000000300)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x0) 1.717659366s ago: executing program 2 (id=973): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000083c0)={0x2020, 0x0, 0x0}, 0x207b) write$FUSE_INIT(r0, &(0x7f0000001200)={0x50, 0x0, r1, {0x7, 0x27, 0x0, 0x500000}}, 0x50) removexattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=@known='system.posix_acl_access\x00') 1.674741485s ago: executing program 5 (id=974): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x925cba15b6d88b33}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="a8000000", @ANYRES16=r1, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r3, @ANYBLOB="54000e0080000000080211000000080211000000505050505050000009000000000000006400000003013c040610000000000025030000002d1a0000000000000000000000000000000015000006000000000000080026006c09000008000c006400000008000d000000000020000f002d0e"], 0xa8}}, 0x0) 1.575274295s ago: executing program 0 (id=975): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180)=0x2000000) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r0, 0x5008, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) ioctl$SNDCTL_DSP_GETOSPACE(r0, 0x8010500c, &(0x7f00000000c0)) 1.464210824s ago: executing program 5 (id=976): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, r3, 0x731}, 0x14}}, 0x4000000) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x7fff, 0x0) 1.434560434s ago: executing program 6 (id=977): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x306) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local}) close(r0) 1.327659994s ago: executing program 7 (id=978): ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x8d0, &(0x7f0000000000), 0x1, 0x253, &(0x7f0000000680)="$eJzs3E9oHHUUB/A3s7vGJItEvQiCCiKigRBvAS/xohCQEEQEFSIiXpREiAneEk8i9NCe25JTL6H01rTHkkvopaXQU9rmkF4KbeihoYf2sGV3kpI2G1KY3Z2S+Xxgdmd2/rw37H5/s5eZAEprKCLGI6ISEcMRUYuIZP8GH2XT0O7icv/6dESj8d3DpLVdtpzZ228wIpYiYiwi1tIk/qhGLKz+tPV445tPT8zXPjm3+mN/T09y1/bW5rc7Zyf/uzjxxcL1m/cnkxiP+gvn1XlJm8+qScQ73Sj2mkiqRXfAq5j658KtZu7fjYiPW/mvRRrZl3dy7o21Wnx+5rB9Tz248X4vewU6r9GoNa+BSw2gdNKIqEeSjkRENp+mIyPZf/jblYH0z9m5v4d/n52f+a3okQrolHrE5teX+y4NvpT/e5Us/8Dx1cz/91Mrd5rzO5WiuwF6qZn/4V8WPwv5h9I5mP+x/4vuCegN138oL/mH8pJ/KK+c+U+70RPQG67/UF7yD+Ul/1BeR+e/3Z2r+9S60xfQffvzDwCUS6PvkBuDWyuB46zo8QcAAAAAAAAAAAAAAAAAADhouX99em/qVc2rpyO2v4qIarv6ld2HjL/Zeh14lDQ3ey7Jdsvl5w9zHiCn8wXfff3W3WLrX/ug2PqLMxFL/0bEaLV68PeX5H7I/dtHrK/9mrNATl/+UGz9pyvF1p/YiLjSHH9G240/abzXem8//tQ78AjEv57kPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA98ywAAP//2hBp9g==") mkdir(&(0x7f0000000140)='./control\x00', 0x0) mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000d40)={0x0, 0x2904c, 0xc, 0x10003, '\x00', [{}, {0xffffffff}]}) 1.261416554s ago: executing program 0 (id=979): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x143ffd, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r1, &(0x7f0000000180), 0x20000000}, 0x20) bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f00000000c0)={r1, &(0x7f0000000180), 0x0}, 0x20) 1.031712773s ago: executing program 6 (id=980): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="00bc78f72200e6b3bc31a70c81525029e4320000000000"], 0x1, 0x19d, &(0x7f0000000000)="$eJzskL9rU1EYhp/vnJNfQitRcaigAYvXG6q9N1UHp+AUIRccXASDhjY0YqqkN4MtLXSRglS7OesgriroJKLgXBwEB83kJs1QHMRBIic5Cv4Nngfufc/7wvnOy9dOu2kO+LW3JlQZoZnkA4IBjsk4U2qsr5z/5nR7LFxwfkvcCOen0pXVm81Op7VcOl+i+E8AfB9lf6P0OYcVBdtEPu2tzTflesKwypJaSCjWKd9HN+iGD5gyExy6hmYYbHFR0ZWgDvtne3lm05XVUzeWmoutxdatSmXuXHQmis7a/p1W9BIJ74niEeuECbmEQrhOpsHdHbOPGUHCtuprKQ/INtje0SePzwxQ4S5DhLfBgNwX0y6py5wgf9WWr3FQeIxOmK5TGC0NiGrIJfVCYvPR/Mgo8htan56/3VnYvKLkZ/ZpVXbzEn8lE8RUyjFzdjUc4B2bfab71Po8nByPem1fcXvFbNj/M+eOcJQnWe40e73lOAvvJUio2K8IE6NxytheRXjj7jjh85+Dx+PxeDwej8fj8Xj+A34HAAD//8pfXCM=") r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="820000000000000001010040"]) 813.764962ms ago: executing program 7 (id=981): r0 = socket(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r0, &(0x7f0000000340)="2600000022004701050000070000000000000020082b1f000a4a51f1ee839cd53400b017ca5b", 0x26) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001b00)=@delchain={0x24, 0x28}, 0x24}}, 0x54) 813.059272ms ago: executing program 0 (id=982): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x24, r1, 0x331, 0x0, 0x0, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r4}]}, 0x24}}, 0x0) 661.016552ms ago: executing program 2 (id=983): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_TDLS_OPER(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1c}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000140)={0x0, 0x601, &(0x7f0000000340)={&(0x7f0000000400)={0x38, r1, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback={0xff00000000000000}}, @FOU_ATTR_IFINDEX={0x8, 0xb, r3}]}, 0x38}}, 0x0) 522.264171ms ago: executing program 7 (id=984): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x80, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x2, 0x0, @void, @value, @void, @value}, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f00000000c0)='P', &(0x7f0000000000)=""/8, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f0000000100), &(0x7f0000000000)=""/8, 0x2}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x7b, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f00000001c0)={r0, &(0x7f00000000c0), 0x0}, 0x20) 514.710841ms ago: executing program 6 (id=985): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) ioctl$TCSBRKP(r0, 0x5425, 0x9) 396.551511ms ago: executing program 0 (id=986): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={[{@utf8no}, {@utf8no}, {@fat=@nfs}, {@fat=@check_strict}, {@fat=@codepage={'codepage', 0x3d, '1250'}}, {@numtail}, {@uni_xlate}, {@uni_xlate}, {@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'maciceland'}}, {@shortname_mixed}, {@uni_xlateno}, {@utf8no}, {@uni_xlate}]}, 0x26, 0x336, &(0x7f00000001c0)="$eJzs3T1sW9UXAPDjviROI/VvD3+pgsmwIaGqCWKAKVFVpIoMUGTxtWDRlI/YVIqFpTDE9QJiBLEgwcTWAcbOiAEhNgZWioQKiIVulVrxkP1e7OeP0BThlI/fb4iOzj3H976Xq/glSm5eWo/tC4tx8caN67G8XIqF9TPrcbMU1TgWSWQuBwDwb3IzTePXNHPn6vdX9qOlOa8LAJifwfv/KydGifK9XA0AcBQO+f3/UzOzl+a2LABgjqbe/x8cG574Mf/C8HcCAIB/rmeef+HJjc2I87XackTrnU69U4/HR+MbF+O1aMZWnI5K3I7IHhSyp4X+xyfObZ49Xev7sRr1fkenHtHqdurZk8JGMugvx2pUopr3p8P+pN+/OuivRcTl7mD+aJU69cVYyef/biW2Yi0q8f+p/ohzm2fXavkL1Fv7/d2IXizvX0R//aeiEt+8HJeiGRei3zta/95qrXYm3Rzr71wpD+oAAAAAAAAAAAAAAAAAAAAAAGAeTtWGqsPzb9JWt/P2+cmC6tj5OPVsOD8fqJedD5SW90/neTeZPB9o/HyeTn0hjt3TKwcAAAAAAAAAAAAAAAAAAIC/j/buUjSaza2d9u5b28WgW8i88dWnXxyPyZrXk1EmFrKXG6vJc1HoSmLYng7b02SsJg+SiFHxlavDFRdrysOrmGrvB+WpoVK+pkazeeKBHz6a1fXbKJPE1G0ZD0r5/IWh1v+y1B90HRys3aHmWpqmB7XvfTjdFaWIhalP3F8RfHn91fseaZ98dJD5PD/04aGHK89e++CTn7cbzchvTbO5tNO+nf7puZLC/inl97k0YyfMDnqjTG+nvdtIvv3lufvf+3qiOJm9f9Ji5s2D5/psMrOUBf1lHuZKF2ds/tnBi7eGu/fub+bJj9cbV/e+/+mwXYUvEg7qAAAAAAAAAAAAAAAAAACAI1H4W/G78NjT81sRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABy90f//LwS9qcxhglvdmB4qb+20D5z8+JFeKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/2G/BwAA//9pxHjs") prctl$PR_CAPBSET_DROP(0x18, 0x29) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000500)=""/188, 0xbc) getdents64(r0, &(0x7f00000005c0)=""/4096, 0x1000) 396.070631ms ago: executing program 5 (id=987): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000900)={'bridge0\x00', @remote}) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="440000001000090400"/20, @ANYRES32=r3, @ANYBLOB="0002007e0000000024001280110001006272696467655f736c617665000000000c000580050001"], 0x44}}, 0x0) 333.850551ms ago: executing program 2 (id=988): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0x3]}, 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)) io_setup(0x1, &(0x7f0000000b80)=0x0) io_submit(r2, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) syz_mount_image$fuse(0x0, 0x0, 0xc034, 0x0, 0x0, 0x0, 0x0) 206.4726ms ago: executing program 7 (id=989): rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) sendmsg$unix(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="b5", 0x1}], 0x1}, 0x24008881) 0s ago: executing program 2 (id=990): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000311ffc)=0x1, 0x4) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x202, 0x4) setsockopt$inet6_buf(r0, 0x29, 0x3e, &(0x7f00002cef88)="d84f7398", 0x4) sendto$inet6(r0, &(0x7f0000000800)="51e251578851f74182a74b89b27df427aeef44966d202e4138b5a18e75a0424e7fe93b0d32c7abba87b65f97aba1c26a06b6d94c4aefd8fdca10e744391062c8e612721c20051608d9aa6dacf61e1eb331a4daad402b9885599d56130f7149fb1111fa116e94324d585a0569fbd311dad54cb4e32ff7f02216844ef42eeb66c3d526c878d5135ad1c9262239339c18885e2a0a95854d6cde3dd2feeaa50216af6c5760923413af81199a65a6332b02ec7bbf79d557c033cbe032fdc44f66a5c59cc4a3c5d218f5896b359d1efd60baf98df6396567478f7b817ce6e11d59a7def452a068e9607f57f626a5b8d476636ef1ee76307524009ae49be402000000000000001e80fed632155e14da1f7324d97bc61a3c1edc4431ee8a6caa2ed9f85cea5a2a9b263630c7d6fc35dda6002da571a2e51917e7c1019d8ce21a608147e408074c7c5f444fab931bda86d977d7c9ccefd881e5ef05b287f41eea526862885881c2cdc687dff02ba9b70a9b08734ac4d62c7f34465c34aa9e9f136c7f796d9eea41aa37f61830508338bb1f887089070567a1dd96cd700e7a098dabedb60f31acd17d487bc8be1a3101d2b5ac1715003793596c6daa93a27f4adb4d6fbea5669cabc206c944317ea18a2c762457f1bc945fec8f849641d44e7e2a24faeee28f3f266395fe18b0dce20c1f64e8896c8ff0e4a44a116fb32462471a0fcde143e551723d57339722765673b4163d66f473ac10f988cb252f106632f9884a47866d284b4efc6bb1aa74ed48d4a6535795f0873a99907ebc22be2337364cf9acc063e32f7d2e02fad64d04aa405d2dbdee1128ab1e4761d2dd30885ad37dd168478f10789d172feef4c817a5cd372caade57f23300e45f47e001e3ea09364ab42ee9802477368b9910f4e24037c871cb8251568c792287a6f49fa61b7c2600accaa0e7b40c59d88a29af5886c1f5dfc6837c58aaef12a9e100225c70441144ffa82927fa4802ed9ebb03eea8e945af5f4993f21a7f53baf7ec5bb6cc96b917dde82c18840c3500e9565f68f687b1c73d834c0d99d4acb002dc5682dbcdb1217a98f6c3ef8318b7fa93894e8a097b4511ba5c035e27c9fe8bfe7754741ac21bbc0303b81672e3117e5590fe2d92f912759b9937f64204ec5caa92e218daa5a3ef64617beb30cccb31016b13ed8d7bcabb03e176b1c9bda3bf1c1256ab74ab6f42ed9bafbbd0096263be1a7da1e1c88deec55a653d170e1e13c77dacaa60a37a6ba2383e661ebc9f13dbaade2dd884c9951819fb4608e19e70cd2496ccfb12f24c71f496cfe90400fe1bbea1e9a24b1d4664fb0776aca6269b396779680e52f86877d9209988d12ccb137be01ab7496d00547a7d4849d365a18dbb55c429cde87d33c4b74ad2273cdfee88b5418866ef327f25e9cbcd5a64d97184339f7e4cb5f8de171d2779c0f68884ae835e398f982d5749f085628d3608986656ea04b721f828202e9342bd7d19dfa091e772aebf9718030167a8c029df7c58b7f40029d7cfcaf26fd1900d8775ef373e8e2c5bf3525f907add3be426cd5a079c49abffe933e9ee213a3baf34f932d1299312691e1c53e6247ae0989ad66070d51fad22856a8b6b28954e7d41189b11c5321789eec8670de9e8db0b0473ba2e02731e60e7222697d61e052c18d4bcc6d1572fdf426f7b2fee6c1dee66c85c497b90facaf63b8ec5cde4a73400f9180bcfc0f81eca9580a7c81462a077f9034026bf72aa7c6de4b3c15d4a2dbd6fd7d87084aea9f25fb4bf5ec83eb56874a760533792dff2695407ccdd6a7375e0007230fd3f6501c152f1c1ff279b1d67cc95f2820762b7927659368e41657bdef2dd15b63498a93b787bdb26809d734aaf98b86fcf9fc643a34d03ebbe072820662d20d4774d66c5ae270adade5b8f6242a059b926221ee3d677487471c432b0d6d64dad030703475bb3ecac39b204a814f5ece5961621358e36f8a2cf7196c76959824bbb475a7cad8f57853fe05f59f341b5207cc9bb8d686982c2f158e0d8f5c7ec6cbfd5", 0x5ad, 0x0, &(0x7f0000000080)={0xa, 0x5e20, 0x0, @mcast2}, 0x1c) recvfrom$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) kernel console output (not intermixed with test programs): e [ 128.049363][ T5610] loop3: rw=524288, sector=34359738496, nr_sectors = 8 limit=256 [ 128.091887][ T5610] syz.3.321: attempt to access beyond end of device [ 128.091887][ T5610] loop3: rw=0, sector=34359738496, nr_sectors = 8 limit=256 [ 128.131102][ T26] audit: type=1800 audit(1738775453.533:15): pid=5610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.321" name="file1" dev="loop3" ino=1048605 res=0 errno=0 [ 128.243086][ T5621] loop2: detected capacity change from 0 to 2048 [ 128.340253][ T5625] netlink: 'syz.4.326': attribute type 10 has an invalid length. [ 128.348825][ T5626] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 128.396414][ T5621] syz.2.325: attempt to access beyond end of device [ 128.396414][ T5621] loop2: rw=0, sector=19791209300034, nr_sectors = 2 limit=2048 [ 128.455365][ T5621] NILFS (loop2): I/O error reading b-tree node block (ino=16, blocknr=15) [ 128.471781][ T5625] team0: Port device vlan0 added [ 128.486091][ T5621] syz.2.325: attempt to access beyond end of device [ 128.486091][ T5621] loop2: rw=0, sector=19791209300034, nr_sectors = 2 limit=2048 [ 128.501789][ T5621] NILFS (loop2): I/O error reading b-tree node block (ino=16, blocknr=15) [ 128.511314][ T5621] NILFS (loop2): error -5 truncating bmap (ino=16) [ 129.640458][ T5647] loop5: detected capacity change from 0 to 32768 [ 129.648500][ T5647] XFS: ikeep mount option is deprecated. [ 129.667393][ T5647] XFS: ikeep mount option is deprecated. [ 129.685666][ T5647] XFS (loop5): Mounting V5 Filesystem [ 129.760236][ T5647] XFS (loop5): Ending clean mount [ 129.771579][ T5647] XFS (loop5): Quotacheck needed: Please wait. [ 129.821749][ T5647] XFS (loop5): Quotacheck: Done. [ 129.930276][ T4577] XFS (loop5): Unmounting Filesystem [ 131.029405][ T5694] loop5: detected capacity change from 0 to 8192 [ 131.030252][ T5683] loop2: detected capacity change from 0 to 32768 [ 131.070847][ T5694] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 131.104069][ T5694] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [ 131.128290][ T5684] loop3: detected capacity change from 0 to 32768 [ 131.137361][ T5694] REISERFS (device loop5): using journaled data mode [ 131.140110][ T5684] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 9 [ 131.176700][ T5694] reiserfs: using flush barriers [ 131.214598][ T5694] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 131.283444][ T5694] REISERFS (device loop5): checking transaction log (loop5) [ 131.317337][ T5683] XFS (loop2): Mounting V5 Filesystem [ 131.331684][ T5694] REISERFS (device loop5): Using r5 hash to sort names [ 131.349414][ T5694] REISERFS warning (device loop5): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 131.383337][ T5694] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 131.470295][ T5683] XFS (loop2): Ending clean mount [ 131.530268][ T5711] input: syz0 as /devices/virtual/input/input8 [ 131.600992][ T5683] XFS (loop2): User initiated shutdown received. [ 131.619702][ T5683] XFS (loop2): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x10c/0x150 (fs/xfs/xfs_fsops.c:486). Shutting down filesystem. [ 131.644364][ T5683] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 131.827504][ T4252] XFS (loop2): Unmounting Filesystem [ 132.035285][ T5720] loop5: detected capacity change from 0 to 8192 [ 132.120670][ T5720] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 132.195161][ T5720] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal [ 132.220231][ T5720] REISERFS (device loop5): using ordered data mode [ 132.241800][ T5720] reiserfs: using flush barriers [ 132.291556][ T5720] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 132.329381][ T5720] REISERFS (device loop5): checking transaction log (loop5) [ 132.351638][ T5720] REISERFS (device loop5): Using r5 hash to sort names [ 132.364384][ T5720] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 132.432429][ T5730] device syzkaller1 entered promiscuous mode [ 132.681741][ T5732] loop4: detected capacity change from 0 to 128 [ 132.710399][ T5732] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 132.723185][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.723280][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.737929][ T5732] ext4 filesystem being mounted at /82/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 132.850576][ T4263] EXT4-fs (loop4): unmounting filesystem. [ 132.934245][ T5736] loop2: detected capacity change from 0 to 8192 [ 132.961059][ T5736] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 133.999425][ T5774] loop2: detected capacity change from 0 to 1024 [ 134.045333][ T5774] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 134.074363][ T5774] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.168284][ T5774] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.381: bg 0: block 393: padding at end of block bitmap is not set [ 134.231412][ T5774] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 29 with error 117 [ 134.271486][ T5774] EXT4-fs (loop2): This should not happen!! Data will be lost [ 134.271486][ T5774] [ 134.347574][ T5782] capability: warning: `syz.4.384' uses 32-bit capabilities (legacy support in use) [ 134.381386][ T51] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 48 with max blocks 20 with error 117 [ 134.397079][ T5784] loop0: detected capacity change from 0 to 1024 [ 134.416167][ T51] EXT4-fs (loop2): This should not happen!! Data will be lost [ 134.416167][ T51] [ 134.464689][ T5784] EXT4-fs: inline encryption not supported [ 134.474302][ T4252] EXT4-fs (loop2): unmounting filesystem. [ 134.511775][ T5784] EXT4-fs: Ignoring removed i_version option [ 134.518546][ T5784] EXT4-fs: Ignoring removed nomblk_io_submit option [ 134.537520][ T5784] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 134.586538][ T5784] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 134.695485][ T5784] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 28 [ 134.718808][ T5784] EXT4-fs (loop0): This should not happen!! Data will be lost [ 134.718808][ T5784] [ 134.762303][ T5784] EXT4-fs (loop0): Total free blocks count 0 [ 134.792265][ T5784] EXT4-fs (loop0): Free/Dirty block details [ 134.813792][ T5784] EXT4-fs (loop0): free_blocks=0 [ 134.829107][ T5784] EXT4-fs (loop0): dirty_blocks=0 [ 134.870037][ T5784] EXT4-fs (loop0): Block reservation details [ 134.890137][ T5784] EXT4-fs (loop0): i_reserved_data_blocks=0 [ 135.067792][ T4251] EXT4-fs (loop0): unmounting filesystem. [ 135.156773][ T5792] loop4: detected capacity change from 0 to 32768 [ 135.596089][ T5809] loop5: detected capacity change from 0 to 1024 [ 135.690165][ T5809] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 135.713904][ T5809] ext4 filesystem being mounted at /52/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 135.791148][ T5813] loop4: detected capacity change from 0 to 512 [ 135.808116][ T5809] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.397: bg 0: block 393: padding at end of block bitmap is not set [ 135.834695][ T5813] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 135.844808][ T5809] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 29 with error 117 [ 135.870891][ T5809] EXT4-fs (loop5): This should not happen!! Data will be lost [ 135.870891][ T5809] [ 135.898172][ T5813] EXT4-fs (loop4): 1 truncate cleaned up [ 135.923785][ T5813] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 135.928562][ T5797] loop2: detected capacity change from 0 to 32768 [ 136.009510][ T51] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 48 with max blocks 20 with error 117 [ 136.038999][ T5797] XFS (loop2): Mounting V5 Filesystem [ 136.046145][ T5805] loop3: detected capacity change from 0 to 32768 [ 136.051451][ T51] EXT4-fs (loop5): This should not happen!! Data will be lost [ 136.051451][ T51] [ 136.080228][ T4577] EXT4-fs (loop5): unmounting filesystem. [ 136.135398][ T5805] XFS (loop3): Mounting V5 Filesystem [ 136.272771][ T5797] XFS (loop2): Ending clean mount [ 136.344476][ T5805] XFS (loop3): Ending clean mount [ 136.391301][ T4661] XFS (loop2): Metadata CRC error detected at xfs_rmapbt_read_verify+0x39/0xc0, xfs_rmapbt block 0x14 [ 136.410390][ T5805] XFS (loop3): Quotacheck needed: Please wait. [ 136.416836][ T4661] XFS (loop2): Unmount and run xfs_repair [ 136.440630][ T4661] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 136.457407][ T4661] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff RMB3............ [ 136.482178][ T4661] 00000010: 00 a7 50 00 00 00 00 14 00 00 00 01 00 00 00 80 ..P............. [ 136.509524][ T4661] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 136.529643][ T4661] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01 ....[.;......... [ 136.549403][ T4661] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00 ................ [ 136.584009][ T4661] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb ................ [ 136.592937][ T4661] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02 ................ [ 136.613781][ T4661] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00 ................ [ 136.622741][ T5797] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x26e/0x370" at daddr 0x14 len 4 error 74 [ 136.659618][ T4263] EXT4-fs (loop4): unmounting filesystem. [ 136.670726][ T5805] XFS (loop3): Quotacheck: Done. [ 136.681570][ T5797] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x1acd/0x2210 (fs/xfs/libxfs/xfs_defer.c:580). Shutting down filesystem. [ 136.741593][ T5797] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 136.769661][ T7] loop2: writeback error on inode 9286, offset 0, sector 18692 [ 136.892024][ T4250] XFS (loop3): Unmounting Filesystem [ 136.919219][ T4252] XFS (loop2): Unmounting Filesystem [ 137.426320][ T5848] loop0: detected capacity change from 0 to 1024 [ 137.478870][ T5848] EXT4-fs: Ignoring removed orlov option [ 137.486707][ T5838] loop5: detected capacity change from 0 to 32768 [ 137.514078][ T5848] EXT4-fs: Ignoring removed nomblk_io_submit option [ 137.558356][ T5838] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 137.585469][ T5838] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 137.613438][ T5838] BTRFS info (device loop5): using free space tree [ 137.625245][ T5848] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 137.760149][ T5852] loop4: detected capacity change from 0 to 8192 [ 137.781352][ T5869] process 'syz.0.406' launched './file0/file0' with NULL argv: empty string added [ 137.866286][ T5870] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 137.934117][ T5870] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 137.954106][ T5838] BTRFS info (device loop5): enabling ssd optimizations [ 137.962226][ T5870] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 138.090039][ T5879] netlink: 'syz.2.418': attribute type 12 has an invalid length. [ 138.136153][ T5879] netlink: 'syz.2.418': attribute type 29 has an invalid length. [ 138.167779][ T5879] netlink: 148 bytes leftover after parsing attributes in process `syz.2.418'. [ 138.188745][ T5882] loop3: detected capacity change from 0 to 1024 [ 138.209883][ T5879] netlink: 'syz.2.418': attribute type 2 has an invalid length. [ 138.230114][ T5879] netlink: 43 bytes leftover after parsing attributes in process `syz.2.418'. [ 138.257171][ T4577] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 138.282969][ T5882] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 138.302051][ T5882] ext4 filesystem being mounted at /90/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 138.352489][ T4251] EXT4-fs (loop0): unmounting filesystem. [ 138.487527][ T5882] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.409: bg 0: block 393: padding at end of block bitmap is not set [ 138.559627][ T5882] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 29 with error 117 [ 138.579261][ T5882] EXT4-fs (loop3): This should not happen!! Data will be lost [ 138.579261][ T5882] [ 138.663671][ T4632] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 48 with max blocks 20 with error 117 [ 138.693549][ T4632] EXT4-fs (loop3): This should not happen!! Data will be lost [ 138.693549][ T4632] [ 138.742208][ T4250] EXT4-fs (loop3): unmounting filesystem. [ 138.905469][ T5893] loop5: detected capacity change from 0 to 128 [ 138.932797][ T5893] EXT4-fs (loop5): Test dummy encryption mode enabled [ 138.966007][ T5893] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 138.985287][ T5893] ext4 filesystem being mounted at /55/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 139.153528][ T4577] EXT4-fs (loop5): unmounting filesystem. [ 139.407640][ T5884] loop4: detected capacity change from 0 to 40427 [ 139.435408][ T5884] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 139.457943][ T5884] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 139.503188][ T5884] F2FS-fs (loop4): invalid crc value [ 139.555303][ T5884] F2FS-fs (loop4): Found nat_bits in checkpoint [ 139.739884][ T5884] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 139.758807][ T5896] loop0: detected capacity change from 0 to 32768 [ 139.768096][ T5884] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 139.813912][ T5896] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.414 (5896) [ 139.884202][ T5896] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 139.920663][ T5896] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 139.990842][ T9] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 140.014440][ T5896] BTRFS info (device loop0): setting nodatacow, compression disabled [ 140.022610][ T5896] BTRFS info (device loop0): force clearing of disk cache [ 140.032042][ T9] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 140.068919][ T5896] BTRFS info (device loop0): enabling ssd optimizations [ 140.095215][ T5896] BTRFS info (device loop0): using spread ssd allocation scheme [ 140.129315][ T5896] BTRFS info (device loop0): doing ref verification [ 140.169135][ T5896] BTRFS info (device loop0): not using ssd optimizations [ 140.200008][ T5896] BTRFS info (device loop0): not using spread ssd allocation scheme [ 140.227023][ C1] sd 0:0:1:0: [sda] tag#8105 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 140.228342][ T5896] BTRFS info (device loop0): using free space tree [ 140.237548][ C1] sd 0:0:1:0: [sda] tag#8105 CDB: Write(6) 0a 00 4e 23 00 00 00 00 00 00 00 00 [ 140.614840][ T5896] BTRFS info (device loop0): rebuilding free space tree [ 140.831345][ T5913] loop3: detected capacity change from 0 to 32768 [ 140.980440][ T4251] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 141.530548][ T5936] loop5: detected capacity change from 0 to 40427 [ 141.561302][ T5936] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x3ffff [ 141.588627][ T5936] F2FS-fs (loop5): invalid crc value [ 141.631114][ T5936] F2FS-fs (loop5): Found nat_bits in checkpoint [ 141.819487][ T5936] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 141.892146][ T5962] loop4: detected capacity change from 0 to 512 [ 141.955158][ T5936] F2FS-fs (loop5) : inject checkpoint error in f2fs_balance_fs of f2fs_unlink+0x3bf/0xa10 [ 142.042765][ T5936] overlayfs: cleanup of 'work/#8' failed (-5) [ 142.051274][ T5962] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 142.071311][ T5936] overlayfs: failed to set xattr on upper [ 142.073873][ T5962] ext4 filesystem being mounted at /99/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 142.112787][ T5936] overlayfs: ...falling back to index=off,metacopy=off. [ 142.129533][ T5936] overlayfs: failed to resolve './file0/../file0': -2 [ 142.281998][ T4263] EXT4-fs (loop4): unmounting filesystem. [ 142.836968][ T5984] loop3: detected capacity change from 0 to 128 [ 142.862034][ T26] audit: type=1800 audit(1738775468.263:16): pid=5984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.442" name="file1" dev="loop3" ino=1048608 res=0 errno=0 [ 142.896134][ T5984] FAT-fs (loop3): error, invalid FAT chain (i_pos 548, last_block 8) [ 142.939652][ T5984] FAT-fs (loop3): Filesystem has been set read-only [ 142.948988][ T26] audit: type=1800 audit(1738775468.293:17): pid=5984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.442" name="file1" dev="loop3" ino=1048608 res=0 errno=0 [ 142.984188][ T5984] FAT-fs (loop3): error, corrupted file size (i_pos 548, 522) [ 143.044007][ T5988] FAT-fs (loop3): error, corrupted file size (i_pos 548, 522) [ 143.336395][ T5994] loop3: detected capacity change from 0 to 2048 [ 143.380569][ T5994] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 143.795693][ T5996] loop2: detected capacity change from 0 to 8192 [ 143.852293][ T5987] loop4: detected capacity change from 0 to 32768 [ 143.890722][ T5996] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 144.022534][ T5996] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 144.073920][ T4362] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 144.104105][ T5996] REISERFS (device loop2): using ordered data mode [ 144.114033][ T5996] reiserfs: using flush barriers [ 144.162856][ T5996] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 144.286474][ T5996] REISERFS (device loop2): checking transaction log (loop2) [ 144.293878][ T4362] usb 4-1: Using ep0 maxpacket: 16 [ 144.296004][ T4362] usb 4-1: config 6 has no interfaces? [ 144.324011][ T4362] usb 4-1: string descriptor 0 read error: -71 [ 144.350818][ T5996] REISERFS (device loop2): Using r5 hash to sort names [ 144.360817][ T4362] usb 4-1: New USB device found, idVendor=09c0, idProduct=0200, bcdDevice=58.3c [ 144.390395][ T4362] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.400283][ T5996] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 144.409863][ T4362] usb 4-1: rejected 1 configuration due to insufficient available bus power [ 144.428917][ T5992] loop5: detected capacity change from 0 to 40427 [ 144.444120][ T4362] usb 4-1: no configuration chosen from 1 choice [ 144.456610][ T5992] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 144.482325][ T4362] usb 4-1: USB disconnect, device number 7 [ 144.499620][ T5992] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 144.562461][ T5992] F2FS-fs (loop5): invalid crc value [ 144.639995][ T5992] F2FS-fs (loop5): Found nat_bits in checkpoint [ 144.794838][ T5992] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 144.803150][ T5992] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 144.815702][ T4296] kernel read not supported for file 233/task/234/cmdline (pid: 4296 comm: kworker/1:4) [ 145.122945][ T4317] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 145.140459][ T4317] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 145.379286][ T6028] netlink: 220 bytes leftover after parsing attributes in process `syz.4.459'. [ 145.771369][ T6017] loop0: detected capacity change from 0 to 32768 [ 145.821011][ T6034] loop4: detected capacity change from 0 to 512 [ 145.911852][ T6034] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.462: casefold flag without casefold feature [ 145.975606][ T6017] XFS (loop0): Mounting V5 Filesystem [ 146.012673][ T6034] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.462: couldn't read orphan inode 15 (err -117) [ 146.135000][ T6034] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 146.143249][ T6032] loop2: detected capacity change from 0 to 32768 [ 146.148052][ T6048] loop3: detected capacity change from 0 to 128 [ 146.166946][ T6017] XFS (loop0): Ending clean mount [ 146.253759][ T6048] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 146.283153][ T6048] ext4 filesystem being mounted at /103/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 146.315113][ C0] vkms_vblank_simulate: vblank timer overrun [ 146.384148][ T4263] EXT4-fs (loop4): unmounting filesystem. [ 146.522692][ T6053] input: syz0 as /devices/virtual/input/input9 [ 146.529097][ T6053] input: failed to attach handler leds to device input9, error: -6 [ 146.615175][ T4251] XFS (loop0): Unmounting Filesystem [ 146.629322][ T4250] EXT4-fs (loop3): unmounting filesystem. [ 146.890860][ T6061] loop4: detected capacity change from 0 to 256 [ 146.924974][ T6061] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 147.928838][ T6085] loop4: detected capacity change from 0 to 128 [ 148.039795][ T6083] loop3: detected capacity change from 0 to 4096 [ 148.084838][ T6083] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 148.119380][ T6083] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 148.154972][ T6083] ntfs: (device loop3): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 148.183922][ T6083] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 148.217543][ T6083] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 148.245543][ T6083] ntfs: volume version 3.1. [ 148.253936][ T4362] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 148.267517][ T6083] ntfs: (device loop3): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 148.300075][ T6083] ntfs: (device loop3): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 148.347544][ T6083] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 148.377128][ T6083] ntfs: (device loop3): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 148.398088][ T6083] ntfs: (device loop3): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 148.404872][ T6075] loop2: detected capacity change from 0 to 32768 [ 148.454550][ T4362] usb 5-1: Using ep0 maxpacket: 16 [ 148.467424][ T4362] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.490906][ T4362] usb 5-1: config 0 interface 0 has no altsetting 0 [ 148.498666][ T4362] usb 5-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 148.513220][ T4362] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.528434][ T4362] usb 5-1: config 0 descriptor?? [ 148.535221][ T6075] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 148.601268][ T6081] loop5: detected capacity change from 0 to 32768 [ 148.790497][ T4252] (syz-executor,4252,1):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72 [ 148.847659][ T4252] ocfs2: Unmounting device (7,2) on (node local) [ 148.951823][ T4362] hid (null): bogus close delimiter [ 148.962902][ T6094] loop3: detected capacity change from 0 to 128 [ 148.976554][ T4362] hid (null): unknown global tag 0x1e [ 149.000941][ T4362] cougar 0003:060B:500A.0005: unknown main item tag 0x0 [ 149.013302][ T4362] cougar 0003:060B:500A.0005: unknown main item tag 0x0 [ 149.020800][ T6094] VFS: Found a Xenix FS (block size = 512) on device loop3 [ 149.043948][ T4362] cougar 0003:060B:500A.0005: unexpected long global item [ 149.051625][ T4362] cougar 0003:060B:500A.0005: parse failed [ 149.062552][ T4362] cougar: probe of 0003:060B:500A.0005 failed with error -22 [ 149.134930][ T4250] sysv_free_block: trying to free block not in datazone [ 149.155851][ T4362] usb 5-1: USB disconnect, device number 6 [ 149.195722][ T4250] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 149.550729][ T6108] loop5: detected capacity change from 0 to 512 [ 149.600682][ T6110] loop0: detected capacity change from 0 to 512 [ 149.624767][ T6108] EXT4-fs (loop5): Test dummy encryption mode enabled [ 149.644315][ T6110] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 149.665858][ T6108] EXT4-fs error (device loop5): __ext4_fill_super:5390: inode #2: comm syz.5.484: casefold flag without casefold feature [ 149.720466][ T6108] EXT4-fs (loop5): get root inode failed [ 149.726366][ T6108] EXT4-fs (loop5): mount failed [ 149.766806][ T6110] EXT4-fs (loop0): 1 truncate cleaned up [ 149.772522][ T6110] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 150.056131][ T6123] netlink: 'syz.5.494': attribute type 2 has an invalid length. [ 150.077492][ T4251] EXT4-fs (loop0): unmounting filesystem. [ 150.080119][ T6123] netlink: 32 bytes leftover after parsing attributes in process `syz.5.494'. [ 150.394427][ T6135] netlink: 36 bytes leftover after parsing attributes in process `syz.5.499'. [ 151.172676][ T6167] loop3: detected capacity change from 0 to 256 [ 151.172903][ T6161] loop5: detected capacity change from 0 to 4096 [ 151.200496][ T6167] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 151.200551][ T6167] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 151.246557][ T6167] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 151.635312][ T4328] I/O error, dev loop5, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 152.069805][ T6191] block nbd3: shutting down sockets [ 152.119998][ T6192] loop4: detected capacity change from 0 to 256 [ 152.171578][ T6189] loop0: detected capacity change from 0 to 4096 [ 152.183588][ T6189] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512) [ 152.219710][ T6192] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 152.244718][ T6189] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 152.492620][ T4632] ntfs3: loop0: ntfs3_write_inode r=5 failed, -22. [ 152.515877][ T4251] ntfs3: loop0: ntfs_evict_inode r=5 failed, -22. [ 152.631654][ T6198] loop3: detected capacity change from 0 to 256 [ 152.686705][ T6198] exfat: Deprecated parameter 'utf8' [ 152.692087][ T6198] exfat: Deprecated parameter 'namecase' [ 152.733875][ T6198] exfat: Deprecated parameter 'utf8' [ 152.753096][ T6198] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 153.046293][ T6194] loop5: detected capacity change from 0 to 32768 [ 153.156284][ T6194] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 153.230376][ T6194] (syz.5.524,6194,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=0, inode=3298534883393, rec_len=0, name_len=1 [ 153.290223][ T6194] (syz.5.524,6194,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=0, inode=3298534883393, rec_len=0, name_len=1 [ 153.387171][ T6201] loop4: detected capacity change from 0 to 40427 [ 153.466550][ T6201] F2FS-fs (loop4): Found nat_bits in checkpoint [ 153.543113][ T4577] ocfs2: Unmounting device (7,5) on (node local) [ 153.656050][ T6201] F2FS-fs (loop4): Cannot turn on quotas: -2 on 2 [ 153.689163][ T6201] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 153.759085][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 153.759103][ T26] audit: type=1800 audit(1738775479.163:19): pid=6201 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.527" name="file1" dev="loop4" ino=10 res=0 errno=0 [ 153.934189][ T4263] syz-executor: attempt to access beyond end of device [ 153.934189][ T4263] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 155.395718][ T6244] loop5: detected capacity change from 0 to 32768 [ 155.436853][ T6244] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.544 (6244) [ 155.540754][ T6244] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 155.561579][ T6244] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 155.594067][ T6244] BTRFS info (device loop5): setting nodatacow, compression disabled [ 155.612580][ T6265] loop4: detected capacity change from 0 to 8192 [ 155.629281][ T6244] BTRFS info (device loop5): force clearing of disk cache [ 155.642128][ T6268] loop0: detected capacity change from 0 to 4096 [ 155.659173][ T6244] BTRFS info (device loop5): enabling ssd optimizations [ 155.686475][ T6265] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 155.713855][ T6265] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 155.723148][ T6265] REISERFS (device loop4): using ordered data mode [ 155.750293][ T6244] BTRFS info (device loop5): using spread ssd allocation scheme [ 155.818318][ T6244] BTRFS info (device loop5): doing ref verification [ 155.844887][ T6265] reiserfs: using flush barriers [ 155.854554][ T6244] BTRFS info (device loop5): not using ssd optimizations [ 155.861642][ T6244] BTRFS info (device loop5): not using spread ssd allocation scheme [ 155.885562][ T6265] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 155.956375][ T6244] BTRFS info (device loop5): using free space tree [ 155.977694][ T6252] loop3: detected capacity change from 0 to 32768 [ 155.986227][ T6265] REISERFS (device loop4): checking transaction log (loop4) [ 156.003051][ T6265] REISERFS (device loop4): Using r5 hash to sort names [ 156.016180][ T6265] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 156.088181][ T4251] ntfs3: loop0: ntfs_evict_inode r=5 failed, -22. [ 156.129201][ T6252] XFS (loop3): Mounting V5 Filesystem [ 156.132413][ T4251] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 156.289643][ T6244] BTRFS info (device loop5): rebuilding free space tree [ 156.392185][ T6252] XFS (loop3): Ending clean mount [ 156.409790][ T6252] XFS (loop3): Quotacheck needed: Please wait. [ 156.624018][ T6252] XFS (loop3): Quotacheck: Done. [ 156.700701][ T6252] XFS (loop3): User initiated shutdown received. [ 156.723894][ T6252] XFS (loop3): Log I/O Error (0x6) detected at xfs_fs_goingdown+0xde/0x150 (fs/xfs/xfs_fsops.c:496). Shutting down filesystem. [ 156.777371][ T6314] loop2: detected capacity change from 0 to 1024 [ 156.787752][ T6252] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 156.804340][ T4577] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 156.846140][ T6314] EXT4-fs: Ignoring removed oldalloc option [ 156.918805][ T26] audit: type=1326 audit(1738775482.323:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.0.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3877f8cde9 code=0x7ffc0000 [ 156.943916][ T6314] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 157.029946][ T26] audit: type=1326 audit(1738775482.353:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.0.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3877f8cde9 code=0x7ffc0000 [ 157.141390][ T26] audit: type=1326 audit(1738775482.353:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.0.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f3877f8cde9 code=0x7ffc0000 [ 157.177089][ T6314] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 157.241154][ T26] audit: type=1326 audit(1738775482.353:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.0.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3877f8cde9 code=0x7ffc0000 [ 157.264544][ T26] audit: type=1326 audit(1738775482.353:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.0.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3877f8cde9 code=0x7ffc0000 [ 157.288241][ T26] audit: type=1326 audit(1738775482.353:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.0.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=241 compat=0 ip=0x7f3877f8cde9 code=0x7ffc0000 [ 157.312946][ T26] audit: type=1326 audit(1738775482.353:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.0.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3877f8cde9 code=0x7ffc0000 [ 157.356321][ T26] audit: type=1326 audit(1738775482.353:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.0.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3877f8cde9 code=0x7ffc0000 [ 157.428243][ T4250] XFS (loop3): Unmounting Filesystem [ 157.469384][ T4252] EXT4-fs (loop2): unmounting filesystem. [ 157.596806][ T6337] loop5: detected capacity change from 0 to 128 [ 157.651282][ T6337] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 157.685267][ T6337] ext4 filesystem being mounted at /78/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 158.007737][ T4577] EXT4-fs (loop5): unmounting filesystem. [ 158.176996][ T26] audit: type=1326 audit(1738775483.583:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6349 comm="syz.3.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243b98cde9 code=0x7ffc0000 [ 158.503909][ T4883] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 158.703856][ T4883] usb 6-1: Using ep0 maxpacket: 8 [ 158.711233][ T4883] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 158.719706][ T4883] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 158.730314][ T4424] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 158.737951][ T4883] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 158.748317][ T4883] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 158.758954][ T4883] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 158.772612][ T4883] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 158.781760][ T4883] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.967568][ T4424] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.978928][ T4424] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.989399][ T4424] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 158.998774][ T4424] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.007451][ T4883] usb 6-1: usb_control_msg returned -32 [ 159.013050][ T4883] usbtmc 6-1:16.0: can't read capabilities [ 159.024520][ T4424] usb 4-1: config 0 descriptor?? [ 159.390863][ T6368] usbtmc 6-1:16.0: usb_control_msg returned -32 [ 159.401875][ T4362] usb 6-1: USB disconnect, device number 3 [ 159.440824][ T4424] cm6533_jd 0003:0D8C:0022.0006: unknown main item tag 0x0 [ 159.448125][ T6370] loop2: detected capacity change from 0 to 128 [ 159.470048][ T4424] cm6533_jd 0003:0D8C:0022.0006: unknown main item tag 0x0 [ 159.480291][ T6370] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 159.489393][ T6370] ext4 filesystem being mounted at /118/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 159.516648][ T4424] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0006/input/input11 [ 159.578736][ T4424] cm6533_jd 0003:0D8C:0022.0006: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0 [ 159.613642][ T4252] EXT4-fs (loop2): unmounting filesystem. [ 159.643525][ T6376] loop4: detected capacity change from 0 to 64 [ 159.716346][ T4362] usb 4-1: USB disconnect, device number 8 [ 159.874560][ T6380] loop4: detected capacity change from 0 to 512 [ 159.881631][ T6380] EXT4-fs: Ignoring removed bh option [ 159.896941][ T6380] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 159.915310][ T6380] EXT4-fs (loop4): invalid journal inode [ 159.924782][ T6380] EXT4-fs (loop4): can't get journal size [ 159.951218][ T6380] EXT4-fs (loop4): 1 truncate cleaned up [ 159.973428][ T6380] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 160.050150][ T6385] loop2: detected capacity change from 0 to 4096 [ 160.132317][ T6387] input: syz1 as /devices/virtual/input/input12 [ 160.190853][ T4263] EXT4-fs (loop4): unmounting filesystem. [ 160.909370][ T6389] loop5: detected capacity change from 0 to 32768 [ 160.925510][ T6389] XFS: attr2 mount option is deprecated. [ 161.001328][ T6389] XFS (loop5): Mounting V5 Filesystem [ 161.074909][ T6389] XFS (loop5): Ending clean mount [ 161.082263][ T6389] XFS (loop5): Metadata CRC error detected at xfs_inobt_read_verify+0x39/0xc0, xfs_finobt block 0x20 [ 161.093889][ T6389] XFS (loop5): Unmount and run xfs_repair [ 161.099859][ T6389] XFS (loop5): First 128 bytes of corrupted metadata buffer: [ 161.107681][ T6389] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 161.117080][ T6389] 00000010: 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 40 ....... .......@ [ 161.126628][ T6389] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a ...B..N....xv... [ 161.135731][ T6389] 00000030: 00 00 00 00 8a d2 18 46 00 00 16 80 00 00 40 37 .......F......@7 [ 161.145583][ T6389] 00000040: ff ff ff ff ff ff 01 00 00 00 00 00 00 00 00 00 ................ [ 161.154793][ T6389] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 161.164008][ T6389] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 161.173049][ T6389] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 161.182363][ T6389] XFS (loop5): metadata I/O error in "xfs_btree_read_buf_block+0x26e/0x370" at daddr 0x20 len 8 error 74 [ 161.194196][ T6389] XFS (loop5): Failed to initialize disk quotas. [ 161.292149][ T4577] XFS (loop5): Unmounting Filesystem [ 161.709028][ T6433] loop5: detected capacity change from 0 to 64 [ 161.738960][ T6433] hfs: request for non-existent node 131072 in B*Tree [ 161.763917][ T6433] hfs: request for non-existent node 131072 in B*Tree [ 161.786370][ T6433] hfs: request for non-existent node 131072 in B*Tree [ 161.815440][ T6433] hfs: request for non-existent node 131072 in B*Tree [ 161.873844][ T6435] hfs: request for non-existent node 131072 in B*Tree [ 161.880699][ T6435] hfs: request for non-existent node 131072 in B*Tree [ 161.971731][ T6439] loop4: detected capacity change from 0 to 256 [ 161.984600][ T6439] exfat: Deprecated parameter 'namecase' [ 162.043244][ T6439] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x2eabf3fa, utbl_chksum : 0xe619d30d) [ 162.052389][ T6442] loop3: detected capacity change from 0 to 1024 [ 162.082029][ T6442] EXT4-fs: Ignoring removed oldalloc option [ 162.115407][ T6442] EXT4-fs: Ignoring removed nomblk_io_submit option [ 162.172503][ T6442] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802c019, mo2=0002] [ 162.229617][ T6442] System zones: 0-1, 3-12 [ 162.256532][ T6442] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 162.476991][ T4250] EXT4-fs (loop3): unmounting filesystem. [ 162.507257][ T6430] loop0: detected capacity change from 0 to 32768 [ 162.519781][ T6451] loop2: detected capacity change from 0 to 512 [ 162.595473][ T6430] JBD2: Ignoring recovery information on journal [ 162.623657][ T6451] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 162.745246][ T6430] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 162.775737][ T6451] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002] [ 162.820855][ T6451] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2186: inode #15: comm syz.2.615: corrupted in-inode xattr [ 162.902515][ T6451] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.615: couldn't read orphan inode 15 (err -117) [ 162.982074][ T6451] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 163.010833][ T4251] ocfs2: Unmounting device (7,0) on (node local) [ 163.028876][ T6465] batman_adv: batadv0: Adding interface: gretap1 [ 163.082985][ T6465] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.160088][ T6465] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 163.446870][ T6470] loop5: detected capacity change from 0 to 128 [ 163.456447][ T6472] loop4: detected capacity change from 0 to 512 [ 163.472438][ T4252] EXT4-fs (loop2): unmounting filesystem. [ 163.562658][ T6472] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.610: invalid indirect mapped block 2185560079 (level 0) [ 163.593415][ T6472] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.610: invalid indirect mapped block 2683928664 (level 1) [ 163.616920][ T6472] EXT4-fs (loop4): 1 truncate cleaned up [ 163.622910][ T6472] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 163.669798][ T6479] bridge0: port 3(vlan2) entered blocking state [ 163.703151][ T6479] bridge0: port 3(vlan2) entered disabled state [ 163.718140][ T6479] device vlan2 entered promiscuous mode [ 163.729656][ T6479] bridge0: mtu less than device minimum [ 163.854490][ T4263] EXT4-fs (loop4): unmounting filesystem. [ 163.866150][ T6467] loop3: detected capacity change from 0 to 32768 [ 163.935802][ T6467] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.608 (6467) [ 164.044218][ T6467] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 164.076063][ T6485] sctp: [Deprecated]: syz.2.617 (pid 6485) Use of int in max_burst socket option. [ 164.076063][ T6485] Use struct sctp_assoc_value instead [ 164.099337][ T6467] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 164.124137][ T6467] BTRFS info (device loop3): using free space tree [ 164.372824][ T6504] netlink: 'syz.0.620': attribute type 10 has an invalid length. [ 164.417168][ T6504] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.424719][ T6504] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.449857][ T6467] BTRFS info (device loop3): enabling ssd optimizations [ 164.469579][ T6504] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.476761][ T6504] bridge0: port 2(bridge_slave_1) entered forwarding state [ 164.484276][ T6504] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.491424][ T6504] bridge0: port 1(bridge_slave_0) entered forwarding state [ 164.596176][ T4250] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 164.667618][ T6504] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 164.768331][ T6481] loop5: detected capacity change from 0 to 32768 [ 164.794222][ T6504] netlink: 4 bytes leftover after parsing attributes in process `syz.0.620'. [ 164.838763][ T6481] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop5 scanned by syz.5.614 (6481) [ 164.875797][ T6504] device bridge_slave_1 left promiscuous mode [ 164.914011][ T6504] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.980426][ T6504] device bridge_slave_0 left promiscuous mode [ 164.988483][ T6481] BTRFS info (device loop5): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 165.003946][ T6504] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.017771][ T6481] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 165.020478][ T6517] loop2: detected capacity change from 0 to 1024 [ 165.042043][ T6481] BTRFS info (device loop5): using free space tree [ 165.118737][ T6517] EXT4-fs: inline encryption not supported [ 165.128311][ T6504] bond0: (slave bridge0): Releasing backup interface [ 165.178542][ T6517] EXT4-fs: Ignoring removed i_version option [ 165.220141][ T6501] loop4: detected capacity change from 0 to 32768 [ 165.226407][ T6517] EXT4-fs: Ignoring removed nomblk_io_submit option [ 165.227529][ T6501] XFS: ikeep mount option is deprecated. [ 165.239027][ T6501] XFS: ikeep mount option is deprecated. [ 165.305191][ T6517] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 165.374271][ T6501] XFS (loop4): Mounting V5 Filesystem [ 165.411744][ T6481] BTRFS info (device loop5): enabling ssd optimizations [ 165.441300][ T6517] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 165.560590][ T6501] XFS (loop4): Ending clean mount [ 165.568149][ T6517] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 28 [ 165.594761][ T6501] XFS (loop4): Quotacheck needed: Please wait. [ 165.596766][ T6517] EXT4-fs (loop2): This should not happen!! Data will be lost [ 165.596766][ T6517] [ 165.611664][ T6517] EXT4-fs (loop2): Total free blocks count 0 [ 165.618251][ T6517] EXT4-fs (loop2): Free/Dirty block details [ 165.624916][ T6517] EXT4-fs (loop2): free_blocks=0 [ 165.630065][ T6517] EXT4-fs (loop2): dirty_blocks=0 [ 165.637232][ T6517] EXT4-fs (loop2): Block reservation details [ 165.646491][ T6517] EXT4-fs (loop2): i_reserved_data_blocks=0 [ 165.712795][ T4577] BTRFS info (device loop5): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 165.733347][ T6501] XFS (loop4): Quotacheck: Done. [ 165.818182][ T4252] EXT4-fs (loop2): unmounting filesystem. [ 166.200932][ T4263] XFS (loop4): Unmounting Filesystem [ 166.420125][ T6554] loop0: detected capacity change from 0 to 8192 [ 166.480467][ T6554] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 166.526244][ T6554] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 166.535760][ T6554] REISERFS (device loop0): using ordered data mode [ 166.542386][ T6554] reiserfs: using flush barriers [ 166.549026][ T6554] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 166.565791][ T6554] REISERFS (device loop0): checking transaction log (loop0) [ 166.619069][ T6554] REISERFS (device loop0): Using r5 hash to sort names [ 166.653597][ T6554] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 167.644961][ T6581] netlink: 'syz.0.636': attribute type 10 has an invalid length. [ 167.767445][ T6568] loop3: detected capacity change from 0 to 32768 [ 167.784078][ T6581] team0: Port device vlan0 added [ 167.837076][ T6585] netlink: 'syz.5.639': attribute type 10 has an invalid length. [ 167.890735][ T6588] loop4: detected capacity change from 0 to 1024 [ 167.897940][ T6588] EXT4-fs: inline encryption not supported [ 167.903913][ T6588] EXT4-fs: Ignoring removed i_version option [ 167.910316][ T6588] EXT4-fs: Ignoring removed nomblk_io_submit option [ 167.921360][ T6588] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 167.951158][ T6585] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.958743][ T6585] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.985542][ T6568] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 168.008830][ T6585] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.016089][ T6585] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.023538][ T6585] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.030741][ T6585] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.112326][ T6585] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 168.134693][ T6590] netlink: 4 bytes leftover after parsing attributes in process `syz.5.639'. [ 168.148596][ T6590] device bridge_slave_1 left promiscuous mode [ 168.170420][ T6588] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 168.180459][ T6590] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.283467][ T6590] device bridge_slave_0 left promiscuous mode [ 168.302463][ T4250] (syz-executor,4250,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72 [ 168.324016][ T6590] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.357136][ T6592] loop2: detected capacity change from 0 to 32768 [ 168.364555][ T6592] XFS: ikeep mount option is deprecated. [ 168.370253][ T6592] XFS: ikeep mount option is deprecated. [ 168.374390][ T4250] ocfs2: Unmounting device (7,3) on (node local) [ 168.384189][ T6588] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 28 [ 168.424232][ T6588] EXT4-fs (loop4): This should not happen!! Data will be lost [ 168.424232][ T6588] [ 168.434572][ T6588] EXT4-fs (loop4): Total free blocks count 0 [ 168.440731][ T6588] EXT4-fs (loop4): Free/Dirty block details [ 168.451133][ T6588] EXT4-fs (loop4): free_blocks=0 [ 168.455166][ T6592] XFS (loop2): Mounting V5 Filesystem [ 168.456325][ T6588] EXT4-fs (loop4): dirty_blocks=0 [ 168.471623][ T6590] bond0: (slave bridge0): Releasing backup interface [ 168.472744][ T6588] EXT4-fs (loop4): Block reservation details [ 168.485364][ T6588] EXT4-fs (loop4): i_reserved_data_blocks=0 [ 168.595143][ T6592] XFS (loop2): Ending clean mount [ 168.613317][ T6592] XFS (loop2): Quotacheck needed: Please wait. [ 168.656056][ T4263] EXT4-fs (loop4): unmounting filesystem. [ 168.742132][ T6592] XFS (loop2): Quotacheck: Done. [ 168.973239][ T4252] XFS (loop2): Unmounting Filesystem [ 168.998972][ T6614] loop3: detected capacity change from 0 to 8192 [ 169.025344][ T6614] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 169.057148][ T6614] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 169.071220][ T6614] REISERFS (device loop3): using ordered data mode [ 169.080514][ T6614] reiserfs: using flush barriers [ 169.097905][ T6614] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 169.129432][ T6614] REISERFS (device loop3): checking transaction log (loop3) [ 169.159059][ T6614] REISERFS (device loop3): Using r5 hash to sort names [ 169.187239][ T6614] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 169.311846][ T6616] loop0: detected capacity change from 0 to 32768 [ 169.350348][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 169.350367][ T26] audit: type=1800 audit(1738775494.753:35): pid=6616 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.656" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 169.387339][ T6619] loop5: detected capacity change from 0 to 4096 [ 169.465660][ T6619] ntfs: (device loop5): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 169.487090][ T6619] ntfs: (device loop5): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 169.513413][ T6619] ntfs: (device loop5): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 169.532066][ T6619] ntfs: (device loop5): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 169.568357][ T6619] ntfs: (device loop5): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 169.588643][ T6619] ntfs: volume version 3.1. [ 169.599558][ T6619] ntfs: (device loop5): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 169.618653][ T6619] ntfs: (device loop5): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 169.699354][ T6619] ntfs: (device loop5): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 169.724797][ T6619] ntfs: (device loop5): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 170.414785][ T6633] loop5: detected capacity change from 0 to 1024 [ 170.421884][ T6633] EXT4-fs: inline encryption not supported [ 170.459045][ T6633] EXT4-fs: Ignoring removed i_version option [ 170.485815][ T6633] EXT4-fs: Ignoring removed nomblk_io_submit option [ 170.513939][ T6633] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 170.618206][ T6633] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 170.691840][ T6626] loop4: detected capacity change from 0 to 32768 [ 170.716135][ T6626] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.650 (6626) [ 170.753384][ T6626] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 170.764804][ T6626] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 170.773484][ T6626] BTRFS info (device loop4): using free space tree [ 170.810308][ T6650] loop2: detected capacity change from 0 to 512 [ 170.844194][ T6650] EXT4-fs (loop2): Test dummy encryption mode enabled [ 170.863896][ T6633] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 28 [ 170.881165][ T6650] EXT4-fs error (device loop2): __ext4_fill_super:5390: inode #2: comm syz.2.658: casefold flag without casefold feature [ 170.904401][ T6633] EXT4-fs (loop5): This should not happen!! Data will be lost [ 170.904401][ T6633] [ 170.905700][ T6650] EXT4-fs (loop2): get root inode failed [ 170.914938][ T6633] EXT4-fs (loop5): Total free blocks count 0 [ 170.926244][ T6633] EXT4-fs (loop5): Free/Dirty block details [ 170.932555][ T6633] EXT4-fs (loop5): free_blocks=0 [ 170.938501][ T6633] EXT4-fs (loop5): dirty_blocks=0 [ 170.943572][ T6633] EXT4-fs (loop5): Block reservation details [ 170.950143][ T6633] EXT4-fs (loop5): i_reserved_data_blocks=0 [ 170.957266][ T6650] EXT4-fs (loop2): mount failed [ 171.129790][ T6626] BTRFS info (device loop4): enabling ssd optimizations [ 171.206228][ T4577] EXT4-fs (loop5): unmounting filesystem. [ 171.225500][ T6672] netlink: 'syz.2.661': attribute type 10 has an invalid length. [ 171.313368][ T6672] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.320951][ T6672] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.418690][ T6672] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.425935][ T6672] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.433470][ T6672] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.440727][ T6672] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.490514][ T4263] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 171.522658][ T6672] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 171.537886][ T6674] netlink: 4 bytes leftover after parsing attributes in process `syz.2.661'. [ 171.548117][ T6674] device vlan2 left promiscuous mode [ 171.580003][ T6674] bridge0: port 3(vlan2) entered disabled state [ 171.601259][ T6674] device bridge_slave_1 left promiscuous mode [ 171.622424][ T6674] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.875544][ T6674] device bridge_slave_0 left promiscuous mode [ 171.883176][ T6674] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.980072][ T6674] bond0: (slave bridge0): Releasing backup interface [ 172.287448][ T6686] loop4: detected capacity change from 0 to 4096 [ 172.322172][ T6686] ntfs: volume version 3.1. [ 172.567993][ T6683] loop3: detected capacity change from 0 to 32768 [ 172.699107][ T6694] netlink: 'syz.5.669': attribute type 11 has an invalid length. [ 173.335412][ T6710] loop4: detected capacity change from 0 to 512 [ 173.384894][ T6710] EXT4-fs (loop4): Test dummy encryption mode enabled [ 173.451963][ T6710] EXT4-fs error (device loop4): __ext4_fill_super:5390: inode #2: comm syz.4.676: casefold flag without casefold feature [ 173.481678][ T6710] EXT4-fs (loop4): get root inode failed [ 173.508087][ T6714] loop3: detected capacity change from 0 to 1024 [ 173.519918][ T6710] EXT4-fs (loop4): mount failed [ 173.541972][ T6714] EXT4-fs: inline encryption not supported [ 173.598084][ T6714] EXT4-fs: Ignoring removed i_version option [ 173.637293][ T6714] EXT4-fs: Ignoring removed nomblk_io_submit option [ 173.670252][ T6714] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 173.737578][ T6714] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 173.953170][ T6714] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 28 [ 173.999379][ T6714] EXT4-fs (loop3): This should not happen!! Data will be lost [ 173.999379][ T6714] [ 174.057483][ T6714] EXT4-fs (loop3): Total free blocks count 0 [ 174.106898][ T6714] EXT4-fs (loop3): Free/Dirty block details [ 174.124980][ T6714] EXT4-fs (loop3): free_blocks=0 [ 174.174658][ T6714] EXT4-fs (loop3): dirty_blocks=0 [ 174.233820][ T6714] EXT4-fs (loop3): Block reservation details [ 174.239875][ T6714] EXT4-fs (loop3): i_reserved_data_blocks=0 [ 174.427874][ T4250] EXT4-fs (loop3): unmounting filesystem. [ 174.550532][ T6733] netlink: 'syz.3.685': attribute type 10 has an invalid length. [ 174.571554][ T6733] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.579200][ T6733] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.656296][ T6733] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.663505][ T6733] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.671042][ T6733] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.678257][ T6733] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.767051][ T6733] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 174.804723][ T6735] netlink: 4 bytes leftover after parsing attributes in process `syz.3.685'. [ 174.843912][ T6735] device bridge_slave_1 left promiscuous mode [ 174.864807][ T6735] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.867394][ T6728] loop2: detected capacity change from 0 to 32768 [ 174.881126][ T6735] device bridge_slave_0 left promiscuous mode [ 174.899089][ T6735] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.985352][ T6735] bond0: (slave bridge0): Releasing backup interface [ 175.066549][ T6738] netlink: 'syz.5.686': attribute type 10 has an invalid length. [ 175.116169][ T6738] team0: Port device vlan0 added [ 175.962676][ T6740] loop4: detected capacity change from 0 to 32768 [ 175.981492][ T6755] loop5: detected capacity change from 0 to 128 [ 176.014444][ T6757] loop3: detected capacity change from 0 to 512 [ 176.061737][ T6757] EXT4-fs (loop3): Test dummy encryption mode enabled [ 176.097321][ T6757] EXT4-fs error (device loop3): __ext4_fill_super:5390: inode #2: comm syz.3.691: casefold flag without casefold feature [ 176.102128][ T26] kauditd_printk_skb: 24 callbacks suppressed [ 176.102145][ T26] audit: type=1800 audit(1738775501.503:37): pid=6740 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.687" name="file1" dev="loop4" ino=4 res=0 errno=0 [ 176.151587][ T6757] EXT4-fs (loop3): get root inode failed [ 176.190750][ T6757] EXT4-fs (loop3): mount failed [ 176.191417][ T6756] loop2: detected capacity change from 0 to 4096 [ 176.246245][ T6756] ntfs3: loop2: Different NTFS' sector size (2048) and media sector size (512) [ 176.355527][ T6756] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 176.479044][ T6763] netlink: 36 bytes leftover after parsing attributes in process `syz.0.693'. [ 176.609984][ T75] ntfs3: loop2: ntfs3_write_inode r=5 failed, -22. [ 176.633973][ T4252] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22. [ 177.261046][ T6784] loop5: detected capacity change from 0 to 256 [ 177.276468][ T6782] loop4: detected capacity change from 0 to 2048 [ 177.288227][ T6784] FAT-fs (loop5): Directory bread(block 1285) failed [ 177.296120][ T6784] FAT-fs (loop5): Directory bread(block 1286) failed [ 177.304778][ T6784] FAT-fs (loop5): Directory bread(block 1287) failed [ 177.311751][ T6784] FAT-fs (loop5): Directory bread(block 1288) failed [ 177.319031][ T6784] FAT-fs (loop5): Directory bread(block 1289) failed [ 177.328527][ T6784] FAT-fs (loop5): Directory bread(block 1290) failed [ 177.337661][ T6784] FAT-fs (loop5): Directory bread(block 1291) failed [ 177.348876][ T6784] FAT-fs (loop5): Directory bread(block 1292) failed [ 177.391113][ T6782] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 177.393923][ T6784] FAT-fs (loop5): Directory bread(block 1293) failed [ 177.423080][ T6784] FAT-fs (loop5): Directory bread(block 1294) failed [ 177.661477][ T4263] EXT4-fs (loop4): unmounting filesystem. [ 178.274108][ T4655] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 178.484011][ T4655] usb 6-1: Using ep0 maxpacket: 32 [ 178.502601][ T6816] loop2: detected capacity change from 0 to 1764 [ 178.509470][ T4655] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.533604][ T4655] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.574917][ T6816] ISOFS: unable to read i-node block [ 178.580497][ T4655] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 178.600200][ T6816] isofs_fill_super: get root inode failed [ 178.609805][ T4655] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.626180][ T4655] usb 6-1: config 0 descriptor?? [ 178.700393][ T6816] loop2: detected capacity change from 0 to 256 [ 179.051547][ T4655] ft260 0003:0403:6030.0007: unknown main item tag 0x0 [ 179.063860][ T6832] tap0: tun_chr_ioctl cmd 1074025675 [ 179.072562][ T4655] ft260 0003:0403:6030.0007: hidraw0: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.5-1/input0 [ 179.113969][ T6832] tap0: persist enabled [ 179.124688][ T6832] tap0: tun_chr_ioctl cmd 1074025675 [ 179.130163][ T6832] tap0: persist disabled [ 179.146178][ T6836] loop4: detected capacity change from 0 to 128 [ 179.191279][ T6836] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 179.248909][ T4655] ft260 0003:0403:6030.0007: chip code: 6424 8183 [ 179.446299][ T4263] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 179.471667][ T4263] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 179.563796][ T6834] loop0: detected capacity change from 0 to 32768 [ 179.594953][ T6834] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz.0.725 (6834) [ 179.667451][ T4655] ft260 0003:0403:6030.0007: failed to retrieve status: -71 [ 179.690774][ T6834] BTRFS info (device loop0): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 179.706941][ T6834] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 179.719118][ T4655] ft260 0003:0403:6030.0007: failed to reset I2C controller: -71 [ 179.721494][ T6834] BTRFS info (device loop0): enabling disk space caching [ 179.767594][ T6834] BTRFS info (device loop0): force clearing of disk cache [ 179.789786][ T4655] usb 6-1: USB disconnect, device number 4 [ 179.798230][ T6834] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 179.832308][ T6834] BTRFS info (device loop0): use zstd compression, level 3 [ 179.847816][ T6834] BTRFS info (device loop0): disk space caching is enabled [ 180.079710][ T6834] BTRFS info (device loop0): enabling ssd optimizations [ 180.090391][ T6834] BTRFS info (device loop0): rebuilding free space tree [ 180.110612][ T75] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.128344][ T6834] BTRFS info (device loop0): disabling free space tree [ 180.137889][ T6834] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 180.159736][ T6834] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 180.245531][ T75] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.401817][ T75] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.546025][ T75] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.612732][ T4251] BTRFS info (device loop0): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 181.191484][ T4262] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 181.207434][ T4262] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 181.234992][ T4262] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 181.252662][ T4262] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 181.260946][ T4262] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 181.268330][ T4262] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 181.554254][ T75] tipc: Disabling bearer [ 181.576196][ T75] tipc: Left network mode [ 182.127613][ T6883] chnl_net:caif_netlink_parms(): no params data found [ 182.720378][ T6883] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.751296][ T6883] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.792337][ T6883] device bridge_slave_0 entered promiscuous mode [ 182.916466][ T6908] loop2: detected capacity change from 0 to 32768 [ 182.954178][ T6883] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.961780][ T6883] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.988705][ T6904] loop0: detected capacity change from 0 to 32768 [ 183.005516][ T6883] device bridge_slave_1 entered promiscuous mode [ 183.011913][ T26] audit: type=1804 audit(1738775508.413:38): pid=6908 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.747" name="/newroot/157/file0/file1" dev="loop2" ino=4 res=1 errno=0 [ 183.045286][ T6904] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.746 (6904) [ 183.111236][ T6904] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 183.152555][ T6904] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 183.182538][ T6904] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 183.209682][ T6904] BTRFS info (device loop0): use zstd compression, level 3 [ 183.258090][ T6904] BTRFS info (device loop0): using free space tree [ 183.353849][ T4266] Bluetooth: hci4: command 0x0409 tx timeout [ 183.490986][ T6883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 183.599440][ T6921] loop3: detected capacity change from 0 to 32768 [ 183.643904][ T6904] BTRFS info (device loop0): enabling ssd optimizations [ 183.655809][ T6883] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 183.680473][ T6921] XFS (loop3): Mounting V5 Filesystem [ 183.745724][ T26] audit: type=1800 audit(1738775509.153:39): pid=6904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.746" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 183.828654][ T6921] XFS (loop3): Ending clean mount [ 183.841831][ T6921] XFS (loop3): Quotacheck needed: Please wait. [ 183.878493][ T6924] loop5: detected capacity change from 0 to 40427 [ 183.928454][ T6924] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 183.964398][ T6924] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 183.997253][ T6921] XFS (loop3): Quotacheck: Done. [ 184.038198][ T6924] F2FS-fs (loop5): Found nat_bits in checkpoint [ 184.073141][ T4251] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 184.172978][ T6883] team0: Port device team_slave_0 added [ 184.184750][ T26] audit: type=1804 audit(1738775509.583:40): pid=6961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.750" name="/newroot/160/file0/file1" dev="loop3" ino=9286 res=1 errno=0 [ 184.213611][ T6883] team0: Port device team_slave_1 added [ 184.229982][ T6924] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 184.386746][ T6924] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 184.404614][ T6924] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 184.552034][ T26] audit: type=1800 audit(1738775509.953:41): pid=6924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.751" name="bus" dev="loop5" ino=10 res=0 errno=0 [ 184.632989][ T26] audit: type=1800 audit(1738775510.003:42): pid=6966 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.751" name="bus" dev="loop5" ino=10 res=0 errno=0 [ 184.758944][ T4250] XFS (loop3): Unmounting Filesystem [ 184.790113][ T6956] loop2: detected capacity change from 0 to 32768 [ 184.998037][ T6956] XFS (loop2): Mounting V5 Filesystem [ 185.196012][ T6883] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 185.208539][ T6883] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.242751][ T6883] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 185.284823][ T6956] XFS (loop2): Ending clean mount [ 185.416000][ T75] device hsr_slave_0 left promiscuous mode [ 185.433620][ T75] device hsr_slave_1 left promiscuous mode [ 185.433872][ T4266] Bluetooth: hci4: command 0x041b tx timeout [ 185.441561][ T6970] loop0: detected capacity change from 0 to 32768 [ 185.459202][ T26] audit: type=1800 audit(1738775510.863:43): pid=6984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.752" name="file1" dev="loop2" ino=1060 res=0 errno=0 [ 185.497365][ T75] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 185.513971][ T75] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 185.547902][ T75] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 185.576436][ T75] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 185.650857][ T4252] XFS (loop2): Unmounting Filesystem [ 185.887194][ T75] device veth1_macvtap left promiscuous mode [ 185.908105][ T75] device veth0_macvtap left promiscuous mode [ 185.932658][ T75] device veth1_vlan left promiscuous mode [ 185.961524][ T75] device veth0_vlan left promiscuous mode [ 187.060351][ T6990] loop3: detected capacity change from 0 to 32768 [ 187.167288][ T6990] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 187.343682][ C1] sched: RT throttling activated [ 187.350759][ T75] team0 (unregistering): Port device vlan0 removed [ 187.407452][ T6997] loop2: detected capacity change from 0 to 131072 [ 187.431075][ T6997] F2FS-fs (loop2): Wrong CP boundary, start(512) end(1536) blocks(0) [ 187.439567][ T6997] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 187.476965][ T4250] ocfs2: Unmounting device (7,3) on (node local) [ 187.513862][ T4262] Bluetooth: hci4: command 0x040f tx timeout [ 187.524408][ T6992] loop5: detected capacity change from 0 to 40427 [ 187.540930][ T6992] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x3ffff [ 187.541935][ T6997] F2FS-fs (loop2): Found nat_bits in checkpoint [ 187.603553][ T6992] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x2 [ 187.629592][ T6997] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 187.636775][ T6997] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 187.646666][ T6992] F2FS-fs (loop5): invalid crc value [ 187.705458][ T6992] F2FS-fs (loop5): Found nat_bits in checkpoint [ 187.882697][ T6992] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 188.000314][ T6992] syz.5.755: attempt to access beyond end of device [ 188.000314][ T6992] loop5: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 188.069832][ T6992] syz.5.755: attempt to access beyond end of device [ 188.069832][ T6992] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 188.150615][ T4577] syz-executor: attempt to access beyond end of device [ 188.150615][ T4577] loop5: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 188.458483][ T75] team0 (unregistering): Port device team_slave_1 removed [ 188.624978][ T75] team0 (unregistering): Port device team_slave_0 removed [ 188.784413][ T75] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 188.912202][ T75] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 189.530512][ T75] bond0 (unregistering): Released all slaves [ 189.593942][ T4262] Bluetooth: hci4: command 0x0419 tx timeout [ 189.612124][ T6883] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 189.621323][ T6883] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.648047][ T6883] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 189.669623][ T7018] netlink: 'syz.2.760': attribute type 4 has an invalid length. [ 189.741090][ T7019] netlink: 'syz.2.760': attribute type 4 has an invalid length. [ 189.956397][ T7031] loop5: detected capacity change from 0 to 2048 [ 189.966430][ T6883] device hsr_slave_0 entered promiscuous mode [ 190.004333][ T6883] device hsr_slave_1 entered promiscuous mode [ 190.019964][ T6883] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 190.049352][ T6883] Cannot create hsr debugfs directory [ 190.071674][ T7031] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 190.301692][ T4577] EXT4-fs (loop5): unmounting filesystem. [ 190.374953][ T4262] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 190.384930][ T4262] CPU: 1 PID: 4262 Comm: kworker/u5:5 Not tainted 6.1.128-syzkaller #0 [ 190.393230][ T4262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 190.403355][ T4262] Workqueue: hci2 hci_rx_work [ 190.408093][ T4262] Call Trace: [ 190.411398][ T4262] [ 190.414355][ T4262] dump_stack_lvl+0x1e3/0x2cb [ 190.419086][ T4262] ? nf_tcp_handle_invalid+0x642/0x642 [ 190.424574][ T4262] ? panic+0x764/0x764 [ 190.428723][ T4262] sysfs_create_dir_ns+0x2c6/0x390 [ 190.433879][ T4262] ? sysfs_warn_dup+0xa0/0xa0 [ 190.438604][ T4262] kobject_add_internal+0x6df/0xd10 [ 190.443863][ T4262] kobject_add+0x14e/0x210 [ 190.448325][ T4262] ? device_add+0x3c2/0xfd0 [ 190.452876][ T4262] ? kobject_init+0x1d0/0x1d0 [ 190.457601][ T4262] ? __raw_spin_lock_init+0x41/0x100 [ 190.462931][ T4262] ? get_device_parent+0x128/0x400 [ 190.468093][ T4262] device_add+0x476/0xfd0 [ 190.472480][ T4262] hci_conn_add_sysfs+0xe4/0x1f0 [ 190.477460][ T4262] le_conn_complete_evt+0xcc6/0x1320 [ 190.482801][ T4262] ? trace_contention_end+0x61/0x170 [ 190.488134][ T4262] ? hci_le_big_info_adv_report_evt+0x390/0x390 [ 190.491655][ T7046] loop3: detected capacity change from 0 to 1024 [ 190.494392][ T4262] ? __mutex_unlock_slowpath+0x218/0x750 [ 190.494471][ T4262] ? mutex_unlock+0x10/0x10 [ 190.494494][ T4262] ? skb_pull_data+0x10e/0x220 [ 190.494534][ T4262] hci_le_conn_complete_evt+0x188/0x410 [ 190.494566][ T4262] hci_event_packet+0xa40/0x1510 [ 190.526355][ T4262] ? hci_remote_host_features_evt+0x210/0x210 [ 190.532475][ T4262] ? bis_list+0x290/0x290 [ 190.536845][ T4262] ? do_raw_spin_unlock+0x137/0x8a0 [ 190.542084][ T4262] ? kcov_remote_start+0x4ae/0x7c0 [ 190.547232][ T4262] ? lockdep_hardirqs_on+0x30/0x130 [ 190.552474][ T4262] ? hci_send_to_monitor+0x99/0x4d0 [ 190.557717][ T4262] hci_rx_work+0x3a6/0xd10 [ 190.562175][ T4262] ? process_one_work+0x7a9/0x11d0 [ 190.567317][ T4262] process_one_work+0x8a9/0x11d0 [ 190.572307][ T4262] ? worker_detach_from_pool+0x260/0x260 [ 190.577983][ T4262] ? _raw_spin_lock_irqsave+0x120/0x120 [ 190.583574][ T4262] ? kthread_data+0x4e/0xc0 [ 190.588130][ T4262] ? wq_worker_running+0x97/0x190 [ 190.593195][ T4262] worker_thread+0xa47/0x1200 [ 190.597922][ T4262] ? release_firmware_map_entry+0x186/0x186 [ 190.603873][ T4262] kthread+0x28d/0x320 [ 190.607976][ T4262] ? worker_clr_flags+0x190/0x190 [ 190.613048][ T4262] ? kthread_blkcg+0xd0/0xd0 [ 190.617671][ T4262] ret_from_fork+0x1f/0x30 [ 190.622143][ T4262] [ 190.630223][ T4262] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 190.644143][ T4262] Bluetooth: hci2: failed to register connection device [ 190.680115][ T7046] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 190.751548][ T7046] ext4 filesystem being mounted at /165/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 190.964892][ T4250] EXT4-fs (loop3): unmounting filesystem. [ 190.984154][ T6883] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 191.004262][ T6883] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 191.035054][ T6883] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 191.102350][ T6883] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 191.161382][ T7067] loop3: detected capacity change from 0 to 128 [ 191.228464][ T7067] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 191.399835][ T4250] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 191.418471][ T6883] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.433075][ T4250] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 191.480888][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.510011][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.572614][ T6883] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.616153][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.644613][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.673726][ T4317] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.680918][ T4317] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.711726][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.832834][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.864316][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.871248][ T7064] loop5: detected capacity change from 0 to 32768 [ 191.886483][ T4317] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.893723][ T4317] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.907308][ T7064] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.772 (7064) [ 191.907769][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.962381][ T7064] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 191.981375][ T7064] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 192.007028][ T7064] BTRFS info (device loop5): using free space tree [ 192.034460][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.119896][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.161965][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.265294][ T7064] BTRFS info (device loop5): enabling ssd optimizations [ 192.436101][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.509950][ T4577] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 192.525691][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.547865][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.581240][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.620197][ T6883] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 192.664805][ T6883] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 192.701548][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.731644][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.772036][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.803228][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.846712][ T4651] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 192.925869][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.000259][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.043075][ T4651] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 193.079359][ T4651] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 193.120975][ T4651] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.182386][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.188788][ T4651] usb 3-1: config 0 descriptor?? [ 193.234931][ T4651] pwc: Askey VC010 type 2 USB webcam detected. [ 193.390392][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.465268][ T4266] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 193.476280][ T4266] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 193.485372][ T4266] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 193.496130][ T4266] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 193.504494][ T4266] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 193.513315][ T47] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 193.642732][ T4651] pwc: recv_control_msg error -32 req 02 val 2b00 [ 193.652364][ T4651] pwc: recv_control_msg error -32 req 02 val 2700 [ 193.665916][ T4651] pwc: recv_control_msg error -32 req 02 val 2c00 [ 193.867885][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 193.874765][ T4651] pwc: recv_control_msg error -71 req 04 val 1300 [ 193.885851][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 193.891967][ T4651] pwc: recv_control_msg error -71 req 04 val 1400 [ 193.932903][ T4651] pwc: recv_control_msg error -71 req 02 val 2000 [ 193.952746][ T4651] pwc: recv_control_msg error -71 req 02 val 2100 [ 193.974262][ T4651] pwc: recv_control_msg error -71 req 04 val 1500 [ 193.994222][ T7122] "syz.0.781" (7122) uses obsolete ecb(arc4) skcipher [ 193.994637][ T4651] pwc: recv_control_msg error -71 req 02 val 2500 [ 194.039528][ T4651] pwc: recv_control_msg error -71 req 02 val 2400 [ 194.069547][ T4651] pwc: recv_control_msg error -71 req 02 val 2600 [ 194.089770][ T4651] pwc: recv_control_msg error -71 req 02 val 2900 [ 194.114878][ T6883] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.137529][ T4651] pwc: recv_control_msg error -71 req 02 val 2800 [ 194.161339][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.167818][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.181751][ T4651] pwc: recv_control_msg error -71 req 04 val 1100 [ 194.213779][ T4651] pwc: recv_control_msg error -71 req 04 val 1200 [ 194.271403][ T4651] pwc: Registered as video103. [ 194.298391][ T4651] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input13 [ 194.346230][ C0] af_packet: tpacket_rcv: packet too big, clamped from 12 to 4294967272. macoff=96 [ 194.394002][ T4651] usb 3-1: USB disconnect, device number 4 [ 194.880009][ T7115] chnl_net:caif_netlink_parms(): no params data found [ 195.092219][ T7159] loop5: detected capacity change from 0 to 256 [ 195.145119][ T7159] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 195.192766][ T26] audit: type=1800 audit(1738775520.593:44): pid=7159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.789" name="file1" dev="loop5" ino=1048636 res=0 errno=0 [ 195.259114][ T26] audit: type=1800 audit(1738775520.633:45): pid=7159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.789" name="file1" dev="loop5" ino=1048636 res=0 errno=0 [ 195.599639][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 195.608155][ T47] Bluetooth: hci1: command 0x0409 tx timeout [ 195.626471][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 195.641389][ T7115] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.694501][ T7115] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.714230][ T7115] device bridge_slave_0 entered promiscuous mode [ 195.754518][ T7115] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.765609][ T7115] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.777781][ T7115] device bridge_slave_1 entered promiscuous mode [ 195.901498][ T7115] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 196.000455][ T6883] device veth0_vlan entered promiscuous mode [ 196.012342][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 196.025816][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 196.037449][ T7115] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 196.046739][ T7182] netlink: 'syz.5.798': attribute type 12 has an invalid length. [ 196.097582][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 196.111417][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 196.184885][ T6883] device veth1_vlan entered promiscuous mode [ 196.235659][ T47] Bluetooth: hci2: command 0x0406 tx timeout [ 196.238855][ T7115] team0: Port device team_slave_0 added [ 196.241764][ T47] Bluetooth: hci3: command 0x0406 tx timeout [ 196.254790][ T7115] team0: Port device team_slave_1 added [ 196.440080][ T7115] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 196.455322][ T7115] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.482588][ T7115] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 196.539020][ T7115] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 196.550780][ T7115] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.610233][ T7115] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 196.755407][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 196.767539][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 196.805999][ T6883] device veth0_macvtap entered promiscuous mode [ 196.869549][ T11] device hsr_slave_0 left promiscuous mode [ 196.883155][ T11] device hsr_slave_1 left promiscuous mode [ 196.897993][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 196.909904][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 196.921703][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 196.933041][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 197.002338][ T11] device veth1_macvtap left promiscuous mode [ 197.010873][ T11] device veth0_macvtap left promiscuous mode [ 197.022022][ T11] device veth1_vlan left promiscuous mode [ 197.030372][ T11] device veth0_vlan left promiscuous mode [ 197.435667][ T7206] loop2: detected capacity change from 0 to 32768 [ 197.546770][ T7206] XFS (loop2): Mounting V5 Filesystem [ 197.642575][ T7206] XFS (loop2): Ending clean mount [ 197.662549][ T7206] XFS (loop2): Quotacheck needed: Please wait. [ 197.673999][ T47] Bluetooth: hci1: command 0x041b tx timeout [ 197.827102][ T7206] XFS (loop2): Quotacheck: Done. [ 197.841855][ T7219] loop5: detected capacity change from 0 to 512 [ 197.870064][ T7219] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 197.910596][ T7219] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.804: bad orphan inode 131083 [ 197.949868][ T4252] XFS (loop2): Unmounting Filesystem [ 197.957152][ T7219] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 198.098692][ T4577] EXT4-fs (loop5): unmounting filesystem. [ 198.287614][ T11] team0 (unregistering): Port device team_slave_1 removed [ 198.382822][ T11] team0 (unregistering): Port device team_slave_0 removed [ 198.452261][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 198.547416][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 199.133501][ T11] bond0 (unregistering): (slave team0): Releasing backup interface [ 199.471297][ T11] bond0 (unregistering): Released all slaves [ 199.533391][ T6883] device veth1_macvtap entered promiscuous mode [ 199.588428][ T7115] device hsr_slave_0 entered promiscuous mode [ 199.601046][ T7115] device hsr_slave_1 entered promiscuous mode [ 199.612727][ T7115] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 199.627303][ T7115] Cannot create hsr debugfs directory [ 199.652084][ T4641] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 199.666909][ T4641] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 199.754044][ T47] Bluetooth: hci1: command 0x040f tx timeout [ 199.760432][ T6883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 199.771409][ T6883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.783022][ T6883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 199.803931][ T6883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.814110][ T6883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 199.824737][ T6883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.836466][ T6883] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 199.847558][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 199.862464][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 199.906629][ T6883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 199.918547][ T6883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.929049][ T6883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 199.946200][ T6883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.956920][ T6883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 199.968500][ T6883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.980419][ T6883] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 200.007047][ T4641] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 200.027952][ T4641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 200.095515][ T6883] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.112028][ T6883] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.122059][ T6883] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.138661][ T6883] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.384873][ T4641] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.416022][ T4641] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.477049][ T4641] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 200.511021][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.530508][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.572227][ T4641] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 200.710240][ T7115] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 200.763484][ T7115] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 200.800189][ T7115] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 200.844594][ T7115] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 200.911039][ T7263] loop6: detected capacity change from 0 to 2048 [ 201.006403][ T7263] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 201.043167][ T7263] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 201.103311][ T7263] fs-verity: sha512 using implementation "sha512-avx2" [ 201.163811][ T7263] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.734: bg 0: block 448: padding at end of block bitmap is not set [ 201.218747][ T7263] fs-verity (loop6, inode 13): ext4_end_enable_verity() failed with err -117 [ 201.286587][ T7115] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.314203][ T7271] loop0: detected capacity change from 0 to 512 [ 201.336723][ T7271] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 201.363589][ T4641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.391228][ T4641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.415985][ T6883] EXT4-fs (loop6): unmounting filesystem. [ 201.418001][ T7115] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.425547][ T7271] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.826: invalid indirect mapped block 4294967295 (level 1) [ 201.495270][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.512383][ T7271] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.826: invalid indirect mapped block 4294967295 (level 1) [ 201.570033][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.594720][ T7271] EXT4-fs (loop0): 2 truncates cleaned up [ 201.603786][ T7271] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 201.623235][ T4317] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.632208][ T4317] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.672018][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.695641][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.710808][ T4317] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.718034][ T4317] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.738964][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.768474][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.815482][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.834119][ T47] Bluetooth: hci1: command 0x0419 tx timeout [ 201.882748][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.944049][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.973303][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.994564][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.007171][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 202.028878][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 202.053481][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 202.085328][ T7288] loop6: detected capacity change from 0 to 2048 [ 202.109883][ T7115] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 202.141091][ T7115] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 202.169803][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 202.180264][ T7288] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 202.189178][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 202.190962][ T7291] loop2: detected capacity change from 0 to 2048 [ 202.214131][ T7288] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 202.229681][ T7288] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28 [ 202.242421][ T7288] EXT4-fs (loop6): This should not happen!! Data will be lost [ 202.242421][ T7288] [ 202.265543][ T7288] EXT4-fs (loop6): Total free blocks count 0 [ 202.270137][ T7274] loop5: detected capacity change from 0 to 32768 [ 202.271553][ T7288] EXT4-fs (loop6): Free/Dirty block details [ 202.289435][ T7274] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz.5.817 (7274) [ 202.307080][ T7288] EXT4-fs (loop6): free_blocks=2415919104 [ 202.313279][ T7288] EXT4-fs (loop6): dirty_blocks=32 [ 202.314424][ T7295] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 202.320012][ T7274] BTRFS info (device loop5): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 202.342131][ T7288] EXT4-fs (loop6): Block reservation details [ 202.368034][ T7288] EXT4-fs (loop6): i_reserved_data_blocks=2 [ 202.375377][ T7274] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 202.402366][ T7274] BTRFS info (device loop5): enabling disk space caching [ 202.440878][ T7274] BTRFS info (device loop5): force clearing of disk cache [ 202.478956][ T7274] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 202.508848][ T7274] BTRFS info (device loop5): use zstd compression, level 3 [ 202.558367][ T7274] BTRFS info (device loop5): disk space caching is enabled [ 202.575905][ T6883] EXT4-fs (loop6): unmounting filesystem. [ 202.813560][ T7316] raw_sendmsg: syz.6.827 forgot to set AF_INET. Fix it! [ 203.003928][ T7274] BTRFS info (device loop5): enabling ssd optimizations [ 203.020547][ T7274] BTRFS info (device loop5): rebuilding free space tree [ 203.056313][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 203.074022][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 203.089418][ T7115] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.118911][ T7274] BTRFS info (device loop5): disabling free space tree [ 203.156503][ T7274] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 203.186962][ T7274] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 203.672858][ T4577] BTRFS info (device loop5): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 203.704725][ T7352] loop6: detected capacity change from 0 to 64 [ 204.210924][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 204.224603][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 204.340404][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 204.359148][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 204.371099][ T4251] EXT4-fs (loop0): unmounting filesystem. [ 204.380796][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 204.435920][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 204.464710][ T7363] block nbd5: shutting down sockets [ 204.510592][ T7115] device veth0_vlan entered promiscuous mode [ 204.535062][ T7115] device veth1_vlan entered promiscuous mode [ 204.574596][ T7115] device veth0_macvtap entered promiscuous mode [ 204.586988][ T7115] device veth1_macvtap entered promiscuous mode [ 204.605535][ T7115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.616295][ T7115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.626507][ T7115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.658193][ T7115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.683520][ T7368] loop0: detected capacity change from 0 to 16 [ 204.684917][ T7115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.758118][ T7368] erofs: (device loop0): mounted with root inode @ nid 36. [ 204.793878][ T7115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.813758][ T7115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.849331][ T7115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.895601][ T7115] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 204.903014][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 204.929363][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 204.977659][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 204.991876][ T7349] loop2: detected capacity change from 0 to 40427 [ 205.020172][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 205.053234][ T7349] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 205.096983][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 205.114634][ T7349] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 205.122990][ T7349] F2FS-fs (loop2): inline encryption not supported [ 205.140988][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 205.167341][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 205.219216][ T7349] F2FS-fs (loop2): invalid crc value [ 205.241753][ T7115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.276782][ T7349] F2FS-fs (loop2): Found nat_bits in checkpoint [ 205.293637][ T7115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.323878][ T7115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.380975][ T7115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.422361][ T7115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.463158][ T7115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.503214][ T7115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.533140][ T7349] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 205.541197][ T7349] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 205.558942][ T7115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.603794][ T7115] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.629009][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 205.644213][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 205.679336][ T7349] syz.2.831: attempt to access beyond end of device [ 205.679336][ T7349] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 205.708859][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 205.751394][ T7115] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.786901][ T7115] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.831446][ T7115] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.866804][ T7115] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.883598][ T7393] loop0: detected capacity change from 0 to 1024 [ 206.256338][ T4317] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.309278][ T4317] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.368926][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 206.401726][ T4317] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.424384][ T4317] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.455115][ T4632] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 206.858594][ T7415] netlink: 20 bytes leftover after parsing attributes in process `syz.0.848'. [ 206.886062][ T7415] netlink: 20 bytes leftover after parsing attributes in process `syz.0.848'. [ 206.916048][ T7415] netlink: 20 bytes leftover after parsing attributes in process `syz.0.848'. [ 208.287424][ T7422] loop7: detected capacity change from 0 to 32768 [ 208.437654][ T7422] XFS (loop7): Mounting V5 Filesystem [ 208.498709][ T7429] loop6: detected capacity change from 0 to 32768 [ 208.543794][ T7429] XFS: ikeep mount option is deprecated. [ 208.581627][ T7451] loop2: detected capacity change from 0 to 32768 [ 208.592708][ T7451] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz.2.858 (7451) [ 208.669854][ T7429] XFS (loop6): Mounting V5 Filesystem [ 208.672370][ T7422] XFS (loop7): Ending clean mount [ 208.683125][ T7422] XFS (loop7): Quotacheck needed: Please wait. [ 208.709989][ T7451] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 208.733891][ T7451] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 208.748990][ T7439] loop5: detected capacity change from 0 to 40427 [ 208.769771][ T7451] BTRFS info (device loop2): enabling disk space caching [ 208.777214][ T7451] BTRFS info (device loop2): force clearing of disk cache [ 208.777697][ T7429] XFS (loop6): Ending clean mount [ 208.784739][ T7451] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 208.800387][ T7451] BTRFS info (device loop2): use zstd compression, level 3 [ 208.808015][ T7451] BTRFS info (device loop2): disk space caching is enabled [ 208.820004][ T7439] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x3ffff [ 208.847358][ T7439] F2FS-fs (loop5): invalid crc value [ 208.898818][ T7439] F2FS-fs (loop5): Found nat_bits in checkpoint [ 208.981022][ T7422] XFS (loop7): Quotacheck: Done. [ 209.102176][ T7451] BTRFS info (device loop2): enabling ssd optimizations [ 209.124114][ T7439] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 209.145262][ T7451] BTRFS info (device loop2): rebuilding free space tree [ 209.238581][ T6883] XFS (loop6): Unmounting Filesystem [ 209.251706][ T7451] BTRFS info (device loop2): disabling free space tree [ 209.266110][ T7451] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 209.291665][ T7115] XFS (loop7): Unmounting Filesystem [ 209.304686][ T7451] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 209.318361][ T7439] syz.5.855: attempt to access beyond end of device [ 209.318361][ T7439] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 209.328285][ T7509] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 209.389929][ T7509] syzkaller1: Refused to change device type [ 209.522876][ T4577] syz-executor: attempt to access beyond end of device [ 209.522876][ T4577] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 209.805945][ T4252] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 210.205640][ T7520] block nbd0: shutting down sockets [ 210.606349][ T7525] loop6: detected capacity change from 0 to 4096 [ 210.633171][ T7533] loop0: detected capacity change from 0 to 512 [ 210.665921][ T7525] ntfs3: loop6: Different NTFS' sector size (2048) and media sector size (512) [ 210.726762][ T7533] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 210.770540][ T7533] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 210.821586][ T26] audit: type=1800 audit(1738775536.223:46): pid=7525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.864" name="file1" dev="loop6" ino=30 res=0 errno=0 [ 210.853775][ T7533] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 210.902770][ T26] audit: type=1800 audit(1738775536.233:47): pid=7525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.864" name="file1" dev="loop6" ino=30 res=0 errno=0 [ 210.953427][ T7533] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 211.041885][ T7533] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e018, mo2=0080] [ 211.143408][ T7533] EXT4-fs (loop0): orphan cleanup on readonly fs [ 211.173254][ T7533] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.870: bg 0: block 34: padding at end of block bitmap is not set [ 211.233869][ T4421] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 211.250576][ T7533] Quota error (device loop0): write_blk: dquota write failed [ 211.272413][ T7533] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 211.274898][ T4262] Bluetooth: hci5: sending frame failed (-49) [ 211.292723][ T47] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 211.299516][ T7533] EXT4-fs error (device loop0): ext4_acquire_dquot:6795: comm syz.0.870: Failed to acquire dquot type 1 [ 211.342032][ T7551] loop5: detected capacity change from 0 to 1024 [ 211.402635][ T7533] EXT4-fs (loop0): 1 truncate cleaned up [ 211.410897][ T7551] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 211.441333][ T4421] usb 3-1: Using ep0 maxpacket: 16 [ 211.451431][ T4421] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 211.465460][ T7551] EXT4-fs (loop5): orphan cleanup on readonly fs [ 211.481109][ T7533] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 211.505443][ T7551] EXT4-fs error (device loop5): ext4_free_blocks:6210: comm syz.5.876: Freeing blocks not in datazone - block = 0, count = 4096 [ 211.547760][ T7551] EXT4-fs (loop5): 1 orphan inode deleted [ 211.554933][ T4421] usb 3-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 211.586002][ T7551] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 211.604119][ T4421] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.632532][ T4421] usb 3-1: config 0 descriptor?? [ 211.644661][ T4251] EXT4-fs (loop0): unmounting filesystem. [ 211.684787][ T4421] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input14 [ 211.742778][ T4577] EXT4-fs (loop5): unmounting filesystem. [ 211.916823][ T3607] bcm5974 3-1:0.0: could not read from device [ 211.962254][ T4421] bcm5974 3-1:0.0: could not read from device [ 211.984496][ T3607] bcm5974 3-1:0.0: could not read from device [ 212.002240][ T4421] input: failed to attach handler mousedev to device input14, error: -5 [ 212.027603][ T3607] bcm5974 3-1:0.0: could not read from device [ 212.049727][ T4421] usb 3-1: USB disconnect, device number 5 [ 212.081265][ T3607] bcm5974 3-1:0.0: could not read from device [ 212.282221][ T7579] binder: 7576:7579 ioctl 4018620d 0 returned -22 [ 212.518059][ T7589] loop0: detected capacity change from 0 to 128 [ 212.659517][ T26] audit: type=1800 audit(1738775538.063:48): pid=7589 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.886" name="file2" dev="loop0" ino=1048643 res=0 errno=0 [ 213.023990][ T4424] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 213.233897][ T4424] usb 3-1: Using ep0 maxpacket: 32 [ 213.246282][ T4424] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 213.285994][ T4424] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 213.339189][ T4424] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 213.398562][ T4424] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.444379][ T4424] usb 3-1: config 0 descriptor?? [ 213.888321][ T4424] savu 0003:1E7D:2D5A.0008: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 214.117065][ T7637] loop0: detected capacity change from 0 to 2048 [ 214.171630][ T7637] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 214.190782][ T4427] usb 3-1: USB disconnect, device number 6 [ 214.225999][ T7637] UDF-fs: Scanning with blocksize 512 failed [ 214.276732][ T7637] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 214.586570][ T7651] loop5: detected capacity change from 0 to 512 [ 214.631027][ T7651] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.907: casefold flag without casefold feature [ 214.684250][ T7651] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.907: couldn't read orphan inode 15 (err -117) [ 214.725738][ T7651] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 214.792835][ T7658] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 215.126831][ T4577] EXT4-fs (loop5): unmounting filesystem. [ 215.413242][ T7672] Process accounting resumed [ 215.452810][ T7669] loop2: detected capacity change from 0 to 4096 [ 215.553772][ T7680] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 215.650698][ T26] audit: type=1800 audit(1738775541.053:49): pid=7669 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.913" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 216.361543][ T7704] loop2: detected capacity change from 0 to 1024 [ 216.404401][ T7704] EXT4-fs: Ignoring removed nobh option [ 216.410030][ T7704] EXT4-fs: Ignoring removed mblk_io_submit option [ 216.423896][ T14] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 216.441294][ T7704] EXT4-fs: Ignoring removed bh option [ 216.532494][ T7704] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 216.581843][ T26] audit: type=1800 audit(1738775541.983:50): pid=7704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.923" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 216.614313][ T14] usb 7-1: Using ep0 maxpacket: 16 [ 216.624203][ T14] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11 [ 216.635959][ T14] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 216.652955][ T14] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 216.662574][ T14] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.681305][ T14] usb 7-1: config 0 descriptor?? [ 216.713935][ T4262] Bluetooth: hci0: command 0x0406 tx timeout [ 216.752016][ T7686] loop5: detected capacity change from 0 to 40427 [ 216.778403][ T7686] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x3ffff [ 216.805571][ T7686] F2FS-fs (loop5): invalid crc value [ 216.830425][ T7686] F2FS-fs (loop5): Found nat_bits in checkpoint [ 216.976384][ T4252] EXT4-fs (loop2): unmounting filesystem. [ 216.990453][ T7686] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 216.998395][ T7718] loop7: detected capacity change from 0 to 2048 [ 217.104180][ T14] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0 [ 217.111382][ T14] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0 [ 217.125057][ T7718] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 217.146255][ T14] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0 [ 217.158952][ T7718] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 217.164989][ T14] kovaplus 0003:1E7D:2D50.0009: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.6-1/input0 [ 217.249492][ T7718] EXT4-fs error (device loop7): ext4_validate_block_bitmap:438: comm syz.7.926: bg 0: block 448: padding at end of block bitmap is not set [ 217.283204][ T7718] fs-verity (loop7, inode 13): ext4_end_enable_verity() failed with err -117 [ 217.446526][ T7115] EXT4-fs (loop7): unmounting filesystem. [ 217.583373][ T7736] netlink: 4 bytes leftover after parsing attributes in process `syz.7.930'. [ 217.698506][ T26] audit: type=1326 audit(1738775543.103:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7739 comm="syz.2.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22caf8cde9 code=0x7ffc0000 [ 217.755586][ T26] audit: type=1326 audit(1738775543.143:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7739 comm="syz.2.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f22caf8cde9 code=0x7ffc0000 [ 217.800058][ T26] audit: type=1326 audit(1738775543.143:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7739 comm="syz.2.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22caf8cde9 code=0x7ffc0000 [ 217.876398][ T26] audit: type=1326 audit(1738775543.143:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7739 comm="syz.2.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f22caf8cde9 code=0x7ffc0000 [ 217.923020][ T14] kovaplus 0003:1E7D:2D50.0009: couldn't init struct kovaplus_device [ 217.942388][ T14] kovaplus 0003:1E7D:2D50.0009: couldn't install mouse [ 217.968039][ T14] kovaplus: probe of 0003:1E7D:2D50.0009 failed with error -71 [ 217.983188][ T26] audit: type=1326 audit(1738775543.243:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7739 comm="syz.2.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22caf8cde9 code=0x7ffc0000 [ 218.028051][ T14] usb 7-1: USB disconnect, device number 2 [ 218.074840][ T26] audit: type=1326 audit(1738775543.243:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7739 comm="syz.2.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22caf8cde9 code=0x7ffc0000 [ 218.273059][ T7756] loop7: detected capacity change from 0 to 1024 [ 218.296964][ T7759] netlink: 4 bytes leftover after parsing attributes in process `syz.2.937'. [ 218.402304][ T7756] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 218.732039][ T7115] EXT4-fs (loop7): unmounting filesystem. [ 219.220067][ T7791] mmap: syz.7.944 (7791) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 219.263572][ T7793] loop6: detected capacity change from 0 to 256 [ 219.341591][ T7793] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 219.520081][ T7804] device pim6reg1 entered promiscuous mode [ 219.753351][ T7812] loop2: detected capacity change from 0 to 1024 [ 220.057197][ T26] audit: type=1800 audit(1738775545.463:57): pid=7812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.950" name=A814F6F2377BCFC78E2E86368C138510A04CEDF7175AF8C2034FAE7413E3ACE8C71AB9A0AF1CA7042011A6ED028E205648535DABF3B2F85196AE18D36B839E3CD54AE4933AD529888FDAC7BB8A70C72BC0FC81BA06506F2D5BC7686E219BBE5283959CBEF9950E071CB6D9F341FC624A5110341F26CEBD71 dev="loop2" ino=25 res=0 errno=0 [ 220.540191][ T7839] device batadv_slave_1 entered promiscuous mode [ 220.580795][ T7838] device batadv_slave_1 left promiscuous mode [ 220.624598][ T7830] loop0: detected capacity change from 0 to 8192 [ 220.655124][ T7830] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 220.764864][ T7830] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 220.780161][ T7830] REISERFS (device loop0): using ordered data mode [ 220.787752][ T7830] reiserfs: using flush barriers [ 220.795001][ T7830] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 220.831715][ T7106] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 220.848361][ T7830] REISERFS (device loop0): checking transaction log (loop0) [ 220.888313][ T7830] REISERFS (device loop0): Using r5 hash to sort names [ 220.913058][ T7830] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 221.036512][ T7106] usb 8-1: Using ep0 maxpacket: 8 [ 221.058475][ T7106] usb 8-1: config 179 has an invalid interface number: 65 but max is 0 [ 221.104146][ T7106] usb 8-1: config 179 has no interface number 0 [ 221.130891][ T7106] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 221.181262][ T7864] netlink: 4 bytes leftover after parsing attributes in process `syz.6.961'. [ 221.184357][ T7106] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 221.242282][ T7106] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 221.271625][ T7106] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 221.324169][ T7106] usb 8-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 221.347971][ T7106] usb 8-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 221.362579][ T7106] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.387961][ T7842] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 221.561758][ T7864] device hsr_slave_1 left promiscuous mode [ 221.579952][ T7870] netem: change failed [ 221.969188][ T7879] loop5: detected capacity change from 0 to 1024 [ 221.984431][ T7106] input: Generic X-Box pad as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:179.65/input/input15 [ 222.137110][ T7842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 222.191753][ T7842] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 222.469358][ T4885] usb 8-1: USB disconnect, device number 2 [ 222.469363][ C0] xpad 8-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 222.469404][ C0] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 222.509266][ T4885] xpad 8-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 223.247250][ T7915] loop7: detected capacity change from 0 to 128 [ 223.331058][ T7915] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 223.349114][ T7915] ext4 filesystem being mounted at /23/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 223.504439][ T7923] loop6: detected capacity change from 0 to 8 [ 223.590091][ T7923] unable to read inode lookup table [ 223.611504][ T7115] EXT4-fs (loop7): unmounting filesystem. [ 224.210190][ T7944] loop0: detected capacity change from 0 to 256 [ 224.399197][ T7944] FAT-fs (loop0): Directory bread(block 64) failed [ 224.409516][ T7944] FAT-fs (loop0): Directory bread(block 65) failed [ 224.449139][ T7944] FAT-fs (loop0): Directory bread(block 66) failed [ 224.496147][ T7944] FAT-fs (loop0): Directory bread(block 67) failed [ 224.512377][ T7952] [ 224.514759][ T7952] ===================================================== [ 224.521701][ T7952] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 224.529168][ T7952] 6.1.128-syzkaller #0 Not tainted [ 224.534290][ T7952] ----------------------------------------------------- [ 224.541239][ T7952] syz.7.989/7952 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 224.548805][ T7952] ffffffff8d00a058 (tasklist_lock){.+.+}-{2:2}, at: send_sigurg+0xea/0x3b0 [ 224.557478][ T7952] [ 224.557478][ T7952] and this task is already holding: [ 224.564850][ T7952] ffff888060eb1030 (&f->f_owner.lock){....}-{2:2}, at: send_sigurg+0x25/0x3b0 [ 224.573752][ T7952] which would create a new lock dependency: [ 224.579639][ T7952] (&f->f_owner.lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2} [ 224.587404][ T7952] [ 224.587404][ T7952] but this new dependency connects a HARDIRQ-irq-safe lock: [ 224.596856][ T7952] (&dev->event_lock#2){-.-.}-{2:2} [ 224.596890][ T7952] [ 224.596890][ T7952] ... which became HARDIRQ-irq-safe at: [ 224.609778][ T7952] lock_acquire+0x1f8/0x5a0 [ 224.614384][ T7952] _raw_spin_lock_irqsave+0xd1/0x120 [ 224.619771][ T7952] input_event+0x8d/0xd0 [ 224.624112][ T7952] psmouse_report_standard_packet+0x50/0x200 [ 224.630228][ T7952] psmouse_process_byte+0x45b/0x640 [ 224.635526][ T7952] psmouse_handle_byte+0x46/0x4b0 [ 224.640640][ T7952] psmouse_interrupt+0x697/0x10a0 [ 224.645754][ T7952] serio_interrupt+0x88/0x130 [ 224.650524][ T7952] i8042_interrupt+0x357/0x750 [ 224.655379][ T7952] __handle_irq_event_percpu+0x2a8/0xb20 [ 224.661108][ T7952] handle_irq_event+0x85/0x1e0 [ 224.665960][ T7952] handle_edge_irq+0x245/0xbf0 [ 224.670820][ T7952] __common_interrupt+0xd7/0x1f0 [ 224.675852][ T7952] common_interrupt+0xae/0xd0 [ 224.680615][ T7952] asm_common_interrupt+0x22/0x40 [ 224.685744][ T7952] _raw_spin_unlock_irqrestore+0xd4/0x130 [ 224.691579][ T7952] i8042_aux_write+0x112/0x190 [ 224.696460][ T7952] ps2_do_sendbyte+0x20a/0x720 [ 224.701336][ T7952] ps2_sendbyte+0x5c/0x120 [ 224.705853][ T7952] cypress_send_ext_cmd+0x21d/0x900 [ 224.711147][ T7952] cypress_detect+0x8f/0x220 [ 224.715834][ T7952] psmouse_extensions+0xc2a/0x1550 [ 224.721033][ T7952] psmouse_switch_protocol+0x308/0x840 [ 224.726579][ T7952] psmouse_connect+0x903/0x14c0 [ 224.731517][ T7952] serio_driver_probe+0x74/0x90 [ 224.736465][ T7952] really_probe+0x2ab/0xcb0 [ 224.741067][ T7952] __driver_probe_device+0x1a2/0x3d0 [ 224.746446][ T7952] driver_probe_device+0x50/0x420 [ 224.751572][ T7952] __driver_attach+0x458/0x6f0 [ 224.756428][ T7952] bus_for_each_dev+0x17c/0x1f0 [ 224.761380][ T7952] serio_handle_event+0x56a/0x8f0 [ 224.766518][ T7952] process_one_work+0x8a9/0x11d0 [ 224.771547][ T7952] worker_thread+0xa47/0x1200 [ 224.776313][ T7952] kthread+0x28d/0x320 [ 224.780476][ T7952] ret_from_fork+0x1f/0x30 [ 224.784990][ T7952] [ 224.784990][ T7952] to a HARDIRQ-irq-unsafe lock: [ 224.792031][ T7952] (tasklist_lock){.+.+}-{2:2} [ 224.792060][ T7952] [ 224.792060][ T7952] ... which became HARDIRQ-irq-unsafe at: [ 224.804692][ T7952] ... [ 224.804699][ T7952] lock_acquire+0x1f8/0x5a0 [ 224.811884][ T7952] _raw_read_lock+0x32/0x40 [ 224.816486][ T7952] do_wait+0x2c6/0xb80 [ 224.820652][ T7952] kernel_wait+0xe5/0x230 [ 224.825077][ T7952] call_usermodehelper_exec_work+0xb5/0x220 [ 224.831066][ T7952] process_one_work+0x8a9/0x11d0 [ 224.836095][ T7952] worker_thread+0xa47/0x1200 [ 224.840867][ T7952] kthread+0x28d/0x320 [ 224.845027][ T7952] ret_from_fork+0x1f/0x30 [ 224.849535][ T7952] [ 224.849535][ T7952] other info that might help us debug this: [ 224.849535][ T7952] [ 224.859795][ T7952] Chain exists of: [ 224.859795][ T7952] &dev->event_lock#2 --> &f->f_owner.lock --> tasklist_lock [ 224.859795][ T7952] [ 224.873040][ T7952] Possible interrupt unsafe locking scenario: [ 224.873040][ T7952] [ 224.881351][ T7952] CPU0 CPU1 [ 224.886745][ T7952] ---- ---- [ 224.892106][ T7952] lock(tasklist_lock); [ 224.896352][ T7952] local_irq_disable(); [ 224.903132][ T7952] lock(&dev->event_lock#2); [ 224.910356][ T7952] lock(&f->f_owner.lock); [ 224.917386][ T7952] [ 224.920844][ T7952] lock(&dev->event_lock#2); [ 224.925730][ T7952] [ 224.925730][ T7952] *** DEADLOCK *** [ 224.925730][ T7952] [ 224.933892][ T7952] 2 locks held by syz.7.989/7952: [ 224.938911][ T7952] #0: ffff8880212bfe80 (&u->lock){+.+.}-{2:2}, at: queue_oob+0x4c4/0xaf0 [ 224.947453][ T7952] #1: ffff888060eb1030 (&f->f_owner.lock){....}-{2:2}, at: send_sigurg+0x25/0x3b0 [ 224.956806][ T7952] [ 224.956806][ T7952] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 224.967321][ T7952] -> (&dev->event_lock#2){-.-.}-{2:2} { [ 224.973064][ T7952] IN-HARDIRQ-W at: [ 224.977220][ T7952] lock_acquire+0x1f8/0x5a0 [ 224.983731][ T7952] _raw_spin_lock_irqsave+0xd1/0x120 [ 224.991023][ T7952] input_event+0x8d/0xd0 [ 224.997270][ T7952] psmouse_report_standard_packet+0x50/0x200 [ 225.005263][ T7952] psmouse_process_byte+0x45b/0x640 [ 225.012470][ T7952] psmouse_handle_byte+0x46/0x4b0 [ 225.019504][ T7952] psmouse_interrupt+0x697/0x10a0 [ 225.026523][ T7952] serio_interrupt+0x88/0x130 [ 225.033201][ T7952] i8042_interrupt+0x357/0x750 [ 225.039967][ T7952] __handle_irq_event_percpu+0x2a8/0xb20 [ 225.047612][ T7952] handle_irq_event+0x85/0x1e0 [ 225.054376][ T7952] handle_edge_irq+0x245/0xbf0 [ 225.061145][ T7952] __common_interrupt+0xd7/0x1f0 [ 225.068087][ T7952] common_interrupt+0xae/0xd0 [ 225.074762][ T7952] asm_common_interrupt+0x22/0x40 [ 225.081783][ T7952] _raw_spin_unlock_irqrestore+0xd4/0x130 [ 225.089508][ T7952] i8042_aux_write+0x112/0x190 [ 225.096277][ T7952] ps2_do_sendbyte+0x20a/0x720 [ 225.103049][ T7952] ps2_sendbyte+0x5c/0x120 [ 225.109509][ T7952] cypress_send_ext_cmd+0x21d/0x900 [ 225.116720][ T7952] cypress_detect+0x8f/0x220 [ 225.123316][ T7952] psmouse_extensions+0xc2a/0x1550 [ 225.130427][ T7952] psmouse_switch_protocol+0x308/0x840 [ 225.137880][ T7952] psmouse_connect+0x903/0x14c0 [ 225.144728][ T7952] serio_driver_probe+0x74/0x90 [ 225.151580][ T7952] really_probe+0x2ab/0xcb0 [ 225.158083][ T7952] __driver_probe_device+0x1a2/0x3d0 [ 225.165372][ T7952] driver_probe_device+0x50/0x420 [ 225.172399][ T7952] __driver_attach+0x458/0x6f0 [ 225.179174][ T7952] bus_for_each_dev+0x17c/0x1f0 [ 225.186022][ T7952] serio_handle_event+0x56a/0x8f0 [ 225.193047][ T7952] process_one_work+0x8a9/0x11d0 [ 225.199984][ T7952] worker_thread+0xa47/0x1200 [ 225.206661][ T7952] kthread+0x28d/0x320 [ 225.212810][ T7952] ret_from_fork+0x1f/0x30 [ 225.219231][ T7952] IN-SOFTIRQ-W at: [ 225.223410][ T7952] lock_acquire+0x1f8/0x5a0 [ 225.229917][ T7952] _raw_spin_lock_irqsave+0xd1/0x120 [ 225.237206][ T7952] input_event+0x8d/0xd0 [ 225.243453][ T7952] xpad360_process_packet+0x20a/0xb10 [ 225.250847][ T7952] xpad_irq_in+0x141e/0x2500 [ 225.257467][ T7952] __usb_hcd_giveback_urb+0x371/0x530 [ 225.264853][ T7952] dummy_timer+0x8dc/0x32b0 [ 225.271367][ T7952] __hrtimer_run_queues+0x5e5/0xe50 [ 225.278577][ T7952] hrtimer_run_softirq+0x196/0x2c0 [ 225.285698][ T7952] handle_softirqs+0x2ee/0xa40 [ 225.292475][ T7952] do_softirq+0x162/0x240 [ 225.298812][ T7952] __local_bh_enable_ip+0x1b1/0x1f0 [ 225.306021][ T7952] batadv_tt_purge+0x4dc/0xa40 [ 225.312790][ T7952] process_one_work+0x8a9/0x11d0 [ 225.319730][ T7952] worker_thread+0xa47/0x1200 [ 225.326410][ T7952] kthread+0x28d/0x320 [ 225.332486][ T7952] ret_from_fork+0x1f/0x30 [ 225.338908][ T7952] INITIAL USE at: [ 225.342975][ T7952] lock_acquire+0x1f8/0x5a0 [ 225.349399][ T7952] _raw_spin_lock_irqsave+0xd1/0x120 [ 225.356602][ T7952] input_inject_event+0xc1/0x330 [ 225.363460][ T7952] led_trigger_event+0x130/0x210 [ 225.370316][ T7952] kbd_led_trigger_activate+0xb9/0x100 [ 225.377696][ T7952] led_trigger_set+0x55a/0x970 [ 225.384375][ T7952] led_trigger_set_default+0x1c2/0x200 [ 225.391845][ T7952] led_classdev_register_ext+0x600/0x7e0 [ 225.399395][ T7952] input_leds_connect+0x48f/0x630 [ 225.406338][ T7952] input_register_device+0xcec/0x1080 [ 225.413883][ T7952] atkbd_connect+0x79d/0x9e0 [ 225.420392][ T7952] serio_driver_probe+0x74/0x90 [ 225.427159][ T7952] really_probe+0x2ab/0xcb0 [ 225.433581][ T7952] __driver_probe_device+0x1a2/0x3d0 [ 225.440799][ T7952] driver_probe_device+0x50/0x420 [ 225.447755][ T7952] __driver_attach+0x458/0x6f0 [ 225.454444][ T7952] bus_for_each_dev+0x17c/0x1f0 [ 225.461215][ T7952] serio_handle_event+0x56a/0x8f0 [ 225.468162][ T7952] process_one_work+0x8a9/0x11d0 [ 225.475018][ T7952] worker_thread+0xa47/0x1200 [ 225.481610][ T7952] kthread+0x28d/0x320 [ 225.487592][ T7952] ret_from_fork+0x1f/0x30 [ 225.493926][ T7952] } [ 225.496596][ T7952] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 225.505889][ T7952] -> (&new->fa_lock){....}-{2:2} { [ 225.511111][ T7952] INITIAL USE at: [ 225.515089][ T7952] lock_acquire+0x1f8/0x5a0 [ 225.521340][ T7952] _raw_write_lock_irq+0xcf/0x110 [ 225.528110][ T7952] fasync_remove_entry+0xfb/0x1d0 [ 225.534882][ T7952] __fput+0x75e/0x8d0 [ 225.540606][ T7952] task_work_run+0x246/0x300 [ 225.546941][ T7952] exit_to_user_mode_loop+0xde/0x100 [ 225.553963][ T7952] exit_to_user_mode_prepare+0xb1/0x140 [ 225.561245][ T7952] syscall_exit_to_user_mode+0x60/0x270 [ 225.568541][ T7952] do_syscall_64+0x47/0xb0 [ 225.574694][ T7952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 225.582334][ T7952] INITIAL READ USE at: [ 225.586751][ T7952] lock_acquire+0x1f8/0x5a0 [ 225.593435][ T7952] _raw_read_lock_irqsave+0xd9/0x120 [ 225.600899][ T7952] kill_fasync+0x196/0x4d0 [ 225.607496][ T7952] mousedev_notify_readers+0x719/0xc80 [ 225.615140][ T7952] mousedev_event+0x554/0x1260 [ 225.622086][ T7952] input_pass_values+0x9ee/0x12a0 [ 225.629283][ T7952] input_event_dispose+0x366/0x650 [ 225.636579][ T7952] input_handle_event+0x97d/0xb00 [ 225.643780][ T7952] input_inject_event+0x224/0x330 [ 225.650986][ T7952] evdev_write+0x668/0x7c0 [ 225.657579][ T7952] vfs_write+0x2d9/0xbc0 [ 225.663993][ T7952] ksys_write+0x19c/0x2c0 [ 225.670495][ T7952] do_syscall_64+0x3b/0xb0 [ 225.677086][ T7952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 225.685157][ T7952] } [ 225.687752][ T7952] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 225.696519][ T7952] ... acquired at: [ 225.700404][ T7952] lock_acquire+0x1f8/0x5a0 [ 225.705115][ T7952] _raw_read_lock_irqsave+0xd9/0x120 [ 225.710582][ T7952] kill_fasync+0x196/0x4d0 [ 225.715179][ T7952] mousedev_notify_readers+0x719/0xc80 [ 225.720818][ T7952] mousedev_event+0x554/0x1260 [ 225.725775][ T7952] input_pass_values+0x9ee/0x12a0 [ 225.730971][ T7952] input_event_dispose+0x366/0x650 [ 225.736265][ T7952] input_handle_event+0x97d/0xb00 [ 225.741469][ T7952] input_inject_event+0x224/0x330 [ 225.746675][ T7952] evdev_write+0x668/0x7c0 [ 225.751270][ T7952] vfs_write+0x2d9/0xbc0 [ 225.755698][ T7952] ksys_write+0x19c/0x2c0 [ 225.760198][ T7952] do_syscall_64+0x3b/0xb0 [ 225.764787][ T7952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 225.770861][ T7952] [ 225.773201][ T7952] -> (&f->f_owner.lock){....}-{2:2} { [ 225.778596][ T7952] INITIAL USE at: [ 225.782490][ T7952] lock_acquire+0x1f8/0x5a0 [ 225.788573][ T7952] _raw_write_lock_irq+0xcf/0x110 [ 225.795166][ T7952] __f_setown+0x38/0x350 [ 225.800980][ T7952] generic_setlease+0xf3f/0x1440 [ 225.807483][ T7952] fcntl_setlease+0x341/0x3f0 [ 225.813745][ T7952] do_fcntl+0x10a/0x1500 [ 225.819550][ T7952] __se_sys_fcntl+0xd5/0x1b0 [ 225.825708][ T7952] do_syscall_64+0x3b/0xb0 [ 225.831696][ T7952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 225.839161][ T7952] INITIAL READ USE at: [ 225.843490][ T7952] lock_acquire+0x1f8/0x5a0 [ 225.850002][ T7952] _raw_read_lock_irqsave+0xd9/0x120 [ 225.857292][ T7952] send_sigio+0x2f/0x360 [ 225.863537][ T7952] kill_fasync+0x232/0x4d0 [ 225.869997][ T7952] mousedev_notify_readers+0x719/0xc80 [ 225.877463][ T7952] mousedev_event+0x554/0x1260 [ 225.884233][ T7952] input_pass_values+0x9ee/0x12a0 [ 225.891272][ T7952] input_event_dispose+0x366/0x650 [ 225.898389][ T7952] input_handle_event+0x97d/0xb00 [ 225.905420][ T7952] input_inject_event+0x224/0x330 [ 225.912449][ T7952] evdev_write+0x668/0x7c0 [ 225.918869][ T7952] vfs_write+0x2d9/0xbc0 [ 225.925107][ T7952] ksys_write+0x19c/0x2c0 [ 225.931433][ T7952] do_syscall_64+0x3b/0xb0 [ 225.937845][ T7952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 225.945745][ T7952] } [ 225.948242][ T7952] ... key at: [] __alloc_file.__key+0x0/0x10 [ 225.956327][ T7952] ... acquired at: [ 225.960126][ T7952] lock_acquire+0x1f8/0x5a0 [ 225.964809][ T7952] _raw_read_lock_irqsave+0xd9/0x120 [ 225.970274][ T7952] send_sigio+0x2f/0x360 [ 225.974697][ T7952] kill_fasync+0x232/0x4d0 [ 225.979295][ T7952] mousedev_notify_readers+0x719/0xc80 [ 225.984956][ T7952] mousedev_event+0x554/0x1260 [ 225.989902][ T7952] input_pass_values+0x9ee/0x12a0 [ 225.995097][ T7952] input_event_dispose+0x366/0x650 [ 226.000389][ T7952] input_handle_event+0x97d/0xb00 [ 226.005594][ T7952] input_inject_event+0x224/0x330 [ 226.010798][ T7952] evdev_write+0x668/0x7c0 [ 226.015392][ T7952] vfs_write+0x2d9/0xbc0 [ 226.019810][ T7952] ksys_write+0x19c/0x2c0 [ 226.024311][ T7952] do_syscall_64+0x3b/0xb0 [ 226.028897][ T7952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 226.034975][ T7952] [ 226.037295][ T7952] [ 226.037295][ T7952] the dependencies between the lock to be acquired [ 226.037304][ T7952] and HARDIRQ-irq-unsafe lock: [ 226.050806][ T7952] -> (tasklist_lock){.+.+}-{2:2} { [ 226.055936][ T7952] HARDIRQ-ON-R at: [ 226.059910][ T7952] lock_acquire+0x1f8/0x5a0 [ 226.066085][ T7952] _raw_read_lock+0x32/0x40 [ 226.072244][ T7952] do_wait+0x2c6/0xb80 [ 226.077966][ T7952] kernel_wait+0xe5/0x230 [ 226.083951][ T7952] call_usermodehelper_exec_work+0xb5/0x220 [ 226.091521][ T7952] process_one_work+0x8a9/0x11d0 [ 226.098110][ T7952] worker_thread+0xa47/0x1200 [ 226.104443][ T7952] kthread+0x28d/0x320 [ 226.110175][ T7952] ret_from_fork+0x1f/0x30 [ 226.116269][ T7952] SOFTIRQ-ON-R at: [ 226.120248][ T7952] lock_acquire+0x1f8/0x5a0 [ 226.126402][ T7952] _raw_read_lock+0x32/0x40 [ 226.132556][ T7952] do_wait+0x2c6/0xb80 [ 226.138298][ T7952] kernel_wait+0xe5/0x230 [ 226.144283][ T7952] call_usermodehelper_exec_work+0xb5/0x220 [ 226.151834][ T7952] process_one_work+0x8a9/0x11d0 [ 226.158426][ T7952] worker_thread+0xa47/0x1200 [ 226.164777][ T7952] kthread+0x28d/0x320 [ 226.170495][ T7952] ret_from_fork+0x1f/0x30 [ 226.176567][ T7952] INITIAL USE at: [ 226.180462][ T7952] lock_acquire+0x1f8/0x5a0 [ 226.186542][ T7952] _raw_write_lock_irq+0xcf/0x110 [ 226.193134][ T7952] copy_process+0x24b6/0x4060 [ 226.199371][ T7952] kernel_clone+0x222/0x920 [ 226.205510][ T7952] user_mode_thread+0x12e/0x190 [ 226.211922][ T7952] rest_init+0x23/0x300 [ 226.217640][ T7952] start_kernel+0x0/0x53f [ 226.223543][ T7952] start_kernel+0x496/0x53f [ 226.229614][ T7952] secondary_startup_64_no_verify+0xcf/0xdb [ 226.237072][ T7952] INITIAL READ USE at: [ 226.241394][ T7952] lock_acquire+0x1f8/0x5a0 [ 226.247899][ T7952] _raw_read_lock+0x32/0x40 [ 226.254405][ T7952] do_wait+0x2c6/0xb80 [ 226.260481][ T7952] kernel_wait+0xe5/0x230 [ 226.266807][ T7952] call_usermodehelper_exec_work+0xb5/0x220 [ 226.274715][ T7952] process_one_work+0x8a9/0x11d0 [ 226.281668][ T7952] worker_thread+0xa47/0x1200 [ 226.288406][ T7952] kthread+0x28d/0x320 [ 226.294478][ T7952] ret_from_fork+0x1f/0x30 [ 226.300911][ T7952] } [ 226.303406][ T7952] ... key at: [] tasklist_lock+0x18/0x40 [ 226.311128][ T7952] ... acquired at: [ 226.314926][ T7952] lock_acquire+0x1f8/0x5a0 [ 226.319632][ T7952] _raw_read_lock+0x32/0x40 [ 226.324332][ T7952] send_sigurg+0xea/0x3b0 [ 226.328842][ T7952] sk_send_sigurg+0x6a/0xb0 [ 226.333525][ T7952] queue_oob+0x81a/0xaf0 [ 226.337943][ T7952] unix_stream_sendmsg+0xe10/0x1070 [ 226.343316][ T7952] ____sys_sendmsg+0x5a5/0x8f0 [ 226.348265][ T7952] __sys_sendmsg+0x2a9/0x390 [ 226.353035][ T7952] do_syscall_64+0x3b/0xb0 [ 226.357623][ T7952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 226.363699][ T7952] [ 226.366016][ T7952] [ 226.366016][ T7952] stack backtrace: [ 226.371898][ T7952] CPU: 1 PID: 7952 Comm: syz.7.989 Not tainted 6.1.128-syzkaller #0 [ 226.379876][ T7952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 226.389929][ T7952] Call Trace: [ 226.393297][ T7952] [ 226.396263][ T7952] dump_stack_lvl+0x1e3/0x2cb [ 226.400960][ T7952] ? nf_tcp_handle_invalid+0x642/0x642 [ 226.406435][ T7952] ? panic+0x764/0x764 [ 226.410515][ T7952] ? print_shortest_lock_dependencies+0xee/0x150 [ 226.416852][ T7952] validate_chain+0x4d16/0x5950 [ 226.421721][ T7952] ? reacquire_held_locks+0x660/0x660 [ 226.427101][ T7952] ? reacquire_held_locks+0x660/0x660 [ 226.432478][ T7952] ? __lock_acquire+0x125b/0x1f80 [ 226.437513][ T7952] ? mark_lock+0x9a/0x340 [ 226.441852][ T7952] __lock_acquire+0x125b/0x1f80 [ 226.446716][ T7952] lock_acquire+0x1f8/0x5a0 [ 226.451229][ T7952] ? send_sigurg+0xea/0x3b0 [ 226.455743][ T7952] ? read_lock_is_recursive+0x10/0x10 [ 226.461145][ T7952] ? _raw_read_lock_irqsave+0xac/0x120 [ 226.466817][ T7952] ? do_raw_read_lock+0x38/0x80 [ 226.471685][ T7952] ? _raw_read_lock_irqsave+0xe5/0x120 [ 226.477182][ T7952] ? _raw_read_lock+0x40/0x40 [ 226.481868][ T7952] ? do_raw_spin_lock+0x14a/0x370 [ 226.486896][ T7952] _raw_read_lock+0x32/0x40 [ 226.491439][ T7952] ? send_sigurg+0xea/0x3b0 [ 226.495964][ T7952] send_sigurg+0xea/0x3b0 [ 226.500480][ T7952] sk_send_sigurg+0x6a/0xb0 [ 226.504990][ T7952] queue_oob+0x81a/0xaf0 [ 226.509286][ T7952] ? scm_stat_add+0xb0/0xb0 [ 226.513793][ T7952] ? apparmor_socket_getpeersec_dgram+0x5/0x10 [ 226.519954][ T7952] ? security_socket_getpeersec_dgram+0x99/0xb0 [ 226.526235][ T7952] unix_stream_sendmsg+0xe10/0x1070 [ 226.531449][ T7952] ? tomoyo_socket_bind_permission+0x330/0x330 [ 226.537608][ T7952] ? unix_show_fdinfo+0x2d0/0x2d0 [ 226.542636][ T7952] ? __import_iovec+0x316/0x4c0 [ 226.547494][ T7952] ? aa_sock_msg_perm+0x91/0x150 [ 226.552446][ T7952] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 226.557738][ T7952] ? security_socket_sendmsg+0x7d/0xa0 [ 226.563198][ T7952] ? unix_show_fdinfo+0x2d0/0x2d0 [ 226.568224][ T7952] ____sys_sendmsg+0x5a5/0x8f0 [ 226.572998][ T7952] ? __sys_sendmsg_sock+0x30/0x30 [ 226.578053][ T7952] __sys_sendmsg+0x2a9/0x390 [ 226.582669][ T7952] ? ____sys_sendmsg+0x8f0/0x8f0 [ 226.587704][ T7952] ? __rcu_read_unlock+0x92/0x100 [ 226.592742][ T7952] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 226.598756][ T7952] ? syscall_enter_from_user_mode+0x2e/0x230 [ 226.604744][ T7952] ? lockdep_hardirqs_on+0x94/0x130 [ 226.609947][ T7952] ? syscall_enter_from_user_mode+0x2e/0x230 [ 226.615933][ T7952] do_syscall_64+0x3b/0xb0 [ 226.620368][ T7952] ? clear_bhb_loop+0x45/0xa0 [ 226.625048][ T7952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 226.630950][ T7952] RIP: 0033:0x7f117cb8cde9 [ 226.635379][ T7952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.655076][ T7952] RSP: 002b:00007f117d9a9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 226.663492][ T7952] RAX: ffffffffffffffda RBX: 00007f117cda5fa0 RCX: 00007f117cb8cde9 [ 226.671489][ T7952] RDX: 0000000024008881 RSI: 0000200000000080 RDI: 0000000000000003 [ 226.679464][ T7952] RBP: 00007f117cc0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 226.687432][ T7952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 226.695400][ T7952] R13: 0000000000000000 R14: 00007f117cda5fa0 R15: 00007fffef661498 [ 226.703381][ T7952] [ 226.730089][ T7944] FAT-fs (loop0): Directory bread(block 68) failed [ 226.761488][ T7944] FAT-fs (loop0): Directory bread(block 69) failed [ 226.796417][ T7944] FAT-fs (loop0): Directory bread(block 70) failed [ 226.843779][ T7944] FAT-fs (loop0): Directory bread(block 71) failed [ 226.850412][ T7944] FAT-fs (loop0): Directory bread(block 72) failed [ 226.881086][ T7944] FAT-fs (loop0): Directory bread(block 73) failed