last executing test programs: 2m29.829898473s ago: executing program 2 (id=6660): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x4}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0x8, 0x1, 'LED\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) 2m29.666190932s ago: executing program 2 (id=6663): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in=@dev={0xac, 0x14, 0x14, 0xe}, 0x8000, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x8000, 0x3, 0x1}}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0xa00, &(0x7f0000000080)={&(0x7f0000000040)=@flushpolicy={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@policy_type={0xa, 0x10, {0x1}}]}, 0x1c}}, 0x0) 2m29.379245665s ago: executing program 2 (id=6665): syz_usb_connect(0x2, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000b3838108480b0310547b01020301090212000100000000090401"], 0x0) r0 = syz_open_dev$I2C(&(0x7f00000001c0), 0x78b5, 0x80) ioctl$I2C_RDWR(r0, 0x707, &(0x7f00000006c0)={&(0x7f0000000600)=[{0x6, 0xa10, 0x0, 0x0}, {0xfffc, 0x8800, 0x0, 0x0}], 0x2}) 2m27.738488375s ago: executing program 2 (id=6672): symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') mount$9p_unix(&(0x7f00000000c0)='./file0/file0/..\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x12d7498, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0/..\x00', &(0x7f0000000300)={0x0, 0x0, 0x31}, 0x18) 2m27.471955559s ago: executing program 2 (id=6674): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f0000000640)=@framed={{}, [@printk, @snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000600)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r1}, 0xc) 2m25.844269187s ago: executing program 2 (id=6680): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newqdisc={0x5c, 0x10, 0x1, 0x70bd25, 0x25dfdbfc, {0x6, 0x0, 0x8100, 0x0, {0x1, 0x10}, {0xfff1}, {0xe, 0x10}}, [@TCA_RATE={0x5, 0x5, {0xfc}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x400c800}, 0x0) 2m25.387644531s ago: executing program 32 (id=6680): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newqdisc={0x5c, 0x10, 0x1, 0x70bd25, 0x25dfdbfc, {0x6, 0x0, 0x8100, 0x0, {0x1, 0x10}, {0xfff1}, {0xe, 0x10}}, [@TCA_RATE={0x5, 0x5, {0xfc}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x400c800}, 0x0) 2m22.380286229s ago: executing program 3 (id=6706): socket$packet(0x11, 0x2, 0x300) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b002c, &(0x7f0000000000)="259a53f271a76d2688634c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 2m21.661466435s ago: executing program 3 (id=6711): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r1, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) close_range(r0, r1, 0x0) 2m21.395690059s ago: executing program 3 (id=6713): mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) open(&(0x7f0000000100)='./bus\x00', 0x42142, 0xa2) close(0x3) 2m21.223632925s ago: executing program 3 (id=6714): symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') mount$9p_unix(&(0x7f00000000c0)='./file0/file0/..\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x12d7498, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0/..\x00', &(0x7f0000000300)={0x0, 0x0, 0x31}, 0x18) 2m21.095202717s ago: executing program 3 (id=6717): r0 = shmget$private(0x0, 0x2000, 0x54003f00, &(0x7f0000ffc000/0x2000)=nil) shmat(r0, &(0x7f0000000000/0x4000)=nil, 0x6000) get_mempolicy(0x0, 0x0, 0x8000000000000000, &(0x7f0000000000/0x400000)=nil, 0x2) 2m20.669336261s ago: executing program 3 (id=6723): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x10, &(0x7f0000000040)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0xfffff000, 0xe, 0x0, &(0x7f0000000000)="619ff1e3c70400d5721ff59fe864", 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 2m20.364557646s ago: executing program 33 (id=6723): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x10, &(0x7f0000000040)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0xfffff000, 0xe, 0x0, &(0x7f0000000000)="619ff1e3c70400d5721ff59fe864", 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 4.584436394s ago: executing program 6 (id=8008): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000a80)={0x30, r1, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x8}]}, 0x30}}, 0x20000040) 4.318918767s ago: executing program 6 (id=8011): syz_mount_image$exfat(&(0x7f0000000000), &(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x880, &(0x7f0000000880)={[{@time_offset={'time_offset', 0x3d, 0x6}}, {@fmask={'fmask', 0x3d, 0x4}}, {@discard}, {@allow_utime={'allow_utime', 0x3d, 0xd}}, {@discard}, {}, {@iocharset={'iocharset', 0x3d, 'macroman'}}, {@utf8}, {@dmask}, {@iocharset={'iocharset', 0x3d, 'cp865'}}]}, 0x1, 0x1548, &(0x7f0000003300)="$eJzs3AuYTlXbOPD7XmvtMSSeJjkMa6178ySHRZLkkCSHJEmSJKfklCZ5JSExhCQNSUgOQxJDSA4Tk8b5fD4kJEmTJCE5Jet/Tbi8vdW/vq++1/e9c/+ua1+z7mfve+21n3s/z7P2npnnm65DazauVa0hEcFfghd+JAJALAAMBIDcABAAQLm4cnGZ67NLTPxrO2F/rwdTrvQI2JXE9c/auP5ZG9c/a+P6Z21c/6yN65+1cf2zNq4/Y1nZpmkFruEl6y58////uNi/ksyf//9BMkqN/WJNqeu6AcT8ia2zA9c/y+P6/8cK/sxGXP+sjeufVf2laSP7P+DpP7ENv/6zgmy/u4brn7Vx/RnLyq70/ec/vyAA/P39QuR/2XNwJPuFwvyb9nelzz/GGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY1nDaX+ZAoBL7Ss9LsYYY4wxxhhjjP19fLYrPQLGGGOMMcYYY4z9z0MQIEFBADGQDWIhO+QAAQBXQy7IDRG4BuLgWsgD10FeyAf5oQDEQ0EoBBoMWCAIoTAUgShcD0XhBigGxaEElAQHpaA03Ahl4CYoCzdDObgFysOtUAEqQiWoDLdBFbgdqsIdUA3uhOpQA2pCLbgLasPdUAfugbpwL9SD+6A+3A8N4AFoCA9CI3gIGsPD0AQegabQDJpDC2j5+/ntEOB38p+DnvA89ILekAh9oC+8AP2gPwyAF2EgvASD4GUYDK9AEgyBofAqDIPXYDi8DiNgJIyCN2A0vAljYCyMg/GQDBNgIrwFk+BtmAzvwBSYCikwDabDuzADZsIseA9mw/swB+bCPJgPqfABLICFkAYfwiL4CNJhMSyBpbAMlsMKWAmrYDWsgbWwDtbDBtgIm2AzbIGtsA22ww74GHbCJ7ALdsMe+BT2wmf/xfxT/5LfDQEBBQpUqDAGYzAWYzEH5sCcmBNzYS6MYATjMA7zYB7Mi3kxP+bHeIzHQlgIDRokJCyMhTGKUSyKRbEYFsMSWAIdOiyNpbEM3oRlsSyWw3JYHstjBayIFbEyVsYqWAWrYlWshtWwOlbHmlgT78K7sA/WwTpYF+tiPax36fYUNsSG2AgbYWNsjE2wCTbFptgcm2NLbImtsBW2xtbYFttie2yPHbADJmACdsSO2Ak7YWfsjF2wC3bFrtgNu2P3jOeyAT6Pz2NvrC76YF/si/0wKdsAfBFfxJdwEL6ML+MrmIRDcCi+iq/iazgcT+IIHImjcBRWEW/iGByLJMZjMibjRJyIk3BS5ukG7+BUTMFpOB2n4wyciTPxPZyN7+P7OBfn4nxMxVRcgAsxDdNwEZ7CdFyMS3ApLsPluAxX4ipciWtwLa7B9bgeN+JG3IybcStuxe24HT9GBYCf4G7cjUm4F/fiPtyH+3E/HsADmIEZeBAP4iE8hIfxMB7BI3gUj+FxPIYn8ASexFN4Gk/jWTyL5/CZ+K8afVx8dRKITEooESNiRKyIFTlEDpFT5BS5RC4RERERJ+JEHpFH5BV5RX6RX8SLeFFIFBJGGEEijAEAERVRUVQUFcVEMVFClBBOOFFalBZlRBlRVpQV5cQtory4VVQQFUUbV1lUFlVEW1dV3CGqiWqiuqghaopaopaoLWqLOqKOqCvqinqinqgv7hcNRB8cgA+KzMo0FkOwiRiKTUUzIS++g7USw7G1aCPainZiJI7ADqKVSxBPio5iDHYS/xBj8WnRRYzHruJZ0U10Fz3Ec6KnaO16id5iMvYRfcVU7Cf6iwHiRTEDa4j3cHb2muIVkSSGiKHiVTEfXxPDxetihBgpRok3so8Wb4oxYqwYJ8aLZDFBTBRviUnibTFZvCOmiKkiRUwT08W7YoaYKWaJ98Rs8b6YI+aKeWK+SBUfiAVioUgTH4pF4iORLhaLJWKpWCaWixVipVglVos1Yq1YJ9aLDWKj2CQ2iy1iq9gmtosd4mOxU3widondYo/4VOwVn4l94nOxX3whDogvRYb4ShwUX4tD4htxWHwrjojvxFFxTBwX34sT4gdxUpwSp8UZcVb8KM6Jn8R54QVIlEJKqWQgY2Q2GSuzyxzyKplTBhef3WtknLxW5pHXybwyn8wvC8h4WVAWkloaaSXJUBaWRWRUXi+LyhtkMVlclpAlpZOlZGl5oywjb5Jl5c2ynLxFlpe3ygqyoqwkK8vbZBV5u4TIhX1UlzVkTVlL3iUT4W5ZR94j68p7ZT15n6wv75cN5AOyoXxQNpIPycbyYdlEPiKbymayuWwhW8pHZSv5mGwt28i2sp1sLx+XHeQTMkE+KTtKf/EUeVp2kc/IrvJZ2U12lz3kT/K89LKX7C2hD8i+8gXZT/aXA2IBQL4kB8mX5WD5ikySQ+RQ+aocJl+Tw+XrcoQcKUfJN+Ro+aYcI8fKcXK8TJYT5ET5lpwk35aT5TtyipwqU+Q0OUAO/LmnWVL+Yf5bv5E/+Oe9b5Sb5Ga5RW6V2+R2uUN+LHfKnXKX3CX3yD1yr9wr98l9cr/cLw/IAzJDZsiD8qA8JA/Jw/KwPCKPyKPymDwjv5cn5A/ypDwlT8kz8qw8K89dfA5AoRJKKqUCFaOyqViVXeVQV6mc6mqVS+VWEXWNist8F1bXqbwqn8qvCqh4VVAVUloZZRWpUBVWRVRUXY8XTxhVQpVUTpVSpdWNF/LVtSrPH+erouoGVUwV/0X+pfEl/s74WqqWqpVqpVqr1qqtaqvaq/aqg+qgElSC6qg6qk6qk+qsOqsuqovqqrqqbqqb6qF6qJ6qp+qleqlElaj6qhdUP9VfDVAvqoHqJTVIDVKD1WCVpJLUUDVUDVPD1HA1XI1QI9QoNUqNVqPVGDVGjVPjVLJKVhPVRDVJTVKT1WQ1RU1RKSpFTVfT1Qw1Q81Ss9RsNVvNUXPUPDVPpapUtUAtUGkqTS1Si1S6WqwWq6VqqVqulquVaqVarVartWqtWq/Wq3S1SW1SW9QWtU1tUzvUDrVT7VS71C61R+1Re9VetU/tU/vVfnVAHVAZKkMdVAfVIXVIHVaH1RF1RB1VR9VxdVydUCfUSXVSnVan1Vl1Vp1T59R5dT5z2heIQAQqUEFMEBPEBrFBjiBHkDPIGeQKcgWRIBLEBXFBnuC6IG+QL8gfFAjig4JBoUAHJrCBuFj0aHB9UDS4ISgWFA9KBCUDF5QKSgc3BmWCm4Kywc1BueCWoHxwa1AhqBhUCioHtwVVgtuDqsEdQbXgzqB6UCOoGdQK7gpqB3cHdYJ7grrBvUG94L6gfnB/0CB4IGgYPBg0Ch4KGgcPB02CR4KmQbOgedAiaPm39u/9yXyPuV66t07UfXRf/YLup/vrAfpFPVC/pAfpl/Vg/YpO0kP0UP2qHqZf08P163qEHqlH6Tf0aP2mHqPH6nF6vE7WE/RE/ZaepN/Wk/U7eoqeqlP0ND1dv6tn6Jl6ln5Pz9bv6zl6rp6n5+tU/YFeoBfqNP2hXqQ/0ul6sV6il+plerleoVfqVXq1XqPX6nV6vQK9UW/Sm/UWvVVv09v1Dv2x3qk/0bv0br1Hf6r36s/0Pv253q+/0Af0lzpDf6UP6q/1If2NPqy/1Uf0d/qoPqaP6+/1Cf2DPqlP6dP6jD6rf9Tn9E/6vPaZk/vMj3ejjDIxJsbEmliTw+QwOU1Ok8vkMhETMXEmzuQxeUxek9fkN/lNvIk3hUwhk4kMmcKmsImaqClqippippgpYUoYZ5wpbUqbMqaMKWvKmnKmnClvypsKpoKpZCqZ28xt5nZzu7nD3GHuNHeaGqaGqWVqmdqmtqlj6pi6pq6pZ+qZ+qa+aWAamIamoWlkGpnGprFpYpqYpqapaW6am5ampWllWpnWprVpa9qa9qa96WA6mASTYDqajqaT6WQ6m86mi+liupquppvpZnqYHqan6Wl6mV4m0SSavqav6Wf6mQFmgBloBppBZpAZbAabJJNkhpqhZpgZZoab4WaEGWlGZU5UzZtmjBlrxpnxJtkkm4lmoplkJpnJZrKZYqaYFJNippvpZoaZYWaZWWa2mW3mmDlmnplnUk2qWWAWmDSTZhaZRSbdpJslZolZZpaZFWaFWWVWmTVmjVkH68wGs8FsMpvMFrPFbDPbzA6zw+w0O80us8vsMXvMXrPXI4DZb/abA+aAyTAZ5qA5aA6ZQ+awOWyOmCPmqDlqjpvj5oQ5YU6ak+a0OW3OmnwXPy+9ibXZbQ57lc1pr7a5bG77r3F+W8DG24K2kNU2r833i9hYa4vZ4raELWmdLWVL2xt/FVewFW0lW9neZqvY223VX8W17d22jr3H1rX32lr2rl/E9ex9tr592DZABLDNbCPbwja2D9sm9hHb1DazzW0L294+bjvYJ2yCfdJ2tE/9Kl5gF9pVdrVdY9faXXa3PW3P2EP2G3vW/mh72d52oH3JDrIv28H2FZtkh/wqHmXfsKPtm3aMHWvH2fG/iqfYqTbFTrPT7bt2hp35qzjVfmBn2zQ7x8618+z8n+PMMaXZD+0i+5FNtwEssUvtMrvcrrArL43V57br7Qa70e60n9gtdqvdZrfbHZcmwna33WM/tXvtZ/ag/drut1/YA/awzbBf/RxnHt9h+609Yr+zR+0xe9x+b0/YH9Sl7Mxj/97+ZM9bb4GQgCQpCiiGslEsZaccdBXlpKspF+WmCF1DcXQt5aHrKC/lo/xUgOKpIBUiTYYsEYVUmIpQlK6nS8MrQSXJUSkqTTdSGbqJytLNVI5uofJ0K1WgilSJKtNtVIVup6p0B1WjO6k61aCaVIvuotp0N9Whe6gu3Uv16D6qT/dTA3qAGtKD1Igeosb0MDWhR6gpNaPm1IJa0qPUih6j1tSG2lI7ak+PUwd6ghLoSepIT1En+gd1pqepCz1DXelZ6kbdqQc9Rz3peepFvSmR+lBfeoH6UX8aQC/SQHqJBtHLNJheoSQaQkPpVRpGr9Fwep1G0EgaRW/QaHqTxtBYGkfjKZkm0ER6iybR2zSZ3qEpNJVSaBpNp3dpBs2kWfQezab3aQ7NpXk0n1LpA1pACymNPqRF9BGl02JaQktpGS2nFbSSVtFqWkNraR2tpw20kTbRZtpCW2kbbacd9DHtpE9oF+2mPfQp7aXPaB99TvvpCzpAX1IGfUUH6Ws6RN/QYfrW96bv6Cgdo+P0PZ2gH+gknaLTdIbO0o90jn6i8+QJQgxFKEMVBmFMmC2MDbOHOcKrwpzh1WGuMHcYCa8J48JrwzzhdWHeMF+YPywQxocFw0KhDk1oQwrDsHBYJIyG14dFwxvCYmHxsERYMnRhqbB0eGNYJrwpLBveHJYLbwnLh7eGFcKK4cP3Vg5vC6uEt4dVwzvCauGdYfWwRlgzrBXeFdYO7w7rhPeEdcN7w7LhfWH98P6wQfhA2DB8MGwUPhQ2Dh8Om4SPhE3DZmHzsEXYMnw0bBU+FrYO24Rtw3Zh+/DxsEP4RJgQPhl2DJ/6ef19C39/fWLYJ+wbvhC+EHp/j5wXnR9NjX4QXRBdGE2LfhhdFP0omh5dHF0SXRpdFl0eXRFdGV0VXR1dE10bXRddH90Q3Rj1vlY2cOiEk065wMW4bC7WZXc53FUup7va5XK5XcRd4+LctS6Pu87ldflcflfAxbuCrpDTzjjryIWusCviou56V9Td4Iq54q6EK+mcK+VKuxaupWvpWrnHXGvXxrV17Vw797h73D3hnnBPuo7uKdfJ/cN1dk+7Lu4Z94x71nVz3V0P95zr6SbkuvCaTHR9XV/Xz/VzA9wAN9ANdIPcIDfYDXZJLskNdUPdMDfMDXfD3Qg3wo1yo9xoN9qNcWPcODfOJbtkN9FNdJPcJDfZTXZT3BSX4lLcdDfdzXAzXJWZF/Yyx81x89w8l+pS3QKXOWdMc4vcIpfu0t0St8Qtc8vcCrfCrXKr3Bq3xq1z69wGt8FtcpvcFrfFbXPb3A63w+10O90un/tCp26v2+f2uf1uvzvgvnQZ7it30H3tDrlv3GH3rTvivnNH3TF33H3vTrgf3El3yp12Z9xZ96M7535y5513yZEJkYmRtyKTIm9HJkfeiUyJTI2kRKZFpkfejcyIzIzMirwXmR15PzInMjcyLzI/khr5ILIgsjCSFvkwsijyUSQ9sjiyJLI0siyyPOJ9wS2hL+yL+Ki/3hf1N/hivrgv4Ut650v50v5GX8bf5Mv6m305f4sv72/1FXxFX8k/4pv6Zr65b+Fb+kd9K/+Yb+3b+La+nW/vH/cd/BM+wT/pO/qnfCf/D9/ZP+27+Gd8V/+s7+a7+x7+Od/TP+97+d4+0ffxff0Lvp/v7wf4F/1A/5If5F/2g/0rPskP8UP9q36Yf80P96/7EX6kHxXzhh996RIZxvtkP8FP9G/5Sf5tP9m/46f4qT7FT/PT/bt+hp/pZ/n3/Gz/vp/j5/p5fr5P9R/4BX6hT/Mf+kX+I5/uF1+6qexX+JV+lV/t1/i1fp1f7zf4jX6T3+y3+K1+m9/ud/iP/U7/id/ld/s9/lO/13/m9/nP/X7/hT/gv/QZ/it/0H/tD/lv/GH/rT/iv/NH/TF/3H/vT/gf/El/yp/2Z/xZ/6M/53/y5/l/1hhjjDHG/pQJl5vil2su3M7v8xs54p827gsAV28tkPHP6zNnlOvyXmj3F/HtIwDwZO+uD15aqldPTEy8uG26hKDIXIBLvwnKFAOX48XQFh6HBGgDZX5z/P1F97P0B/1HbwHI8U85sXA5vtz/5wCY+Bv9P9pu1ILy4em4/0//cwGKFbmckx0ux4uh7c/3V9pA2d8Zf75WfzD+7F8kA7T+p5yccCk+ePHbGjLHXxoeg6cg4RdbMsYYY4wxxhhjF/QXlTpfuv689Befv3V9Hq8u52SDy/EfXZ8zxhhjjDHGGGPsynu6e48nHk1IaNP5v96o+t/K+tONJvA/1TM3frPhPcClRxQA/MUOATIb8t95FJv/LftKuvjS+ddVy874AP53lPLvaFzhNybGGGOMMcbY3+7ypP+Xj6srNSDGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYywL+nd8ndiVPkbGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGPsSvt/AQAA///BeAKt") r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r0, 0xfffffffffffffffe, 0x29) 3.964429875s ago: executing program 6 (id=8012): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x3c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000880)=ANY=[@ANYBLOB="14040000100001002cbd7000fedbdf25070000000200000008000000", @ANYRES32=r0, @ANYBLOB="f4031a80f0032d80"], 0x414}], 0x1}, 0x0) 3.795071097s ago: executing program 6 (id=8014): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x19f, &(0x7f0000000100)={[{@sysvgroups}, {@noblock_validity}, {@min_batch_time={'min_batch_time', 0x3d, 0x514}}, {@grpquota}, {@stripe={'stripe', 0x3d, 0x7}}, {@debug}, {@grpid}]}, 0x80, 0x54f, &(0x7f0000000480)="$eJzs3c9vHFcdAPDvbLxufji1SzlAJUqBoqSC7MY1bS0OJUgITpUQ5R6MvbGsrL2Rd93GViScvwAJIUBwggsXJP4AJBSJC0eEFAnOIBWBEDhwQAIy1cyOHdeZ3WzSza5/fD7SZN68+fF9bzYznjfzNBPAifVSRFyJiPtpmr4SEdNFfqUYYrs7ZMvd27m1mA1JpOnb/0giKfJ2t5UU43PFaqcj4htfi/h28nDc9ubW9YVms7FeTNc7qzfq7c2tSyurC8uN5cba3Nzs6/NvzL82f3ko9TwfEW9+5S8/+O7Pv/rmrz//7p+v/u1iVu2YKubvr8djyHbRRL8FulWv5vtiV7bC+hMEO6wm8hoWzpQtkaZpej+d3pdzeyQlAwDgoOwC9iMR8emIeCWm41T/y1kAAADgCEq/NBX/S7pPaEpM9sgHAAAAjpBK3gc2qdSKvgBTUanUat0+vB+Ns5Vmq9353LXWxtrS3R9PRcRMVCvXVpqNy0Vf4ZmoJtn0bJ5+MP3qgem5iHguIr4/fSafri22mkvjvvkBAAAAJ8S5A+3/f0932/8AAADAMTPzcFZlHOUAAAAAnp6S9j8AAABwzGj/AwAAwLH29bfeyoZ09/vXS+9sblxvvXNpqdG+XlvdWKwtttZv1JZbreX8nX2r+9c9VbK9Zqt14wuxtnGz3mm0O/X25tbV1dbGWufqygc+gQ0AAACM0HOfvPPHJCK2v3gmHzKT4y4UMBITe6mkGJcc/X96tjt+b0SFAkai7B7+Qe89M4KCACM38URrpYOcNoBDrjruAgBjlzxifs/OO78rxp8abnkAAIDhu/Dx3s//+38DYNsnAuCIcxDDyXXgQV46Pa6CACOXP/8ftMOviwU4VqoD9QAEjrMP/fz/kdL0sQoEAAAM3VQ+JJVacXtvKiqVWi3ifP5ZgGpybaXZuBwRz0bEH6arz2TTs/maySPbDAAAAAAAAAAAAAAAAAAAAAAAAABAV5omkfZzpe9cAAAA4AiIqPw1+U33Xf4Xpl+eOnh/YDL5T/5J4MmIePcnb//w5kKnsz6b5f9zL7/zoyL/1XHcwQAAAAAO2m2n77bjAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCY7u3cWry3cyv9786txVHG/fuXI2JmL34+dOdMxOl8fDqqEXH2X0lM7FsviYhTQ4i/fTsiPlYWP8mKtReyLP6Zpx8/Zoq9UBb/3BDiw0l2Jzv/XCk7/irxUj4uP/4mIj4w/aR6n/9i7/x3qsfxf37AGC/c/WW9Z/zbES9MlJ9/duMnD8VPinFloPjf+ubWVq956U8jLkR5/P3R6p3VG/X25talldWF5cZyY21ubvb1+TfmX5u/XL+20mwU/5bG+N4nfnW/X/3P9og/07P+3TK9PFDtI/5/9+bO8z3+XmXxL36mJP5vf1Ys8XD8SrGtzxbpbP6F3fR2N73fi7/4/Yv96r/0oP7VwX7/bsyL/av94AccxoECAAxNe3Pr+kKz2Vg/Conqk6yVtdLLZj1f7IEPX7DJw7J/JB4z8Z2hbjBN07TH/6g7ETHIdpI4DLslT4z3vAQAAAzfg4v+cZcEAAAAAAAAAAAAAAAAAAAATq4hvjNssvQ1eyVvFtjeSyXeDAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBrvBwAA//9pfNv4") syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000000)='./file0\x00', 0x8a, &(0x7f00000001c0)={[{@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0xa3}}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x6}}, {@block_validity}, {@minixdf}, {@grpjquota}, {@noinit_itable}]}, 0x1, 0x463, &(0x7f0000001040)="$eJzs3MtvG8UfAPCv17Gbvn7Jr5RHSwuBgqh4JE36oAcuRSBxAAkJDkWcQpJWpW6DmiDRqoLCoRxRJe6IIxJ/ARfKBQEnJK5wR0gV6oXCyWjtXedR24ldJy715yM5ntkZZ+a7u2OPZ20HMLDG0j+FiB0R8WtEjNSzKyuM1e9u3bw88/fNyzOFqFbf+LNQq/fXzcszedX8cdvrmWq1TbtX346YrlTmLmT5icVz700sXLz03Jlz06fnTs+dnzq+cOTw/vKxqaM9iXNn2te9H87v2/PKW9demzl57Z0fv077uyMrXx5Hr4zV925TT/a6sT7buSxdGOpjR+hIMSLSw1Wqjf+RKMbWRtlIvPxJXzsHbKhqNaluaV18pQrcw9KJOjCI8hf69P1vftukqcdd4caJaKxj3Mpu9ZKhSLI6pew90kYYi4iTV/754uRwPT9o+x8A2HzXT0TEs83mf0k8sKze/7JrQ6MR8f+I2BUR90XE7oi4P6JW98GIeKjD9ldfIbl9/lMd6SqwdUrnfy9k17ZWzv/y2V+MFrPczlr8pcKpM5W5Q9k+ORilLWl+sk0b3730y2etyhrzv+yWtp/eL9VI/hhatUA3O704Hauv03XpxscRe4eW4h9uxF9ozHnTdvZExN4u2zjz9Ff7WpWtHX8bPZiUV7+MeKp+/K/EiuO/tHcLza9PHj9yePL5Y1NHJ4ajMndoIj8rbvfTz1dfb9X+HcXfAzeuV2Nb0/O/Ef9oYThi4eKls7XrtQudt3H1t09bvqfp9vwvF96spcvZtg+mFxcvTEaUC6/evn1q6bF5Pq+fnv8HDzQf/7tiaU88HBHpSbw/Ih6JiEezvj8WEY9HxIE28f/w4hPvdh5/m1X5Hkrjn13r+Mfy479m4lJErNhSPPv9N53Hn0uP/5Fa6mC2JX/+a2ddPe3qbAYAAID/nqT2GfhCMt5IJ8n4eP0z/LtjW1KZX1h85tT8++dn65+VH41SsnylK18PnczWhvP81Kr84Wzd+PPi1lp+fGa+Mtvn2GHQbW8x/lO/F/vdO2DD+b4WDC7jHwAGj9d/GFzGPwyuZuP/oz70A9h8a7z+b92sfgCbz/wfBpfxD4PL+IeB1PK78UlalNZY5xfpJe4gUe7ZP/y23NFvNdxBIpK7YtfdQ4lSNC0aWvePWXSZ2NK0qN/PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL3xbwAAAP//gELc7A==") syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x820f8, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000)) 2.763478509s ago: executing program 1 (id=8020): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]}) open(&(0x7f0000000000)='./file0\x00', 0xca1c0, 0x104) utime(&(0x7f0000000100)='./file0\x00', 0x0) 2.575244063s ago: executing program 6 (id=8021): syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000001380)='./file1\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="636865636b706f696e743d64697361626c652c6261636b67726f756e645f67633d73796e632c61636c2c616c6c6f635f6d6f64653d72657573652c696e6c696e655f78617474722c6e6f666c7573685f6d657267652c6d6f64653d6c66732c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c6167655f657874656e745f63616368652c646973636172642c6e6f696e6c696e655f64656e7472792c008bfb3c1e4b1b12ae77c937da8858"], 0x1, 0x550f, &(0x7f00000079c0)="$eJzs3M1rI/UbAPAn7Xbff/sr4sHbDixCCpvQ9GXRW9VdfMEuZdWDJ02TNGQ3yZQmTWtPHjyKB/8TUfDk0b/Bg2dv4kHxJiiZma5bV0Fo2tjt5wOTZ+Y73zzzfEMpPDMhAZxb88mvP5fiRlyJiNmIuB6R7ZeKLbOWhxci4mZEzDyxlYrxxwMXI+JqRNwYJ89zlopTn98e3Vr96a1fvvnu0oVrX3z9/fRWDUzbixHR287393p5TNt5fFiM10edLPZWRkXMT/QeFcdpHvdam1mGvfrhvHoWl9v5/HR7dzCOW916Yxzbna1sfLufX3Awah/myd7wsL6THTdbm1nsDNIstg/yuvYP8v9tB4NhnqdZ5PsoSx/D4WHMx1v7rXw924+y2OgPi/E8b9ps7Y/jqIjF5aKRdptZHZvH+aT/297u9Hf3k1FrZ9BJ+8lqtfZStXanUttJm61ha6VS7zXvrCTldnc8rTJs1Xtr7TRtd1vVRtpbSMrtRqNSqyXlu63NTr2f1GrV5epiZXWh2LudvH7/vaTbTMrj+GqnvzvsdAfJVrqT5O9YSJaqyy8vJLdqyTvrG8nGg3v31jfe/eDu+/dfWX/ztWLSU2Ul5aXFpaVKbbGyVFs4R+v/pCh6guuHYylNuwCAs0f/D0zD0/1/+fG54/X/Ow8iTr7/D/3/RJyp/ve89/8nsH44Fv0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC59cPcl29kO/P58bVi/H/F0HPFcSkiZiLi978xGxeP5Jwt8sz9w/y5v9TwbSmyDONrXCq2qxGxVmy//f+kPwUAAAB4dn318c3P8m49f5mfdkGcpvymzcz1DyeUrxQRc/M/TijbzPjl+Qkly/6+L8T+hLJlN7AuTyhZfsvtwqSy/SuzR8LlJ0IpDzOnWg4AAHAqjnYCp9uFAAAAcJo+nXYBTEcpDh9lHj4Lzr55/+cDwStHjgAAAIAzqDTtAgAAAIATl/X/fv8PAAAAnm357/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sHM3OWrDcBxA/wmk0C8VVd33Kt3BMXqELrtEHKCX4ABd0Cv0ApyB7nqEEYyIAwMjFjOKk2hG70nBODI/bEQWtiUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl/5Vm8Wf5ddfbXP2h3byjAYAAAC4ZVdtFvWbWaq/b+5/bG59bupFRJQRcWvuPoo3V5mjJqd6aP/7sn31qA9/I+qE43dMmutdRHxrrrtPp5bLDn8JAAAAeJ22q/U8zdbTy2zoDtGntGhTfvieKa+IiGr2P1Naecz7kims/n+P42emtHoBa5opLC25jXOlPUn9uJ9X7aYXRZGK8ubHzp3MNnYAAKBHo6ui31kIAAAAffoxdAcYRhGnrczzVuAkFc323turGgAAAPACFUN3AAAAAOhcPf/v6fy/Q57z/wAAAIDnSuf/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KVdtVlsV+t525z9oZ08owEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuGd/3lEgBMIgDPau70zm/oeVBk1NTapA+PgbgwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB487u//J+YGmeSudfG0vNIsnZqbJ0ae+fG0R/G168BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi/15SYEQCIIomDP+d9L3P6wk6BlEiICGRxW1aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL7od7/8n5gaZ5K508bS8UiydtXYumrsPWgcPRhv/wYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi537eY2jigMA/mZmZ2ur4hplDxFR8KAXu93W1t7EgxI8+CcIId3W2K0/2hxsKWIu3iTnXkSPIoISb/0fck4gl3jLYQ8RPCszO5Od/ADXXzOb5POBN++7wzDv+2Yh5DvvJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAafT2JE6yQ2ccx8W5zb2HS1m/dajPPF7bns9aFkd1Jn0yvFj9EHWbSwQAAICzIynr+xDCTrq+kPVxJ6//0/KarOb/9ulxXNbzh+v+si9r/6z98vPu8/sDdcbjZDe9uTwcXDqaSuv/m+Vse+Yvr2jlTz5/95LkX0j83upzozR/ntHXGxvvtPPwXB3ZAgD/xMWyL4Ly96Gs7zeZGABnRqtSeJf1f9JpNicAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAOoxWw5NlHIUQ5luTOLO193DpuP7x2vZ82a49erQWvpzcM7tFGkK4uTwcXKp1NrPt3v0HtxeHw8Hd+oOXQghNjf5WMf3bH0xxcQiNPB/BfxTExZc9K/mcjKDBH0oAAJxKadGyun4nXV/IzkVzIfzx3cH6/9VKHKas/3c/vLZZHata//drm+Hs663c+bR37/6D15fvLN4a3Bp8/Mbl/pv9K9evXr3ey9+V9LwxAQAA4N9pF61a/8dzR9f/L1TiMGX9/9k3/S+qYyXq/2NNFv2azgQAAOBse/bl33+Ljjkftdvh88WVlbv98XH/8+XxsYFU/7ZzRavW/8lc01kBAAAAdRitRgfW/29U4jDl+v9T37/wY/WeSQjhfLH+f3Hpk+GN+qYz0+r4c+Km5wgAAECzzhetuv6f5vv/4/0tD3EI4bVXxnHxbwCnqv+Td7/6oTpWdf//lfqmOJPi7vh55H03hFa36YwAAAA4zZ4oWlbs/5quL3z004X32/b/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANTtzwAAAP//1tM+ZA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a1) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0xd2f0, 0x2000, 0x5, 0x2}) 2.514099289s ago: executing program 1 (id=8022): syz_emit_ethernet(0x11e, &(0x7f0000000000)=ANY=[@ANYBLOB="e33110495bfdaaaaaaaaaa0086dd60cb653e00e83afffe800000000000fbffffffffffffff15ff05"], 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) 2.428762773s ago: executing program 0 (id=8023): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f00000000c0)='.\x00', 0x3c3501, 0x50) mq_notify(r0, 0x0) 2.120641874s ago: executing program 1 (id=8024): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0) bind$bt_hci(r0, &(0x7f00000001c0)={0x1f, 0xffff, 0x3}, 0x6) 1.799142074s ago: executing program 1 (id=8025): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_buf(r0, 0x0, 0x8008000000010, &(0x7f00000000c0)="170000000200010000ffbe8c5ee17688a2003c000301000a000002a257fc5ad90200bb6a880000d6c8db000000df018002000000fc0607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dfc060115003901000000000000ea000000000000000062068f5ee50ce5af9b1c568302ffff02ff030000ba000840024f0298e9e90539062a80e605007f71174aa951f3c63e5a1b47b63a6323ded2231454668492f9c681a6a9fc", 0xb8) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x68, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0x3, 0x5, 0x0, 0x0, 0x0, 0x3a3, {0x5, 0x4, 0x1, 0x3d, 0x9, 0x67, 0x1c, 0x8, 0x33, 0x8, @empty, @remote}}}}}}, 0x0) 1.649316484s ago: executing program 1 (id=8028): openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000340)='.\x00', &(0x7f0000000400), 0x6, &(0x7f0000002000)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}}) 1.284803066s ago: executing program 0 (id=8032): r0 = syz_open_dev$vim2m(&(0x7f0000000280), 0x10007, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000340)={0x2, @vbi={0x4, 0x5, 0x6, 0x3447504d, [0x8000, 0x8], [0xffffffff, 0x1], 0x13a}}) 1.051284158s ago: executing program 4 (id=8035): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpgid(0x0) kcmp(r1, r0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 998.360758ms ago: executing program 5 (id=8036): fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, 0xffffffffffff7fff, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 998.212462ms ago: executing program 0 (id=8037): r0 = socket(0x200000000000011, 0x2, 0xd) bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) syz_emit_ethernet(0xfd02, &(0x7f0000000000)={@random="e904a200", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e21, 0x0, 0x10, 0x0, @gue={{0x2, 0x1, 0x1, 0x4}}}}}}}, 0x0) 905.35601ms ago: executing program 5 (id=8038): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000200)={0x6c, r1, 0x1, 0x170bd2b, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x10}, 0xf8}}, {0x20, 0x2, @in6={0xa, 0x0, 0x5, @mcast1}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x6c}}, 0x8000) 856.233965ms ago: executing program 0 (id=8039): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112}) ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0) 799.897136ms ago: executing program 4 (id=8040): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000400)='./file0\x00', 0x402, &(0x7f0000001a40)={[{@iocharset={'iocharset', 0x3d, 'cp861'}}, {@umask={'umask', 0x3d, 0xec}}, {@errors_continue}, {@errors_remount}, {@iocharset={'iocharset', 0x3d, 'koi8-r'}}, {@discard}, {@allow_utime={'allow_utime', 0x3d, 0x8}}, {@discard}, {@allow_utime={'allow_utime', 0x3d, 0x4}}, {}, {@gid}]}, 0x1, 0x151f, &(0x7f0000000500)="$eJzs3AucT9XaOPDnWWvtMSbp1ySXYa31bH7JZZkkySVJLkmSJEluCUmTHElIDLklDUlILkNyGUJymZg07ve7JCRJkyQhuSXr/5nidTp1/uec9/Qe7+ed5/v5/D7WM3s/az97P7NnXzDfdh1Wq0nt6o2ICP4t+OsfyQAQCwCDAOAaAAgAoHx8+fjs5bklJv97G2F/rofSrnQF7Eri/uds3P+cjfufs3H/czbuf87G/c/ZuP85G/efsZxsy4xC1/In5374/X9Oxtf//xsunnzw5boy13cDiPln87j/ORv3//+s4J9Zifufs3H/c6rYK10A+1+Az/+cINffXcL9z9m4/4zlZFf6/fOV/kAkZx+DK/39xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsZzjjL1MAcGl8petijDHGGGOMMcbYn8fnutIVMMYYY4wxxhhj7H8eggAJCgKIgVwQC7khDgQAXA154RqIwLUQD9dBPrge8kMBKAiFIAEKQxHQYCAGCEIoCsUgCjdAcbgRSkBJKAWlwUEZSISboCzcDOXgFigPt0IFuA0qQiWoDFXgdqgKd0A1uBOqw11QA2pCLagNd0MduAfqwr1QD+6D+nA/NIAHoCE8CI3gIWgMD0MTeASawqPQDJpDC2gJrf5b+S9AT3gRekFvSIY+0Bdegn7QHwbAQBgEL8NgeAWGwKuQAkNhGLwGw+F1GAFvwEgYBaPhTRgDb8FYGAfjYQKkwkSYBG/DZHgHpsBUmAbTIQ1mwEx4F2bBbJgD78FceB/mwXxYAAshHT6ARbAYMuBDWAIfQSYshWWwHFbASlgFq2ENrIV1sB42wEbYBJthC2yFbbAddsDHsBM+gV3wKeyGPbAXPoN98Pm/mH/6b/K7ISCgQIEKFcZgDMZibozDOMyDeTAv5sUIRjAe4zEf5sP8mB8LYkFMwAQsgkXQoEFCwqJYFKMYxeJYHEtgCSyFpdChw0RMxLJ4M5bDclgey2MFrIAVsRJWwipYBatiVayG1bA6VscaWANrYS28G+/GPlgX62I9rIf1sf6l11PYCBthY2yMTbAJNsWm2AybYQtsga2wFbbG1tgG22A7bIftsT12wA6YhEnYETtiJ+yEnbEzdsEu2BW7Yjfsjt2zXsgF+CK+iL2xhuiDfbEv9sOUXANwIA7El3EwvoKv4KuYgkNxGL6Gr+HrOAJP4UgchaNxNFYVb+FYHIckJmAqpuIknISTcTJOwak4FadjGs7AmTgTZ+FsnI3v4Vx8H9/H+TgfF2I6puMiXIwZmIFL8DRm4lJchstxBa7EFbga1+BqXIfrcR1uxI24GTfjVtyK23E7fowf4yeoAPBT3IN7MAX34T7cj/vxAB7Ag3gQszALD+EhPIyH8QgewaN4FI/hcTyBx/EknsRTeBrP4Bk8h+fwPD6X8HXjT0quTQGRTQklYkSMiBWxIk7EiTwij8gr8oqIiIh4ES/yiXwiv8gvCoqCIkEkiCKiiDDCCBJhDACIqIiK4qK4KCFKiFKilHDCiUSRKMqKsqKcKCfKi1tFBXGbqCgqibauiqgiqop2rpq4U1QX1UUNUVPUErVFbVFH1BF1RV1RT9QT9UV90UA8IBqKPjgAHxLZnWkihmJTMQybieZCXvwJ1lqMwDairWgnnhCjcCR2EK1dknhadBRjsZP4ixiHz4ouYgJ2Fc+LbqK76CFeED1FG9dL9BZTsI/oK6ZjP9FfDBADxSysKd7DublriVdFihgqhonXxEJ8XYwQb4iRYpQYLd4UY8RbYqwYJ8aLCSJVTBSTxNtisnhHTBFTxTQxXaSJGWKmeFfMErPFHPGemCveF/PEfLFALBTp4gOxSCwWGeJDsUR8JDLFUrFMLBcrxEqxSqwWa8RasU6sFxvERrFJbBZbxFaxTWwXO8THYqf4ROwSn4rdYo/YKz4T+8TnYr/4QhwQX4qD4iuRJb4Wh8Q34rD4VhwR34mj4ntxTBwXJ8QP4qT4UZwSp8UZcVacEz+J8+JncUF4ARKlkFIqGcgYmUvGytwyTl4l88jg4tG9VsbL62Q+eb3MLwvIgrKQTJCFZRGppZFWkgxlUVlMRuUNsri8UZaQJWUpWVo6WUYmyptkWXmzLCdvkeXlrbKCvE1WlJVkZVlF3i6ryjskRH7dRg1ZU9aSteXdMhnukXXlvbKevE/Wl/fLBvIB2VA+KBvJh2Rj+bBsIh+RTeWjsplsLlvIlrKVfEy2lo/LNrKtbCefkO3lk7KDfEomyadlR+kvfos8K7vI52RX+bzsJrvLHvJneUF62Uv2ltAHZF/5kuwn+8sBcqAcJF+Wg+Urcoh8VabIoXKYfE0Ol6/LEfINOVKOkqPlm3KMfEuOlePkeDlBpsqJcpJ8W06W78gpcqqcJqfLNDlDDrg40xwp/2H+23+QP+SXrW+WW+RWuQ0vtkJ+InfJXXK33C33yr1yn9wn98v98oA8IA/KgzJLZslD8pA8LA/LI/KIPCqPymPyuDwrf5An5Y/ylDwtT8uz8pw8J89fPAagUAkllVKBilG5VKzKreLUVSqPulrlVdeoiLpWxavrVD51vcqvCqiCqpBKUIVVEaWVUVaRClVRVUxF1Q2XqlSlVGnlVBmVqG76V/JVcXWjKqFK/ib/Un3Jf6e+VqqVaq1aqzaqjWqn2qn2qr3qoDqoJJWkOqqOqpPqpDqrzqqL6qK6qq6qm+qmeqgeqqfqqXqpXipZJau+6iXVT/VXA9RANUi9rAarmIu7kqKGqWFquBquRqgRaqQaqUar0WqMGqPGqrFqvBqvUlWqmqQmqclqspqipqhpappKU2lqppqpZqlZao6ao+aquWqemqcWqAUqXaWrRWqRylAZaolaojLVUrVULVfL1Uq1Uq1Wq9VatVatV+vVRrVRZaotaovaprapHWqH2ql2ql1ql9qtdqu9aq/ap/ap/Wq/OqAOqIPqoMpSWeqQOqQOq8PqiDqijqqj6pg6pk6oE+qkOqlOqVPqjDqjzqlz6rw6ry6oC9m3fYEIRKCC7CttTBAbxAZxQVyQJ8gT5A3yBpEgEsQH8UG+4Pogf1AgKBgUChKCwkGRQAcmsIG4eKSiwQ1B8eDGoERQMigVlA5cUCZIDG4KygY3B+WCW4Lywa1BheC2oGJQKagcVAluD6oGdwTVgjuD6sFdQY2gZlArqB3cHdQJ7gnqBvcG9YL7gvrB/UGD4IGgYfBg0Ch4KGgcPBw0CR4JmgaPBs2C5kGLoGXQ6k+d3/tTBR53m3Vvnaz76L76Jd1P99cD9EA9SL+sB+tX9BD9qk7RQ/Uw/Zoerl/XI/QbeqQepUfrN/UY/ZYeq8fp8XqCTtUT9ST9tp6s39FT9FQ9TU/XaXqGnqnf1bP0bD1Hv6fn6vf1PD1fL9ALdbr+QC/Si3WG/lAv0R/pTL1UL9PL9Qq9Uq/Sq/UavVav0+v1Br1Rb9Kb9Ra9VW/T2/UO/bHeqT/Ru/Snerfeo/fqz/Q+/bner7/QB/SX+qD+Smfpr/Uh/Y0+rL/VR/R3+qj+Xh/Tx/UJ/YM+qX/Up/RpfUaf1ef0T/q8/llf0D775j778m6UUSbGxJhYE2viTJzJY/KYvCaviZiIiTfxJp/JZ/Kb/KagKWgSTIIpYoqYbGTIFDVFTdRETXFT3JQwJUwpU8o440yiSTRlTVlTzpQz5U15U8FUMBVNRVPZVDa3m9vNHeYOc6e509xl7jI1TU1T29Q2dUwdU9fUNfVMPVPf1DcNTAPT0DQ0jUwj09g0Nk1ME9PUNDXNTDPTwrQwrUwr09q0Nm1MG9POtDPtTXvTwXQwSSbJdDQdTSfTyXQ2nU0X08V0NV1NN9PN9DA9TE/T0/QyvUyySTZ9TV/Tz/QzA8wAM8gMMoPNYDPEDDEpJsUMM8PMcDPcjDAjzEgzyozOPn3MW2asGWfGmwkm1aSaSWaSmWwmmylmiplmppk0k2Zmmplmlpll5pg5Zq6Za+aZeWaBWWDSTbpZZBaZDJNhlpglJtNkmmVmmVlhVphVZpVZY9aYdWad2QAbzCazyWwxW8w2s83sMDvMTrPT7DK7zG6z2+w1e80+s8/sN/vNAXPAHDQHTZbJMofMIXPYHDZHzBFz1Bw1x8wxc8KcMCfNSXPKnDJnzBlzzhS4eL30JtbmtnH2KpvHXm3z2mvs38YFbSGbYAvbIlbb/LbAb2JjrS1hS9pStrR1toxNtDf9Lq5oK9nKtoq93Va1d9hqv4vr2HtsXXuvrWfvs7Xt3b+J69v7bQP7iG2ICGCb28a2pW1iH7FN7aO2mW1uW9iWtr190nawT9kk+7TtaJ/5XbzILrZr7Fq7zq63u+0ee8aetYftt/ac/cn2sr3tIPuyHWxfsUPsqzbFDv1dPNq+acfYt+xYO86OtxN+F0+z022anWFn2nftLDv7d3G6/cDOtRl2np1vF9iFv8TZNWXYD+0S+5HNtAEss8vtCrvSrrKr/6vW5Xaj3WQ32132U7vNbrc77Md256UbYbvH7rWf2X32c3vIfmMP2C/tQXvEZtmvf4mz9++I/c4etd/bY/a4PWF/sCftj+pSdva+/2B/thest0BIQJIUBRRDuSiWclMcXUV56GrKS9dQhK6leLqO8tH1lJ8KUEEqRAlUmIqQJkOWiEIqSsUoSjfQpfJKUWlyVIYS6SYqSzdTObqFytOtVIFuo4pUiSpTFbqdqtIdVI3upOp0F9WgmlSLatPdVIfuobp0L9WD+6g+3U8N6AFqSA9SI3qIGtPD1IQeoab0KDWj5tSCWlIreoxa0+PUhtpSO3qC2tOT1IGeoiR6mjrSM9SJ/kKd6VnqQs9RV3qeulF36kEvUE96kXpRb0qmPtSXXqJ+1J8G0EAaRC/TYHqFhtCrlEJDaRi9RsPpdRpBb9BIGkWj6U0aQ2/RWBpH42kCpdJEmkRv02R6h6bQVJpG0ymNZtBMepdm0WyaQ+/RXHqf5tF8WkALKZ0+oEW0mDLoQ1pCH1EmLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQx7STPqFd9Cntpj20lz6jffQ57acv6AB9SQfpK8qir+kQfUOH6Vs6Qt/53vQ9HaPjdIJ+oJP0I52i03SGztI5+onO0890gTxBiKEIZajCIIwJc4WxYe4wLrwqzBNeHeYNrwkj4bVhfHhdmC+8PswfFggLhoXChLBwWCTUoQltSGEYFg2LhdHwhrB4eGNYIiwZlgpLhy4sEyaGN4Vlw5vDcuEtYfnw1rBCeFtYMawUPnJflfD2sGp4R1gtvDOsHt4V1ghrhrXC2uHdYZ3wnrBueG9YL7wvLBfeHzYIHwgbhg+GjcKHwsbhw2GT8JGwafho2CxsHrYIW4atwsfC1uHjYZuwbdgufCJsHz4ZdgifCpPCp8OO4TO/LL9/8d9fnhz2CfuGL4Uvhd7fKxdEF0bTox9EF0UXRzOiH0aXRD+KZkaXRpdFl0dXRFdGV0VXR9dE10bXRddHN0Q3RjdFN0e9r50LHDrhpFMucDEul4t1uV2cu8rlcVe7vO4aF3HXunh3ncvnrnf5XQFX0BVyCa6wK+K0M846cqEr6oq5qLvBFXc3uhKupCvlSjvnyrhE19K1cq1ca/e4a+PaunbuCfeEe9I96Z5yT7mnXUf3jOvk/uI6u2ddF/ece84977q57q6He8H1dBPz/npOJru+rq/r5/q5AW6AG+QGucFusBvihrgUl+KGuWFuuBvuRrgRbqQb6Ua70W6MG+PGurFuvBvvUl2qm+QmucluspviprhpbppLc2luppvpZrlZrursX7cyz81zC9wCl+7S3SKXfc+Y4Za4JS7TZbplbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vldrnd/ppfJ3X73H633x1wB9xB95XLcl+7Q+4bd9h9646479xR97075o67E+4Hd9L96E650+6MO+vOuZ/cefezu+C8S41MjEyKvB2ZHHknMiUyNTItMj2SFpkRmRl5NzIrMjsyJ/JeZG7k/ci8yPzIgsjCSHrkg8iiyOJIRuTDyJLIR5HMyNLIssjyyIrIyoj3hbeFvqgv5qP+Bl/c3+hL+JK+lC/tnS/jE/1Nvqy/2Zfzt/jy/lZfwd/mK/pKvrJ/1DfzzX0L39K38o/51v5x38a39e38E769f9J38E/5JP+07+if8Z38X3xn/6zv4p/zXf3zvpvv7nv4F3xP/6Lv5Xv7ZN/H9/Uv+X6+vx/gB/pB/mU/2L/ih/hXfYof6of51/xw/7of4d/wI/0oPzrmTT/m0iMyTPCpfqKf5N/2k/07cKef6qf56T7Nz/Az/bt+lp/t5/j3/Fz/vp/n5/sFfqFP9x/4RX6xz/Af+iX+I5/pl156qexX+dV+jV/r1/n1foPf6Df5zX6L3+q3+e1+h//Y7/Sf+F3+U7/b7/F7/Wd+n//c7/df+AP+S3/Qf+Wz/Nf+kP/GH/bf+iP+O3/Uf++P+eP+hP/Bn/Q/+lP+tD/jz/pz/id/3v/sL/D/WWOMMcYY+6dMvDwUv13y6+v8Pn+QI/5q5b4AcPX2Qll/vTz7jnJD/l/H/UVC+wgAPN2760OXPjVqJCcnX1w3U0JQbD7Apb8JyvbL2/eL8VJoB09CErSFsn9Yf3/R/Rz9g/mjtwLE/VVOLFyOL8//BQAm/8H8jz0xelGF8Ez8/2f++QAlil3OyQ2X46XQ7pf3K22h3N+pv0Drf1B/7i9TAdr8VU4euBxfrj8RHodnIOk3azLGGGOMMcYYY7/qLyp3vvT8eelffP7R83mCupyTq/Sn/xX/o+dzxhhjjDHGGGOMXXnPdu/x1GNJSW07/+uDav+trH960BT+p2bmwR8OvAe49BUFAP/mhADZA/mf3Iut/5FtpVw8df520YqzPoD/Ha38MwZX+AcTY4wxxhhj7E93+ab/t19XV6ogxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsB/pP/DqxK72PjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHG2JX2/wIAAP//EQ77jw==") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000200)=""/85, 0xaa) 714.090264ms ago: executing program 5 (id=8041): r0 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x14, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000100)=@caif=@dgm={0x25, 0x7}, 0x80, &(0x7f0000000640)=[{&(0x7f0000000680)='r/', 0x2}], 0x1, 0x0, 0x0, 0x30000}, 0x48810) 685.606038ms ago: executing program 1 (id=8042): syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000200)={[{@grpjquota}, {@i_version}, {@discard}, {@noload}, {@resuid}]}, 0x3, 0x4fe, &(0x7f0000000dc0)="$eJzs3E9sFFUcAODfbFta/klFREHUKhobiS0UFA4mitHEgyZGTNRj0xaCFGpoSYSgLhc8GhLvxqNXD17VCzGcTLzi0cSQEMMFMCGumd2Zdrvd3XbLtmvp9yXtvjezM++9efNm37y3swGsWwPpv6QSvh4R2yKiUPuGgcrLnVsXx+7eujgWxVLp2N9JebPbaTyT7SY2Z5HBQsTraSBZmO70+QunRicnJ85m8eGZ058OT5+/8NLJvmzJkSOHDh44/MrIy60Xqk56ablu7/5ias+utz++8u5Yd748T626HO0yEAP1slL2fLsT67CtVeGku4MZoSXp+Z9WV0+5/W+LrmhWecVVzBmw0kqlUqm38epiqdalBUuANSv6Op0DoDPyD/r0/jf/q9cR2LAy3Y+Ou3m0cgOUlvtO9hfxdHlhPg7SU3N/204DEfFR8Z9v079oNA7RtUKJAwDr0s9H855gTf+vvzIzcu/c1dfS14eyOZT+iHg4IrZHxCMRsSMiHo2InRHxWEQ8XrP/tOtSapL+QE18Nv3ZSajCjTYVta60//dqNrc11/+bl4H+riy2NSLvME/sz47JYPT0Hj85OXGgSRq/vPn7143Wlft/6c6zPmCaft4XzPJxo7tmgG58dGZ02QWucfNSxO7u2vIn3RHJ7ExAEhG7ImJ3C/vtrwqffPH7PbORnvnvq+7/1i9/WanuPFob5plK30W8EMm9O7cuFmNe/c+lmMybnzw9emLixMSZkdn5yeG+mJzYP5yeBfvrpnHtt8vvNUp/0fL/+GftJm8d/ulY224K0vrfVHX+Rz5/O1f+/iQimZ2vnW49jct/fNVwbnXx+q9//m9IPiiH8/vSz0ZnZs4eiNiQvLNw+cjctnk8fY1ipfyDe+u3/+3ZNumReCIi0pP4yYh4Kip3iGnen4mIZyNib5Py//rGc5+0XP5Ckx22UVr+8ZrrX6Xm59X/3Hx9o0CSzQ3WWdV1quf63QYXj6XV/6FyaDBbUv/6l8y7RDTKaf5ply75976PHgAAAKwNhYjYUjWWtCUKhaGhyhjQjthUmJyantl3fOrcmfF0XUR/9BTyka7KeHBPko9/9lfFR2riB7Nx42+6NpbjQ2NTk+MdLTmwudzmk8JQxIddVe0/9ZfvncCDz/NasH41a/9pJ37nlVXMDLCqlv75f/XzFc0IsOqq2n+jJ/yLy/jeF7AGuP8H5iz+Qz+uGbD2lbRlWNdaav/7/AggPEi64/3Z8Co9dwj8Tyy3//9lm/MBrKpFnuvvbfgg/ZICpd76q/pi4Zujr/kOu2J52dhYJ62OBNKeVUdS37icrfJfU2j4nii0tsPeaE+dHr/Po1E8O31i55JO/lYCpey78u2uwR8at9NrvU1q5/4DHbkcAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtN1/AQAA//8O/N2Z") r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x40086602, &(0x7f0000000080)={@desc={0x84c00, 0x0, @desc2}}) 555.376926ms ago: executing program 5 (id=8043): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000050000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4908a0d411a9872971c7c56f0979bd10b97163c066d0e196bf02f46c7953ab1abdaf9de9ca3c00cb9bf4e418d076feafa22f0610a70f2bdf4000200000000b0c2c1254f0963f63223b7b80197aa3161f45346b100000000000000000089e399f6609876b5887437a172ebc02a740694298b79dc194e533583412dff048fc21f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be033c9d2f972cc93c1c13caec04a367c24a9fb6a6991ddb737d527d6acb15426415b6e8b14f822e86067a5e991c3b404984dfa2c6e94bd0339454c13ad3c328a182c15dc760a313e3b3ca5d3393404029e98fa883c71949a34d84030323e3d54f45b29d27643453ad9211e3550ee5520211d9370175133f260c6882a146880b9387f1beb5418618bc83a3becf9bb57da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000249a028044ede964362cfb7830a246c3b2f60000fc4deb8eda1368b0960b8d69bd99c64893d44f962524429dc058528e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e58219bc54f6ad5679e7f430e6960ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7033be648b12bb1fee58958d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d7fd45e3620c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc3a4763948a1cbc10348ef2ac3781b847611fcb0a26acafdd6d9ab05865fcf7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb81c53f16d80f51006cbc71570a5e272b223425e09dc6b6cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d28484e15dc4320e4f85c16a8fbffadf8214d6d24cabe17ad4135d8872935ce0e6a468fd20fa4461d1d67b234feac6eb4f046f2acc1b0efb4438abddcabb4e4e72a450aab72b589bec83bbb688e659fb426cb43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c1044ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f4815237c3aa356217738898a16ba603439f6eaad8e70b"], 0x0}, 0x80) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="090000000400000003000000ff00000042"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000080), 0x619, r0}, 0x38) 511.451209ms ago: executing program 0 (id=8044): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000000640)=[{{&(0x7f0000000240)={0xa, 0x4e24, 0x10001, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000280)='Q', 0x1}], 0x1}}], 0x1, 0x40040d1) getsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000140), &(0x7f0000000180)=0xe) 496.070003ms ago: executing program 6 (id=8045): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0x11) 399.917053ms ago: executing program 4 (id=8046): r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/snmp6\x00') r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0) mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080), 0x12, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 348.323098ms ago: executing program 5 (id=8047): r0 = creat(&(0x7f0000000280)='./bus\x00', 0xd4) io_setup(0x5, &(0x7f0000000100)=0x0) io_submit(r1, 0x2, &(0x7f00000002c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x2, 0x0, r0, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x8, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}]) 258.339191ms ago: executing program 0 (id=8048): syz_mount_image$minix(&(0x7f0000000080), &(0x7f00000001c0)='./file1\x00', 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="0049cef4df796851925f86c004000000e4cf62dc777d55387afc4a70d087ede499a199c4d7e87a07cdb3e45fc513a1f97b0b9047144790d8f3affa2044cbd987208cf1dcd4ec17f5138b1f4efbdc2a7be39782db000000000000002c2e5cf00c404f4a3246fb740282b4265c2c2c686173682c00181f302d7cd22530b02054463a3dd16b847ce0f9c3bd119a1498eb8cc1ae04dee8bfa77d492c96fd54cb0abb83366c6b4d4785b8103b6ea5ce14afc0ebaae0f62832e93c0cd17b2130111d313bea3d9ab4738453538e448d770b602e104974e6cd92f7d589103fde2331f870b425e8776f9e2152dec6551ec1f61ced64b19c9e56"], 0x5, 0x18e, &(0x7f0000002780)="$eJzs299ummAYx/EfCurcZtzcTpYdkOxgO5lOzf54tt3DbsAoM0ZcTe2JpknTi+gF9KwXV5P2BmoDERqxTRMrYPX7OeLHI/CivviQiADsLVu2DBmyvPCxUD6pGGkPCUBC5pJu5gD2U/bq3rXetQHATpv9kUaSLq+PO8pa0fbgrCTpd1DP5FZeMDuVPpiLupFXIdpfnEufg+2NF6sNSFkqhvXiStnb/5dPwfFf6pVeqyTvHuWN3i7q3XD7909th4C9YqgazUsrMvrXd51vYbb8XA9zzs+NSG6GOe/naufA7cZ1CgDWlHlk/mcj89+MzH8Az9d4Mh20Xdc53N4Fw5S2YBiT6SDJYeQkxX8sO8n30FY6H1xw15n692ejC+ZG9nNhPVRK+cIEIHa1o+GoNp5Mv/aH7Z7Tc/43fjVaP5rf6z9bNb/zz2up/wewO+5+9NMeCQAAAAAAAAAAAAAAWFdF79IeAgAAAICE+P///RvvE0tpnyMAAAAAAAAAAAAAAAAAAACwK24DAAD//3/aFdo=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 196.006736ms ago: executing program 4 (id=8049): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x2f) ioctl$sock_netdev_private(r0, 0x89f1, &(0x7f0000000000)) 153.709286ms ago: executing program 4 (id=8050): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="28000000190001000000000000000000021800000000ff000000000008000100ac141400040008"], 0x28}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9, 0x0, 0x0, 0x4000001}, 0x40000) 51.825672ms ago: executing program 4 (id=8051): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002640), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x34, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x20009805}, 0x4000080) 0s ago: executing program 5 (id=8052): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, r1, 0x6c04073ee59f7719, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) kernel console output (not intermixed with test programs): compat=0 ip=0x7f5e1139c819 code=0x7ffc0000 [ 611.277625][ T29] audit: type=1326 audit(2000000095.240:2511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24103 comm="syz.5.7417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=450 compat=0 ip=0x7f5e1139c819 code=0x7ffc0000 [ 611.354794][T24129] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7428'. [ 611.588818][T22311] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 611.653347][T24145] loop5: detected capacity change from 0 to 1024 [ 611.748809][T22311] usb 7-1: Using ep0 maxpacket: 16 [ 611.759469][T22311] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 611.777753][ T35] hfsplus: b-tree write err: -5, ino 25 [ 611.781508][T22311] usb 7-1: New USB device found, idVendor=28bd, idProduct=0055, bcdDevice= 0.00 [ 611.795649][ T35] hfsplus: b-tree write err: -5, ino 4 [ 611.802352][ T35] hfsplus: b-tree write err: -5, ino 2 [ 611.814171][T24147] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 611.820758][T24147] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 611.834874][T22311] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.859448][T24147] vhci_hcd vhci_hcd.0: Device attached [ 611.871523][T22311] usb 7-1: config 0 descriptor?? [ 611.893289][T24148] vhci_hcd: connection closed [ 611.906949][ T59] vhci_hcd vhci_hcd.1: stop threads [ 611.928302][ T59] vhci_hcd vhci_hcd.1: release socket [ 611.937845][ T59] vhci_hcd vhci_hcd.1: disconnect device [ 612.275079][T24161] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7444'. [ 612.301183][T22311] uclogic 0003:28BD:0055.0004: interface is invalid, ignoring [ 612.366755][T24163] loop4: detected capacity change from 0 to 16 [ 612.396926][T24163] erofs (device loop4): mounted with root inode @ nid 36. [ 612.521472][T24167] loop5: detected capacity change from 0 to 512 [ 612.525168][T24171] loop1: detected capacity change from 0 to 256 [ 612.592942][T22311] usb 7-1: USB disconnect, device number 3 [ 612.655673][T24174] binfmt_misc: register: failed to install interpreter file ./file0 [ 612.666898][T24167] EXT4-fs error (device loop5): ext4_map_blocks:789: inode #2: block 3: comm syz.5.7448: lblock 0 mapped to illegal pblock 3 (length 1) [ 612.718294][T24167] loop5: lost file I/O error report for ino 2 type 5 pos 0x0 len 0x0 error -117 [ 612.728202][ C1] EXT4-fs (loop5): error count since last fsck: 1 [ 612.743770][ C1] EXT4-fs (loop5): initial error at time 2000000097: ext4_map_blocks:789: inode 2: block 3 [ 612.753831][ C1] EXT4-fs (loop5): last error at time 2000000097: ext4_map_blocks:789: inode 2: block 3 [ 612.763514][T24167] EXT4-fs warning (device loop5): dx_probe:791: inode #2: lblock 0: comm syz.5.7448: error -117 reading directory block [ 612.763616][T24167] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117 [ 612.765844][T24167] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 612.873162][T24167] EXT4-fs error (device loop5): ext4_map_blocks:789: inode #2: block 3: comm syz.5.7448: lblock 0 mapped to illegal pblock 3 (length 1) [ 612.958715][T24167] EXT4-fs warning (device loop5): dx_probe:791: inode #2: lblock 0: comm syz.5.7448: error -117 reading directory block [ 613.032599][T21848] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 613.676390][T24210] loop1: detected capacity change from 0 to 128 [ 613.734017][T24182] loop0: detected capacity change from 0 to 32768 [ 613.758597][T24210] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 613.811947][T24182] read_mapping_page failed! [ 613.832993][T24182] ERROR: (device loop0): txCommit: [ 613.832993][T24182] [ 613.839989][T24210] hpfs: filesystem error: improperly stopped [ 613.860640][T24182] ERROR: (device loop0): remounting filesystem as read-only [ 613.866345][T24210] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 613.908213][T24210] hpfs: You really don't want any checks? You are crazy... [ 613.926918][T24210] hpfs: hpfs_map_sector(): read error [ 613.938712][T24210] hpfs: code page support is disabled [ 613.955984][T24210] hpfs: hpfs_map_4sectors(): unaligned read [ 613.975615][T24210] hpfs: hpfs_map_4sectors(): unaligned read [ 613.996101][T24210] hpfs: filesystem error: unable to find root dir [ 614.379155][T24231] netlink: 'syz.1.7473': attribute type 1 has an invalid length. [ 614.918987][T24248] loop0: detected capacity change from 0 to 2048 [ 614.955688][T24248] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 615.064220][T24255] loop5: detected capacity change from 0 to 256 [ 615.090568][T24255] exfat: Deprecated parameter 'utf8' [ 615.116011][T24255] exfat: Deprecated parameter 'namecase' [ 615.122042][T24222] loop4: detected capacity change from 0 to 32768 [ 615.171997][T24255] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xbcde3a0f, utbl_chksum : 0xe619d30d) [ 615.243871][T24222] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 615.279807][T24255] exFAT-fs (loop5): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 615.319283][T24255] exFAT-fs (loop5): Filesystem has been set read-only [ 615.382479][T24222] XFS (loop4): Ending clean mount [ 615.424806][T24222] XFS (loop4): Quotacheck needed: Please wait. [ 615.621064][T24279] netlink: 220 bytes leftover after parsing attributes in process `syz.6.7493'. [ 615.640839][T24279] netlink: 'syz.6.7493': attribute type 2 has an invalid length. [ 615.734553][T24222] XFS (loop4): Quotacheck: Done. [ 615.866850][T21761] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 616.038822][T22311] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 616.067644][T24289] loop1: detected capacity change from 0 to 512 [ 616.151125][T24289] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 616.188420][T24289] ext4 filesystem being mounted at /1482/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 616.232165][T22311] usb 1-1: Using ep0 maxpacket: 32 [ 616.243353][T24289] EXT4-fs (loop1): resizing filesystem from 128 to 2 blocks [ 616.257597][T22311] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 616.276680][T24289] EXT4-fs warning (device loop1): ext4_resize_fs:2041: can't shrink FS - resize aborted [ 616.287525][T22311] usb 1-1: config 0 has no interface number 0 [ 616.302930][T22311] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 616.341170][T22311] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 616.353286][T24275] loop5: detected capacity change from 0 to 32768 [ 616.374207][T22311] usb 1-1: Product: syz [ 616.388070][T22311] usb 1-1: Manufacturer: syz [ 616.407376][T22311] usb 1-1: SerialNumber: syz [ 616.445192][T24275] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 616.491226][T22311] usb 1-1: config 0 descriptor?? [ 616.502367][T22311] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 616.527431][T22311] usb 1-1: selecting invalid altsetting 1 [ 616.534157][T22311] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 616.570175][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 616.570673][T22311] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 616.611422][T22311] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 616.635954][T22311] usb 1-1: media controller created [ 616.649487][T24275] XFS (loop5): Ending clean mount [ 616.677270][T22311] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 616.712290][T24275] XFS (loop5): Quotacheck needed: Please wait. [ 616.785738][T22311] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 616.799636][T22311] zl10353_read_register: readreg error (reg=127, ret==-71) [ 616.815583][T22311] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 616.855187][T24302] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 616.906444][T24284] F2FS-fs (loop6): invalid crc value [ 616.918710][T24302] ext4 filesystem being mounted at /152/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 616.930228][T24275] XFS (loop5): Quotacheck: Done. [ 616.950619][T22311] usb 1-1: USB disconnect, device number 26 [ 617.092338][T24284] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 617.093623][T21848] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 617.126113][T24284] F2FS-fs (loop6): Start checkpoint disabled! [ 617.131704][T21761] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 617.220493][T24284] F2FS-fs (loop6): f2fs_disable_checkpoint() finish, err:0 [ 617.230579][T24284] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6 [ 617.476530][ T12] kworker/u8:0: attempt to access beyond end of device [ 617.476530][ T12] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 617.505772][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 617.505801][ T12] Tainted: [L]=SOFTLOCKUP [ 617.505808][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 617.505820][ T12] Workqueue: writeback wb_workfn (flush-7:6) [ 617.505858][ T12] Call Trace: [ 617.505866][ T12] [ 617.505874][ T12] dump_stack_lvl+0xe8/0x150 [ 617.505909][ T12] f2fs_stop_checkpoint+0x3c7/0x590 [ 617.505943][ T12] f2fs_write_end_io+0x12e5/0x17a0 [ 617.505989][ T12] __submit_merged_bio+0x256/0x6a0 [ 617.506022][ T12] __submit_merged_write_cond+0x3c9/0x4e0 [ 617.506059][ T12] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 617.506112][ T12] f2fs_write_data_pages+0x287e/0x34f0 [ 617.506173][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 617.506208][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 617.506268][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 617.506309][ T12] ? __lock_acquire+0x6b5/0x2cf0 [ 617.506351][ T12] ? set_shrinker_bit+0x7c/0x350 [ 617.506378][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 617.506399][ T12] do_writepages+0x32e/0x550 [ 617.506431][ T12] ? reacquire_held_locks+0x104/0x190 [ 617.506449][ T12] ? writeback_sb_inodes+0x463/0x19d0 [ 617.506480][ T12] __writeback_single_inode+0x133/0x10e0 [ 617.506506][ T12] ? do_raw_spin_unlock+0xf5/0x210 [ 617.506532][ T12] writeback_sb_inodes+0x979/0x19d0 [ 617.506555][ T12] ? __lock_acquire+0x6b5/0x2cf0 [ 617.506609][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 617.506631][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 617.506695][ T12] ? rcu_is_watching+0x15/0xb0 [ 617.506722][ T12] wb_writeback+0x445/0xb00 [ 617.506748][ T12] ? queue_io+0x291/0x470 [ 617.506778][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 617.506796][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 617.506836][ T12] wb_workfn+0x3f8/0xf10 [ 617.506854][ T12] ? __lock_acquire+0x6b5/0x2cf0 [ 617.506877][ T12] ? look_up_lock_class+0x57/0x110 [ 617.506920][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 617.506944][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 617.506963][ T12] ? lock_acquire+0x106/0x350 [ 617.506989][ T12] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 617.507012][ T12] ? process_scheduled_works+0xa70/0x1860 [ 617.507043][ T12] ? process_scheduled_works+0xa70/0x1860 [ 617.507077][ T12] ? process_scheduled_works+0xa70/0x1860 [ 617.507100][ T12] ? process_scheduled_works+0xa70/0x1860 [ 617.507127][ T12] process_scheduled_works+0xb5d/0x1860 [ 617.507190][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 617.507224][ T12] ? assign_work+0x3d5/0x5e0 [ 617.507255][ T12] worker_thread+0xa53/0xfc0 [ 617.507305][ T12] kthread+0x388/0x470 [ 617.507327][ T12] ? __pfx_worker_thread+0x10/0x10 [ 617.507351][ T12] ? __pfx_kthread+0x10/0x10 [ 617.507374][ T12] ret_from_fork+0x514/0xb70 [ 617.507403][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 617.507429][ T12] ? __switch_to+0xc79/0x1410 [ 617.507455][ T12] ? __pfx_kthread+0x10/0x10 [ 617.507478][ T12] ret_from_fork_asm+0x1a/0x30 [ 617.507517][ T12] [ 617.827724][ T12] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 617.931568][T24318] tipc: Enabling of bearer rejected, failed to enable media [ 617.947087][ T5899] loop6: lost filesystem error report for type 5 error -108 [ 618.537154][T24334] set_capacity_and_notify: 2 callbacks suppressed [ 618.537173][T24334] loop5: detected capacity change from 0 to 1024 [ 618.557232][T24307] loop1: detected capacity change from 0 to 32768 [ 618.605106][T24307] XFS (loop1): Mounting V5 filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 in no-recovery mode. Filesystem will be inconsistent. [ 618.875427][ T140] hfsplus: b-tree write err: -5, ino 25 [ 618.909861][ T140] hfsplus: b-tree write err: -5, ino 4 [ 618.925709][ T140] hfsplus: b-tree write err: -5, ino 2 [ 618.928425][ T5845] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 618.941134][ T140] hfsplus: b-tree write err: -5, ino 20 [ 619.028078][T24332] loop4: detected capacity change from 0 to 32768 [ 619.132346][T24332] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 619.188593][ T5899] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 619.245575][T24332] XFS (loop4): Ending clean mount [ 619.256862][T24332] XFS (loop4): Quotacheck needed: Please wait. [ 619.373222][ T5899] usb 7-1: Using ep0 maxpacket: 16 [ 619.401068][ T5899] usb 7-1: config 0 has an invalid interface number: 8 but max is 0 [ 619.409853][ T5899] usb 7-1: config 0 has no interface number 0 [ 619.416117][ T5899] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 619.427102][ T5899] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 619.438763][ T5899] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 619.447971][ T5899] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 619.457431][ T5899] usb 7-1: Product: syz [ 619.463642][ T5899] usb 7-1: SerialNumber: syz [ 619.477037][T24332] XFS (loop4): Quotacheck: Done. [ 619.483308][ T5899] usb 7-1: config 0 descriptor?? [ 619.497087][ T5899] cm109 7-1:0.8: invalid payload size 0, expected 4 [ 619.519056][ T5899] input: CM109 USB driver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.8/input/input33 [ 619.594025][T21761] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 619.762114][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 619.772963][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 619.781788][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 619.789198][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 619.796357][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 619.803594][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 619.810890][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 619.818503][ T5899] usb 7-1: USB disconnect, device number 4 [ 619.824704][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 619.824729][ C1] cm109 7-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 619.879250][ T5899] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 620.561836][T24382] loop1: detected capacity change from 0 to 256 [ 620.613632][T24382] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x32e3664b, utbl_chksum : 0xe619d30d) [ 620.659284][ T5956] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 620.818698][ T5956] usb 7-1: Using ep0 maxpacket: 32 [ 620.830117][ T5956] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 620.863778][ T5956] usb 7-1: config 0 has no interface number 0 [ 620.895348][ T5956] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 620.925742][ T5956] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 620.963346][ T5956] usb 7-1: Product: syz [ 620.981700][ T5956] usb 7-1: Manufacturer: syz [ 620.990364][T24397] loop5: detected capacity change from 0 to 512 [ 621.009315][ T5956] usb 7-1: SerialNumber: syz [ 621.017994][T24397] EXT4-fs: Ignoring removed nobh option [ 621.019829][ T5956] usb 7-1: config 0 descriptor?? [ 621.050644][T24400] loop0: detected capacity change from 0 to 1024 [ 621.061038][T24400] EXT4-fs: Ignoring removed oldalloc option [ 621.067812][ T5956] usb 7-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 621.083092][T24397] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 621.100620][ T5956] usb 7-1: selecting invalid altsetting 1 [ 621.104746][T24400] EXT4-fs: Ignoring removed bh option [ 621.122941][ T5956] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 621.135043][T24400] EXT4-fs (loop0): bad geometry: bigalloc file system with non-zero first_data_block [ 621.135043][T24400] [ 621.153135][T24397] EXT4-fs (loop5): 1 truncate cleaned up [ 621.170082][T24397] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 621.202280][ T5956] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 621.218327][ T5899] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 621.243121][T21848] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 621.306629][ T5956] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 621.380254][ T5956] usb 7-1: media controller created [ 621.392800][ T5899] usb 5-1: Using ep0 maxpacket: 16 [ 621.434192][ T5956] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 621.441562][ T5899] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 621.470359][ T5899] usb 5-1: config 0 has no interface number 0 [ 621.477186][ T5840] Bluetooth: hci1: ACL packet too small [ 621.490983][T24412] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3) [ 621.491841][ T5899] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 621.497622][T24412] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 621.529319][ T5899] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 621.543581][T24412] vhci_hcd vhci_hcd.0: Device attached [ 621.550019][ T5899] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 621.560241][ T5899] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 621.571604][ T5956] usb 7-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 621.571886][ T5899] usb 5-1: Product: syz [ 621.583193][ T5899] usb 5-1: SerialNumber: syz [ 621.600721][ T5956] zl10353_read_register: readreg error (reg=127, ret==-71) [ 621.609891][ T5899] usb 5-1: config 0 descriptor?? [ 621.618270][T24413] vhci_hcd: connection closed [ 621.620033][ T35] vhci_hcd vhci_hcd.5: stop threads [ 621.631313][ T35] vhci_hcd vhci_hcd.5: release socket [ 621.637383][ T35] vhci_hcd vhci_hcd.5: disconnect device [ 621.640168][ T5956] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 621.646523][ T5899] cm109 5-1:0.8: invalid payload size 0, expected 4 [ 621.666062][ T5899] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input34 [ 621.763755][ T5956] usb 7-1: USB disconnect, device number 5 [ 621.925459][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 621.925860][T22311] usb 5-1: USB disconnect, device number 33 [ 621.932490][ C1] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 621.992036][T22311] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 622.006245][T24393] loop1: detected capacity change from 0 to 32768 [ 622.037071][T24393] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.7528 (24393) [ 622.103367][T24393] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 622.128080][T24393] BTRFS info (device loop1): using sha256 checksum algorithm [ 622.341079][T24393] BTRFS info (device loop1): rebuilding free space tree [ 622.408769][T24393] BTRFS info (device loop1): disabling free space tree [ 622.420788][T24393] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 622.444863][T24393] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 622.486371][T24393] BTRFS info (device loop1): enabling ssd optimizations [ 622.503831][T24393] BTRFS info (device loop1): turning on async discard [ 622.550790][T24393] BTRFS info (device loop1): force clearing of disk cache [ 622.593019][T24393] BTRFS info (device loop1): enabling auto defrag [ 622.621545][T24393] BTRFS info (device loop1): max_inline set to 4096 [ 622.885692][ T5845] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 623.022084][T24463] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7542'. [ 623.605466][T24475] binfmt_misc: register: failed to install interpreter file ./file0 [ 623.662556][T24452] loop4: detected capacity change from 0 to 32768 [ 623.735065][T24452] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 623.749890][ T5892] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 623.896568][T24452] XFS (loop4): Ending clean mount [ 623.927776][T24452] XFS (loop4): Quotacheck needed: Please wait. [ 623.928345][ T5892] usb 6-1: Using ep0 maxpacket: 32 [ 623.965357][ T5892] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 623.985551][ T5892] usb 6-1: config 0 has no interface number 0 [ 624.015533][ T5892] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 624.019299][T24493] loop0: detected capacity change from 0 to 128 [ 624.037027][ T5892] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.045244][ T5899] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 624.066480][ T5892] usb 6-1: Product: syz [ 624.076205][ T5892] usb 6-1: Manufacturer: syz [ 624.083919][T24493] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 624.084015][ T5892] usb 6-1: SerialNumber: syz [ 624.102590][T24493] hpfs: filesystem error: improperly stopped [ 624.117379][T24493] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 624.140154][T24493] hpfs: You really don't want any checks? You are crazy... [ 624.154518][T24452] XFS (loop4): Quotacheck: Done. [ 624.155450][ T5892] usb 6-1: config 0 descriptor?? [ 624.171519][T24493] hpfs: hpfs_map_sector(): read error [ 624.177230][T24493] hpfs: code page support is disabled [ 624.185814][ T5892] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 624.195216][ T5892] usb 6-1: selecting invalid altsetting 1 [ 624.201417][ T5892] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 624.208984][T24493] hpfs: hpfs_map_4sectors(): unaligned read [ 624.226218][ T5892] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 624.236765][ T5899] usb 2-1: Using ep0 maxpacket: 16 [ 624.238098][T24493] hpfs: hpfs_map_4sectors(): unaligned read [ 624.244257][ T5899] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 624.256923][ T5892] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 624.265433][ T5899] usb 2-1: config 0 has no interface number 0 [ 624.271919][ T5892] usb 6-1: media controller created [ 624.272680][T24493] hpfs: filesystem error: unable to find root dir [ 624.277237][ T5899] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 624.298116][T24493] [ 624.307498][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.309075][ T5892] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 624.328130][ T5899] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 624.345957][T21761] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 624.351468][ T5899] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 624.383610][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 624.398987][ T5899] usb 2-1: Product: syz [ 624.409966][ T5899] usb 2-1: SerialNumber: syz [ 624.423823][ T5899] usb 2-1: config 0 descriptor?? [ 624.445238][ T5899] cm109 2-1:0.8: invalid payload size 0, expected 4 [ 624.478125][ T5899] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input35 [ 624.515434][ T5892] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 624.536942][ T5892] zl10353_read_register: readreg error (reg=127, ret==-71) [ 624.574326][ T5892] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 624.761146][ T5892] usb 6-1: USB disconnect, device number 4 [ 624.782091][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 624.789290][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 624.796443][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 624.803596][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 624.810762][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 624.818015][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 624.823504][ T5838] usb 2-1: USB disconnect, device number 37 [ 624.824968][ C1] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 624.931314][ T5838] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 624.938615][T24499] loop0: detected capacity change from 0 to 1024 [ 625.034340][T24499] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 625.226932][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 625.366654][T24512] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7559'. [ 625.537996][T24518] loop1: detected capacity change from 0 to 512 [ 625.561637][T24518] EXT4-fs: Ignoring removed nomblk_io_submit option [ 625.578951][T24518] EXT4-fs: Ignoring removed mblk_io_submit option [ 625.585128][T24508] loop6: detected capacity change from 0 to 40427 [ 625.608068][T24518] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 625.622915][T24508] F2FS-fs (loop6): Invalid SB checksum offset: 0 [ 625.626393][T24518] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 625.642203][T24508] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock [ 625.657551][T24508] F2FS-fs (loop6): invalid crc value [ 625.672356][T24522] loop5: detected capacity change from 0 to 1024 [ 625.694500][T24518] EXT4-fs (loop1): 1 truncate cleaned up [ 625.722524][T24522] EXT4-fs: Ignoring removed bh option [ 625.730452][T24518] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 625.759225][T24518] EXT4-fs error (device loop1): ext4_map_blocks:789: inode #2: block 4: comm syz.1.7562: lblock 0 mapped to illegal pblock 4 (length 1) [ 625.781484][T24522] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 625.805382][T24518] EXT4-fs (loop1): Remounting filesystem read-only [ 625.833149][T24522] ext4 filesystem being mounted at /176/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 625.862357][T24508] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 625.923297][T24508] F2FS-fs (loop6): Try to recover 2th superblock, ret: 0 [ 625.966684][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 625.981038][T24508] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 625.996763][T24522] EXT4-fs error (device loop5): ext4_map_blocks:831: inode #15: comm syz.5.7565: lblock 0 mapped to illegal pblock 0 (length 1) [ 626.124573][T24522] EXT4-fs error (device loop5): ext4_map_blocks:789: inode #15: comm syz.5.7565: lblock 0 mapped to illegal pblock 0 (length 1) [ 626.220495][T24522] EXT4-fs error (device loop5): ext4_ext_remove_space:2969: inode #15: comm syz.5.7565: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 626.261605][T21972] syz-executor: attempt to access beyond end of device [ 626.261605][T21972] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 626.334541][T21848] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 626.337730][T21972] CPU: 0 UID: 0 PID: 21972 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 626.337759][T21972] Tainted: [L]=SOFTLOCKUP [ 626.337765][T21972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 626.337776][T21972] Call Trace: [ 626.337783][T21972] [ 626.337791][T21972] dump_stack_lvl+0xe8/0x150 [ 626.337823][T21972] f2fs_stop_checkpoint+0x3c7/0x590 [ 626.337857][T21972] f2fs_write_end_io+0x12e5/0x17a0 [ 626.337899][T21972] __submit_merged_bio+0x256/0x6a0 [ 626.337933][T21972] __submit_merged_write_cond+0x3c9/0x4e0 [ 626.337967][T21972] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 626.338017][T21972] f2fs_write_data_pages+0x287e/0x34f0 [ 626.338097][T21972] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 626.338165][T21972] ? unwind_next_frame+0xa6/0x2550 [ 626.338181][T21972] ? rcu_is_watching+0x15/0xb0 [ 626.338197][T21972] ? __kasan_check_byte+0x12/0x40 [ 626.338215][T21972] ? __bfs+0x153/0x290 [ 626.338229][T21972] ? __pfx_hlock_conflict+0x10/0x10 [ 626.338266][T21972] ? lockdep_unlock+0x5d/0xd0 [ 626.338287][T21972] ? __lock_acquire+0x146e/0x2cf0 [ 626.338340][T21972] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 626.338360][T21972] do_writepages+0x32e/0x550 [ 626.338393][T21972] ? do_raw_spin_unlock+0xf5/0x210 [ 626.338417][T21972] filemap_fdatawrite+0x1e9/0x2f0 [ 626.338443][T21972] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 626.338512][T21972] ? do_raw_spin_unlock+0xf5/0x210 [ 626.338537][T21972] f2fs_sync_dirty_inodes+0x30e/0x830 [ 626.338573][T21972] f2fs_write_checkpoint+0x9df/0x26a0 [ 626.338592][T21972] ? __lock_acquire+0x6b5/0x2cf0 [ 626.338648][T21972] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 626.338725][T21972] kill_f2fs_super+0x314/0x730 [ 626.338751][T21972] ? __pfx_kill_f2fs_super+0x10/0x10 [ 626.338784][T21972] ? lockdep_hardirqs_on+0x7a/0x110 [ 626.338820][T21972] deactivate_locked_super+0xbc/0x130 [ 626.338848][T21972] cleanup_mnt+0x437/0x4d0 [ 626.338866][T21972] ? _raw_spin_unlock_irq+0x23/0x50 [ 626.338892][T21972] task_work_run+0x1d9/0x270 [ 626.338917][T21972] ? __pfx_task_work_run+0x10/0x10 [ 626.338945][T21972] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.338965][T21972] exit_to_user_mode_loop+0xed/0x480 [ 626.338987][T21972] ? rcu_is_watching+0x15/0xb0 [ 626.339006][T21972] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.339025][T21972] do_syscall_64+0x33e/0xf80 [ 626.339046][T21972] ? trace_irq_disable+0x3b/0x140 [ 626.339078][T21972] ? clear_bhb_loop+0x40/0x90 [ 626.339100][T21972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.339117][T21972] RIP: 0033:0x7f4d7ed9da57 [ 626.339136][T21972] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 626.339150][T21972] RSP: 002b:00007ffe4556ef18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 626.339169][T21972] RAX: 0000000000000000 RBX: 00007f4d7ee32048 RCX: 00007f4d7ed9da57 [ 626.339181][T21972] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe4556efd0 [ 626.339192][T21972] RBP: 00007ffe4556efd0 R08: 00007ffe4556ffd0 R09: 00000000ffffffff [ 626.339204][T21972] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe45570060 [ 626.339215][T21972] R13: 00007f4d7ee32048 R14: 0000000000098de0 R15: 00007ffe455700a0 [ 626.339246][T21972] [ 626.340027][T21972] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 626.533341][T24546] loop0: detected capacity change from 0 to 164 [ 626.538794][ T5838] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 626.566370][T24546] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 626.729942][ T5838] usb 5-1: Using ep0 maxpacket: 32 [ 626.737836][ T5838] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 626.749594][ T5838] usb 5-1: config 0 has no interface number 0 [ 626.762389][ T5838] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 626.780664][ T5838] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 626.801392][ T5838] usb 5-1: Product: syz [ 626.806917][ T5838] usb 5-1: Manufacturer: syz [ 626.812429][ T5838] usb 5-1: SerialNumber: syz [ 626.837936][ T5838] usb 5-1: config 0 descriptor?? [ 626.869416][ T5838] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 626.899602][ T5838] usb 5-1: selecting invalid altsetting 1 [ 626.906325][ T5838] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 626.923103][ T5838] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 626.951927][T24544] loop1: detected capacity change from 0 to 40427 [ 626.963198][ T5838] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 626.987213][T24544] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 627.021375][ T5838] usb 5-1: media controller created [ 627.027647][T24544] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 627.080580][T24544] F2FS-fs (loop1): invalid crc_offset: 33558524 [ 627.091239][T24552] loop0: detected capacity change from 0 to 256 [ 627.092498][ T5838] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 627.118769][T24552] vfat: Deprecated parameter 'posix' [ 627.133018][T24552] FAT-fs: "posix" option is obsolete, not supported now [ 627.229496][ T5838] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 627.274787][ T5838] zl10353_read_register: readreg error (reg=127, ret==-71) [ 627.318125][ T5838] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 627.405135][T24544] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 627.428866][ T5838] usb 5-1: USB disconnect, device number 34 [ 627.520001][T24544] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 627.537340][T24544] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 628.034808][T24559] loop0: detected capacity change from 0 to 32768 [ 628.055636][T24559] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 628.096543][T24559] XFS (loop0): Ending clean mount [ 628.114160][T24559] XFS (loop0): Quotacheck needed: Please wait. [ 628.128873][ T5838] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 628.200403][T24559] XFS (loop0): Quotacheck: Done. [ 628.239208][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 628.239226][ T29] audit: type=1800 audit(2000000112.750:2516): pid=24559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.7577" name="file1" dev="loop0" ino=6150 res=0 errno=0 [ 628.289598][ T5838] usb 5-1: Using ep0 maxpacket: 16 [ 628.305962][ T5838] usb 5-1: unable to get BOS descriptor or descriptor too short [ 628.320380][ T5838] usb 5-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=36.87 [ 628.330404][ T5838] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 628.351808][ T5838] usb 5-1: Product: syz [ 628.365284][ T5838] usb 5-1: Manufacturer: syz [ 628.367130][ T5844] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 628.379232][ T5838] usb 5-1: SerialNumber: syz [ 628.588813][T24588] netlink: 20 bytes leftover after parsing attributes in process `syz.5.7588'. [ 628.594781][T24589] exfat: Deprecated parameter 'utf8' [ 628.609715][T24589] exfat: Deprecated parameter 'namecase' [ 628.657977][T24588] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7588'. [ 628.659443][T24589] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbcde3a0f, utbl_chksum : 0xe619d30d) [ 628.675905][T24588] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 628.754369][T24589] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 628.801376][T24589] exFAT-fs (loop1): Filesystem has been set read-only [ 628.893920][T24594] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7591'. [ 628.904702][T24594] openvswitch: netlink: nsh attr 4 is out of range max 3 [ 629.125544][T24602] set_capacity_and_notify: 1 callbacks suppressed [ 629.125563][T24602] loop0: detected capacity change from 0 to 256 [ 629.199272][T24602] exfat: Deprecated parameter 'namecase' [ 629.209156][T24604] loop1: detected capacity change from 0 to 512 [ 629.237829][T24602] exfat: Deprecated parameter 'namecase' [ 629.248811][ T5838] usb 5-1: reset high-speed USB device number 35 using dummy_hcd [ 629.262801][T24604] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a843c198, mo2=0002] [ 629.277834][T24604] System zones: 1-12 [ 629.284685][T24604] EXT4-fs error (device loop1): ext4_iget_extra_inode:5043: inode #15: comm syz.1.7594: corrupted in-inode xattr: e_value size too large [ 629.300941][T24604] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 629.301378][T24604] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.7594: couldn't read orphan inode 15 (err -117) [ 629.310674][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 629.310701][ C0] EXT4-fs (loop1): initial error at time 2000000113: ext4_iget_extra_inode:5043: inode 15 [ 629.310733][ C0] EXT4-fs (loop1): last error at time 2000000113: ext4_iget_extra_inode:5043: inode 15 [ 629.354376][T24604] loop1: lost filesystem error report for type 5 error -117 [ 629.357990][T24604] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 629.358382][T24602] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d) [ 629.450322][ T5838] usb 5-1: unable to get BOS descriptor or descriptor too short [ 629.531024][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 629.709383][ T5892] usb 5-1: USB disconnect, device number 35 [ 629.984132][T24622] loop6: detected capacity change from 0 to 512 [ 630.013580][T24622] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 630.013665][T24596] loop5: detected capacity change from 0 to 40427 [ 630.063089][T24622] EXT4-fs (loop6): 1 truncate cleaned up [ 630.082393][T24596] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 630.090571][T24622] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 630.190476][T24596] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 630.202604][T24596] F2FS-fs (loop5): invalid crc_offset: 33558524 [ 630.243638][T24625] loop1: detected capacity change from 0 to 4096 [ 630.336145][T21972] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 630.350019][T24631] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 630.452957][T24625] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 630.506099][T24596] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 630.564449][T24625] Remounting filesystem read-only [ 630.573884][T24596] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 630.596040][T24596] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 630.909120][ T5899] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 631.070608][T22311] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 631.090016][ T5899] usb 1-1: Using ep0 maxpacket: 16 [ 631.101012][ T5899] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 631.128344][ T5899] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 631.148239][ T5899] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 631.168259][ T5899] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 631.188243][ T5899] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 631.204804][ T5899] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 631.215033][ T5899] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 631.224482][ T5899] usb 1-1: Manufacturer: syz [ 631.233365][ T5899] usb 1-1: config 0 descriptor?? [ 631.238370][T22311] usb 2-1: Using ep0 maxpacket: 16 [ 631.248108][T24644] loop4: detected capacity change from 0 to 32768 [ 631.249750][T24646] loop5: detected capacity change from 0 to 1024 [ 631.263628][T22311] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 631.280880][T22311] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 631.296546][T24644] XFS (loop4): Mounting V5 filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 in no-recovery mode. Filesystem will be inconsistent. [ 631.312729][T22311] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 631.320968][T24646] hfsplus: bad catalog entry type [ 631.364411][ T12] hfsplus: b-tree write err: -5, ino 25 [ 631.376728][T22311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 631.395328][ T12] hfsplus: b-tree write err: -5, ino 4 [ 631.407625][ T12] hfsplus: b-tree write err: -5, ino 2 [ 631.421703][T22311] usb 2-1: config 0 descriptor?? [ 631.471523][T21761] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 631.598252][ T5899] rc_core: IR keymap rc-hauppauge not found [ 631.630017][ T5899] Registered IR keymap rc-empty [ 631.644024][ T5899] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 631.679365][ T5899] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 631.731436][ T5899] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 631.777422][ T5899] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input36 [ 631.829753][ T5899] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 631.868839][ T5899] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 631.924640][T22311] hid-multitouch 0003:1FD2:6007.0005: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.1-1/input0 [ 631.936721][ T5899] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 631.952081][ T5899] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 631.999065][ T5899] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 632.032448][ T5899] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 632.097073][ T5899] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 632.121517][ T5892] usb 2-1: USB disconnect, device number 38 [ 632.149782][ T5899] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 632.188306][ T5899] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 632.218399][ T5899] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 632.260158][ T5899] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 632.316141][ T5899] mceusb 1-1:0.0: Registered with mce emulator interface version 1 [ 632.356161][ T5899] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 632.389326][ T5899] usb 1-1: USB disconnect, device number 27 [ 632.588722][T22311] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 632.758884][T22311] usb 6-1: Using ep0 maxpacket: 16 [ 632.768122][T22311] usb 6-1: unable to get BOS descriptor or descriptor too short [ 632.793507][T24681] loop1: detected capacity change from 0 to 256 [ 632.803721][T22311] usb 6-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=36.87 [ 632.832848][T24681] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x4711949a, utbl_chksum : 0xe619d30d) [ 632.835297][T22311] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.876411][T24679] loop6: detected capacity change from 0 to 32768 [ 632.893604][T22311] usb 6-1: Product: syz [ 632.902423][T22311] usb 6-1: Manufacturer: syz [ 632.910021][T24679] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.7620 (24679) [ 632.923699][T22311] usb 6-1: SerialNumber: syz [ 632.977771][T24679] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 633.003604][T24679] BTRFS info (device loop6): using sha256 checksum algorithm [ 633.161457][T24679] BTRFS info (device loop6): rebuilding free space tree [ 633.222978][T24677] loop4: detected capacity change from 0 to 40427 [ 633.268482][T24677] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 633.292214][T24679] BTRFS info (device loop6): disabling free space tree [ 633.299604][T24677] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 633.312225][T24677] F2FS-fs (loop4): invalid crc_offset: 33558524 [ 633.332524][T24679] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 633.393625][T24679] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 633.485087][T24679] BTRFS info (device loop6): enabling ssd optimizations [ 633.526395][T24679] BTRFS info (device loop6): turning on async discard [ 633.551054][T24679] BTRFS info (device loop6): force clearing of disk cache [ 633.569969][T24677] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 633.578319][T24679] BTRFS info (device loop6): enabling auto defrag [ 633.604479][T24679] BTRFS info (device loop6): max_inline set to 4096 [ 633.715166][T24677] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 633.734221][T24677] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 633.808790][T21972] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 633.814734][T22311] usb 6-1: reset high-speed USB device number 5 using dummy_hcd [ 634.011684][T22311] usb 6-1: unable to get BOS descriptor or descriptor too short [ 634.292547][T24721] loop6: detected capacity change from 0 to 1024 [ 634.319646][T24721] EXT4-fs: Ignoring removed oldalloc option [ 634.342948][T24721] EXT4-fs: Ignoring removed bh option [ 634.405783][T24721] EXT4-fs (loop6): bad geometry: bigalloc file system with non-zero first_data_block [ 634.405783][T24721] [ 634.455410][ T5899] usb 6-1: USB disconnect, device number 5 [ 634.525311][T24725] can0: slcan on ptm0. [ 634.759332][T24724] can0 (unregistered): slcan off ptm0. [ 635.006444][T24746] loop0: detected capacity change from 0 to 128 [ 635.227747][T24759] loop4: detected capacity change from 0 to 512 [ 635.288093][T24759] EXT4-fs: Ignoring removed nobh option [ 635.327426][T24759] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 635.418596][T24759] EXT4-fs (loop4): 1 truncate cleaned up [ 635.442970][T24759] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 635.738811][T21761] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 636.098249][ T808] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 636.258244][ T808] usb 7-1: Using ep0 maxpacket: 16 [ 636.292649][ T808] usb 7-1: unable to get BOS descriptor or descriptor too short [ 636.322870][ T808] usb 7-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=36.87 [ 636.348264][ T808] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.367527][ T808] usb 7-1: Product: syz [ 636.379489][ T808] usb 7-1: Manufacturer: syz [ 636.388481][ T808] usb 7-1: SerialNumber: syz [ 637.085635][T24806] loop1: detected capacity change from 0 to 40427 [ 637.096777][T24806] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 637.111553][T24806] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 637.125121][T24806] F2FS-fs (loop1): invalid crc value [ 637.209533][T24806] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 637.234355][T24806] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 637.241477][T24806] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 637.288387][ T808] usb 7-1: reset high-speed USB device number 6 using dummy_hcd [ 637.304379][ T5845] syz-executor: attempt to access beyond end of device [ 637.304379][ T5845] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 637.311619][T24826] loop4: detected capacity change from 0 to 256 [ 637.326364][T24826] exfat: Deprecated parameter 'utf8' [ 637.350335][T24826] exfat: Deprecated parameter 'utf8' [ 637.370372][ T5845] CPU: 0 UID: 0 PID: 5845 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 637.370402][ T5845] Tainted: [L]=SOFTLOCKUP [ 637.370409][ T5845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 637.370420][ T5845] Call Trace: [ 637.370429][ T5845] [ 637.370437][ T5845] dump_stack_lvl+0xe8/0x150 [ 637.370471][ T5845] f2fs_stop_checkpoint+0x3c7/0x590 [ 637.370506][ T5845] f2fs_write_end_io+0x12e5/0x17a0 [ 637.370552][ T5845] __submit_merged_bio+0x256/0x6a0 [ 637.370591][ T5845] __submit_merged_write_cond+0x3c9/0x4e0 [ 637.370625][ T5845] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 637.370680][ T5845] f2fs_write_data_pages+0x287e/0x34f0 [ 637.370699][ T5845] ? unwind_next_frame+0xa6/0x2550 [ 637.370757][ T5845] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 637.370774][ T5845] ? is_bpf_text_address+0x26/0x2b0 [ 637.370814][ T5845] ? arch_stack_walk+0xfb/0x150 [ 637.370865][ T5845] ? add_lock_to_list+0xc7/0x100 [ 637.370888][ T5845] ? lockdep_unlock+0x5d/0xd0 [ 637.370908][ T5845] ? __lock_acquire+0x146e/0x2cf0 [ 637.370968][ T5845] ? do_raw_spin_lock+0x12b/0x2f0 [ 637.371001][ T5845] ? do_raw_spin_unlock+0xf5/0x210 [ 637.371019][ T5845] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 637.371035][ T5845] do_writepages+0x32e/0x550 [ 637.371061][ T5845] ? do_raw_spin_unlock+0xf5/0x210 [ 637.371081][ T5845] filemap_fdatawrite+0x1e9/0x2f0 [ 637.371101][ T5845] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 637.371155][ T5845] ? do_raw_spin_unlock+0xf5/0x210 [ 637.371175][ T5845] f2fs_sync_dirty_inodes+0x30e/0x830 [ 637.371203][ T5845] f2fs_write_checkpoint+0x9df/0x26a0 [ 637.371218][ T5845] ? __lock_acquire+0x6b5/0x2cf0 [ 637.371261][ T5845] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 637.371320][ T5845] kill_f2fs_super+0x314/0x730 [ 637.371341][ T5845] ? __pfx_kill_f2fs_super+0x10/0x10 [ 637.371366][ T5845] ? lockdep_hardirqs_on+0x7a/0x110 [ 637.371395][ T5845] deactivate_locked_super+0xbc/0x130 [ 637.371418][ T5845] cleanup_mnt+0x437/0x4d0 [ 637.371432][ T5845] ? _raw_spin_unlock_irq+0x23/0x50 [ 637.371452][ T5845] task_work_run+0x1d9/0x270 [ 637.371472][ T5845] ? __pfx_task_work_run+0x10/0x10 [ 637.371495][ T5845] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.371511][ T5845] exit_to_user_mode_loop+0xed/0x480 [ 637.371528][ T5845] ? rcu_is_watching+0x15/0xb0 [ 637.371543][ T5845] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.371558][ T5845] do_syscall_64+0x33e/0xf80 [ 637.371575][ T5845] ? trace_irq_disable+0x3b/0x140 [ 637.371592][ T5845] ? clear_bhb_loop+0x40/0x90 [ 637.371609][ T5845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.371623][ T5845] RIP: 0033:0x7f545cf9da57 [ 637.371637][ T5845] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 637.371648][ T5845] RSP: 002b:00007fffd2481b28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 637.371663][ T5845] RAX: 0000000000000000 RBX: 00007f545d032048 RCX: 00007f545cf9da57 [ 637.371673][ T5845] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffd2481be0 [ 637.371681][ T5845] RBP: 00007fffd2481be0 R08: 00007fffd2482be0 R09: 00000000ffffffff [ 637.371691][ T5845] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffd2482c70 [ 637.371699][ T5845] R13: 00007f545d032048 R14: 000000000009b93b R15: 00007fffd2482cb0 [ 637.371725][ T5845] [ 637.373644][ T5845] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 637.399364][T24826] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xd67973f8, utbl_chksum : 0xe619d30d) [ 637.750782][ T808] usb 7-1: unable to get BOS descriptor or descriptor too short [ 637.879420][T24834] netlink: 'syz.5.7675': attribute type 1 has an invalid length. [ 637.928846][T24834] netlink: 'syz.5.7675': attribute type 2 has an invalid length. [ 638.018747][ T808] usb 7-1: USB disconnect, device number 6 [ 638.490191][T24840] loop4: detected capacity change from 0 to 40427 [ 638.503271][T24840] F2FS-fs (loop4): build fault injection rate: 771 [ 638.517082][T24840] F2FS-fs (loop4): invalid crc value [ 638.538806][ T5838] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 638.693521][T24840] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 638.717329][ T5838] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 638.735600][ T5838] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 638.756707][T24840] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 638.765988][ T5838] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 638.787727][ T5838] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 638.808786][ T5838] usb 2-1: Manufacturer: syz [ 638.825422][T21761] syz-executor: attempt to access beyond end of device [ 638.825422][T21761] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 638.836349][ T5838] usb 2-1: config 0 descriptor?? [ 638.877002][T24859] loop0: detected capacity change from 0 to 512 [ 638.885209][T21761] CPU: 1 UID: 0 PID: 21761 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 638.885237][T21761] Tainted: [L]=SOFTLOCKUP [ 638.885244][T21761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 638.885253][T21761] Call Trace: [ 638.885261][T21761] [ 638.885270][T21761] dump_stack_lvl+0xe8/0x150 [ 638.885302][T21761] f2fs_stop_checkpoint+0x3c7/0x590 [ 638.885333][T21761] f2fs_write_end_io+0x12e5/0x17a0 [ 638.885370][T21761] __submit_merged_bio+0x256/0x6a0 [ 638.885402][T21761] __submit_merged_write_cond+0x3c9/0x4e0 [ 638.885434][T21761] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 638.885481][T21761] f2fs_write_data_pages+0x287e/0x34f0 [ 638.885500][T21761] ? unwind_next_frame+0xa6/0x2550 [ 638.885554][T21761] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 638.885572][T21761] ? is_bpf_text_address+0x26/0x2b0 [ 638.885606][T21761] ? arch_stack_walk+0xfb/0x150 [ 638.885651][T21761] ? add_lock_to_list+0xc7/0x100 [ 638.885672][T21761] ? lockdep_unlock+0x5d/0xd0 [ 638.885693][T21761] ? __lock_acquire+0x146e/0x2cf0 [ 638.885751][T21761] ? do_raw_spin_lock+0x12b/0x2f0 [ 638.885783][T21761] ? do_raw_spin_unlock+0xf5/0x210 [ 638.885806][T21761] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 638.885826][T21761] do_writepages+0x32e/0x550 [ 638.885859][T21761] ? do_raw_spin_unlock+0xf5/0x210 [ 638.885885][T21761] filemap_fdatawrite+0x1e9/0x2f0 [ 638.885910][T21761] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 638.885974][T21761] ? do_raw_spin_unlock+0xf5/0x210 [ 638.885999][T21761] f2fs_sync_dirty_inodes+0x30e/0x830 [ 638.886029][T21761] f2fs_write_checkpoint+0x9df/0x26a0 [ 638.886077][T21761] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 638.886133][T21761] ? kfree+0x1c5/0x640 [ 638.886158][T21761] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 638.886187][T21761] kill_f2fs_super+0x314/0x730 [ 638.886214][T21761] ? __pfx_kill_f2fs_super+0x10/0x10 [ 638.886245][T21761] ? lockdep_hardirqs_on+0x7a/0x110 [ 638.886282][T21761] deactivate_locked_super+0xbc/0x130 [ 638.886312][T21761] cleanup_mnt+0x437/0x4d0 [ 638.886330][T21761] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.886355][T21761] task_work_run+0x1d9/0x270 [ 638.886380][T21761] ? __pfx_task_work_run+0x10/0x10 [ 638.886409][T21761] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.886428][T21761] exit_to_user_mode_loop+0xed/0x480 [ 638.886451][T21761] ? rcu_is_watching+0x15/0xb0 [ 638.886470][T21761] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.886489][T21761] do_syscall_64+0x33e/0xf80 [ 638.886511][T21761] ? trace_irq_disable+0x3b/0x140 [ 638.886533][T21761] ? clear_bhb_loop+0x40/0x90 [ 638.886555][T21761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.886574][T21761] RIP: 0033:0x7f5e20f9da57 [ 638.886592][T21761] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 638.886606][T21761] RSP: 002b:00007ffdc9f0ea58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 638.886625][T21761] RAX: 0000000000000000 RBX: 00007f5e21032048 RCX: 00007f5e20f9da57 [ 638.886638][T21761] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdc9f0eb10 [ 638.886649][T21761] RBP: 00007ffdc9f0eb10 R08: 00007ffdc9f0fb10 R09: 00000000ffffffff [ 638.886662][T21761] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdc9f0fba0 [ 638.886674][T21761] R13: 00007f5e21032048 R14: 000000000009bf30 R15: 00007ffdc9f0fbe0 [ 638.886704][T21761] [ 638.887021][T21761] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 638.951867][T24859] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 639.272778][T24859] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e02c, mo2=0002] [ 639.288513][T24859] EXT4-fs (loop0): orphan cleanup on readonly fs [ 639.310010][T24859] EXT4-fs error (device loop0): ext4_orphan_get:1423: comm syz.0.7686: bad orphan inode 3 [ 639.321082][T24859] loop0: lost filesystem error report for type 5 error -117 [ 639.322627][T24859] EXT4-fs (loop0): Remounting filesystem read-only [ 639.329998][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 639.330021][ C0] EXT4-fs (loop0): initial error at time 2000000123: ext4_orphan_get:1423 [ 639.330044][ C0] EXT4-fs (loop0): last error at time 2000000123: ext4_orphan_get:1423 [ 639.365145][T24859] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 639.427459][T24859] EXT4-fs warning (device loop0): ext4_resize_begin:82: There are errors in the filesystem, so online resizing is not allowed [ 639.506264][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 639.584277][ T5838] uclogic 0003:256C:006D.0006: failed retrieving Huion firmware version: -71 [ 639.595228][ T5838] uclogic 0003:256C:006D.0006: failed probing parameters: -71 [ 639.637816][T24871] loop6: detected capacity change from 0 to 128 [ 639.638481][ T5838] uclogic 0003:256C:006D.0006: probe with driver uclogic failed with error -71 [ 639.705028][T24871] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 639.740708][ T5838] usb 2-1: USB disconnect, device number 39 [ 639.749067][T24871] hpfs: filesystem error: improperly stopped [ 639.771813][T24871] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 639.811238][T24871] hpfs: You really don't want any checks? You are crazy... [ 639.846116][T24871] hpfs: hpfs_map_sector(): read error [ 639.862938][T24871] hpfs: code page support is disabled [ 639.873165][T24871] hpfs: hpfs_map_4sectors(): unaligned read [ 639.888516][T24871] hpfs: hpfs_map_4sectors(): unaligned read [ 639.900388][T24871] hpfs: filesystem error: unable to find root dir [ 640.380589][T24889] loop4: detected capacity change from 0 to 1024 [ 640.406179][T24889] EXT4-fs: Ignoring removed bh option [ 640.455426][T24889] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 640.536557][T24889] ext4 filesystem being mounted at /181/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 640.638910][T24889] EXT4-fs error (device loop4): ext4_map_blocks:831: inode #15: comm syz.4.7685: lblock 0 mapped to illegal pblock 0 (length 1) [ 640.696655][T24889] EXT4-fs error (device loop4): ext4_map_blocks:789: inode #15: comm syz.4.7685: lblock 0 mapped to illegal pblock 0 (length 1) [ 640.764026][T24889] EXT4-fs error (device loop4): ext4_ext_remove_space:2969: inode #15: comm syz.4.7685: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 640.853456][T24891] loop6: detected capacity change from 0 to 32768 [ 640.907724][T24891] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 640.964144][T21761] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 640.988967][T24909] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.7694' sets config #6 [ 641.040580][T24891] XFS (loop6): Ending clean mount [ 641.060725][T24891] XFS (loop6): Quotacheck needed: Please wait. [ 641.324176][ T5899] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 641.365391][T24891] XFS (loop6): Quotacheck: Done. [ 641.403619][ T29] audit: type=1800 audit(2000000125.920:2517): pid=24891 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.7688" name="file1" dev="loop6" ino=6150 res=0 errno=0 [ 641.485745][T21972] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 641.498000][ T5899] usb 1-1: Using ep0 maxpacket: 32 [ 641.515767][ T5899] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 641.524933][ T5899] usb 1-1: config 0 has no interface number 0 [ 641.538737][ T5899] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 641.538764][ T5899] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.538783][ T5899] usb 1-1: Product: syz [ 641.538797][ T5899] usb 1-1: Manufacturer: syz [ 641.538811][ T5899] usb 1-1: SerialNumber: syz [ 641.562697][ T5899] usb 1-1: config 0 descriptor?? [ 641.584432][ T5899] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 641.584461][ T5899] usb 1-1: selecting invalid altsetting 1 [ 641.584478][ T5899] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 641.600417][ T5899] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 641.600744][ T5899] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 641.600791][ T5899] usb 1-1: media controller created [ 641.665861][ T5899] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 641.788022][ T5899] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 641.805661][ T5899] zl10353_read_register: readreg error (reg=127, ret==-71) [ 641.808315][T24916] loop5: detected capacity change from 0 to 40427 [ 641.829446][ T5899] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 641.867614][T24916] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 641.916564][T24916] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 641.977375][T24916] F2FS-fs (loop5): invalid crc value [ 642.041641][ T5899] usb 1-1: USB disconnect, device number 28 [ 642.215549][T24916] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 642.237623][T24916] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 642.252364][T24916] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 642.363052][T24920] loop1: detected capacity change from 0 to 32768 [ 642.421867][T24920] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 642.428886][T21848] syz-executor: attempt to access beyond end of device [ 642.428886][T21848] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 642.471988][T24920] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 642.506018][T21848] CPU: 1 UID: 0 PID: 21848 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 642.506046][T21848] Tainted: [L]=SOFTLOCKUP [ 642.506052][T21848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 642.506063][T21848] Call Trace: [ 642.506071][T21848] [ 642.506078][T21848] dump_stack_lvl+0xe8/0x150 [ 642.506110][T21848] f2fs_stop_checkpoint+0x3c7/0x590 [ 642.506143][T21848] f2fs_write_end_io+0x12e5/0x17a0 [ 642.506187][T21848] __submit_merged_bio+0x256/0x6a0 [ 642.506222][T21848] __submit_merged_write_cond+0x3c9/0x4e0 [ 642.506259][T21848] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 642.506314][T21848] f2fs_write_data_pages+0x287e/0x34f0 [ 642.506333][T21848] ? unwind_next_frame+0xa6/0x2550 [ 642.506392][T21848] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 642.506417][T21848] ? is_bpf_text_address+0x26/0x2b0 [ 642.506456][T21848] ? arch_stack_walk+0xfb/0x150 [ 642.506509][T21848] ? add_lock_to_list+0xc7/0x100 [ 642.506532][T21848] ? lockdep_unlock+0x5d/0xd0 [ 642.506554][T21848] ? __lock_acquire+0x146e/0x2cf0 [ 642.506613][T21848] ? do_raw_spin_lock+0x12b/0x2f0 [ 642.506648][T21848] ? do_raw_spin_unlock+0xf5/0x210 [ 642.506671][T21848] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 642.506693][T21848] do_writepages+0x32e/0x550 [ 642.506726][T21848] ? do_raw_spin_unlock+0xf5/0x210 [ 642.506752][T21848] filemap_fdatawrite+0x1e9/0x2f0 [ 642.506776][T21848] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 642.506848][T21848] ? do_raw_spin_unlock+0xf5/0x210 [ 642.506876][T21848] f2fs_sync_dirty_inodes+0x30e/0x830 [ 642.506914][T21848] f2fs_write_checkpoint+0x9df/0x26a0 [ 642.506934][T21848] ? __lock_acquire+0x6b5/0x2cf0 [ 642.506994][T21848] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 642.507073][T21848] kill_f2fs_super+0x314/0x730 [ 642.507102][T21848] ? __pfx_kill_f2fs_super+0x10/0x10 [ 642.507138][T21848] ? lockdep_hardirqs_on+0x7a/0x110 [ 642.507178][T21848] deactivate_locked_super+0xbc/0x130 [ 642.507209][T21848] cleanup_mnt+0x437/0x4d0 [ 642.507228][T21848] ? _raw_spin_unlock_irq+0x23/0x50 [ 642.507259][T21848] task_work_run+0x1d9/0x270 [ 642.507286][T21848] ? __pfx_task_work_run+0x10/0x10 [ 642.507317][T21848] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.507339][T21848] exit_to_user_mode_loop+0xed/0x480 [ 642.507362][T21848] ? rcu_is_watching+0x15/0xb0 [ 642.507382][T21848] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.507402][T21848] do_syscall_64+0x33e/0xf80 [ 642.507430][T21848] ? trace_irq_disable+0x3b/0x140 [ 642.507453][T21848] ? clear_bhb_loop+0x40/0x90 [ 642.507478][T21848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.507496][T21848] RIP: 0033:0x7f5e1139da57 [ 642.507515][T21848] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 642.507530][T21848] RSP: 002b:00007ffe48376aa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 642.507551][T21848] RAX: 0000000000000000 RBX: 00007f5e11432048 RCX: 00007f5e1139da57 [ 642.507564][T21848] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe48376b60 [ 642.507575][T21848] RBP: 00007ffe48376b60 R08: 00007ffe48377b60 R09: 00000000ffffffff [ 642.507588][T21848] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe48377bf0 [ 642.507600][T21848] R13: 00007f5e11432048 R14: 000000000009cd36 R15: 00007ffe48377c30 [ 642.507634][T21848] [ 642.832893][T21848] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 643.095194][T24920] XFS (loop1): Ending clean mount [ 643.103012][T24920] XFS (loop1): Quotacheck needed: Please wait. [ 643.188059][T24955] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7710'. [ 643.384819][T24920] XFS (loop1): Quotacheck: Done. [ 643.677928][T24965] loop5: detected capacity change from 0 to 1024 [ 643.856895][T24973] loop6: detected capacity change from 0 to 256 [ 643.866446][ T1160] hfsplus: b-tree write err: -5, ino 25 [ 643.883485][T24973] exfat: Deprecated parameter 'namecase' [ 643.889934][ T1160] hfsplus: b-tree write err: -5, ino 4 [ 643.896665][ T5845] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 643.914001][ T1160] hfsplus: b-tree write err: -5, ino 2 [ 643.938229][T24973] exfat: Deprecated parameter 'namecase' [ 644.026606][T24973] exFAT-fs (loop6): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d) [ 644.619630][T24993] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7730'. [ 644.640674][T24993] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7730'. [ 644.668749][T24993] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 644.699828][T24995] veth1_macvtap: left promiscuous mode [ 644.726334][T24995] macsec0: entered allmulticast mode [ 644.762932][T24998] veth1_macvtap: entered promiscuous mode [ 644.806486][T24998] veth1_macvtap: entered allmulticast mode [ 644.834225][T24998] macsec0: left allmulticast mode [ 644.850261][T24998] veth1_macvtap: left allmulticast mode [ 644.897290][ T5838] kernel write not supported for file /amidi2 (pid: 5838 comm: kworker/0:3) [ 645.147156][T24989] loop5: detected capacity change from 0 to 32768 [ 645.197679][T24989] (syz.5.7726,24989,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 645.226509][T25008] loop6: detected capacity change from 0 to 128 [ 645.240391][T24989] (syz.5.7726,24989,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 645.298442][T24989] JBD2: Ignoring recovery information on journal [ 645.310476][T25008] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 645.356440][T25008] ext4 filesystem being mounted at /186/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 645.383944][T24989] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 645.490515][T21972] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 645.602750][T24983] loop0: detected capacity change from 0 to 65536 [ 645.625614][T24983] XFS (loop0): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 645.736348][T24983] XFS (loop0): Ending clean mount [ 645.739412][T25000] loop1: detected capacity change from 0 to 32768 [ 645.764027][T21848] ocfs2: Unmounting device (7,5) on (node local) [ 645.812762][T25000] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 645.971107][ T5838] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 645.983147][T25000] XFS (loop1): Ending clean mount [ 646.082721][ T5845] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 646.140237][ T5838] usb 7-1: Using ep0 maxpacket: 16 [ 646.146541][ T5844] XFS (loop0): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 646.164132][ T5838] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 646.179763][T25034] loop4: detected capacity change from 0 to 512 [ 646.206683][ T5838] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 646.237102][ T5838] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 646.249885][T25034] EXT4-fs (loop4): orphan cleanup on readonly fs [ 646.301406][T25034] EXT4-fs (loop4): 1 truncate cleaned up [ 646.311638][T25034] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 646.329784][T25037] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7736'. [ 646.356079][ T5838] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 646.369889][ T5838] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 646.372304][T25037] openvswitch: netlink: nsh attr 4 is out of range max 3 [ 646.453564][ T5838] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 646.470824][T21761] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 646.493985][ T5838] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 646.551336][ T5838] usb 7-1: Manufacturer: syz [ 646.577146][ T5838] usb 7-1: config 0 descriptor?? [ 646.807184][T25043] loop1: detected capacity change from 0 to 128 [ 646.858723][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 646.897250][T25043] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 646.927165][T25043] ext4 filesystem being mounted at /1521/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 646.948701][ T5838] rc_core: IR keymap rc-hauppauge not found [ 646.956671][ T5838] Registered IR keymap rc-empty [ 646.966313][ T5838] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 647.019627][ T5838] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 647.038801][ T5845] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 647.061605][ T5838] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0 [ 647.090437][ T5838] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input37 [ 647.127074][ T5838] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 647.168613][ T5838] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 647.211077][ T5838] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 647.249256][ T5838] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 647.298860][ T5838] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 647.319165][ T5838] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 647.340019][ T5838] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 647.361648][ T5838] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 647.390292][ T5838] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 647.409899][ T5838] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 647.432642][ T5838] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 647.450552][ T5838] mceusb 7-1:0.0: Registered with mce emulator interface version 1 [ 647.450579][ T5838] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 647.456110][ T5838] usb 7-1: USB disconnect, device number 7 [ 647.739008][T25067] loop0: detected capacity change from 0 to 512 [ 647.755899][T25067] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 647.823135][T25067] EXT4-fs (loop0): 1 truncate cleaned up [ 647.846584][T25067] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 647.964654][T25055] loop1: detected capacity change from 0 to 32768 [ 648.033518][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 648.116064][T25055] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 648.201801][T25055] XFS (loop1): Ending clean mount [ 648.270167][T25055] XFS (loop1): Quotacheck needed: Please wait. [ 648.313138][ T5838] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 648.429928][T25055] XFS (loop1): Quotacheck: Done. [ 648.447804][ T29] audit: type=1800 audit(2000000132.960:2518): pid=25055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.7742" name="file1" dev="loop1" ino=6150 res=0 errno=0 [ 648.506182][ T5845] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 648.518894][ T5838] usb 5-1: Using ep0 maxpacket: 32 [ 648.526273][ T5838] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 648.536189][ T9] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 648.544371][ T5838] usb 5-1: config 0 has no interface number 0 [ 648.586053][ T5838] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 648.597261][ T5838] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 648.609951][ T5838] usb 5-1: Product: syz [ 648.615227][ T5838] usb 5-1: Manufacturer: syz [ 648.640454][ T5838] usb 5-1: SerialNumber: syz [ 648.650559][ T5838] usb 5-1: config 0 descriptor?? [ 648.662571][ T5838] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 648.672488][ T5838] usb 5-1: selecting invalid altsetting 1 [ 648.678949][ T5838] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 648.697673][ T5838] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 648.703237][T25097] loop5: detected capacity change from 0 to 256 [ 648.709881][ T5838] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 648.725199][ T5838] usb 5-1: media controller created [ 648.725329][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 648.760478][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 648.782398][T25097] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x4711949a, utbl_chksum : 0xe619d30d) [ 648.804887][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 648.836889][ T5838] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 648.850353][T25098] can0: slcan on ptm0. [ 648.865957][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 648.892350][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 648.905893][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 648.956489][ T9] usb 1-1: Product: syz [ 648.969063][ T9] usb 1-1: Manufacturer: syz [ 648.981318][ T5838] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 649.026756][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 649.046553][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 649.093932][ T5838] zl10353_read_register: readreg error (reg=127, ret==-71) [ 649.114745][ T5838] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 649.122619][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 649.141613][T25095] can0 (unregistered): slcan off ptm0. [ 649.150454][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [ 649.285243][ T9] usb 1-1: USB disconnect, device number 29 [ 649.421741][ T5838] usb 5-1: USB disconnect, device number 36 [ 649.706424][T25125] loop4: detected capacity change from 0 to 512 [ 649.742951][T25125] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a843c198, mo2=0002] [ 649.812650][T25125] System zones: 1-12 [ 649.854486][T25125] EXT4-fs error (device loop4): ext4_iget_extra_inode:5043: inode #15: comm syz.4.7768: corrupted in-inode xattr: e_value size too large [ 649.937956][T25125] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 649.938175][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 649.953867][ C0] EXT4-fs (loop4): initial error at time 2000000134: ext4_iget_extra_inode:5043: inode 15 [ 649.963821][ C0] EXT4-fs (loop4): last error at time 2000000134: ext4_iget_extra_inode:5043: inode 15 [ 649.999501][T25125] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.7768: couldn't read orphan inode 15 (err -117) [ 650.034580][T25125] loop4: lost filesystem error report for type 5 error -117 [ 650.044929][T25125] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 650.294568][T21761] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 650.511519][T25146] loop0: detected capacity change from 0 to 4096 [ 650.529847][T25146] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 650.548266][ T5899] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 650.650682][T25146] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 650.720951][ T5899] usb 2-1: Using ep0 maxpacket: 32 [ 650.750389][ T5899] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 650.784763][ T5899] usb 2-1: config 0 has no interface number 0 [ 650.814547][ T5899] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 650.841210][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 650.869811][ T5899] usb 2-1: Product: syz [ 650.883463][ T5899] usb 2-1: Manufacturer: syz [ 650.899064][ T5899] usb 2-1: SerialNumber: syz [ 650.925369][ T5899] usb 2-1: config 0 descriptor?? [ 650.955181][ T5899] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 650.981416][ T5899] usb 2-1: selecting invalid altsetting 1 [ 650.994140][ T5899] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 651.036153][ T5899] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 651.085394][T25136] loop6: detected capacity change from 0 to 40427 [ 651.099574][ T5899] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 651.110648][T25136] F2FS-fs (loop6): build fault injection rate: 771 [ 651.121052][ T5899] usb 2-1: media controller created [ 651.136520][T25136] F2FS-fs (loop6): invalid crc value [ 651.231270][ T5899] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 651.259980][T25177] loop5: detected capacity change from 0 to 128 [ 651.362628][ T5899] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 651.403377][ T5899] zl10353_read_register: readreg error (reg=127, ret==-71) [ 651.444747][ T5899] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 651.480368][T25136] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 651.522141][T25185] loop0: detected capacity change from 0 to 512 [ 651.576789][T25185] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a843c198, mo2=0002] [ 651.613674][T25136] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 651.627729][T25185] System zones: 1-12 [ 651.643341][ T5899] usb 2-1: USB disconnect, device number 40 [ 651.684987][T25185] EXT4-fs error (device loop0): ext4_iget_extra_inode:5043: inode #15: comm syz.0.7787: corrupted in-inode xattr: e_value size too large [ 651.780550][T25185] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 651.781480][T25185] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.7787: couldn't read orphan inode 15 (err -117) [ 651.791210][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 651.791264][ C0] EXT4-fs (loop0): initial error at time 2000000136: ext4_iget_extra_inode:5043: inode 15 [ 651.791307][ C0] EXT4-fs (loop0): last error at time 2000000136: ext4_iget_extra_inode:5043: inode 15 [ 651.880215][T25185] loop0: lost filesystem error report for type 5 error -117 [ 651.904313][T21972] syz-executor: attempt to access beyond end of device [ 651.904313][T21972] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 651.904630][T25185] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 651.952925][T25197] loop5: detected capacity change from 0 to 512 [ 651.961212][T25197] EXT4-fs: Ignoring removed nomblk_io_submit option [ 651.970620][T25197] EXT4-fs: Ignoring removed mblk_io_submit option [ 651.978615][ T5840] Bluetooth: hci1: command 0x0406 tx timeout [ 652.045666][T25197] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2 [ 652.102740][T25197] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -2 [ 652.120909][T21972] CPU: 1 UID: 0 PID: 21972 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 652.120939][T21972] Tainted: [L]=SOFTLOCKUP [ 652.120945][T21972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 652.120956][T21972] Call Trace: [ 652.120963][T21972] [ 652.120971][T21972] dump_stack_lvl+0xe8/0x150 [ 652.121003][T21972] f2fs_stop_checkpoint+0x3c7/0x590 [ 652.121034][T21972] f2fs_write_end_io+0x12e5/0x17a0 [ 652.121075][T21972] __submit_merged_bio+0x256/0x6a0 [ 652.121107][T21972] __submit_merged_write_cond+0x3c9/0x4e0 [ 652.121140][T21972] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 652.121187][T21972] f2fs_write_data_pages+0x287e/0x34f0 [ 652.121206][T21972] ? unwind_next_frame+0xa6/0x2550 [ 652.121265][T21972] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 652.121283][T21972] ? is_bpf_text_address+0x26/0x2b0 [ 652.121317][T21972] ? arch_stack_walk+0xfb/0x150 [ 652.121366][T21972] ? add_lock_to_list+0xc7/0x100 [ 652.121388][T21972] ? lockdep_unlock+0x5d/0xd0 [ 652.121409][T21972] ? __lock_acquire+0x146e/0x2cf0 [ 652.121458][T21972] ? do_raw_spin_lock+0x12b/0x2f0 [ 652.121489][T21972] ? do_raw_spin_unlock+0xf5/0x210 [ 652.121511][T21972] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 652.121531][T21972] do_writepages+0x32e/0x550 [ 652.121564][T21972] ? do_raw_spin_unlock+0xf5/0x210 [ 652.121588][T21972] filemap_fdatawrite+0x1e9/0x2f0 [ 652.121614][T21972] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 652.121682][T21972] ? do_raw_spin_unlock+0xf5/0x210 [ 652.121709][T21972] f2fs_sync_dirty_inodes+0x30e/0x830 [ 652.121744][T21972] f2fs_write_checkpoint+0x9df/0x26a0 [ 652.121794][T21972] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 652.121852][T21972] ? kfree+0x1c5/0x640 [ 652.121876][T21972] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 652.121917][T21972] kill_f2fs_super+0x314/0x730 [ 652.121944][T21972] ? __pfx_kill_f2fs_super+0x10/0x10 [ 652.121978][T21972] ? lockdep_hardirqs_on+0x7a/0x110 [ 652.122016][T21972] deactivate_locked_super+0xbc/0x130 [ 652.122057][T21972] cleanup_mnt+0x437/0x4d0 [ 652.122074][T21972] ? _raw_spin_unlock_irq+0x23/0x50 [ 652.122099][T21972] task_work_run+0x1d9/0x270 [ 652.122123][T21972] ? __pfx_task_work_run+0x10/0x10 [ 652.122153][T21972] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.122172][T21972] exit_to_user_mode_loop+0xed/0x480 [ 652.122194][T21972] ? rcu_is_watching+0x15/0xb0 [ 652.122215][T21972] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.122233][T21972] do_syscall_64+0x33e/0xf80 [ 652.122255][T21972] ? trace_irq_disable+0x3b/0x140 [ 652.122282][T21972] ? clear_bhb_loop+0x40/0x90 [ 652.122304][T21972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.122322][T21972] RIP: 0033:0x7f4d7ed9da57 [ 652.122340][T21972] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 652.122354][T21972] RSP: 002b:00007ffe4556ef18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 652.122374][T21972] RAX: 0000000000000000 RBX: 00007f4d7ee32048 RCX: 00007f4d7ed9da57 [ 652.122387][T21972] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe4556efd0 [ 652.122398][T21972] RBP: 00007ffe4556efd0 R08: 00007ffe4556ffd0 R09: 00000000ffffffff [ 652.122411][T21972] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe45570060 [ 652.122422][T21972] R13: 00007f4d7ee32048 R14: 000000000009f246 R15: 00007ffe455700a0 [ 652.122451][T21972] [ 652.127287][T25197] EXT4-fs (loop5): 1 truncate cleaned up [ 652.145262][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 652.155551][T21972] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 652.169239][T25197] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 652.657359][T25197] EXT4-fs error (device loop5): ext4_map_blocks:789: inode #2: block 4: comm syz.5.7791: lblock 0 mapped to illegal pblock 4 (length 1) [ 652.675966][T25197] EXT4-fs (loop5): Remounting filesystem read-only [ 652.787822][T21848] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 653.009490][ T5899] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 653.158271][ T5892] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 653.178266][ T5899] usb 2-1: Using ep0 maxpacket: 16 [ 653.186836][ T5899] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 653.209405][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 653.229012][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 653.251731][ T5899] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 653.279640][ T5899] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 653.313704][ T5899] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 653.327546][ T5899] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 653.335933][ T5892] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 653.350740][ T5892] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 653.369016][ T5899] usb 2-1: Manufacturer: syz [ 653.378983][ T5892] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 653.389070][ T5899] usb 2-1: config 0 descriptor?? [ 653.402385][ T5892] usb 7-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 653.422839][ T5892] usb 7-1: Manufacturer: syz [ 653.439020][ T5892] usb 7-1: config 0 descriptor?? [ 653.590754][T25232] loop5: detected capacity change from 0 to 40427 [ 653.603556][T25232] F2FS-fs (loop5): build fault injection rate: 771 [ 653.622043][T25232] F2FS-fs (loop5): invalid crc value [ 653.708967][ T5899] rc_core: IR keymap rc-hauppauge not found [ 653.719460][ T5899] Registered IR keymap rc-empty [ 653.724734][ T5899] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 653.748852][ T5899] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 653.762103][T25232] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 653.775295][ T5899] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 653.792320][T25232] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 653.793297][ T5899] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input38 [ 653.817614][ T5899] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 653.840416][ T5899] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 653.863725][ T5899] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 653.875327][T25241] netlink: 40 bytes leftover after parsing attributes in process `syz.4.7811'. [ 653.895784][T25241] netlink: 40 bytes leftover after parsing attributes in process `syz.4.7811'. [ 653.901891][T21848] syz-executor: attempt to access beyond end of device [ 653.901891][T21848] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 653.926954][ T5899] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 653.938683][T21848] CPU: 1 UID: 0 PID: 21848 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 653.938710][T21848] Tainted: [L]=SOFTLOCKUP [ 653.938716][T21848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 653.938725][T21848] Call Trace: [ 653.938732][T21848] [ 653.938740][T21848] dump_stack_lvl+0xe8/0x150 [ 653.938776][T21848] f2fs_stop_checkpoint+0x3c7/0x590 [ 653.938809][T21848] f2fs_write_end_io+0x12e5/0x17a0 [ 653.938852][T21848] __submit_merged_bio+0x256/0x6a0 [ 653.938882][T21848] __submit_merged_write_cond+0x3c9/0x4e0 [ 653.938915][T21848] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 653.938967][T21848] f2fs_write_data_pages+0x287e/0x34f0 [ 653.939021][T21848] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 653.939083][T21848] ? unwind_next_frame+0xa6/0x2550 [ 653.939098][T21848] ? rcu_is_watching+0x15/0xb0 [ 653.939111][T21848] ? __kasan_check_byte+0x12/0x40 [ 653.939129][T21848] ? __bfs+0x153/0x290 [ 653.939142][T21848] ? __pfx_hlock_conflict+0x10/0x10 [ 653.939181][T21848] ? lockdep_unlock+0x5d/0xd0 [ 653.939204][T21848] ? __lock_acquire+0x146e/0x2cf0 [ 653.939259][T21848] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 653.939280][T21848] do_writepages+0x32e/0x550 [ 653.939315][T21848] ? do_raw_spin_unlock+0xf5/0x210 [ 653.939348][T21848] filemap_fdatawrite+0x1e9/0x2f0 [ 653.939374][T21848] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 653.939440][T21848] ? do_raw_spin_unlock+0xf5/0x210 [ 653.939466][T21848] f2fs_sync_dirty_inodes+0x30e/0x830 [ 653.939502][T21848] f2fs_write_checkpoint+0x9df/0x26a0 [ 653.939559][T21848] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 653.939623][T21848] ? kfree+0x1c5/0x640 [ 653.939647][T21848] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 653.939679][T21848] kill_f2fs_super+0x314/0x730 [ 653.939707][T21848] ? __pfx_kill_f2fs_super+0x10/0x10 [ 653.939742][T21848] ? lockdep_hardirqs_on+0x7a/0x110 [ 653.939781][T21848] deactivate_locked_super+0xbc/0x130 [ 653.939811][T21848] cleanup_mnt+0x437/0x4d0 [ 653.939829][T21848] ? _raw_spin_unlock_irq+0x23/0x50 [ 653.939856][T21848] task_work_run+0x1d9/0x270 [ 653.939881][T21848] ? __pfx_task_work_run+0x10/0x10 [ 653.939912][T21848] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.939932][T21848] exit_to_user_mode_loop+0xed/0x480 [ 653.939955][T21848] ? rcu_is_watching+0x15/0xb0 [ 653.939975][T21848] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.939995][T21848] do_syscall_64+0x33e/0xf80 [ 653.940016][T21848] ? trace_irq_disable+0x3b/0x140 [ 653.940037][T21848] ? clear_bhb_loop+0x40/0x90 [ 653.940056][T21848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.940073][T21848] RIP: 0033:0x7f5e1139da57 [ 653.940091][T21848] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 653.940104][T21848] RSP: 002b:00007ffe48376aa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 653.940123][T21848] RAX: 0000000000000000 RBX: 00007f5e11432048 RCX: 00007f5e1139da57 [ 653.940135][T21848] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe48376b60 [ 653.940147][T21848] RBP: 00007ffe48376b60 R08: 00007ffe48377b60 R09: 00000000ffffffff [ 653.940159][T21848] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe48377bf0 [ 653.940170][T21848] R13: 00007f5e11432048 R14: 000000000009f9ef R15: 00007ffe48377c30 [ 653.940201][T21848] [ 653.940559][T21848] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 654.154877][T25245] loop4: detected capacity change from 0 to 4096 [ 654.159873][ T5899] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 654.161328][ T5892] uclogic 0003:256C:006D.0007: failed retrieving Huion firmware version: -71 [ 654.302923][ T5899] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 654.310433][ T5892] uclogic 0003:256C:006D.0007: failed probing parameters: -71 [ 654.318070][ T5892] uclogic 0003:256C:006D.0007: probe with driver uclogic failed with error -71 [ 654.330626][ T5899] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 654.348325][ T5899] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 654.365982][ T5892] usb 7-1: USB disconnect, device number 8 [ 654.389995][ T5899] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 654.398901][T25245] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 654.418819][ T5899] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 654.447319][ T5899] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 654.467199][T25245] ntfs3(loop4): Failed to load $Extend (-22). [ 654.481301][ T5899] mceusb 2-1:0.0: Registered with mce emulator interface version 1 [ 654.494308][ T5899] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 654.498889][T25245] ntfs3(loop4): Failed to initialize $Extend. [ 654.550104][ T5899] usb 2-1: USB disconnect, device number 41 [ 654.654635][T25243] loop0: detected capacity change from 0 to 32768 [ 654.792420][T25243] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 654.922853][T25243] XFS (loop0): Ending clean mount [ 655.112644][ T5844] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 655.388022][T25275] netlink: 16 bytes leftover after parsing attributes in process `syz.6.7824'. [ 655.887843][T25289] Bluetooth: MGMT ver 1.23 [ 655.960968][T25272] loop5: detected capacity change from 0 to 32768 [ 656.025751][T25272] JBD2: Ignoring recovery information on journal [ 656.042844][T25262] loop1: detected capacity change from 0 to 40427 [ 656.086436][T25262] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 656.097151][T25262] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 656.110410][T25262] F2FS-fs (loop1): build fault injection rate: 27487 [ 656.133848][T25272] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 656.150710][T25262] F2FS-fs (loop1): invalid crc value [ 656.463514][T25262] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 656.509255][T25262] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 656.522139][T25262] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 656.610387][T21848] ocfs2: Unmounting device (7,5) on (node local) [ 656.956105][T25320] loop0: detected capacity change from 0 to 1024 [ 657.164908][T25304] loop6: detected capacity change from 0 to 32768 [ 657.230870][T25304] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 657.383862][T25304] XFS (loop6): Ending clean mount [ 657.485894][T25342] loop1: detected capacity change from 0 to 2048 [ 657.523362][T21972] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 657.559674][T25342] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 657.612958][T25342] ext4 filesystem being mounted at /1533/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 657.662795][T25346] loop0: detected capacity change from 0 to 4096 [ 657.718870][T25346] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 657.822881][T25346] ntfs3(loop0): ino=18, mi_enum_attr [ 657.856910][T25346] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 657.952577][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 658.455316][T25366] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7850'. [ 658.738961][T25378] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7862'. [ 658.797927][T25383] i2c i2c-0: dtv_property_process_set: SET cmd 0x00002000 undefined [ 659.087302][T25401] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7870'. [ 659.391187][ T5838] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 659.585002][ T5838] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 659.617641][ T5838] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 659.649723][ T5838] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 659.673299][T22311] usb 1-1: new full-speed USB device number 30 using dummy_hcd [ 659.703944][ T5838] usb 5-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5 [ 659.718108][ T5838] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.741623][ T5838] usb 5-1: Product: syz [ 659.752909][ T5838] usb 5-1: Manufacturer: syz [ 659.767770][ T5838] usb 5-1: SerialNumber: syz [ 659.783129][ T5838] usb 5-1: config 0 descriptor?? [ 659.854047][T22311] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 659.874892][T22311] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 659.911354][T22311] usb 1-1: config 0 descriptor?? [ 659.922783][ T5899] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 659.936136][T22311] cp210x 1-1:0.0: cp210x converter detected [ 660.002339][ T5838] uvcvideo 5-1:0.0: Found UVC 34.00 device syz (8086:0b5b) [ 660.036586][ T5838] uvcvideo 5-1:0.0: No valid video chain found. [ 660.069743][T25441] loop6: detected capacity change from 0 to 4096 [ 660.113926][ T5899] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 660.151380][ T5899] usb 2-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 660.161433][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.216405][ T5838] usb 5-1: USB disconnect, device number 37 [ 660.220083][ T5899] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 660.407914][T22311] usb 1-1: cp210x converter now attached to ttyUSB0 [ 660.460333][T25454] loop6: detected capacity change from 0 to 256 [ 660.540585][T22311] usb 1-1: USB disconnect, device number 30 [ 660.583093][T22311] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 660.622875][T25454] FAT-fs (loop6): error, fat_free_clusters: deleting FAT entry beyond EOF [ 660.636651][T22311] cp210x 1-1:0.0: device disconnected [ 660.641766][T25454] FAT-fs (loop6): Filesystem has been set read-only [ 660.964509][T25471] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7894'. [ 661.008327][T25471] bond0: option lp_interval: invalid value (18446744073709551612) [ 661.027917][T25471] bond0: option lp_interval: allowed values 1 - 2147483647 [ 661.226533][T25480] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7898'. [ 661.247023][T25478] loop4: detected capacity change from 0 to 2048 [ 661.294134][T25483] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 661.441203][T25485] loop6: detected capacity change from 0 to 4096 [ 661.503738][T25485] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 661.542357][ T5899] gspca_stv0680: usb_control_msg error 2, request = 0x6, error = -71 [ 661.559841][ T5899] stv0680 2-1:4.0: Could not get descriptor 0200 [ 661.572097][ T5899] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 661.587818][T25491] loop4: detected capacity change from 0 to 4096 [ 661.594889][ T5899] stv0680 2-1:4.0: last error: 9, command = 0x5 [ 661.609211][ T5899] usb 2-1: USB disconnect, device number 42 [ 661.627857][T25491] ntfs3(loop4): ino=0, mi_enum_attr [ 661.642480][T25472] loop5: detected capacity change from 0 to 32768 [ 661.666425][T25485] EXT4-fs: Ignoring sb option on remount [ 661.674646][T25485] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 661.689172][T25485] EXT4-fs (loop6): stripe (249) is not aligned with cluster size (16), stripe is disabled [ 661.702003][T25491] ntfs3(loop4): ino=0, mi_enum_attr [ 661.709918][ T808] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 661.750174][T25472] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 661.766256][T25485] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000. [ 661.839202][T25491] ntfs3(loop4): failed to convert "0080" to cp864 [ 661.860637][T25491] ntfs3(loop4): ino=1e, mi_enum_attr [ 661.896722][T21972] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 661.929517][ T808] usb 1-1: Using ep0 maxpacket: 16 [ 661.991033][ T808] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 662.018393][ T808] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 662.031236][T21848] ocfs2: Unmounting device (7,5) on (node local) [ 662.050007][ T808] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 662.103378][ T808] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 662.153008][ T808] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 662.213312][ T808] usb 1-1: config 0 descriptor?? [ 662.242577][T25500] netlink: 64 bytes leftover after parsing attributes in process `syz.4.7906'. [ 662.708101][ T808] microsoft 0003:045E:07DA.0008: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 662.758213][ T808] microsoft 0003:045E:07DA.0008: no inputs found [ 662.774876][ T808] microsoft 0003:045E:07DA.0008: could not initialize ff, continuing anyway [ 662.852780][ T5838] usb 1-1: USB disconnect, device number 31 [ 662.930770][T25516] fido_id[25516]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 663.083372][T25504] loop6: detected capacity change from 0 to 40427 [ 663.112651][T25504] F2FS-fs (loop6): invalid crc value [ 663.125323][T25506] loop4: detected capacity change from 0 to 32768 [ 663.252667][T25510] loop5: detected capacity change from 0 to 32768 [ 663.304640][T25510] XFS (loop5): Mounting V5 filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d in no-recovery mode. Filesystem will be inconsistent. [ 663.365374][T25504] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 663.534505][T25504] F2FS-fs (loop6): Start checkpoint disabled! [ 663.609428][T21848] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 663.725611][T25504] F2FS-fs (loop6): f2fs_disable_checkpoint() finish, err:0 [ 663.778539][T25504] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6 [ 663.913375][ T13] kworker/u8:1: attempt to access beyond end of device [ 663.913375][ T13] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 663.991185][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Tainted: G L syzkaller #0 PREEMPT(full) [ 663.991215][ T13] Tainted: [L]=SOFTLOCKUP [ 663.991222][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 663.991233][ T13] Workqueue: writeback wb_workfn (flush-7:6) [ 663.991262][ T13] Call Trace: [ 663.991270][ T13] [ 663.991278][ T13] dump_stack_lvl+0xe8/0x150 [ 663.991306][ T13] f2fs_stop_checkpoint+0x3c7/0x590 [ 663.991338][ T13] f2fs_write_end_io+0x12e5/0x17a0 [ 663.991376][ T13] __submit_merged_bio+0x256/0x6a0 [ 663.991409][ T13] __submit_merged_write_cond+0x3c9/0x4e0 [ 663.991446][ T13] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 663.991491][ T13] f2fs_write_data_pages+0x287e/0x34f0 [ 663.991540][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 663.991569][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 663.991619][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 663.991653][ T13] ? __lock_acquire+0x6b5/0x2cf0 [ 663.991688][ T13] ? set_shrinker_bit+0x7c/0x350 [ 663.991710][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 663.991728][ T13] do_writepages+0x32e/0x550 [ 663.991754][ T13] ? reacquire_held_locks+0x104/0x190 [ 663.991770][ T13] ? writeback_sb_inodes+0x463/0x19d0 [ 663.991798][ T13] __writeback_single_inode+0x133/0x10e0 [ 663.991822][ T13] ? do_raw_spin_unlock+0xf5/0x210 [ 663.991849][ T13] writeback_sb_inodes+0x979/0x19d0 [ 663.991871][ T13] ? __lock_acquire+0x6b5/0x2cf0 [ 663.991922][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 663.991944][ T13] ? do_raw_spin_lock+0x12b/0x2f0 [ 663.992004][ T13] ? rcu_is_watching+0x15/0xb0 [ 663.992032][ T13] wb_writeback+0x445/0xb00 [ 663.992059][ T13] ? queue_io+0x291/0x470 [ 663.992089][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 663.992118][ T13] ? do_raw_spin_lock+0x12b/0x2f0 [ 663.992155][ T13] wb_workfn+0x3f8/0xf10 [ 663.992173][ T13] ? __lock_acquire+0x6b5/0x2cf0 [ 663.992196][ T13] ? look_up_lock_class+0x57/0x110 [ 663.992234][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 663.992258][ T13] ? do_raw_spin_lock+0x12b/0x2f0 [ 663.992277][ T13] ? lock_acquire+0x106/0x350 [ 663.992304][ T13] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 663.992328][ T13] ? process_scheduled_works+0xa70/0x1860 [ 663.992355][ T13] ? process_scheduled_works+0xa70/0x1860 [ 663.992387][ T13] ? process_scheduled_works+0xa70/0x1860 [ 663.992411][ T13] ? process_scheduled_works+0xa70/0x1860 [ 663.992439][ T13] process_scheduled_works+0xb5d/0x1860 [ 663.992495][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 663.992528][ T13] ? assign_work+0x3d5/0x5e0 [ 663.992560][ T13] worker_thread+0xa53/0xfc0 [ 663.992604][ T13] kthread+0x388/0x470 [ 663.992625][ T13] ? __pfx_worker_thread+0x10/0x10 [ 663.992650][ T13] ? __pfx_kthread+0x10/0x10 [ 663.992671][ T13] ret_from_fork+0x514/0xb70 [ 663.992701][ T13] ? __pfx_ret_from_fork+0x10/0x10 [ 663.992726][ T13] ? __switch_to+0xc79/0x1410 [ 663.992752][ T13] ? __pfx_kthread+0x10/0x10 [ 663.992774][ T13] ret_from_fork_asm+0x1a/0x30 [ 663.992809][ T13] [ 664.295366][ T13] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 664.427570][T25539] loop1: detected capacity change from 0 to 32768 [ 664.542755][ T5956] loop6: lost filesystem error report for type 5 error -108 [ 664.846796][T25560] loop1: detected capacity change from 0 to 64 [ 664.862056][T25558] loop0: detected capacity change from 0 to 512 [ 664.909442][T25558] EXT4-fs: inline encryption not supported [ 664.915734][T25558] EXT4-fs: Ignoring removed mblk_io_submit option [ 664.958295][T25558] EXT4-fs (loop0): Test dummy encryption mode enabled [ 664.984109][T25558] EXT4-fs (loop0): orphan cleanup on readonly fs [ 665.037847][T25558] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.7929: inode #13: comm syz.0.7929: iget: illegal inode # [ 665.120395][T25558] loop0: lost filesystem error report for type 5 error -117 [ 665.128173][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 665.141996][ C0] EXT4-fs (loop0): initial error at time 2000000149: ext4_orphan_get:1397 [ 665.150592][ C0] EXT4-fs (loop0): last error at time 2000000149: ext4_orphan_get:1397 [ 665.166564][T25558] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.7929: couldn't read orphan inode 13 (err -117) [ 665.280721][T25558] loop0: lost filesystem error report for type 5 error -117 [ 665.297743][T25558] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 665.413731][T25558] EXT4-fs error (device loop0): ext4_resize_begin:60: comm syz.0.7929: resize_inode disabled but reserved GDT blocks non-zero [ 665.560468][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 665.905008][T25592] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7941'. [ 666.255999][T25607] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 666.317475][ T29] audit: type=1800 audit(2000000150.830:2519): pid=25607 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.7948" name="file1" dev="loop5" ino=1048803 res=0 errno=0 [ 666.481596][T25615] set_capacity_and_notify: 2 callbacks suppressed [ 666.481615][T25615] loop4: detected capacity change from 0 to 1024 [ 666.521517][T25615] hfsplus: bad catalog entry type [ 666.587546][ T1160] hfsplus: b-tree write err: -5, ino 25 [ 666.619950][ T1160] hfsplus: b-tree write err: -5, ino 4 [ 666.651771][ T1160] hfsplus: b-tree write err: -5, ino 2 [ 666.713029][T25619] netlink: 44 bytes leftover after parsing attributes in process `syz.5.7955'. [ 666.845127][T25618] loop0: detected capacity change from 0 to 4096 [ 667.109924][T25627] netlink: 'syz.4.7961': attribute type 2 has an invalid length. [ 667.375306][T25611] loop1: detected capacity change from 0 to 32768 [ 667.521369][T25641] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7967'. [ 667.665918][T25643] loop0: detected capacity change from 0 to 2048 [ 667.689736][T25643] EXT4-fs: Ignoring removed mblk_io_submit option [ 667.715141][T25643] EXT4-fs: Ignoring removed i_version option [ 667.791072][T25643] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 667.886300][T25655] loop6: detected capacity change from 0 to 256 [ 667.927671][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 668.002349][T25655] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 668.526255][T25682] ALSA: mixer_oss: invalid OSS volume '' [ 668.746774][T25689] loop1: detected capacity change from 0 to 1024 [ 668.823516][T25689] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 668.909721][T25698] loop0: detected capacity change from 0 to 4096 [ 668.913072][T25689] ext4 filesystem being mounted at /1560/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 668.957965][T25698] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 669.175668][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 669.200221][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 669.366673][T25710] loop6: detected capacity change from 0 to 512 [ 669.409798][T25710] EXT4-fs: Ignoring removed bh option [ 669.434578][T25710] EXT4-fs (loop6): 1 truncate cleaned up [ 669.440222][T25715] loop0: detected capacity change from 0 to 64 [ 669.460385][T25710] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 669.592256][T25719] loop5: detected capacity change from 0 to 4096 [ 669.647116][T25720] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 669.671090][T21972] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 670.149048][ T5956] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 670.217406][T25738] FAT-fs (loop5): Directory bread(block 64) failed [ 670.243813][T25738] FAT-fs (loop5): Directory bread(block 65) failed [ 670.266181][T25738] FAT-fs (loop5): Directory bread(block 66) failed [ 670.289829][T25738] FAT-fs (loop5): Directory bread(block 67) failed [ 670.315314][T25738] FAT-fs (loop5): Directory bread(block 68) failed [ 670.322895][ T5956] usb 2-1: Using ep0 maxpacket: 16 [ 670.331337][T25742] exfat: Deprecated parameter 'utf8' [ 670.344306][ T5956] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 670.367658][T25738] FAT-fs (loop5): Directory bread(block 69) failed [ 670.389377][ T5956] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 670.391518][T25742] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xffade8b4, utbl_chksum : 0xe619d30d) [ 670.403437][T25738] FAT-fs (loop5): Directory bread(block 70) failed [ 670.441221][ T5956] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 670.471954][T25738] FAT-fs (loop5): Directory bread(block 71) failed [ 670.490395][ T5956] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 670.508639][T25738] FAT-fs (loop5): Directory bread(block 72) failed [ 670.522465][T25738] FAT-fs (loop5): Directory bread(block 73) failed [ 670.536177][ T5956] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 670.566055][ T5956] usb 2-1: config 0 descriptor?? [ 670.902200][T25747] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 670.928537][T25747] EXT4-fs (loop6): orphan cleanup on readonly fs [ 670.955834][T25747] EXT4-fs warning (device loop6): ext4_enable_quotas:7261: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 671.001266][ T5956] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0009/input/input40 [ 671.062834][T25747] EXT4-fs (loop6): Cannot turn on quotas: error -22 [ 671.079109][T25747] EXT4-fs error (device loop6): ext4_ext_check_inode:521: inode #13: comm syz.6.8014: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 671.086989][T25740] JBD2: Ignoring recovery information on journal [ 671.109442][T25747] loop6: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 671.112201][T25747] EXT4-fs error (device loop6): ext4_orphan_get:1402: comm syz.6.8014: couldn't read orphan inode 13 (err -117) [ 671.121425][ C1] EXT4-fs (loop6): error count since last fsck: 1 [ 671.121448][ C1] EXT4-fs (loop6): last error at time 2000000155: ext4_ext_check_inode:521: inode 13 [ 671.123713][T25740] jbd2_journal_bmap: journal block not found at offset 32 on loop4-75 [ 671.137578][T25747] loop6: lost filesystem error report for type 5 error -117 [ 671.161709][T25740] JBD2: bad block at offset 32 [ 671.178638][T25747] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 671.196490][T25734] F2FS-fs (loop0): invalid crc value [ 671.273760][T25740] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 671.327266][T25747] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 671.401738][ T5956] microsoft 0003:045E:07DA.0009: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 671.515205][T25747] EXT4-fs (loop6): warning: mounting fs with errors, running e2fsck is recommended [ 671.524024][T25734] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 671.529855][ T5956] usb 2-1: USB disconnect, device number 43 [ 671.558867][T25747] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=2856c09c, mo2=0002] [ 671.613057][T25747] System zones: 0-2, 18-18, 34-34 [ 671.622358][T25734] F2FS-fs (loop0): Start checkpoint disabled! [ 671.641865][T25747] EXT4-fs warning (device loop6): ext4_enable_quotas:7261: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 671.720375][T25734] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0 [ 671.735139][T25759] fido_id[25759]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 671.754172][T25734] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 671.783110][T21761] ocfs2: Unmounting device (7,4) on (node local) [ 671.850571][T25762] set_capacity_and_notify: 6 callbacks suppressed [ 671.850588][T25762] loop5: detected capacity change from 0 to 4096 [ 671.909670][ T29] audit: type=1326 audit(2000000156.430:2520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25764 comm="syz.1.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545cf9c819 code=0x7ffc0000 [ 671.951301][T21972] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 671.976258][T25762] ntfs3(loop5): ino=3, Correct links count -> 2. [ 672.045139][ T29] audit: type=1326 audit(2000000156.430:2521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25764 comm="syz.1.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545cf9c819 code=0x7ffc0000 [ 672.101719][ T29] audit: type=1326 audit(2000000156.430:2522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25764 comm="syz.1.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545cf9c819 code=0x7ffc0000 [ 672.132160][ T29] audit: type=1326 audit(2000000156.430:2523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25764 comm="syz.1.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545cf9c819 code=0x7ffc0000 [ 672.168947][ T35] kworker/u8:2: attempt to access beyond end of device [ 672.168947][ T35] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 672.191880][ T35] CPU: 0 UID: 0 PID: 35 Comm: kworker/u8:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 672.191910][ T35] Tainted: [L]=SOFTLOCKUP [ 672.191917][ T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 672.191927][ T35] Workqueue: writeback wb_workfn (flush-7:0) [ 672.191964][ T35] Call Trace: [ 672.191972][ T35] [ 672.191979][ T35] dump_stack_lvl+0xe8/0x150 [ 672.192007][ T35] f2fs_stop_checkpoint+0x3c7/0x590 [ 672.192041][ T35] f2fs_write_end_io+0x12e5/0x17a0 [ 672.192079][ T35] __submit_merged_bio+0x256/0x6a0 [ 672.192109][ T35] __submit_merged_write_cond+0x3c9/0x4e0 [ 672.192142][ T35] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 672.192192][ T35] f2fs_write_data_pages+0x287e/0x34f0 [ 672.192244][ T35] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 672.192278][ T35] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 672.192342][ T35] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 672.192403][ T35] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 672.192424][ T35] do_writepages+0x32e/0x550 [ 672.192454][ T35] ? reacquire_held_locks+0x104/0x190 [ 672.192473][ T35] ? writeback_sb_inodes+0x463/0x19d0 [ 672.192504][ T35] __writeback_single_inode+0x133/0x10e0 [ 672.192529][ T35] ? do_raw_spin_unlock+0xf5/0x210 [ 672.192558][ T35] writeback_sb_inodes+0x979/0x19d0 [ 672.192579][ T35] ? __lock_acquire+0x6b5/0x2cf0 [ 672.192621][ T35] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 672.192654][ T35] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 672.192676][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 672.192739][ T35] ? rcu_is_watching+0x15/0xb0 [ 672.192770][ T35] wb_writeback+0x445/0xb00 [ 672.192798][ T35] ? queue_io+0x291/0x470 [ 672.192830][ T35] ? __pfx_wb_writeback+0x10/0x10 [ 672.192850][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 672.192888][ T35] wb_workfn+0x3f8/0xf10 [ 672.192906][ T35] ? __lock_acquire+0x6b5/0x2cf0 [ 672.192929][ T35] ? look_up_lock_class+0x57/0x110 [ 672.192971][ T35] ? __pfx_wb_workfn+0x10/0x10 [ 672.192998][ T35] ? do_raw_spin_unlock+0xf5/0x210 [ 672.193024][ T35] ? process_scheduled_works+0xa70/0x1860 [ 672.193052][ T35] ? process_scheduled_works+0xa70/0x1860 [ 672.193085][ T35] ? process_scheduled_works+0xa70/0x1860 [ 672.193109][ T35] ? process_scheduled_works+0xa70/0x1860 [ 672.193137][ T35] process_scheduled_works+0xb5d/0x1860 [ 672.193195][ T35] ? __pfx_process_scheduled_works+0x10/0x10 [ 672.193227][ T35] ? assign_work+0x3d5/0x5e0 [ 672.193258][ T35] worker_thread+0xa53/0xfc0 [ 672.193304][ T35] kthread+0x388/0x470 [ 672.193332][ T35] ? __pfx_worker_thread+0x10/0x10 [ 672.193356][ T35] ? __pfx_kthread+0x10/0x10 [ 672.193379][ T35] ret_from_fork+0x514/0xb70 [ 672.193409][ T35] ? __pfx_ret_from_fork+0x10/0x10 [ 672.193434][ T35] ? __switch_to+0xc79/0x1410 [ 672.193460][ T35] ? __pfx_kthread+0x10/0x10 [ 672.193482][ T35] ret_from_fork_asm+0x1a/0x30 [ 672.193519][ T35] [ 672.194280][ T35] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 672.507319][ T29] audit: type=1326 audit(2000000156.430:2524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25764 comm="syz.1.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f545cf9c819 code=0x7ffc0000 [ 672.530381][ T29] audit: type=1326 audit(2000000156.430:2525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25764 comm="syz.1.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545cf9c819 code=0x7ffc0000 [ 672.554606][ T29] audit: type=1326 audit(2000000156.440:2526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25764 comm="syz.1.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545cf9c819 code=0x7ffc0000 [ 672.578195][ T29] audit: type=1326 audit(2000000156.440:2527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25764 comm="syz.1.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545cf9c819 code=0x7ffc0000 [ 672.602090][ T29] audit: type=1326 audit(2000000156.440:2528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25764 comm="syz.1.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=132 compat=0 ip=0x7f545cf9c819 code=0x7ffc0000 [ 672.625467][ T29] audit: type=1326 audit(2000000156.440:2529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25764 comm="syz.1.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545cf9c819 code=0x7ffc0000 [ 673.076025][T25784] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8029'. [ 673.295744][T25769] loop6: detected capacity change from 0 to 40427 [ 673.335404][T25769] F2FS-fs (loop6): invalid crc value [ 673.403602][T25793] vim2m vim2m.0: vidioc_s_fmt queue busy [ 673.544654][T25769] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 673.650929][T25769] F2FS-fs (loop6): Start checkpoint disabled! [ 673.757328][T25807] tipc: Started in network mode [ 673.767881][T25807] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 673.781150][T25807] tipc: Enabled bearer , priority 10 [ 673.871428][T25811] loop4: detected capacity change from 0 to 256 [ 673.914774][T25769] F2FS-fs (loop6): f2fs_disable_checkpoint() finish, err:0 [ 673.932093][T25769] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6 [ 673.956250][T25811] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d) [ 674.012337][T25816] loop1: detected capacity change from 0 to 512 [ 674.050023][T25816] EXT4-fs: Ignoring removed i_version option [ 674.098745][T25816] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 674.150799][T25816] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.8042: invalid indirect mapped block 4294967295 (level 1) [ 674.229757][ T808] kernel read not supported for file /576/net/snmp6 (pid: 808 comm: kworker/1:2) [ 674.234733][T25816] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 674.241505][T25816] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.8042: invalid indirect mapped block 4294967295 (level 1) [ 674.251170][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 674.251190][ C0] EXT4-fs (loop1): initial error at time 2000000158: ext4_free_branches:1023: inode 11 [ 674.251222][ C0] EXT4-fs (loop1): last error at time 2000000158: ext4_free_branches:1023: inode 11 [ 674.296226][T25816] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 674.297500][T25816] EXT4-fs (loop1): 2 truncates cleaned up [ 674.376636][T25816] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 674.467971][T25830] loop0: detected capacity change from 0 to 64 [ 674.588788][T25816] [ 674.591168][T25816] ====================================================== [ 674.598202][T25816] WARNING: possible circular locking dependency detected [ 674.605232][T25816] syzkaller #0 Tainted: G L [ 674.611206][T25816] ------------------------------------------------------ [ 674.618212][T25816] syz.1.8042/25816 is trying to acquire lock: [ 674.624259][T25816] ffff888078a06600 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x39c/0x1010 [ 674.633311][T25816] [ 674.633311][T25816] but task is already holding lock: [ 674.640658][T25816] ffff888036186c18 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_ext_migrate+0x308/0x1130 [ 674.650828][T25816] [ 674.650828][T25816] which lock already depends on the new lock. [ 674.650828][T25816] [ 674.661215][T25816] [ 674.661215][T25816] the existing dependency chain (in reverse order) is: [ 674.670211][T25816] [ 674.670211][T25816] -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 674.678627][T25816] percpu_down_read_internal+0x48/0x1c0 [ 674.684817][T25816] ext4_writepages+0x205/0x3b0 [ 674.690095][T25816] do_writepages+0x32e/0x550 [ 674.695207][T25816] __writeback_single_inode+0x133/0x10e0 [ 674.701376][T25816] writeback_single_inode+0x4ac/0xdc0 [ 674.707268][T25816] write_inode_now+0x1c2/0x290 [ 674.712542][T25816] iput+0x8c1/0xe80 [ 674.716864][T25816] ext4_xattr_block_set+0x1fd4/0x2ad0 [ 674.722744][T25816] ext4_expand_extra_isize_ea+0x12cf/0x1ea0 [ 674.729145][T25816] __ext4_expand_extra_isize+0x30d/0x400 [ 674.735300][T25816] __ext4_mark_inode_dirty+0x45c/0x710 [ 674.741281][T25816] ext4_evict_inode+0x8c9/0x1010 [ 674.746736][T25816] evict+0x61e/0xb10 [ 674.751148][T25816] ext4_orphan_cleanup+0xc38/0x1470 [ 674.756853][T25816] ext4_fill_super+0x5a19/0x6330 [ 674.762304][T25816] get_tree_bdev_flags+0x431/0x4f0 [ 674.767920][T25816] vfs_get_tree+0x92/0x2a0 [ 674.772850][T25816] do_new_mount+0x341/0xd30 [ 674.777862][T25816] __se_sys_mount+0x31d/0x420 [ 674.783159][T25816] do_syscall_64+0x15f/0xf80 [ 674.788263][T25816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.794833][T25816] [ 674.794833][T25816] -> #0 (sb_internal){.+.+}-{0:0}: [ 674.802121][T25816] __lock_acquire+0x15a5/0x2cf0 [ 674.807504][T25816] lock_acquire+0x106/0x350 [ 674.812610][T25816] percpu_down_read_internal+0x48/0x1c0 [ 674.818670][T25816] ext4_evict_inode+0x39c/0x1010 [ 674.824122][T25816] evict+0x61e/0xb10 [ 674.828529][T25816] ext4_ext_migrate+0xe11/0x1130 [ 674.834002][T25816] ext4_fileattr_set+0xf33/0x16d0 [ 674.839538][T25816] vfs_fileattr_set+0x9f6/0xc90 [ 674.844903][T25816] ioctl_setflags+0x189/0x1f0 [ 674.850091][T25816] do_vfs_ioctl+0x9f1/0x1530 [ 674.855189][T25816] __se_sys_ioctl+0x82/0x170 [ 674.860284][T25816] do_syscall_64+0x15f/0xf80 [ 674.865385][T25816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.871818][T25816] [ 674.871818][T25816] other info that might help us debug this: [ 674.871818][T25816] [ 674.882025][T25816] Possible unsafe locking scenario: [ 674.882025][T25816] [ 674.889458][T25816] CPU0 CPU1 [ 674.894806][T25816] ---- ---- [ 674.900157][T25816] lock(&sbi->s_writepages_rwsem); [ 674.905353][T25816] lock(sb_internal); [ 674.912053][T25816] lock(&sbi->s_writepages_rwsem); [ 674.919767][T25816] rlock(sb_internal); [ 674.923915][T25816] [ 674.923915][T25816] *** DEADLOCK *** [ 674.923915][T25816] [ 674.932039][T25816] 3 locks held by syz.1.8042/25816: [ 674.937217][T25816] #0: ffff888078a06410 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write_file+0x60/0x200 [ 674.946869][T25816] #1: ffff88805900bc68 (&type->i_mutex_dir_key#3){++++}-{4:4}, at: vfs_fileattr_set+0x161/0xc90 [ 674.957393][T25816] #2: ffff888036186c18 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_ext_migrate+0x308/0x1130 [ 674.968004][T25816] [ 674.968004][T25816] stack backtrace: [ 674.973882][T25816] CPU: 1 UID: 0 PID: 25816 Comm: syz.1.8042 Tainted: G L syzkaller #0 PREEMPT(full) [ 674.973904][T25816] Tainted: [L]=SOFTLOCKUP [ 674.973910][T25816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 674.973920][T25816] Call Trace: [ 674.973927][T25816] [ 674.973934][T25816] dump_stack_lvl+0xe8/0x150 [ 674.973959][T25816] print_circular_bug+0x2e1/0x300 [ 674.973978][T25816] check_noncircular+0x12e/0x150 [ 674.973996][T25816] __lock_acquire+0x15a5/0x2cf0 [ 674.974021][T25816] ? kernel_text_address+0xa5/0xe0 [ 674.974041][T25816] ? __kernel_text_address+0xd/0x30 [ 674.974059][T25816] ? unwind_get_return_address+0x4d/0x90 [ 674.974075][T25816] ? __asan_memset+0x22/0x50 [ 674.974098][T25816] ? ext4_evict_inode+0x39c/0x1010 [ 674.974120][T25816] lock_acquire+0x106/0x350 [ 674.974141][T25816] ? ext4_evict_inode+0x39c/0x1010 [ 674.974175][T25816] percpu_down_read_internal+0x48/0x1c0 [ 674.974194][T25816] ? ext4_evict_inode+0x39c/0x1010 [ 674.974217][T25816] ext4_evict_inode+0x39c/0x1010 [ 674.974239][T25816] ? inode_wait_for_writeback+0x16d/0x3b0 [ 674.974257][T25816] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 674.974273][T25816] ? do_raw_spin_lock+0x12b/0x2f0 [ 674.974291][T25816] ? __pfx_ext4_evict_inode+0x10/0x10 [ 674.974314][T25816] ? do_raw_spin_unlock+0xf5/0x210 [ 674.974332][T25816] ? __pfx_ext4_evict_inode+0x10/0x10 [ 674.974355][T25816] evict+0x61e/0xb10 [ 674.974374][T25816] ? __pfx_evict+0x10/0x10 [ 674.974390][T25816] ? _raw_spin_unlock+0x28/0x50 [ 674.974407][T25816] ? iput+0xb25/0xe80 [ 674.974432][T25816] ext4_ext_migrate+0xe11/0x1130 [ 674.974455][T25816] ? __pfx_ext4_ext_migrate+0x10/0x10 [ 674.974476][T25816] ? ext4_change_inode_journal_flag+0x20f/0xaa0 [ 674.974495][T25816] ? ext4_set_inode_flags+0x249/0x5b0 [ 674.974512][T25816] ? __ext4_journal_stop+0x34/0x1a0 [ 674.974531][T25816] ext4_fileattr_set+0xf33/0x16d0 [ 674.974558][T25816] ? __pfx_ext4_fileattr_set+0x10/0x10 [ 674.974583][T25816] ? __asan_memset+0x22/0x50 [ 674.974604][T25816] ? fileattr_fill_flags+0x229/0x380 [ 674.974627][T25816] ? fscrypt_prepare_setflags+0x62/0x3c0 [ 674.974645][T25816] vfs_fileattr_set+0x9f6/0xc90 [ 674.974667][T25816] ? mnt_get_write_access+0x66/0x280 [ 674.974685][T25816] ? __pfx_vfs_fileattr_set+0x10/0x10 [ 674.974709][T25816] ? __asan_memset+0x22/0x50 [ 674.974731][T25816] ioctl_setflags+0x189/0x1f0 [ 674.974754][T25816] ? __pfx_ioctl_setflags+0x10/0x10 [ 674.974777][T25816] ? tomoyo_path_number_perm+0x219/0x630 [ 674.974801][T25816] ? tomoyo_path_number_perm+0x219/0x630 [ 674.974824][T25816] do_vfs_ioctl+0x9f1/0x1530 [ 674.974841][T25816] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 674.974861][T25816] ? do_futex+0x333/0x420 [ 674.974881][T25816] ? __fget_files+0x2a/0x420 [ 674.974902][T25816] ? __fget_files+0x2a/0x420 [ 674.974922][T25816] ? __fget_files+0x3a0/0x420 [ 674.974941][T25816] ? __fget_files+0x2a/0x420 [ 674.974963][T25816] ? bpf_lsm_file_ioctl+0x9/0x20 [ 674.974980][T25816] __se_sys_ioctl+0x82/0x170 [ 674.974996][T25816] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.975012][T25816] do_syscall_64+0x15f/0xf80 [ 674.975032][T25816] ? trace_irq_disable+0x3b/0x140 [ 674.975051][T25816] ? clear_bhb_loop+0x40/0x90 [ 674.975067][T25816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.975083][T25816] RIP: 0033:0x7f545cf9c819 [ 674.975098][T25816] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 674.975112][T25816] RSP: 002b:00007f545df28028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 674.975128][T25816] RAX: ffffffffffffffda RBX: 00007f545d215fa0 RCX: 00007f545cf9c819 [ 674.975140][T25816] RDX: 0000200000000080 RSI: 0000000040086602 RDI: 0000000000000004 [ 674.975150][T25816] RBP: 00007f545d032c91 R08: 0000000000000000 R09: 0000000000000000 [ 674.975166][T25816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 674.975175][T25816] R13: 00007f545d216038 R14: 00007f545d215fa0 R15: 00007fffd24828b8 [ 674.975192][T25816] [ 675.429058][T21205] tipc: Node number set to 4269801488 [ 675.456777][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.