last executing test programs: 40.864692225s ago: executing program 3 (id=17): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000040)) epoll_pwait(r2, &(0x7f0000000140)=[{}], 0x1, 0x80000001, 0x0, 0x0) 39.565639663s ago: executing program 0 (id=26): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000440), 0x2) r1 = memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3) ftruncate(r1, 0xffff) fcntl$addseals(r1, 0x409, 0x7) r2 = ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000500)={0x0, 0x1, [{r1, 0x0, 0x0, 0x8000}]}) lseek(r2, 0x0, 0x2) 39.39647804s ago: executing program 0 (id=28): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)=ANY=[], 0x240}, 0x1, 0x0, 0x0, 0xd0}, 0x4048010) recvmsg$can_j1939(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000080)=""/52, 0x34}, {&(0x7f00000000c0)=""/133, 0x85}], 0x2}, 0x140) 39.28848158s ago: executing program 3 (id=29): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926", 0x20}], 0x1}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x80) 39.229465136s ago: executing program 0 (id=31): r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) getgroups(0x2, &(0x7f0000001080)=[0xee00, 0xffffffffffffffff]) setgroups(0x0, 0x0) keyctl$chown(0x4, r0, 0xee01, r1) keyctl$setperm(0x5, r0, 0x30925) keyctl$KEYCTL_MOVE(0x3, r0, 0x0, 0x0, 0x0) 39.137063805s ago: executing program 3 (id=32): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000700)='source', &(0x7f0000000780)='c:::/\x83\xc1\xcfD\xc4AO\x06)\xb03\xfcI\x95w\x96\x9b\xe9\xa6\x1a\x96\xael\x11\xa6\x06\xe3G\xb1\x1d$\xc2;\x8f\xf3\x13\xebB\x93\x94\x01\x8b\x88\xeb\xa3\x01\rx\x86bK&\x13a~\x04/\x18\x14ZM\xcb\xad\x92>\xe5\x01V\xdc\x05#\x13\xe9F\xa0\x1b\xf8\xe12\xe9\x80\x988\xd8?\x86\xe9i\x7f\xa8\xe0c\x94\xc1\xae\x9c\xba\x1c\xfa\xbc\xa8\xbf\xff\xfe\xfe!\x7f2\xf1\xc7P\x80A\x1c2k\xf6}P\x19\xee:i|0\x1c\x13u\xb0I\xaa\xe3\x14\x9a\x1f\x9f(\xd1$\x06\xa8&t&A0\xa7\xef\x9cL\x8e1K', 0x0) r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000700)='source', &(0x7f0000000780)='c:::/\x83\xc1\xcfD\xc4AO\x06)\xb03\xfcI\x95w\x96\x9b\xe9\xa6\x1a\x96\xael\x11\xa6\x06\xe3G\xb1\x1d$\xc2;\x8f\xf3\x13\xebB\x93\x94\x01\x8b\x88\xeb\xa3\x01\rx\x86bK&\x13a~\x04/\x18\x14ZM\xcb\xad\x92>\xe5\x01V\xdc\x05#\x13\xe9F\xa0\x1b\xf8\xe12\xe9\x80\x988\xd8?\x86\xe9i\x7f\xa8\xe0c\x94\xc1\xae\x9c\xba\x1c\xfa\xbc\xa8\xbf\xff\xfe\xfe!\x7f2\xf1\xc7P\x80A\x1c2k\xf6}P\x19\xee:i|0\x1c\x13u\xb0I\xaa\xe3\x14\x9a\x1f\x9f(\xd1$\x06\xa8&\xc1&A0\xa7\xef\x9cL\x8e1K', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) 39.080850901s ago: executing program 0 (id=33): syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, &(0x7f0000000500)=ANY=[], 0xc, 0xac, &(0x7f0000000100)="$eJzs0jFqwzAUBuBnY7cdu3foDXwHn6BnMB3tzZNLJ9+nlyh07RFygwxZsygYyUP2QAh8H0hPP/8ikP7PP2+xRryvESmlJu2aSPPyNQ7TvLTjMEVEG3+RVWU+Bw+uLs/ZR/4DWz72uatKfzh9f+4rNx+/eT7d7+IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEPV63Wuo+vK8WXbLgEAAP//2Bwh+A==") creat(&(0x7f0000000300)='./bus\x00', 0x0) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]}) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) 38.390417959s ago: executing program 0 (id=37): r0 = socket$inet_udp(0x2, 0x2, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) recvmsg(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) 37.956412542s ago: executing program 0 (id=40): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = userfaultfd(0x80801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}}) 37.923370135s ago: executing program 3 (id=41): syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000015c0)='./file0\x00', 0x0, &(0x7f0000001600), 0x0, 0x559e, &(0x7f000000ac40)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR") r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x20000, 0x0) open_tree(r0, &(0x7f0000000640)='\x00', 0x89901) 37.313202145s ago: executing program 32 (id=40): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = userfaultfd(0x80801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}}) 36.24498756s ago: executing program 3 (id=46): writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000001c0)="6643ce580bfb03fbeff0574c18c063931b06fbe2cb97767723dba84d090196452099a265e98403a0cdec002f3a14b0017e3c9a2b4c56285a9fae38b5a2b78020b46907ef67ca8650cbde12aeefc1ef1b62040ac549192c47865bde91076bfe", 0x5f}], 0x1) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a0000020000002400018014000180080001"], 0x64}}, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1, 0x2}) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x3, 0x3, @dev={0xfe, 0x80, '\x00', 0xd}, 0x9}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x33, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0x584}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 35.092956164s ago: executing program 3 (id=48): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000e80)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010800040000000000000b00000008000300", @ANYRES32=r3, @ANYBLOB="28005080140001004abee33957edf8aaae14574df404000005000200070000000800030008ac0f"], 0x44}}, 0x0) 34.760948316s ago: executing program 33 (id=48): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000e80)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010800040000000000000b00000008000300", @ANYRES32=r3, @ANYBLOB="28005080140001004abee33957edf8aaae14574df404000005000200070000000800030008ac0f"], 0x44}}, 0x0) 5.900802949s ago: executing program 5 (id=165): syz_mount_image$reiserfs(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x8488, &(0x7f0000000780), 0xfe, 0x10fd, &(0x7f0000001140)="$eJzs2T9rFEEYBvBnds8/3cqmXwQtLCQknF8ghcK1ttqIpDJVrlL8OH4cTWUf0msRsF9Zb/dO5UTwTm1+PzjmvYd9Z2fKmQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMZsmnkhxUSTtlVZKSdN3F4ipJN+V33tdVSp6eLpaPz+dPlknqb4+XZ0kZuoa2tMf3brfzdt4et48OTu5/WL5+8+rF2dnp+ThNSZfL6/1vpYzrAQAAAH7U76z5z+8HAAAAfmdvFwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf6hvNnU7FVWSknTdxeIqSbel78Y/Wh8AAACwu5Iqz5tt+eoaYONhPjZlnQ/jlzLUR3m3pR8AAAD4pf7WWHz/fb3c3JzHH2S2PpcP2d3Mcni4+j8O+XyS1EmOfpr88vrty+lX+vpv7wUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAAAAAPYKAAD///F61s8=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000200)=0x3f015764) 4.520125495s ago: executing program 5 (id=171): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0xa, 0x300) socket$packet(0x11, 0xa, 0x300) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2608064c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x300}, 0x48) 3.130153762s ago: executing program 5 (id=179): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x27) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) chdir(&(0x7f00000001c0)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x20040, 0x1ff) read$FUSE(r0, 0x0, 0x0) 3.080517567s ago: executing program 2 (id=180): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x22000406, &(0x7f0000000840)={[{@dioread_lock}, {@noblock_validity}, {@inlinecrypt}, {@jqfmt_vfsold}, {@auto_da_alloc}, {@grpjquota, 0x2e}, {@journal_checksum}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@nobh}, {@grpid}], [], 0x2c}, 0x84, 0x4d8, &(0x7f0000000900)="$eJzs3MtvG9UaAPBvJs2jz6S91b23D6ihICIKSZMW6IIFIJC6ASHBoixDGqpSt0VNkGhV0RShskT8BcASCYkVG1YgIQRsALGFPUKqUDctLJDR2DOJ3diOnbQJrX8/aexzZs48vjNzxjM+9gTQs0rZSxKxJSJ+iYjhWraxQKn2duPaxek/r12cTqJSeemPpFru+rWL00XRYr7NeWY0jUjfTWJPk/XOnr9waqpcnjmX58fnTr8xPnv+wqMnT0+dmDkxc2byyJHDhyaeeHzysY7iuLTM9Cyu67vfPrt319FXPnh+uhKvfvdptr1b8un1cdSMdLTedkpRikpucexA9fXBVS/932VrRAzm6WTDOm8MHeuLiGx39Vfb/3D0xeLOG47n3lnIfL1OGwjcNtln0/YlY/vy93Th8wu4GyXaOPSo4hM/u/8thrW8/lhvV5/OXmeq8d/Ihx9eqNVNmt3LjtTu2PtazP/fJuOGFpOV4WXWvyUijs3/9WE2RNPvIdpIOi4JALDgy+z655Fm139pw7XNtrwPZSQiDkTEjoj4T0TsjHShzP8i4v9drr90U37p9c9PG7tcZFey678n876tYqhNKeJKFnJbq/H3J6+dLM8czOtkNPoHs/xEm3V89ezP77eaVqq7/suGbP3FtWC+Hb9vGGyc5/jU3NQqQm5w9XIksaFZ/MlCT0BWA7siYvcKlp/V2cmHP9mbpbdtXjp9+fjbuAX9TJWPIx6q7f/5uCn+QlJbU6v+yfGhKM8cHC+OiqW+//HKi/X5/rp0Q/xDncU0tNJgm7h6OWJT0+M/j79oBkV/7Wz367jy63st72mW7v8kjs3Xl8iP/42L1ZYd/wPJy9X0QD7uram5uXMTEQP5iIbxk4tLK/JF+Sz+0f2N8dfui9PsHPf3R/l8eyIiO4jviYh7I2Jfvu33RcT9EbG/TfzfPvPA6+1raIXH/y2QxX+83f6PGEnq++tXkOg79c0Xrdbf2fnvcDU1mo+pP/8NtFhupxu42voDAACAO0Fa7YNO0rG6328XdsamtHx2du5AKd48c7zWVz0S/WnxTddw3fehE/l3w0V+8qb8oYjYXv2l0cZqfmz6bHnrOsUM1Gyua/+1c0Gajo3Vpv3W6kcvwN2jq360+h+dffb5rd8YYE35vyb0Lu0fepf2D71L+4fe1az9X4q4sQ6bAqwxn//Qu7R/6F3aP/Qu7R960tK/xOePW8nOCSv/y395x9HVPDHg9icqwyufPVpPmu9+gX2dFS6eftHxkjsrnES0CaddItL2ZQY639S1T6TLlnlquWrp7+qZGENNamNfnhiMiE6Xc2nNarU4QySeMgkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANzR/gkAAP//fHDiVg==") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f00000003c0)='./bus\x00', &(0x7f0000000540)='system.posix_acl_access\x00', &(0x7f0000019300)=ANY=[], 0x24, 0x3) getxattr(&(0x7f0000000140)='./bus\x00', 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) 2.729586192s ago: executing program 4 (id=182): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x80ff, 0x88) r2 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x1) fcntl$setlease(r1, 0x400, 0x0) close_range(r0, 0xffffffffffffffff, 0x10000000000000) 2.706873214s ago: executing program 5 (id=183): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0) chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x40000, 0x0) getdents(r0, 0x0, 0x0) getdents(r0, 0x0, 0xbb) 2.503705254s ago: executing program 4 (id=184): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') open(&(0x7f0000000100)='./file0\x00', 0x0, 0x140) 2.278853766s ago: executing program 1 (id=185): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_procs(r0, &(0x7f0000001a80)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000380), 0x12) write$cgroup_int(r1, &(0x7f0000000040), 0x1) 2.109682862s ago: executing program 4 (id=186): r0 = io_uring_setup(0x78c4, &(0x7f0000000a40)={0x0, 0x0, 0x2, 0xfffffffe, 0x3bd}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000100)=0xfffffffb, 0x4) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) close_range(r0, 0xffffffffffffffff, 0x0) 2.072280676s ago: executing program 2 (id=187): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000300)={'das16m1\x00', [0x4f27, 0xb, 0x1, 0x10000, 0x20000d, 0xcc7, 0x8, 0x4, 0xffffa702, 0x1101, 0x2, 0x1, 0xbf, 0x18000, 0x200, 0x101, 0x80000, 0x1a449, 0xffffffff, 0x1000007f, 0x89, 0x8, 0x2, 0x73, 0x6, 0xfffffff9, 0xfffffffa, 0x1ff, 0x4088, 0x925, 0x4]}) r1 = syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0xfad6, 0x800, 0x1, 0x3}, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x133d, 0x3e000000, 0x8, 0x0, 0x0) 2.041468449s ago: executing program 5 (id=188): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x30, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB="24000000190001000000000000c3b2000a0000000003c8000000000008000600ffffffff"], 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0) read$rfkill(r0, &(0x7f0000000040), 0x8) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) ioctl$TIOCCONS(r1, 0x541d) 1.968326276s ago: executing program 1 (id=189): syz_io_uring_setup(0x304, 0x0, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000023896) close(r0) 1.765161567s ago: executing program 4 (id=190): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x2c}}, 0x0) ptrace$setregset(0x4205, r0, 0x1, &(0x7f0000000100)={&(0x7f0000000040)="dcef58b7f29c1f7c93d183044aedba283413e674c7719c33a4b17f028f68610a6c55bb2bf8282853f3e16f8394a8676ff55a3507e2ad50248c6130863b0f7433c7fbc9b978a39eae88bffd05d139cedbee444f7c98e1f92b0f64462b4b470bedced2125e0b1f38fbaa348c6d75aa1a4011e9cdae15ecb9309b0101edbf6dd6d111d6132f1821a4e4cbec8438c571a70e7ca7b0451a6cc55c", 0x98}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ptrace$setregset(0x4205, r0, 0x1, &(0x7f0000000140)={0x0, 0xfd2a}) 1.605795402s ago: executing program 5 (id=191): syz_usb_connect(0x3, 0x1c, 0x0, 0x0) r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x2, {0x3}}, 0x18) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x14, 0x0, 0x300, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x24040088}, 0x40) syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r0) 1.411631961s ago: executing program 2 (id=192): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x2, @in=@local, 0x6, 0x4, 0x3}]}]}, 0xfc}}, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0x9, @empty, 0x10001}, 0x1c) 1.393081643s ago: executing program 1 (id=193): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x68b, &(0x7f0000000a40)="$eJzs3UtsG2kdAPD/OLYTF9RNd9tuQSsRbaUFEdHmoXQJly0IoUis0Go5II5W626tutlV4kVphaC8D1w47J1FIjcuIHEvWs7Aaa85roTEpacCEkbzsGPnaadNnGh/v2o83zffY77vPzMee6wqAXxqrcxG+XEksTL75kaa39pcbG1tLt7vpiNiMiJKEeV8FclqRPJRxM3Il/hcurHoLtlvPx80l9/++MnWJ3muXCxZ/dJB7Xa5Udpj46NiiZmImCjWz2Cgv1s7+quO3F3Sm2EasKvdwMG4VSKiM+D7l7dLDjX8dQucWkl+39x1QU9HnIuIqeJzQH5XzO/ZZ9qjcQ8AAAAATsALv86+wp8f9zgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgLCn+/n9SLKVueiaS7t//rxbbokifaY/HPQAAAAAAAAAAGN23P7tjwxeextPYiPPdfCfJfvN/NctczF4/E+/HejRiLa7FRtSjHe1Yi/mImM7KK9lrdaPebq/ND9Fyodcy+louDDmD2tEnDwAAAAAAAABnRXn0Jj+Nle3f/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DRIIibyVbZc7Kano1SOiKmIqKb1HkX8vZs+lX77l/5c57+dzK5qj09yTAAAADAmLzyNp7ER57v5TpJ957+cfe+fivdjNdrRjHa0ohG3s2cB+bf+0tbmYmtrc/F+uuzu9+v/GmkYWY+RP3vYe89Xshq1uBPNbMu1uBXvRituRylrmbrSHc/e4/pJOqbkjcKQI7tdrNOZ/yYqI83qKJKha05nEUlHlEdkrmibRuPCwZEY8eh099SN/XyUek9+Lj7PmG/kq9d/n6/T+fxypJgct52RWOg7+y4fHImIL/75D9+721q9N3lnffb0TGkEk31P0HZGYrEvEi8PG4m7Zy0SpT22zWXbL/XyK/Gt+G7Mxky8FWvRjB9EPdrRiJn4ZtRjIurF+Zy+Th8cqZsDubcOG101Oy6V4l10+DG1ox6vZm3PRzO+E+/G7WjEjezfQszH67EUS7Hcd4QvDXHVl0Z7p736pb6Hyb+KiNpw7U5AOrALvbtT/1k/l10HFwa2bEfpxed/Pyp/vkik+/jZPmfkeOyMxHxfJF46OBK/y95W1lur99bu1t8bcn+vFev0OvrFqbpLpOfLi+nBynKDZ0da9tLOsqk8XtXiF5e8bPCOm5Zd6pUddqVWi89wu3tayMpe3rNsMSu70lc28HnrZv55C4BT79yXz1Vr/6z9rfZh7ee1u7U3p74x+dXJV6pR+Wvla+W5iddKryR/ig/jR9vf/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKNbf/DwXr3VaqztSHQ6nR/vU3SMiVpEdLdEHNaqEofXOZ5ENSKyRLmbGK2fyaEqV7ePzht/fJYxV0ZtFfFcAlUuTrIHD+/9u9PpnPhh2iNROeCc3050CruKOkM1H1viP53n1+GY35iAY3e9ff+96+sPHn6leb/+TuOdxury0tLy3PLSjX9cv9NsNeby13GPEjgO2zf9cY8EAAAAAAAAAAAAGNZJ/LeEfXb9vxOeKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBGrcxOFqlrc+nr1uZiK1266V7FrFopIpIfRiQfRdyMfInpvu6S/fbzQXP57Y+fbH2S58rFktUvDbSrHGUWj4olZiJiolj3m3qG/m4V6yONLJP0ZpgG7Go3cDBu/w8AAP//tpQRmw==") truncate(&(0x7f0000000080)='./file1\x00', 0x200000080000000) timer_create(0x5, 0x0, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000180)={{}, {0x77359400}}, &(0x7f00000001c0)) r0 = open(&(0x7f0000000100)='./file1\x00', 0x147842, 0x88) preadv2(r0, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x7) 1.387711624s ago: executing program 4 (id=194): syz_mount_image$nilfs2(&(0x7f00000005c0), &(0x7f0000000340)='./bus\x00', 0x8, &(0x7f00000002c0)=ANY=[], 0x1, 0xad4, &(0x7f0000001540)="$eJzs3U2MW0cBAOCxd73JtilxSkKXNLQJhbb8dNPsLuEngqRKhETUVIhLpQgOUZqWiBAkigRUlUhy4karKkic+BGnXqqCkOgFRT1xqUQjVUg9FQ4ciIKIxAECidHuznjtid1n74+fvf4+aTx+b97zzDw/P7/fmQCMrerS68LCTCWEy2+8cuzvD/9tenHM4eYU9aXXyZahWgihEocns897b2I5vnXjxdOd4kqYW3pNw+Gp68157w4hXAh7w5VQD7svX335rbknT1w8fmnf268eurYxtQcAgPHy1SuHFnb95U/377j52gNHwpY0evHN0v55PY7YFvf7j8Qd/7T/Xw3tw5WW0Goqm24yhup0+3QTHaZrzaeWTTfZJf+pLP9al+m2hPfPf6JlXKd6wyhL63E9VKqzbcPV6uzs8jF5WDqun6rMnj977tnnSyoosO7+9WAIYW9LOHqpfXi14Rtxy7Een9UaDm/AZ64x1HqsZ2MIyjqS4cjg8rrZWFZ6nQcUGttL3gABRPn1wjtcyM8srE3z0yZ7y//6E9XO88M6GPT631f+UyXnH+T/64u2OKyfzbo2pXql39G2OJxfR8jvX+r++8uvdLSPza9H1HosZ7frCKNyfaFbOScGXI7V6lb+fL3YrL4Y47QcvpSlt/5+8u90VL5joLN/5+f/BUEY7hDahmtr+axGydsfYHjl98010vXRKL+vL0/fUpC+tSB9uiD9roL0uwvSYZz99ns/CS9VVo7z82P6fs+Hp/Ns98T4A32WJz8f2W/++X2//Vpr/vn9xDDMfn/q6TOfe+bk1eX7/yvN9f92XN/T4UY9/rauxAnS+cL8vHrz3v96ez7VLtPdm5Xnng7TL73f2T5dZefK54SW7cwd5Zhpn297t+n2tE9Xz6abjmFrVt58/+SubL60/5G2q2l5TWb1rWX1mMrKkbYrO2KclwNWI62P3e7/T+vnTKhVnj177szjcTitp3+cqG1ZHH9gwOUG1q7X539mQvvzP9ua42vV1u3C9pXxleXtwuvx89rHzzXzaR8/H4fT/9w3J6aXxs+e/s65Z9a/+jDWnv/hC986de7cme+W/mZ+OoQhKMYq3nx5OIrRz5t02DIs5Vn1m8WKDEExNuGbkjdMwIbb/6PlnYDHzn771HNnnjtzfv7gwfm5uYOfn1/Yv7Rfv791777VhRJKC6ynlT/9sksCAAAAAAAAAAAA9Or7x49dfefNz767/Pz/yvN/6fn/dOdvev7/x9nz//lz8uk5+PQc4I4O6UvTZA2sTmXT1WL4YFbenVk+u7L5PhTjZj9+8fn/lF3ermsqz33Z+FqXwaw5gTvaS5nK2iDJ+wv8aIwvxfhXAUpUme48OsZF7VundT21T9HSLkVD+8CjI31vaW1I7Zik5787tuvU8mXvGEAZWX+DeJyw7DoCnf1jrNr//udKxUsvi9A9TA42v5+N7zrR6LqX3msPNgDro+z+P9N5zxSf/8NXti6GNNn1J9q3l3n7pdCPP7/TPjzs/U9udP55v32Dzr/s+g+6/89m/3c9b/+yHvPqq8v3Pz+/9m5LtmF3r/nn9U/tQO/sL/+bMf9Um0dCb/k3fpnln18Q6tF/s/zv6jH/O+q/Z3X5/y/mnxbbow/1mn91+ZpZtb0c+XnjdP0vP2+c3Mrqn9r2fJ/8v/ZCp/qvsqPG2zF/GGej0s9sv7L9iOZO++r7/40urG//v83CZpu1/D6Mz8QxaUOc7nPI+zvpt/zp/or0P7Ar+/xKwf+b/n9H2xdiXPR7SP3/3r6xfDmvHv/y0/pZj8syDdc6LNvNuq2BUfXeWF3/W4dwcsPz2Fp6HYc+HBmCMjRDY2IV8zX7iSu5/I1GY2NPaBUoNXNKX/5lHyeUnX/Zy79I3v9vvg+f9/+bp+f9/+bpef+/efp0/Ia6pef9/+bLM+//N0+/L/vcvH/gmYL0Dxek7+6c3jxsv79g/j0F6R8pSN/XTD/cNkVKf6Bg/gcL0u9tT9+Spz9UMP/HCtI/XpD+cEH6oy3prX1Ap/RPFMy/2aXnUca1/jDO8ufz/P5hfKTrP91+/zsL0oHR9dPXDhw9+Zuv15ef/59qng9J1/GOxOFaPH76QRzOr3uHluHFtDfj8F+z9GE/3wHjJG8/I/9/f6QgHRhd6T4vv28YQ5WtnUfHuKjdqm77+YyWT8b4UzH+dIwfi/FsjPfH+ECM5wZUPjbG0dd/d+ilysrx/vYsvdf7yfPngdraiQohzPdYnvz8QL/3s+ft+PVrrfmv8nEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA0lSXXhcWZiohXH7jlWNPnzi7f3HM4eYU9aXXyZahWnO+EB6P8USMfxHf3Lrx4unW+HaMK2EuVEKlOT48db2Z090hhAthb7gS6mH35asvvzX35ImLxy/te/vVQ9c2bgkAAADA5vf/AAAA//9LWAnF") syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x400, 0x0, 0x0, 0x0, &(0x7f0000000000)) renameat2(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x2) r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) truncate(&(0x7f0000000080)='./file2\x00', 0x1ffd) 1.159386096s ago: executing program 2 (id=195): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f00000002c0)=0x803, 0x4) syz_emit_ethernet(0x36, &(0x7f00000036c0)={@local, @random="fad1e0487374", @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@end]}}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x1, 0x0, 0x81, 0x0, @val=0x80}}}}}}}, 0x0) setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000003540)=0x5, 0x4) recvmmsg(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003680)=""/43, 0x2b}}], 0x1, 0x2, 0x0) 863.318855ms ago: executing program 2 (id=196): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\v\x00\x00\x00\a'], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x4, &(0x7f0000001800)={{r0}, &(0x7f0000001780)=0x4, 0x0}, 0x20) 791.922292ms ago: executing program 1 (id=197): pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x129c81, 0x0) write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0xff2e) ioctl$TCSETS(r1, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x6, 0x6, 0x1, "42341f9b1000007e4f00"}) r2 = syz_open_pts(r1, 0x80000) splice(r2, 0x0, r0, 0x0, 0x3, 0xb) 571.543674ms ago: executing program 2 (id=198): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e21, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x90}, 0x1c) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x8) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f00000003c0)={r2, 0x0, 0x10, 0x100000000, 0x80000000}, &(0x7f0000000400)=0x18) 472.193994ms ago: executing program 1 (id=199): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000440)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000240), 0x3) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "f7539c4784660740", "c23dcb069d2fcac23d0f11001145753debfbc4f1a3942a0efa49e8340f462803", "74df9eed", "1e25dff4d9ab52fc"}, 0x38) setsockopt$inet6_tcp_int(r0, 0x11a, 0x4, &(0x7f0000000040)=0xfff7fffc, 0x1) 101.869491ms ago: executing program 1 (id=200): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x5, 0x4, 0x4, 0xc, 0x0, 0xffffffffffffffff, 0x6}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000080000000000000008000000811119000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x11, 0xc, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xa6, &(0x7f0000000d80)=""/166, 0x8eb2e000f2c28467, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e29}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x0, 0x5, 0xfffffffffffffff5, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffc9, 0x0, 0x0, 0x10, 0x2}, 0x86) 0s ago: executing program 4 (id=201): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@deltfilter={0x24, 0x2d, 0x200, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0x10}, {0x4, 0xe}, {0x4, 0x9}}}, 0x24}}, 0x14000000) r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0xb4}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.214' (ED25519) to the list of known hosts. [ 82.341712][ T5777] cgroup: Unknown subsys name 'net' [ 82.456355][ T5777] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.163722][ T5777] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.883907][ T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.894651][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.903268][ T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.912077][ T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.922641][ T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.924860][ T5797] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.938477][ T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.957459][ T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.965570][ T5797] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.978598][ T5797] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.989438][ T5803] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.996939][ T5805] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.004489][ T5105] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.008145][ T5805] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.021849][ T5805] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.029780][ T5805] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.039266][ T5805] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.055458][ T5793] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.067053][ T5793] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.075771][ T5805] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.088705][ T5793] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 86.095919][ T5793] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 86.103556][ T5793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.113993][ T5802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.673130][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 86.693052][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 86.745258][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 86.843773][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 86.950044][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.958594][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.965944][ T5790] bridge_slave_0: entered allmulticast mode [ 86.973751][ T5790] bridge_slave_0: entered promiscuous mode [ 87.001994][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.009358][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.016555][ T5789] bridge_slave_0: entered allmulticast mode [ 87.025348][ T5789] bridge_slave_0: entered promiscuous mode [ 87.069966][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.077595][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.084804][ T5790] bridge_slave_1: entered allmulticast mode [ 87.092366][ T5790] bridge_slave_1: entered promiscuous mode [ 87.100129][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.107436][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.114632][ T5789] bridge_slave_1: entered allmulticast mode [ 87.122606][ T5789] bridge_slave_1: entered promiscuous mode [ 87.148058][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.155228][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.162955][ T5788] bridge_slave_0: entered allmulticast mode [ 87.170682][ T5788] bridge_slave_0: entered promiscuous mode [ 87.232637][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.240003][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.250114][ T5794] bridge_slave_0: entered allmulticast mode [ 87.257798][ T5794] bridge_slave_0: entered promiscuous mode [ 87.265236][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.272886][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.280344][ T5788] bridge_slave_1: entered allmulticast mode [ 87.287639][ T5788] bridge_slave_1: entered promiscuous mode [ 87.309409][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.322555][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.332005][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.341028][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.348372][ T5794] bridge_slave_1: entered allmulticast mode [ 87.355429][ T5794] bridge_slave_1: entered promiscuous mode [ 87.388556][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.401991][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.438810][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.451668][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.533128][ T5790] team0: Port device team_slave_0 added [ 87.542941][ T5789] team0: Port device team_slave_0 added [ 87.551757][ T5789] team0: Port device team_slave_1 added [ 87.561077][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.575182][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.598194][ T5790] team0: Port device team_slave_1 added [ 87.608429][ T5788] team0: Port device team_slave_0 added [ 87.668603][ T5788] team0: Port device team_slave_1 added [ 87.690795][ T5794] team0: Port device team_slave_0 added [ 87.699188][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.706214][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.733538][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.786647][ T5794] team0: Port device team_slave_1 added [ 87.793480][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.800578][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.828733][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.848142][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.855146][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.882032][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.894110][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.901627][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.928146][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.941383][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.948483][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.974490][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.014932][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.022023][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.049161][ T5802] Bluetooth: hci1: command tx timeout [ 88.054654][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.086374][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.093775][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.119871][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.133193][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.140265][ T5802] Bluetooth: hci0: command tx timeout [ 88.145849][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.172184][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.207757][ T5802] Bluetooth: hci2: command tx timeout [ 88.207778][ T5799] Bluetooth: hci3: command tx timeout [ 88.248761][ T5789] hsr_slave_0: entered promiscuous mode [ 88.255945][ T5789] hsr_slave_1: entered promiscuous mode [ 88.294945][ T5790] hsr_slave_0: entered promiscuous mode [ 88.301835][ T5790] hsr_slave_1: entered promiscuous mode [ 88.309425][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.317650][ T5790] Cannot create hsr debugfs directory [ 88.328063][ T5788] hsr_slave_0: entered promiscuous mode [ 88.334869][ T5788] hsr_slave_1: entered promiscuous mode [ 88.343307][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.350986][ T5788] Cannot create hsr debugfs directory [ 88.416812][ T5794] hsr_slave_0: entered promiscuous mode [ 88.424180][ T5794] hsr_slave_1: entered promiscuous mode [ 88.430732][ T5794] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.439893][ T5794] Cannot create hsr debugfs directory [ 88.887767][ T5790] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.901435][ T5790] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.917317][ T5790] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.928819][ T5790] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.994505][ T5789] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.006664][ T5789] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.033837][ T5789] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.044920][ T5789] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.122525][ T5788] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.132979][ T5788] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.145107][ T5788] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.171601][ T5788] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.261507][ T5794] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.274317][ T5794] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.285378][ T5794] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.302181][ T5794] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.427837][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.472655][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.498517][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.524292][ T2937] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.531799][ T2937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.580918][ T2907] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.588150][ T2907] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.609850][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.634902][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.651885][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.659093][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.682331][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.711599][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.718924][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.745554][ T5794] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.762960][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.803345][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.810576][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.825906][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.833426][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.857685][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.865015][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.882230][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.889465][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.024139][ T5789] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.141327][ T5802] Bluetooth: hci1: command tx timeout [ 90.209416][ T5802] Bluetooth: hci0: command tx timeout [ 90.287878][ T5802] Bluetooth: hci3: command tx timeout [ 90.293567][ T5802] Bluetooth: hci2: command tx timeout [ 90.338634][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.491989][ T5790] veth0_vlan: entered promiscuous mode [ 90.553015][ T5790] veth1_vlan: entered promiscuous mode [ 90.622664][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.635966][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.656190][ T5790] veth0_macvtap: entered promiscuous mode [ 90.690333][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.704416][ T5790] veth1_macvtap: entered promiscuous mode [ 90.750818][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.779092][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.811675][ T5790] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.821226][ T5790] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.830222][ T5790] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.841679][ T5790] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.880634][ T5789] veth0_vlan: entered promiscuous mode [ 90.919321][ T5794] veth0_vlan: entered promiscuous mode [ 90.934811][ T5794] veth1_vlan: entered promiscuous mode [ 90.955163][ T5788] veth0_vlan: entered promiscuous mode [ 90.985650][ T5789] veth1_vlan: entered promiscuous mode [ 91.028509][ T5788] veth1_vlan: entered promiscuous mode [ 91.080860][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.090322][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.125404][ T5794] veth0_macvtap: entered promiscuous mode [ 91.145773][ T5794] veth1_macvtap: entered promiscuous mode [ 91.169694][ T2907] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.188233][ T2907] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.199799][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.212179][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.229279][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.238855][ T5789] veth0_macvtap: entered promiscuous mode [ 91.263585][ T5788] veth0_macvtap: entered promiscuous mode [ 91.282914][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.299859][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.313106][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.329471][ T5789] veth1_macvtap: entered promiscuous mode [ 91.346988][ T5788] veth1_macvtap: entered promiscuous mode [ 91.406737][ T5794] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.426878][ T5794] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.442129][ T5794] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.453515][ T5794] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.470146][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.482009][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.493008][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.503974][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.516260][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.540041][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.556053][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.579586][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.590433][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.602583][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.624520][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.633824][ T5882] syz.2.5[5882]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 91.636412][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.660361][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.673571][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.686469][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.705164][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.723514][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.749955][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.761075][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.780703][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.793916][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.806443][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.828191][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.845335][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.862841][ T5788] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.872185][ T5788] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.885942][ T5788] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.896265][ T5788] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.919243][ T5789] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.933112][ T5789] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.946783][ T5789] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.960549][ T5789] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.134792][ T5882] loop2: detected capacity change from 0 to 32768 [ 92.158237][ T5882] XFS: noikeep mount option is deprecated. [ 92.207331][ T5802] Bluetooth: hci1: command tx timeout [ 92.219832][ T969] cfg80211: failed to load regulatory.db [ 92.226079][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.238569][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.288139][ T5802] Bluetooth: hci0: command tx timeout [ 92.304746][ T5882] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 92.314989][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.340083][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.368395][ T5799] Bluetooth: hci3: command tx timeout [ 92.374313][ T5802] Bluetooth: hci2: command tx timeout [ 92.407728][ T2907] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.417232][ T2907] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.449290][ T5882] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 92.465577][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.475788][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.518451][ T5882] XFS (loop2): Starting recovery (logdev: internal) [ 92.556191][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.577308][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.616170][ T2907] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.625798][ T2907] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.689756][ T5882] XFS (loop2): Ending recovery (logdev: internal) [ 92.930340][ T5882] XFS (loop2): User initiated shutdown received. [ 92.969078][ T5882] XFS (loop2): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:501). Shutting down filesystem. [ 93.034482][ T5882] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 93.085885][ T5903] syz.0.6 uses obsolete (PF_INET,SOCK_PACKET) [ 93.104963][ T5790] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 93.111228][ T5905] IPVS: sync thread started: state = BACKUP, mcast_ifn = wg2, syncid = 1, id = 0 [ 93.819168][ T5915] loop1: detected capacity change from 0 to 512 [ 93.848692][ T5915] EXT4-fs: Ignoring removed bh option [ 93.922996][ T5915] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.955288][ T5915] ext4 filesystem being mounted at /2/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 94.078342][ T5922] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 94.222641][ T5911] loop3: detected capacity change from 0 to 32768 [ 94.272176][ T5911] [ 94.272176][ T5911] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.272176][ T5911] [ 94.292292][ T5802] Bluetooth: hci1: command tx timeout [ 94.363517][ T5911] read_mapping_page failed! [ 94.377826][ T5802] Bluetooth: hci0: command tx timeout [ 94.396903][ T5911] ERROR: (device loop3): txCommit: [ 94.396903][ T5911] [ 94.423318][ T5926] read_mapping_page failed! [ 94.428178][ T5926] ERROR: (device loop3): txCommit: [ 94.428178][ T5926] [ 94.430247][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.448526][ T5802] Bluetooth: hci2: command tx timeout [ 94.454062][ T5802] Bluetooth: hci3: command tx timeout [ 94.610344][ T36] read_mapping_page failed! [ 94.615160][ T36] ERROR: (device loop3): txCommit: [ 94.615160][ T36] [ 94.635899][ T36] jfs_write_inode: jfs_commit_inode failed! [ 94.658922][ T5788] [ 94.658922][ T5788] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.658922][ T5788] [ 94.686483][ T5788] [ 94.686483][ T5788] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.686483][ T5788] [ 94.841219][ T5932] netlink: 44 bytes leftover after parsing attributes in process `syz.1.18'. [ 94.866179][ T5932] netem: incorrect gi model size [ 94.891079][ T5932] netem: change failed [ 95.347954][ T5946] netlink: 'syz.1.22': attribute type 5 has an invalid length. [ 95.366060][ T5946] Zero length message leads to an empty skb [ 96.340051][ T5964] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 96.468505][ T5969] loop0: detected capacity change from 0 to 65 [ 96.491742][ T5969] BFS-fs: bfs_fill_super(): NOTE: filesystem loop0 was created with 512 inodes, the real maximum is 511, mounting anyway [ 96.543480][ T5848] libceph: connect (1)[c::]:6789 error -101 [ 96.547357][ T23] libceph: connect (1)[c::]:6789 error -101 [ 96.553126][ T5848] libceph: mon0 (1)[c::]:6789 connect error [ 96.574891][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 96.603569][ T5976] loop1: detected capacity change from 0 to 1024 [ 96.618794][ T5976] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 96.634651][ T5976] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 96.654315][ T5976] EXT4-fs (loop1): orphan cleanup on readonly fs [ 96.662801][ T5976] EXT4-fs error (device loop1): ext4_free_blocks:6676: comm syz.1.34: Freeing blocks not in datazone - block = 0, count = 4096 [ 96.681392][ T5976] EXT4-fs (loop1): 1 orphan inode deleted [ 96.689829][ T5969] loop0: detected capacity change from 65 to 0 [ 96.694647][ T5976] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 96.708005][ C1] I/O error, dev loop0, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 96.722497][ T5978] syz.0.33: attempt to access beyond end of device [ 96.722497][ T5978] loop0: rw=0, sector=2, nr_sectors = 1 limit=0 [ 96.739718][ T5978] syz.0.33: attempt to access beyond end of device [ 96.739718][ T5978] loop0: rw=0, sector=3, nr_sectors = 1 limit=0 [ 96.759524][ T5978] syz.0.33: attempt to access beyond end of device [ 96.759524][ T5978] loop0: rw=0, sector=4, nr_sectors = 1 limit=0 [ 96.775972][ T5978] syz.0.33: attempt to access beyond end of device [ 96.775972][ T5978] loop0: rw=0, sector=5, nr_sectors = 1 limit=0 [ 96.797788][ T5978] syz.0.33: attempt to access beyond end of device [ 96.797788][ T5978] loop0: rw=0, sector=6, nr_sectors = 1 limit=0 [ 96.818904][ T8] libceph: connect (1)[c::]:6789 error -101 [ 96.824830][ T5978] syz.0.33: attempt to access beyond end of device [ 96.824830][ T5978] loop0: rw=0, sector=7, nr_sectors = 1 limit=0 [ 96.840325][ T5978] syz.0.33: attempt to access beyond end of device [ 96.840325][ T5978] loop0: rw=0, sector=8, nr_sectors = 1 limit=0 [ 96.855280][ T5792] libceph: connect (1)[c::]:6789 error -101 [ 96.855522][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 96.872848][ T5792] libceph: mon0 (1)[c::]:6789 connect error [ 96.883645][ T5978] syz.0.33: attempt to access beyond end of device [ 96.883645][ T5978] loop0: rw=0, sector=9, nr_sectors = 1 limit=0 [ 96.902051][ T5978] syz.0.33: attempt to access beyond end of device [ 96.902051][ T5978] loop0: rw=0, sector=10, nr_sectors = 1 limit=0 [ 96.915586][ T5978] syz.0.33: attempt to access beyond end of device [ 96.915586][ T5978] loop0: rw=0, sector=11, nr_sectors = 1 limit=0 [ 96.955819][ T5978] BFS-fs: find_inode(): Unable to read inode loop0:00000002 [ 96.961123][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.045339][ T5981] capability: warning: `syz.2.35' uses deprecated v2 capabilities in a way that may be insecure [ 97.119883][ T36] BFS-fs: find_inode(): Unable to read inode loop0:00000001 [ 97.136067][ T36] BFS-fs: find_inode(): Unable to read inode loop0:00000000 [ 97.251386][ T5986] loop1: detected capacity change from 0 to 1024 [ 97.271582][ T5986] EXT4-fs: Ignoring removed bh option [ 97.339091][ T5968] ceph: No mds server is up or the cluster is laggy [ 97.347964][ T5972] ceph: No mds server is up or the cluster is laggy [ 97.366283][ T5986] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 97.380565][ T8] libceph: connect (1)[c::]:6789 error -101 [ 97.387815][ T5861] libceph: connect (1)[c::]:6789 error -101 [ 97.392129][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 97.408193][ T5861] libceph: mon0 (1)[c::]:6789 connect error [ 97.514186][ T23] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 97.555404][ T5990] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.39: corrupted in-inode xattr: e_value out of bounds [ 97.664257][ T2907] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.724649][ T23] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 97.724785][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 97.757314][ T23] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 97.823772][ T23] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 97.859172][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.866568][ T2907] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.867323][ T23] usb 3-1: Product: syz [ 97.915485][ T23] usb 3-1: Manufacturer: syz [ 97.927253][ T23] usb 3-1: SerialNumber: syz [ 97.962563][ T5984] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 98.031934][ T2907] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.185658][ T2907] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.266630][ T5992] loop3: detected capacity change from 0 to 32768 [ 98.313945][ T5992] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.41 (5992) [ 98.411982][ T5992] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 98.471982][ T5992] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 98.528948][ T5992] BTRFS info (device loop3): using free space tree [ 98.839777][ T5992] BTRFS info (device loop3): enabling ssd optimizations [ 98.869376][ T5992] BTRFS info (device loop3): auto enabling async discard [ 99.054189][ T23] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 99.077339][ T23] cdc_ncm 3-1:1.0: dwNtbInMaxSize=8 is too small. Using 2048 [ 99.111434][ T23] cdc_ncm 3-1:1.0: setting rx_max = 2048 [ 99.158142][ T5799] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 99.174888][ T5799] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 99.187549][ T5799] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 99.212219][ T5799] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 99.239453][ T5799] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 99.247180][ T5799] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 99.256198][ T23] cdc_ncm 3-1:1.0: setting tx_max = 48 [ 99.348553][ T5788] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 99.392516][ T23] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 99.510795][ T23] usb 3-1: USB disconnect, device number 2 [ 99.529964][ T23] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP) [ 99.577192][ T5861] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 99.799220][ T5861] usb 2-1: Using ep0 maxpacket: 8 [ 99.816647][ T5861] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 99.843593][ T5861] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.860784][ T5861] usb 2-1: Product: syz [ 99.878646][ T5861] usb 2-1: Manufacturer: syz [ 99.883352][ T5861] usb 2-1: SerialNumber: syz [ 99.899227][ T5861] usb 2-1: config 0 descriptor?? [ 100.154749][ T5861] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 100.256791][ T6038] A link change request failed with some changes committed already. Interface veth0_macvtap may have been left with an inconsistent configuration, please check. [ 100.561147][ T6018] chnl_net:caif_netlink_parms(): no params data found [ 101.182832][ T5861] gspca_sunplus: reg_w_riv err -71 [ 101.189489][ T5861] sunplus: probe of 2-1:0.0 failed with error -71 [ 101.207486][ T5861] usb 2-1: USB disconnect, device number 2 [ 101.250993][ T6018] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.277298][ T6018] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.284621][ T6018] bridge_slave_0: entered allmulticast mode [ 101.310010][ T6018] bridge_slave_0: entered promiscuous mode [ 101.327343][ T5799] Bluetooth: hci3: command tx timeout [ 101.399540][ T6018] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.406807][ T6018] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.422068][ T6018] bridge_slave_1: entered allmulticast mode [ 101.430608][ T6018] bridge_slave_1: entered promiscuous mode [ 101.463112][ T2907] hsr_slave_0: left promiscuous mode [ 101.501983][ T2907] hsr_slave_1: left promiscuous mode [ 101.511416][ T2907] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 101.529207][ T2907] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 101.545978][ T2907] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 101.556092][ T2907] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 101.557415][ T5802] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 101.575499][ T5802] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 101.576868][ T2907] bridge_slave_1: left allmulticast mode [ 101.593531][ T5802] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 101.601157][ T2907] bridge_slave_1: left promiscuous mode [ 101.608193][ T2907] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.625006][ T5802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 101.635405][ T2907] bridge_slave_0: left allmulticast mode [ 101.647619][ T5802] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 101.654941][ T2907] bridge_slave_0: left promiscuous mode [ 101.661043][ T5802] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 101.682847][ T6058] loop2: detected capacity change from 0 to 8192 [ 101.698562][ T6058] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 101.708686][ T2907] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.722605][ T6058] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 101.774198][ T6058] REISERFS (device loop2): using ordered data mode [ 101.781323][ T6058] reiserfs: using flush barriers [ 101.792068][ T6058] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 101.816527][ T6058] REISERFS (device loop2): checking transaction log (loop2) [ 101.824875][ T2907] veth1_macvtap: left promiscuous mode [ 101.835575][ T2907] veth0_macvtap: left promiscuous mode [ 101.868217][ T2907] veth1_vlan: left promiscuous mode [ 101.874645][ T2907] veth0_vlan: left promiscuous mode [ 101.913505][ T6058] REISERFS (device loop2): Using r5 hash to sort names [ 101.924271][ T6058] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 102.041572][ T6066] loop1: detected capacity change from 0 to 2048 [ 102.135859][ T6066] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.414693][ T2937] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 102.497488][ T2937] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 33 with error 28 [ 102.527456][ T2937] EXT4-fs (loop1): This should not happen!! Data will be lost [ 102.527456][ T2937] [ 102.547152][ T2937] EXT4-fs (loop1): Total free blocks count 0 [ 102.557435][ T2937] EXT4-fs (loop1): Free/Dirty block details [ 102.566663][ T2937] EXT4-fs (loop1): free_blocks=2415919504 [ 102.572927][ T2937] EXT4-fs (loop1): dirty_blocks=48 [ 102.578396][ T2937] EXT4-fs (loop1): Block reservation details [ 102.584512][ T2937] EXT4-fs (loop1): i_reserved_data_blocks=3 [ 102.599876][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.042241][ T6077] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 103.220851][ T6071] loop2: detected capacity change from 0 to 32768 [ 103.288882][ T6071] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 103.335308][ T2907] team0 (unregistering): Port device team_slave_1 removed [ 103.366229][ T6071] XFS (loop2): Ending clean mount [ 103.391825][ T6071] XFS (loop2): Quotacheck needed: Please wait. [ 103.407505][ T5802] Bluetooth: hci3: command tx timeout [ 103.434123][ T2907] team0 (unregistering): Port device team_slave_0 removed [ 103.454752][ T787] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 103.492388][ T2907] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 103.522250][ T6071] XFS (loop2): Quotacheck: Done. [ 103.598993][ T2907] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 103.650812][ T787] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 103.675391][ T787] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 103.689574][ T787] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 103.712416][ T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.732911][ T5802] Bluetooth: hci0: command tx timeout [ 103.753304][ T787] usb 2-1: config 0 descriptor?? [ 103.781624][ T5790] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 103.996819][ T8] usb 2-1: USB disconnect, device number 3 [ 104.261904][ T787] kernel write not supported for file bpf-prog (pid: 787 comm: kworker/1:2) [ 104.364988][ T2907] bond0 (unregistering): Released all slaves [ 104.566403][ T6018] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.594491][ T6018] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.654403][ T6018] team0: Port device team_slave_0 added [ 104.666017][ T6018] team0: Port device team_slave_1 added [ 104.909853][ T6018] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.925843][ T6018] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.995387][ T6018] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.041506][ T6018] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.065518][ T6018] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.104259][ T6018] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.143663][ T6103] process 'syz.2.61' launched './file0' with NULL argv: empty string added [ 105.169950][ T6102] netlink: 'syz.1.60': attribute type 4 has an invalid length. [ 105.376032][ T6098] netlink: 'syz.1.60': attribute type 4 has an invalid length. [ 105.490818][ T5802] Bluetooth: hci3: command tx timeout [ 105.508926][ T6018] hsr_slave_0: entered promiscuous mode [ 105.532795][ T6018] hsr_slave_1: entered promiscuous mode [ 105.540377][ T6018] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.554703][ T6018] Cannot create hsr debugfs directory [ 105.773313][ T27] audit: type=1326 audit(1760370064.889:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d2318eec9 code=0x7ffc0000 [ 105.809301][ T5802] Bluetooth: hci0: command tx timeout [ 105.867677][ T27] audit: type=1326 audit(1760370064.909:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f7d2318eec9 code=0x7ffc0000 [ 106.015076][ T27] audit: type=1326 audit(1760370064.909:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d2318eec9 code=0x7ffc0000 [ 106.152814][ T27] audit: type=1326 audit(1760370064.909:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d2318eec9 code=0x7ffc0000 [ 106.297283][ T27] audit: type=1326 audit(1760370064.909:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7d2318eec9 code=0x7ffc0000 [ 106.432565][ T27] audit: type=1326 audit(1760370064.919:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d2318eec9 code=0x7ffc0000 [ 106.567274][ T27] audit: type=1326 audit(1760370064.919:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d2318eec9 code=0x7ffc0000 [ 106.692562][ T27] audit: type=1326 audit(1760370064.929:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f7d2318eec9 code=0x7ffc0000 [ 106.807086][ C1] sched: RT throttling activated [ 106.808514][ T27] audit: type=1326 audit(1760370064.929:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d2318eec9 code=0x7ffc0000 [ 106.834870][ T2907] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.911649][ T6060] chnl_net:caif_netlink_parms(): no params data found [ 106.970927][ T27] audit: type=1326 audit(1760370064.929:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d2318eec9 code=0x7ffc0000 [ 107.094832][ T6124] loop2: detected capacity change from 0 to 131072 [ 107.153409][ T6124] F2FS-fs (loop2): invalid crc value [ 107.173458][ T2907] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.214109][ T6124] F2FS-fs (loop2): Found nat_bits in checkpoint [ 107.270775][ T6124] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 107.516119][ T2907] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.570429][ T5802] Bluetooth: hci3: command tx timeout [ 107.818968][ T2907] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.888115][ T5802] Bluetooth: hci0: command tx timeout [ 107.965716][ T6018] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 108.029294][ T6060] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.036496][ T6060] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.066602][ T6060] bridge_slave_0: entered allmulticast mode [ 108.089705][ T6060] bridge_slave_0: entered promiscuous mode [ 108.098883][ T6134] loop1: detected capacity change from 0 to 32768 [ 108.108207][ T6018] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 108.109860][ T6134] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.68 (6134) [ 108.144980][ T6018] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 108.163547][ T6060] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.188373][ T6060] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.195705][ T6060] bridge_slave_1: entered allmulticast mode [ 108.203006][ T6134] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 108.214019][ T6134] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 108.225344][ T6060] bridge_slave_1: entered promiscuous mode [ 108.233104][ T6134] BTRFS info (device loop1): enabling auto defrag [ 108.248338][ T6134] BTRFS info (device loop1): turning on sync discard [ 108.277616][ T6134] BTRFS info (device loop1): force zlib compression, level 3 [ 108.294077][ T6018] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 108.315556][ T6134] BTRFS info (device loop1): force clearing of disk cache [ 108.347733][ T6134] BTRFS info (device loop1): max_inline at 0 [ 108.353889][ T6134] BTRFS info (device loop1): disabling free space tree [ 108.507463][ T6060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.552884][ T6134] BTRFS info (device loop1): enabling ssd optimizations [ 108.599085][ T6060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 108.620133][ T6134] BTRFS info (device loop1): rebuilding free space tree [ 108.758976][ T6134] BTRFS info (device loop1): disabling free space tree [ 108.796108][ T6060] team0: Port device team_slave_0 added [ 108.802709][ T6134] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 108.813039][ T6060] team0: Port device team_slave_1 added [ 108.843232][ T6134] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 108.983956][ T6060] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.996862][ T6060] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.069979][ T6060] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.240564][ T6060] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.257362][ T6060] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.333953][ T6060] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.517545][ T6182] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 109.546329][ T5789] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 109.584786][ T6182] netlink: 'syz.2.69': attribute type 1 has an invalid length. [ 109.609824][ T6182] netlink: 260 bytes leftover after parsing attributes in process `syz.2.69'. [ 109.628947][ T6182] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.771853][ T6060] hsr_slave_0: entered promiscuous mode [ 109.830776][ T6060] hsr_slave_1: entered promiscuous mode [ 109.865162][ T6060] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.892050][ T6060] Cannot create hsr debugfs directory [ 109.968818][ T5802] Bluetooth: hci0: command tx timeout [ 110.525822][ T6018] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.705788][ T6018] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.719700][ T2907] IPVS: stopping backup sync thread 5905 ... [ 110.756121][ T6060] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 110.809914][ T6060] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 110.848594][ T2926] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.855839][ T2926] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.889581][ T2926] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.896828][ T2926] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.931415][ T6191] loop2: detected capacity change from 0 to 40427 [ 111.038234][ T6191] F2FS-fs (loop2): invalid crc value [ 111.077158][ T6191] F2FS-fs (loop2): Found nat_bits in checkpoint [ 111.118755][ T6060] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 111.164442][ T6060] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 111.298907][ T6191] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 111.393968][ T6221] loop1: detected capacity change from 0 to 64 [ 111.763110][ T2907] hsr_slave_0: left promiscuous mode [ 111.789602][ T5790] bio_check_eod: 123 callbacks suppressed [ 111.789619][ T5790] syz-executor: attempt to access beyond end of device [ 111.789619][ T5790] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 111.795790][ T6229] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 111.821658][ T2907] hsr_slave_1: left promiscuous mode [ 111.842163][ T2907] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 111.872944][ T2907] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 111.888013][ T5790] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 111.900480][ T2907] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 111.912152][ T2907] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 111.949033][ T2907] bridge_slave_1: left allmulticast mode [ 111.986687][ T2907] bridge_slave_1: left promiscuous mode [ 112.008901][ T2907] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.022362][ T2907] bridge_slave_0: left allmulticast mode [ 112.035915][ T2907] bridge_slave_0: left promiscuous mode [ 112.044218][ T2907] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.102959][ T2907] veth1_macvtap: left promiscuous mode [ 112.108820][ T2907] veth0_macvtap: left promiscuous mode [ 112.116716][ T2907] veth1_vlan: left promiscuous mode [ 112.150386][ T2907] veth0_vlan: left promiscuous mode [ 112.307262][ T1187] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 112.497432][ T1187] usb 2-1: Using ep0 maxpacket: 32 [ 112.506514][ T1187] usb 2-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.526621][ T1187] usb 2-1: config 0 interface 0 altsetting 7 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.546505][ T1187] usb 2-1: config 0 interface 0 has no altsetting 0 [ 112.553574][ T1187] usb 2-1: New USB device found, idVendor=056a, idProduct=00b0, bcdDevice= 0.00 [ 112.569506][ T1187] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.595224][ T1187] usb 2-1: config 0 descriptor?? [ 113.056416][ T1187] wacom 0003:056A:00B0.0001: Unknown device_type for 'HID 056a:00b0'. Assuming pen. [ 113.103371][ T1187] wacom 0003:056A:00B0.0001: hidraw0: USB HID vf1.82 Device [HID 056a:00b0] on usb-dummy_hcd.1-1/input0 [ 113.153380][ T1187] input: Wacom Intuos3 4x5 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:00B0.0001/input/input5 [ 113.384022][ T2907] team0 (unregistering): Port device team_slave_1 removed [ 113.402041][ T1187] usb 2-1: USB disconnect, device number 4 [ 113.496104][ T2907] team0 (unregistering): Port device team_slave_0 removed [ 113.648943][ T2907] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 113.700064][ T2907] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 114.204526][ T6250] loop1: detected capacity change from 0 to 8192 [ 114.242956][ T6250] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 114.266976][ T6250] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 114.279095][ T6250] REISERFS (device loop1): using ordered data mode [ 114.285692][ T6250] reiserfs: using flush barriers [ 114.292987][ T6250] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 114.310067][ T6250] REISERFS (device loop1): checking transaction log (loop1) [ 114.480806][ T2907] bond0 (unregistering): Released all slaves [ 114.510876][ T6250] REISERFS (device loop1): Using tea hash to sort names [ 114.519487][ T6250] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 114.590339][ T6250] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 114.657291][ T6248] netlink: 8 bytes leftover after parsing attributes in process `syz.2.81'. [ 114.931836][ T6060] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.066501][ T6060] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.103946][ T2937] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.111197][ T2937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.191570][ T2937] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.198899][ T2937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.240165][ T6260] loop1: detected capacity change from 0 to 47 [ 115.266253][ T6260] ======================================================= [ 115.266253][ T6260] WARNING: The mand mount option has been deprecated and [ 115.266253][ T6260] and is ignored by this kernel. Remove the mand [ 115.266253][ T6260] option from the mount to silence this warning. [ 115.266253][ T6260] ======================================================= [ 115.345506][ T6018] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.795115][ T6255] loop2: detected capacity change from 0 to 512 [ 115.965814][ T6255] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.83: invalid indirect mapped block 10 (level 1) [ 116.020502][ T6255] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.83: invalid indirect mapped block 8 (level 1) [ 116.074332][ T6255] EXT4-fs (loop2): 1 truncate cleaned up [ 116.081873][ T6255] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.135457][ T6060] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.355418][ T6018] veth0_vlan: entered promiscuous mode [ 116.396278][ T6018] veth1_vlan: entered promiscuous mode [ 116.506523][ T6018] veth0_macvtap: entered promiscuous mode [ 116.548587][ T6018] veth1_macvtap: entered promiscuous mode [ 116.590855][ T6018] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 116.597846][ T5848] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 116.606146][ T6018] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.630881][ T5790] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.633982][ T6018] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 116.650832][ T6018] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.669118][ T6018] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.715071][ T6018] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.757114][ T6018] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.767016][ T6018] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.786252][ T6018] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.800108][ T6018] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.812537][ T5848] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.833263][ T6018] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.851934][ T5848] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 116.862653][ T6018] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.871984][ T5848] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.885655][ T6018] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.897805][ T5848] usb 2-1: config 0 descriptor?? [ 116.903067][ T6018] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.133598][ T6060] veth0_vlan: entered promiscuous mode [ 117.171271][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.198917][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.228289][ T6060] veth1_vlan: entered promiscuous mode [ 117.297851][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.317788][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.352071][ T6060] veth0_macvtap: entered promiscuous mode [ 117.378045][ T5848] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 117.385280][ T5848] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 117.393818][ T6060] veth1_macvtap: entered promiscuous mode [ 117.441798][ T5848] kovaplus 0003:1E7D:2D50.0002: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.1-1/input0 [ 117.519035][ T6060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.544348][ T6060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.587999][ T6060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.627602][ T6060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.647914][ T6060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.658066][ T5848] usb 2-1: USB disconnect, device number 5 [ 117.685674][ T6060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.714433][ T6307] fido_id[6307]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 117.734159][ T6060] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.781897][ T6060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.843184][ T6060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.896407][ T6060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.937147][ T6060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.967932][ T6060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.990621][ T6060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.009594][ T6060] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.072449][ T6060] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.097220][ T6060] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.106000][ T6060] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.147249][ T6060] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.245223][ T6328] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 118.548430][ T746] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.556648][ T746] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.649315][ T6333] loop4: detected capacity change from 0 to 1024 [ 118.704537][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.713556][ T6333] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 118.729298][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.802344][ T6333] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 118.835792][ T6333] EXT4-fs (loop4): orphan cleanup on readonly fs [ 118.842702][ T6333] EXT4-fs error (device loop4): ext4_free_blocks:6676: comm syz.4.95: Freeing blocks not in datazone - block = 0, count = 4096 [ 118.866683][ T6333] EXT4-fs (loop4): 1 orphan inode deleted [ 118.876277][ T6333] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 118.944727][ T6018] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.217335][ T787] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 120.428948][ T787] usb 3-1: Using ep0 maxpacket: 8 [ 120.447407][ T787] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 120.456570][ T787] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.497742][ T787] usb 3-1: Product: syz [ 120.502042][ T787] usb 3-1: Manufacturer: syz [ 120.506683][ T787] usb 3-1: SerialNumber: syz [ 120.560001][ T787] usb 3-1: config 0 descriptor?? [ 120.581334][ T787] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 121.225279][ T6419] loop5: detected capacity change from 0 to 8192 [ 121.286548][ T6419] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 121.341148][ T6419] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal [ 121.364013][ T6419] REISERFS (device loop5): using ordered data mode [ 121.388154][ T6419] reiserfs: using flush barriers [ 121.447534][ T6419] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 121.529778][ T6419] REISERFS (device loop5): checking transaction log (loop5) [ 121.565325][ T5160] udevd[5160]: worker [5798] terminated by signal 33 (Unknown signal 33) [ 121.585361][ T5160] udevd[5160]: worker [5798] failed while handling '/devices/virtual/block/loop5' [ 121.597765][ T6419] REISERFS (device loop5): Using r5 hash to sort names [ 121.615215][ T6419] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 121.840148][ T787] gspca_sonixj: reg_w1 err -71 [ 121.907266][ T787] sonixj: probe of 3-1:0.0 failed with error -71 [ 121.938753][ T787] usb 3-1: USB disconnect, device number 3 [ 122.003073][ T27] kauditd_printk_skb: 5 callbacks suppressed [ 122.003088][ T27] audit: type=1326 audit(1760370081.119:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6431 comm="syz.4.125" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f954918eec9 code=0x0 [ 122.385471][ T6441] loop5: detected capacity change from 0 to 256 [ 122.406624][ T6441] FAT-fs (loop5): bogus number of FAT sectors [ 122.445243][ T6441] FAT-fs (loop5): Can't find a valid FAT filesystem [ 122.502887][ T6429] loop1: detected capacity change from 0 to 32768 [ 122.645347][ T6429] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 122.728529][ T6429] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 122.856046][ T27] audit: type=1800 audit(1760370081.969:18): pid=6429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.124" name="file1" dev="loop1" ino=17058 res=0 errno=0 [ 123.289470][ T5789] ocfs2: Unmounting device (7,1) on (node local) [ 123.810737][ T6468] vivid-000: disconnect [ 124.085479][ T6472] loop1: detected capacity change from 0 to 2048 [ 124.173057][ T6472] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 124.200655][ T6464] vivid-000: reconnect [ 124.359299][ T6459] loop4: detected capacity change from 0 to 32768 [ 124.410827][ T6459] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 scanned by syz.4.130 (6459) [ 124.475918][ T6459] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 124.513601][ T6459] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 124.558610][ T6483] netlink: 'syz.2.136': attribute type 5 has an invalid length. [ 124.567126][ T6459] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8) [ 124.576812][ T6459] BTRFS info (device loop4): use lzo compression, level 0 [ 124.596186][ T6459] BTRFS info (device loop4): using free space tree [ 124.601826][ T6483] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 124.612940][ T6483] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 124.621981][ T6483] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 124.630824][ T6483] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 124.705473][ T6483] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 124.715517][ T6483] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 124.724627][ T6483] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 124.733807][ T6483] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 124.798467][ T6459] BTRFS info (device loop4): enabling ssd optimizations [ 124.830453][ T6459] BTRFS info (device loop4): auto enabling async discard [ 125.061890][ T6506] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 125.574233][ T6018] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 126.295797][ T6536] Bluetooth: MGMT ver 1.22 [ 126.666426][ T6546] loop4: detected capacity change from 0 to 1024 [ 126.887693][ T6555] netlink: 8 bytes leftover after parsing attributes in process `syz.1.154'. [ 126.897486][ T6555] netlink: 8 bytes leftover after parsing attributes in process `syz.1.154'. [ 127.066301][ T6546] hfsplus: xattr searching failed [ 127.075504][ T27] audit: type=1800 audit(1760370342.194:19): pid=6546 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.151" name="file1" dev="loop4" ino=3 res=0 errno=0 [ 127.200705][ T2907] hfsplus: b-tree write err: -5, ino 3 [ 127.295921][ T5861] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 127.486296][ T5861] usb 6-1: Using ep0 maxpacket: 8 [ 127.499034][ T6551] loop2: detected capacity change from 0 to 32768 [ 127.509455][ T5861] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 127.526898][ T5861] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 127.536556][ T6551] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.153 (6551) [ 127.542757][ T5861] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 127.564454][ T5861] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 127.583694][ T5861] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 127.601899][ T5861] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 127.607207][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 127.630905][ T6551] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 127.647821][ T5861] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.658716][ T6551] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 127.674973][ T6551] BTRFS info (device loop2): turning on sync discard [ 127.683552][ T6551] BTRFS info (device loop2): enabling disk space caching [ 127.691966][ T6551] BTRFS warning (device loop2): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 127.703744][ T6551] BTRFS info (device loop2): trying to use backup root at mount time [ 127.740688][ T6551] BTRFS info (device loop2): force clearing of disk cache [ 127.752361][ T6551] BTRFS info (device loop2): disk space caching is enabled [ 127.835577][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 127.844394][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.863675][ T9] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 127.869979][ T6551] BTRFS info (device loop2): rebuilding free space tree [ 127.892706][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.913548][ T6551] BTRFS info (device loop2): disabling free space tree [ 127.924285][ T5861] usb 6-1: usb_control_msg returned -32 [ 127.932958][ T6551] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 127.936049][ T5861] usbtmc 6-1:16.0: can't read capabilities [ 127.946705][ T9] usb 5-1: config 0 descriptor?? [ 128.016528][ T6551] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 128.413605][ T9] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 128.431404][ T9] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 128.459928][ T5790] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 128.473342][ T9] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 128.486581][ T9] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 128.493728][ T9] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 128.523682][ T9] mcp2221 0003:04D8:00DD.0003: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 128.768046][ T6602] usbtmc 6-1:16.0: CHECK_CLEAR_STATUS returned 3 [ 128.912489][ T6605] loop1: detected capacity change from 0 to 128 [ 129.001319][ T1187] usb 6-1: USB disconnect, device number 2 [ 129.030076][ T5792] usb 5-1: USB disconnect, device number 2 [ 129.446966][ T6613] netlink: 8 bytes leftover after parsing attributes in process `syz.2.162'. [ 129.485211][ T6613] netlink: 8 bytes leftover after parsing attributes in process `syz.2.162'. [ 129.738586][ T6624] loop2: detected capacity change from 0 to 16 [ 129.798072][ T6624] erofs: (device loop2): mounted with root inode @ nid 36. [ 129.904761][ T6628] loop4: detected capacity change from 0 to 512 [ 130.003114][ T6622] loop5: detected capacity change from 0 to 8192 [ 130.004639][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 130.047713][ T6628] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.061938][ T6622] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 130.214495][ T6628] ext4 filesystem being mounted at /18/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 130.215005][ T6631] rtc_cmos 00:00: Alarms can be up to one day in the future [ 130.232652][ T6622] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal [ 130.263175][ T6622] REISERFS (device loop5): using ordered data mode [ 130.274243][ T6622] reiserfs: using flush barriers [ 130.294798][ T6622] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 130.470300][ T6622] REISERFS (device loop5): checking transaction log (loop5) [ 130.500131][ T6639] loop1: detected capacity change from 0 to 1024 [ 130.525271][ T6639] EXT4-fs: Ignoring removed orlov option [ 130.567558][ T6622] REISERFS (device loop5): Using r5 hash to sort names [ 130.591399][ T6622] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 130.602984][ T6639] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 130.645110][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 130.670352][ T6639] ext4 filesystem being mounted at /60/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.807936][ T5792] rtc_cmos 00:00: Alarms can be up to one day in the future [ 130.825750][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 130.835352][ T6639] EXT4-fs error (device loop1): ext4_map_blocks:718: inode #15: comm syz.1.169: lblock 0 mapped to illegal pblock 0 (length 1) [ 130.860455][ T5792] rtc_cmos 00:00: Alarms can be up to one day in the future [ 130.884977][ T6018] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.904151][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 130.921681][ T5792] rtc_cmos 00:00: Alarms can be up to one day in the future [ 130.927477][ T6639] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 130.944741][ T6639] EXT4-fs (loop1): This should not happen!! Data will be lost [ 130.944741][ T6639] [ 130.960996][ T6644] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #15: comm syz.1.169: lblock 0 mapped to illegal pblock 0 (length 1) [ 130.999597][ T5792] rtc_cmos 00:00: Alarms can be up to one day in the future [ 131.008714][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 131.040550][ T5792] rtc rtc0: __rtc_set_alarm: err=-22 [ 131.330372][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 131.473774][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 131.530128][ T6653] netlink: 8 bytes leftover after parsing attributes in process `syz.4.173'. [ 131.539755][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 132.299596][ T6673] netlink: 12 bytes leftover after parsing attributes in process `syz.2.174'. [ 132.512718][ T6681] loop2: detected capacity change from 0 to 512 [ 132.534000][ T6681] EXT4-fs: inline encryption not supported [ 132.553308][ T6681] EXT4-fs: Ignoring removed nobh option [ 132.585454][ T6681] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 132.623915][ T6681] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 132.635327][ T6681] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.180: Corrupt directory, running e2fsck is recommended [ 132.660787][ T6681] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 132.688890][ T6681] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2244: inode #15: comm syz.2.180: corrupted in-inode xattr: invalid ea_ino [ 132.716096][ T6681] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.180: couldn't read orphan inode 15 (err -117) [ 132.756719][ T6681] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.903139][ T6681] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 132.920664][ T6691] loop5: detected capacity change from 0 to 128 [ 132.938663][ T6681] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 132.975226][ T6681] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.180: Corrupt directory, running e2fsck is recommended [ 132.997196][ T6693] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 132.997475][ T6691] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 133.019990][ T6693] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 133.032276][ T6693] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.180: Corrupt directory, running e2fsck is recommended [ 133.054142][ T6681] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 133.104771][ T6693] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 133.119350][ T6693] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 133.126930][ T6691] ext4 filesystem being mounted at /20/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 133.164582][ T6681] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 133.183019][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.200892][ T1285] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.426225][ T5790] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.458451][ T6060] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 134.191665][ T6723] loop1: detected capacity change from 0 to 1024 [ 134.268814][ T6726] loop4: detected capacity change from 0 to 2048 [ 134.430422][ T27] audit: type=1800 audit(1760370349.548:20): pid=6731 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.193" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 134.506019][ T6737] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 134.714355][ T6737] NILFS (loop4): vblocknr = 18 has abnormal lifetime: start cno (= 504403158265495554) > current cno (= 3) [ 134.769448][ T6737] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=2) [ 134.818359][ T6737] Remounting filesystem read-only [ 134.856886][ T746] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 134.864466][ T6741] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 134.879588][ T746] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [ 134.913714][ T746] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 134.951808][ T746] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 134.960801][ T746] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 134.994091][ T746] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 135.003629][ T746] NILFS (loop4): discard dirty block: blocknr=42, size=1024 [ 135.036751][ T746] NILFS (loop4): discard dirty block: blocknr=43, size=1024 [ 135.057626][ T746] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [ 135.066999][ T746] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 135.110706][ T746] NILFS (loop4): discard dirty page: offset=65536, ino=3 [ 135.130973][ T746] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 135.141116][ T746] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 135.169786][ T746] NILFS (loop4): discard dirty block: blocknr=0, size=1024 [ 135.178830][ T746] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 135.198490][ T746] NILFS (loop4): discard dirty page: offset=0, ino=18 [ 135.206102][ T746] NILFS (loop4): discard dirty block: blocknr=0, size=1024 [ 135.219491][ T746] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 135.229177][ T746] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 135.246112][ T746] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 135.259618][ T746] NILFS (loop4): discard dirty page: offset=0, ino=2 [ 135.273634][ T746] NILFS (loop4): discard dirty block: blocknr=18, size=1024 [ 135.288749][ T746] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 135.328622][ T746] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 135.349584][ T746] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 135.380199][ T6726] NILFS (loop4): mounting fs with errors [ 135.469988][ T6737] ------------[ cut here ]------------ [ 135.476693][ T6737] WARNING: CPU: 0 PID: 6737 at fs/buffer.c:1188 mark_buffer_dirty+0x2bb/0x4d0 [ 135.485865][ T6737] Modules linked in: [ 135.489940][ T6737] CPU: 0 PID: 6737 Comm: segctord Not tainted syzkaller #0 [ 135.497361][ T6737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 135.507975][ T6737] RIP: 0010:mark_buffer_dirty+0x2bb/0x4d0 [ 135.513838][ T6737] Code: 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 cf ac fc ff e8 fa 00 8a ff 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 da 5a e8 ff e8 e5 00 8a ff <0f> 0b e9 84 fd ff ff e8 d9 00 8a ff 0f 0b e9 b0 fd ff ff e8 cd 00 [ 135.533692][ T6737] RSP: 0018:ffffc90003cb76f0 EFLAGS: 00010293 [ 135.540024][ T6737] RAX: ffffffff81fb89eb RBX: ffff88805dfc09f8 RCX: ffff8880272c3c00 [ 135.548303][ T6737] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 135.556462][ T6737] RBP: ffffc90003cb7b01 R08: ffff88805dfc09ff R09: 1ffff1100bbf813f [ 135.565193][ T6737] R10: dffffc0000000000 R11: ffffed100bbf8140 R12: 1ffff1100bbaa829 [ 135.573403][ T6737] R13: ffff88805dd54158 R14: ffff88807d15a328 R15: 1ffff1100bbaa82b [ 135.581947][ T6737] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 135.590947][ T6737] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 135.597644][ T6737] CR2: 00007efc83de7f94 CR3: 000000006bbd4000 CR4: 00000000003506f0 [ 135.605805][ T6737] Call Trace: [ 135.609137][ T6737] [ 135.612184][ T6737] nilfs_segctor_do_construct+0x32c/0x6870 [ 135.618081][ T6737] ? mark_lock+0x94/0x320 [ 135.622528][ T6737] ? verify_lock_unused+0x140/0x140 [ 135.627802][ T6737] ? verify_lock_unused+0x140/0x140 [ 135.633100][ T6737] ? nilfs_transaction_unlock+0x220/0x220 [ 135.638908][ T6737] ? nilfs_bmap_test_and_clear_dirty+0x50/0x70 [ 135.645269][ T6737] ? nilfs_segctor_confirm+0x24d/0x2d0 [ 135.650832][ T6737] ? __lock_acquire+0x7c80/0x7c80 [ 135.655986][ T6737] ? __rwlock_init+0x150/0x150 [ 135.661508][ T6737] ? do_raw_spin_unlock+0x121/0x230 [ 135.666780][ T6737] ? _raw_spin_unlock+0x28/0x40 [ 135.671748][ T6737] ? nilfs_segctor_confirm+0x24d/0x2d0 [ 135.677278][ T6737] nilfs_segctor_construct+0x17b/0x690 [ 135.682863][ T6737] nilfs_segctor_thread+0x4f6/0x1000 [ 135.688300][ T6737] ? nilfs_iput_work_func+0x70/0x70 [ 135.693598][ T6737] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 135.699538][ T6737] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 135.705575][ T6737] ? wake_bit_function+0x200/0x200 [ 135.710736][ T6737] ? __kthread_parkme+0x7a/0x1c0 [ 135.715773][ T6737] kthread+0x2fa/0x390 [ 135.719884][ T6737] ? nilfs_iput_work_func+0x70/0x70 [ 135.727067][ T6737] ? kthread_blkcg+0xd0/0xd0 [ 135.731768][ T6737] ret_from_fork+0x48/0x80 [ 135.736230][ T6737] ? kthread_blkcg+0xd0/0xd0 [ 135.740880][ T6737] ret_from_fork_asm+0x11/0x20 [ 135.745783][ T6737] [ 135.748849][ T6737] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 135.756181][ T6737] CPU: 0 PID: 6737 Comm: segctord Not tainted syzkaller #0 [ 135.763423][ T6737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 135.773515][ T6737] Call Trace: [ 135.776829][ T6737] [ 135.779792][ T6737] dump_stack_lvl+0x16c/0x230 [ 135.784523][ T6737] ? show_regs_print_info+0x20/0x20 [ 135.789770][ T6737] ? load_image+0x3b0/0x3b0 [ 135.794336][ T6737] panic+0x2c0/0x710 [ 135.798290][ T6737] ? bpf_jit_dump+0xd0/0xd0 [ 135.802845][ T6737] ? ret_from_fork_asm+0x11/0x20 [ 135.807826][ T6737] __warn+0x2e0/0x470 [ 135.811839][ T6737] ? mark_buffer_dirty+0x2bb/0x4d0 [ 135.817000][ T6737] ? mark_buffer_dirty+0x2bb/0x4d0 [ 135.822168][ T6737] report_bug+0x2be/0x4f0 [ 135.826559][ T6737] ? mark_buffer_dirty+0x2bb/0x4d0 [ 135.831724][ T6737] ? mark_buffer_dirty+0x2bb/0x4d0 [ 135.836892][ T6737] ? mark_buffer_dirty+0x2bd/0x4d0 [ 135.842060][ T6737] handle_bug+0xcf/0x120 [ 135.846359][ T6737] exc_invalid_op+0x1a/0x50 [ 135.850917][ T6737] asm_exc_invalid_op+0x1a/0x20 [ 135.855815][ T6737] RIP: 0010:mark_buffer_dirty+0x2bb/0x4d0 [ 135.861589][ T6737] Code: 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 cf ac fc ff e8 fa 00 8a ff 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 da 5a e8 ff e8 e5 00 8a ff <0f> 0b e9 84 fd ff ff e8 d9 00 8a ff 0f 0b e9 b0 fd ff ff e8 cd 00 [ 135.881259][ T6737] RSP: 0018:ffffc90003cb76f0 EFLAGS: 00010293 [ 135.887364][ T6737] RAX: ffffffff81fb89eb RBX: ffff88805dfc09f8 RCX: ffff8880272c3c00 [ 135.895357][ T6737] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 135.903342][ T6737] RBP: ffffc90003cb7b01 R08: ffff88805dfc09ff R09: 1ffff1100bbf813f [ 135.911332][ T6737] R10: dffffc0000000000 R11: ffffed100bbf8140 R12: 1ffff1100bbaa829 [ 135.919317][ T6737] R13: ffff88805dd54158 R14: ffff88807d15a328 R15: 1ffff1100bbaa82b [ 135.927331][ T6737] ? mark_buffer_dirty+0x2bb/0x4d0 [ 135.932490][ T6737] nilfs_segctor_do_construct+0x32c/0x6870 [ 135.938331][ T6737] ? mark_lock+0x94/0x320 [ 135.942681][ T6737] ? verify_lock_unused+0x140/0x140 [ 135.947910][ T6737] ? verify_lock_unused+0x140/0x140 [ 135.953138][ T6737] ? nilfs_transaction_unlock+0x220/0x220 [ 135.958883][ T6737] ? nilfs_bmap_test_and_clear_dirty+0x50/0x70 [ 135.965151][ T6737] ? nilfs_segctor_confirm+0x24d/0x2d0 [ 135.970637][ T6737] ? __lock_acquire+0x7c80/0x7c80 [ 135.975682][ T6737] ? __rwlock_init+0x150/0x150 [ 135.980471][ T6737] ? do_raw_spin_unlock+0x121/0x230 [ 135.985708][ T6737] ? _raw_spin_unlock+0x28/0x40 [ 135.990568][ T6737] ? nilfs_segctor_confirm+0x24d/0x2d0 [ 135.996051][ T6737] nilfs_segctor_construct+0x17b/0x690 [ 136.001542][ T6737] nilfs_segctor_thread+0x4f6/0x1000 [ 136.006874][ T6737] ? nilfs_iput_work_func+0x70/0x70 [ 136.012096][ T6737] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 136.018006][ T6737] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 136.023927][ T6737] ? wake_bit_function+0x200/0x200 [ 136.029053][ T6737] ? __kthread_parkme+0x7a/0x1c0 [ 136.034023][ T6737] kthread+0x2fa/0x390 [ 136.038104][ T6737] ? nilfs_iput_work_func+0x70/0x70 [ 136.043329][ T6737] ? kthread_blkcg+0xd0/0xd0 [ 136.047933][ T6737] ret_from_fork+0x48/0x80 [ 136.052367][ T6737] ? kthread_blkcg+0xd0/0xd0 [ 136.056973][ T6737] ret_from_fork_asm+0x11/0x20 [ 136.061768][ T6737] [ 136.065117][ T6737] Kernel Offset: disabled [ 136.069531][ T6737] Rebooting in 86400 seconds..