last executing test programs: 3m11.182778191s ago: executing program 2 (id=106): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0xffffffff, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) recvmmsg(r0, &(0x7f0000006140)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)=""/102, 0x66}], 0x1}, 0x1ff}], 0x1, 0x10002, 0x0) 3m10.719639246s ago: executing program 2 (id=109): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x56e, 0x10c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0xb, {0xb, 0x0, "d0aa674f92f8414874"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 3m8.529683559s ago: executing program 2 (id=122): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0x17}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) 3m8.297631811s ago: executing program 2 (id=124): syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00e611ed6229b237ad2a184a94283e2b34c24caf7280c18475708140abe763dfb52cdb0ba0cdc8c572346d0a832984b36248c4fa844eda0af4b1652605421a7821dcfde12aa77458d811a84538a156b05b0ec3eaf24a90ceb5b7463d9fd38b49d41fbfa868653605702abe43d9c2c30aed4da0b8cc18c6b369f086a965442c1217f19a67a534064b7236a6660000000000"], 0x1, 0x17b, &(0x7f0000000300)="$eJzs28tO4nAUx/FfoVyGuTHDXJLJLGY1mc1QwAR1h49CoBJiUSJuICbqe7hx58PJwp0rMZS2SmWFtEX5fjacHydND4s/nBAQgI3V0B8ZMpSdht/54lnJSHokADGZeI/3EwCbJ32X9AQAkjHek/qSbm5PW0pn/bXgp19M+w2/n8o92x/GF9Iv0+sbeb0L7xdX0l//eqOw8PpC0H+/sP9PRe/+H/RRn/RZRX3RV5W8fju4/scLtyEAADaDoXI4zz2R0n7XsStBzri5qoI5y1k314L+LG8FOefmcuvIaUf4KgAsI6Xy9dMcPv/p0Pk3vfMP4PUbDEcHTcexj2Mq/O8HYr3pagqdr8UYKykyWosxKBYUptZijITfmABEzjrp9a3BcPS/22t27I59WK/V67uVne2q5S7+1vz6D+ANefzQT3oSAAAAAAAAAAAAAACwrG/6nvQIAAAAAGIS2b+IDEmX4pfFAAAAAAAAAAAAAAAAAABE4CEAAP//gNgaag==") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080)) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f0000000c00)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@nfs_export_on}], [], 0x2c}) 3m7.829102351s ago: executing program 2 (id=126): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200000000df00850000008600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3m7.266190298s ago: executing program 2 (id=130): r0 = syz_usb_connect$hid(0x0, 0x90, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x458, 0x5016, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xc0, 0x40, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x9, 0x0, 0x1, {0x22, 0xa0}}, {{{0x9, 0x5, 0x81, 0x3, 0x40}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d2"], 0x0, 0x0, 0x0, 0x0}, 0x0) 3m6.713776958s ago: executing program 32 (id=130): r0 = syz_usb_connect$hid(0x0, 0x90, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x458, 0x5016, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xc0, 0x40, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x9, 0x0, 0x1, {0x22, 0xa0}}, {{{0x9, 0x5, 0x81, 0x3, 0x40}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d2"], 0x0, 0x0, 0x0, 0x0}, 0x0) 2m52.248431435s ago: executing program 1 (id=219): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, 0x0, &(0x7f0000000080)) 2m51.936912159s ago: executing program 1 (id=222): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe1d, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_enter\x00', r0}, 0x10) pipe(&(0x7f00000000c0)) 2m51.629894616s ago: executing program 1 (id=225): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000001d00070f000000000000000007000000", @ANYRES32=r1, @ANYBLOB="0000520006000500010000000800", @ANYRES32=r0], 0x2c}}, 0x0) 2m51.393514904s ago: executing program 1 (id=227): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000002240)='./file0\x00', 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c666c7573682c646d61736b3d30303030303030303030303030303030303137373737372c73686f72746e616d653d77696e39352c636865636b3d7374726963742c73686f72746e616d653d6d697865642c6e6f6e756d7461696c3d302c757466383d312c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c756e695f786c6174653d312c726f6469722c696f636861727365743d757466382c666d61736b3d30303030303030303030303030303030303030303030342c646d61736b3d30303030303030303030303030303030303030303030372c757466383d312c726f6469722c73686f72746e616d653d77696e39352c726f6469722c00743ccfec81d6c7d05b0f2a54ddce151ec4cbbaacb9552647fd950fedfdc024b3953e7669bc9d4f66e3beaecb80fe73633280b1d3e82023d4f5c7f5a4989406c0f0d0cf537f132dc1e63d84a17532cb78ae7a368bc0029207b9b166705972f4e8dad041e6be170bf43057b456d43f100c53b471aa6c8e3751", @ANYRES16], 0x1, 0x2b8, &(0x7f0000001080)="$eJzs3T2LY1UYAOD3JpkkuxZJYSWCF7SwWna2tckgWVhMpaRQCx3cXZAkCLsw4CgGK1sbS3+BINj5J2wEf4DgD7BzioEjN7mXZGbyMUEz48fzFJl37jnvPe85OcwHwz3z4cuT0eM8nn75+a/RbmdR60UvzrLoRi0qKaUUC72vAwD4NztLKX5Pc9dM6RUvWUS091saALAnO3///2HvJQEAe/bOu++9dTQY9N/O83Y8nHx1Mix+sy8+ztuPnsbHMY4ncT86cT7/W0D100Lx+jClNG3khW68NpmeDIvMyQc/lfc/qgY6jE50Z9HF/EeD/mE+t5Q/Leq4W47fK8Z/EJ14ccX4jwb9ByvyY9iM119dqv9edOLnj+KTGMfjWRGL/C8O8/zN9M0fn71flFfkZ9OTYWvWbyHVb+5dAQAAAAAAAAAAAAAAAAAAAADgv+5eeXZOK2bn9xSXyvN36ufFJweRV7oXz+eZ52fVjS6dDzRN8W1KrUbEoH8/z/NUdlzkN+KlRjRuZ9YAAAAAAAAAAAAAAAAAAADwz/L809PR8Xj85NmK4Je7EWua1gTVaQDVY/1bsurrmnpLV16J09Fxa/0Nl5pqZbhh0KhXfbKIjdMpJrHL3P9CcGddzd99v+sN29v7HGxan78nqHbX6DhbvYatqK60q/f0x+U+zbjmWM11TWn79lsKmiubOjvPvfnCLJhu6BPZpsLe+G2+cuWV7PIsmrNVXZl+UAZL6Zf2xk77+erXisxpHQAAAAAAAAAAAAAAAAAAsFeLh36vNN3ZklpLrb2VBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3avH//3cIpmXyNTo349nzW54iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wN/BgAA//+kKlw+") mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000001cc0)='./file0/../file0\x00', 0x0, 0x1101088, 0x0) 2m50.923810497s ago: executing program 1 (id=229): syz_mount_image$nilfs2(&(0x7f0000000080), &(0x7f0000000300)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[], 0x4, 0xaf7, &(0x7f0000000380)="$eJzs3U1sXEfhAPDZtdexk/Qfp/+EmjS0CYW2fNRpHBM+IkiqREhETYW4VKq4RGlaIkKQKBJQVcLJiRutqiBx4kOceqkKQqIXFPXEpRKNVCH1VDhwIAqiEgcIJIu8nlnvTnbzdh3vvrX395OeZ+fNezszz2/f97wJwNiqNv4uLs5VQrj85qsn/vbwX2eWxxxtTjHb+DvZEquFECoxPpl93/sTK+HND1460ymshIXG3+X4luURT11vzrsthLAU9oUrYTbsuXz1lbcXnjx18eSl/e+8duTagKoPAABj5atXjizu/vMf79954/UHjoUtzfHpeH02xrfH4/5j8cA/Hf9XQ3u80jK0msqmm4xDdaZ9uokO0zXymew83WSX/Key/GtdptsS7pz/RMu4TvWGjSytx7OhUp1vi1er8/Mr5+ShcV4/VZm/cO78cy+UVFBg3f3zwRDCvpbh+KX2+CCHtLHpZ56jgyhLZWW/PuD61oe1XDfbcGx4ed2oryi9zkMa6jvK3f4AJPn9wtss5VcW7k7z2yZ7y//6E9XO88M6GPb633P+1XhRraz8kzHP/1cXbXFYP5t1bUr1Sr+j7TGe9t7pGab8+aXuv7/8Tkf72Px+RK3Hcna7j7BR7i90K+fEkMuxVt3Kn68Xm9UXY5iWw5ey9NbfT/4/3Sj/Y6Czf+XX/zfyMB0rVUbeEyNQ/4EM+0agDIa2oX0dr93Nd9VL3PYAoy1/bq6e7o9G+XN9efqWgvTpgvSZgvStBenbCtJhnP3muz8OL1dWz/Pzc/p+r4en62z3xPD/+ixPfj2y3/zz5377dbf5588Twyj73emnz37u2Weurjz/X2mu/7fi+p5ON2bjb+tKnCBdL8yvqzef/Z9tz6faZbp7s/Lc02H6xudd7dNVdq1+T2jZztxWjrn2+XZ0m25v+3Sz2XQzcZjOypsfn2zN5kvHH2m7mpbXZFbfWlaPqawcabuyM4Z5OWAt0vrY7fn/tH7OhVrluXPnzz6e7WP/MFHbsjz+4JDLDdy9Xtv/zIX29j/bm+Nr1bRdCC3717S9OBjeiN/XPn6hmU/7+EMxnvZz35iYaYyfP/Pt88+uf/VhrL3wgxe/efr8+bPf8WHNH748GsXo50M6bRmV8vTwIZ0BlVaMaih/IQzxQ4kbJWAoDvxw5SDgsXPfOv382efPXjh0+PChhYXDnz+0eKBxXH+g9ei+1VIJpQXW0+pOP0/ZXk6BAAAAAAAAAAAAgELfO3ni6rtvffa9lfb/q+3/Uvv/9ORvav//o6z9f95OPrWDT+0Ad3ZIb0yTvWB1KpuuFof/z8q7K8tndzbfh2LY7Mcvtv9P2eXvdU3luS8bX8ujMcPsdQK3vS9lKmsfnfcX+NEYXorhLwOUqDLTeXQMi95vndb11Dqr5b0U9YlxeYnyJpD+b2ltWHmPyWpPrh3f69Tyz945pHKyvgbTeHDqji0LgNHw99F7//fS4L77H6sVL7+ehq7D5HDz+2ljjaiO43pRr3frxaPXHmwA1kfZ/X+m654pvPD7r0wvD2my60+0by/z95dCP/70bnt81PufHHT+eb99w86/7PoPu//PZv93PW//sh7zsvc891q6f//s2nst2YY9veaf1z+9B3pXjxlHN2L+qTaPhN7yr/8iyz+/IdSj/2T5b+0x/9vqv3dt+f835p8W26MPFeSfLgxfXClxpdpejpmsHun+X37dOLmZ1T+92/MO9f/ai53qv8Z7DLdi/jDONko/s/3KjiOaB+2tzxeEvvr/jZbWt//fZmGzzVr+HMZnYjztCNJzDnl/J/2WPz1fkfYDu7PvrxTs3/T/u7F9IYZFv4fU/29aH2fjLr8l3liWKV7rsGw367YGNqr3R+/+37gP0yNQBkPvQ31iDfM1+4krufz1en2wF7QKlJo5pS//ss8Tys6/7OVfJO//Nz+Gb55/7uucnvf/m6fn/f/m6TPxP9QtPe//N1+eef+/efp92ffm/QPPFaR/uCB9T+f05mK7v2D+vQXpHylI399MP9o2RUp/oGD+BwvS7y1If6gg/WMF6R8vSH+4IP3RlvTWPqBT+icK5t/sUnuUTvXXpx9sbnn7vHHb/sE4S/d/uv3+dxWkAxvXT14/ePyZX399dqX9/1Tzeki6j3csxmvx/On7MZ7f9w4t8eW0t2L8L1n6qF/vgHGSvz8j378/UpAObFzpOS+/bxhDlenOo2NY9N6qbsf5bCyfjOGnYvjpGD4Ww/kYHohhuje0MKTyMRjH3/jtkZcrq+f7O7L0Xp8nz9sDtb0nKoRwqMfy5NcH+n2ePX+PX7/uNv81NgcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoTbXxd3FxrhLC5TdfPfH0qXMHlsccbU4x2/g72RKrNecL4fEYTsTw5/HDzQ9eOtMa3ophJSyESqg0x4enrjdz2hZCWAr7wpUwG/ZcvvrK2wtPnrp48tL+d147cm1wSwAAAAA2v/8FAAD//zjgCFM=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x180) fdatasync(r0) 2m50.218305291s ago: executing program 1 (id=233): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xd1}, 0xe) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x4, 0x0, &(0x7f0000000000)) 2m49.693358986s ago: executing program 33 (id=233): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xd1}, 0xe) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x4, 0x0, &(0x7f0000000000)) 2m7.337070981s ago: executing program 0 (id=528): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) msgsnd(0x0, &(0x7f0000000480)=ANY=[@ANYRESDEC], 0x2000, 0x0) 2m7.053912572s ago: executing program 0 (id=530): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c00028018000280080001"], 0xec}}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 2m6.810551266s ago: executing program 0 (id=532): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x2}) 2m6.524679617s ago: executing program 0 (id=534): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages(r0, 0x1, &(0x7f0000000140)=[&(0x7f0000064000/0x1000)=nil], &(0x7f0000000240), 0x0, 0x0) 2m5.498465868s ago: executing program 0 (id=539): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x2, &(0x7f0000000000)={[{@noblock_validity}, {@dioread_nolock}, {@errors_remount}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x22}, 0x84, 0x451, &(0x7f0000000480)="$eJzs20tvG1UUAOAz46bvklDKow/AUBARj6RJC3TBBgRSN0hIsCjLkKZVqdugJki0qmhAqCxRfwGwROIXsIINAlYgtrBHSBXqhsICDRp7nBrHDnbs1Gn9fdIk986Mfc/xzLXvzLUDGFrl/E8SsTMifomI0YgoNe9Qrv27cf3S7F/XL80mkWWv/5HkD4s/r1+are+aFP93FJXxNCL9KIn9LdpduHDxzEylMne+qE8unn1ncuHCxWdOn505NXdq7tz00aNHDk89/9z0s33Jc1ce67735w/sPfbm1Vdnj1996/sv83h3Ftsb86gZ67nNcpSXX5Nmj/f87BvLroZysmmAgdCVvK/nh2uk2v9HoxQ3D95ovPLhQIMD1lWWZdmWFWuXRwBLGXAHS2LQEQCDUf+gz69/68stHH4M3LUXaxdAed43iqW2ZVOkxT4jTde3/VSOiONLf3+aL9HyPgQAQH99nY9/nm41/kvjvob97irmhsYi4u6I2B0R90TEnoi4N6K67/0R8UCX7Zeb6ivHPz9tW1NiHcrHfy8Uc1v/Hf/VR38xVipqu6r5jyQnT1fmDhWvyXiMbMnrU6u08c3LP3/Sblvj+C9f8vbrY8Eijt83Nd2gOzGzONNLzo2ufVC9B3h5Zf7J8kxAEhF7I2LfGp5/a0ScfvKLA+22/3/+q+jDPFP2ecQTteO/FE351yWrz09Obo3K3KHJ+lmx0g8/XnmtXfs95d8H+fHf3vL8X85/LGmcr13ovo0rv37c9ppmref/5uSNanlzse69mcXF81MRm5Olleunbz62Xq/vn+c/frB1/98d8c9nxeP2R0R+Ej8YEQ9FxMNF7I9ExKMRcXCV/L976bG3157/+srzP9HV8e++UDrz7Vft2u/s+B+plsaLNZ28/3UaYC+vHQAAANwu0up34JN0YrmcphMTte/w74ntaWV+YfGpk/PvnjtR+678WIyk9Ttdow33Q6eKe8P1+nRT/XD1vnGWZdm2an1idr6yXnPqQGd2tOn/ud9Kg44OWHddzaO1+0UbcFvye00YXvo/DC/9H4aX/g/Dq1X/vxxxYwChALeYz38YXvo/DC/9H4aX/g9DqZff9a9W2H1svZ75TiuUNkYYXRci3RBhrK2QbowwaoUtEdHpzpfjVgU26HcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg3AAD//zLQ7Dk=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000a80)='./file0\x00', 0x0, 0x20000, 0x0) mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) 2m4.939446456s ago: executing program 0 (id=540): r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0xb) read$FUSE(r0, &(0x7f0000001fc0)={0x2020}, 0x2020) 1m49.601170218s ago: executing program 34 (id=540): r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0xb) read$FUSE(r0, &(0x7f0000001fc0)={0x2020}, 0x2020) 1m14.638876579s ago: executing program 3 (id=904): syz_open_procfs(0x0, &(0x7f0000000f40)='fdinfo\x00') socket$nl_route(0x10, 0x3, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000079db8540da0b77010b7d000000010902120001000000000904", @ANYRES32, @ANYRES8=r0], 0x0) 1m12.934646569s ago: executing program 3 (id=919): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fstat(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) setuid(r1) setreuid(0x0, 0x0) 1m12.807213009s ago: executing program 3 (id=922): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000040)='./file0/../file0/../file0/../file0\x00', r0, &(0x7f0000000180)='./file0\x00', 0x2) 1m12.626244607s ago: executing program 3 (id=923): syz_mount_image$ext4(&(0x7f0000000140)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000000), 0xfd, 0x46e, &(0x7f0000000400)="$eJzs3M9vFFUcAPDvbH8gv2xF/AGioGgkGltaUDl4AKOJB01M9IDH2haCLNTQaoQQXT3g0ZB4Nx5N/As86cWoJxOvejckxHAB9TJmdmfa3WV3bcvWAffzSbb73sxs3/v2zdt9b15nAxhY+7IfScS2iPg1IsYa2dYD9jWebly7OPvntYuzSaTpG38k9eOuX7s4WxxavG5rkam1bm+2eP7C6Zlqdf5cnp9cOvPu5OL5C8+cOjNzcv7k/NnpI0cOH5p6/rnpZ/sSZ1an67s/XNiz65W3Lr82e/zy2z9+nRTxt8Txfl/Ka/rVzYaKxBP9KuU2sb0pnQyXWBHWJDshs+Yaqff/sRiKlcYbi5c/KbVywIZK0zTd1H13LQX+x5IouwZAOfLP+SSiNpvNgZvn84Pg6rHGBCiL+0b+aOwZjkp+zEjb/LafstnW8dpfX2SPaLueAgCwEb491nguxn4r449Ky1X8o/na0HhE3BMROyLi3ojYGRH3RcT9EfFARDzY9JpO6z7t2hdJbh7/VK6sK7BVysZ/L+RrW63jv2L0F+NDeW57Pf6R5MSp6vzBiLg7Ig7EyKYsP9WjjO9e+uWzbvv2NY3/skdWfjEWzOtxZbjtAt3czNLMrcTc7OrHEbuHO8WfLK8EZO24KyJ2711fGaee+mpPt33/Hn8PfVhnSr+MeLLR/rVoi7+Q9F6fnLwrqvMHJ4uz4mY//Xzp9W7l31L8fZC1/5aO5/9y/ONJ83rt4trLuPTbp13nNKs8/0ebX5Od/6PJm/V0seODmaWlc1MRo8mr+faj+fbW8urHTa8cn8V/YH/n/r8jVv4SD0VEdhI/HBGPRMTevO6PRsRjEbG/R/w/vPj4O+uPf2Nl8c+tqf27Joq17Zt2DZ3+/pv6nqKxxnvEn0SH9j9cTx3It6zm/a9nTc/dytkMAAAAd55KRGyLpDKxnK5UJiYa/y+/M7ZUqguLS0+fWHjv7FzjHoHxGKkUV7rGlq+HRm0qn9YX10en2/KH8uvGnw9trucnZheqc2UHDwNua5f+n/l9qOzaARvO/VowuNbb/9M0/ajPVQH+Yz7/YXDp/zC4OvT/zW35Ht8RANzJOn3+m9jDYDD+h8Gl/8Pg0v9hcOn/MJDyO+GHV3OD/4Ylsvef8kpfeyJNSyp9tPzYlxNRKa30KDv2NSb+zr9s83apz6oSZb8zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Mc/AQAA//+4C+Qb") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000940)=""/28, 0x1c) 1m12.014097914s ago: executing program 3 (id=929): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) read$alg(r0, &(0x7f0000000140)=""/116, 0x74) close(0x3) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff8e) 1m10.856783105s ago: executing program 3 (id=942): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000040), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) signalfd4(r0, &(0x7f00000001c0), 0x8, 0x0) 1m10.414188635s ago: executing program 35 (id=942): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000040), 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) signalfd4(r0, &(0x7f00000001c0), 0x8, 0x0) 41.435088453s ago: executing program 6 (id=1236): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni-avx2\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x800) read$alg(r1, 0x0, 0x0) 41.254322903s ago: executing program 6 (id=1238): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x68, &(0x7f0000000000)={&(0x7f0000001940)=ANY=[@ANYBLOB="140000001000010000000000e80000000000000a50000000120a09f50000000000000000020000000900020073797a3100000000080004400000000f0900010073797a3000000000080003400000000a"], 0x64}}, 0x0) 41.161438372s ago: executing program 6 (id=1240): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x1, 0x4, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 40.96226712s ago: executing program 6 (id=1241): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000b80)={[{@nombcache}, {@abort}, {@dioread_lock}, {@norecovery}, {@discard}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) lsetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@known='trusted.overlay.impure\x00', 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) 40.636377298s ago: executing program 6 (id=1243): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x44, 0x11cfe, 0x10000000, 0x8000008, 0x3, 0x4, 0x80000001}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f00000001c0)={0x800100, 0xffffffff, 0x22, 0xe1d9, 0x1101, 0xff}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f00000004c0)={0x800100, 0xfffffffd, 0x4, 0x8, 0x9, 0x6}) 38.850213509s ago: executing program 6 (id=1260): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) clock_gettime(0x0, &(0x7f0000000040)) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 38.330649333s ago: executing program 36 (id=1260): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) clock_gettime(0x0, &(0x7f0000000040)) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 16.710186086s ago: executing program 4 (id=1408): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0x19, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r2, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x4}) 16.505938066s ago: executing program 4 (id=1411): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xe, 0x4, 0x4, 0x49, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 16.080333408s ago: executing program 4 (id=1416): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000f40)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e828182549fcee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e0acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d64f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a48ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b427e864761634e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x3, 0x0, @void, @value}, 0x10) 15.978422263s ago: executing program 4 (id=1419): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000180)='./bus\x00', 0x8, &(0x7f00000001c0)=ANY=[@ANYBLOB="6772706a71756f74613d2c6e6f636865636b706f696e745f6d657267652c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c61636c2c6661756c745f696e6a656374696f6e3d30303030303030303030313236322c6661756c745f747970653d30303030303030303030303030303030303030322c6e6f61636c2c636f6d70726573735f63616368652c616c6c6f635f6d6f64653d64656661756c742c6e6f657874656e745f63616368652c636f6d70726573735f63616368652c6d6f64653d6c66732c00000000000000cc6c8ce7c68458259f3f9276c65041208ebd74d6391248adce3f77cddff2a374ee7b1470db785c3234a8e2f4d13511a687db9c47b5599f909fbbf1bdc74f6d65"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file2\x00', 0xc08, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) 14.611863774s ago: executing program 4 (id=1431): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4008, 0x7, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) chroot(0x0) 12.211141177s ago: executing program 4 (id=1439): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0xfffffffffffffddc, &(0x7f0000000180)={0x0}}, 0x40) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000380)={0x0, 0x1000000}) 11.643380599s ago: executing program 37 (id=1439): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0xfffffffffffffddc, &(0x7f0000000180)={0x0}}, 0x40) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000380)={0x0, 0x1000000}) 3.217735555s ago: executing program 5 (id=1512): syz_mount_image$udf(&(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000040), 0x81, 0x4ac, &(0x7f00000011c0)="$eJzs20tsG1UXwPFzPLbruPk+3Adpi6piCSRCS9skLmmrIKE8iEBqG0gaEBUPhdgJJk4cxSkkVUu7BHYsumTJlgUrxBZVYolYoCDUXemGjVeUHeiO52XXSewm8TT1/1e1dx7H7r33zMy914kFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIDL022NOrYdcCAAC00qWJ8Z4M4z8AAG3lMut/AACAdqJiyR+icnKurBft/YrEhfzC1ZXJkdH6L+tQUYmIZcebv4nevsyZl/vPnnPLjV+/3Y7I2MTlwfRwcX5xKVcq5bLpyYX8dDGba/gdtvr6WsftDkjPz13NzsyU0n2nMlWnV1L39+ztSg30vz8cd2MnR0ZHJwIx0dgj/+8PWW+GHxdLXhSVT374Ti+JSES23hebXDs7rcNuxHG7EZMjo3ZDCvmphWVzUiNOVKS6T+JuH7UgF1sSETH10vj2rNliYsmPojJ0uqxjImK5/XDC/mC4ofqEIWqWriLSLbsgZ4+xPWLJh6Jy53RK3nT61c5/XOR62JXDjos6939Ry/qW/Tww95N5bF54O/3GwkwxEKsR545qZnyocw+GPj600mP+bEqIJWP2HV/W8bArg5brEEvmRSX+9af2vELseelTA2ePPXs+OMM4tMn7mNhTzs3VyJgcc6YOGjF/HqHa2BYJteRPUXnwe8Le73Zyw08E2oRaUhCVf26UVWvWpVZgfe/Z7WvDna1/R2K4uLi6lJ/9eLnu+WRi8KPS8tLUdP3TlbWrFTyy2Tq2VqS5JVlSKyu+Lz4re69z1gD/q+z5tfn2un8tdNeUruD108h2w8+ZJuZRpk6qltwTlZkPDlfGGUk23TftwOR/VFRK5V/UzbST/2hlL5D/V/z+S2h16bFz+//K51ruXOLIlYPrHd+J/Js6mfy/KypDfx92PtOo5N+qiTVxXaLy3u2jTlwkbuKibnMq7ziTL+R6TOy/orL/ZzdW7NikE3vAj+01sSVR+fJOdexeJ/agH9tnYtdE5e5v9WOf9mMzJnbV5Otu2o1NmthjTmyXH3tquljIbtatJv99ovLOzdfVbfO6+Q/c/7dqSs9DOd94e7vynwocu+Xk9YqT/+gm+f9KVFb/Ouq22+5797LaZ//r59/Mlb+/XR3rTkb3+7G9jTYrbCb/+0Tl/qtrXpudtjm7foaC+X8mWl16/RpS/vcFjqWcesWb7It2VFq9NjdVKOSW2GCDDTa8jbCfTGgFM/6Pm1G931J3HuOM/52VPX/G9OBzf/wfqCk9IY3/+wPHBpxZSywqklieX4wdEkmUVq+dzM9PzeZmcwuZM/09fefP9GTOxeLu5M7farjvngQm/ydE5cZPv3rrmOr5X/35f7Km9ISU/wPBNlXNaxruirZk8t8pKv331rz15kbzf3f93/1cdendfyHl/2DgWMqpV2eTfQEAAAAAAAAAAAAAAAAAu0lSLXleVFbGX1L3O0SN/P5ftqb0hPT7X12BY9nt/16D+9WoqlONVh0AAAAAAAAAAKCVImLJN6LygpT1pjnQKXIxWOKJ9l8AAAD//16uQhc=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) rename(&(0x7f0000000040)='./file1\x00', &(0x7f0000000000)='./file0/file0\x00') 3.17782857s ago: executing program 9 (id=1513): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@ipv4_newroute={0x2c, 0x18, 0xaba64f4add525e83, 0x1, 0x0, {0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfe, 0x2}, [@RTA_OIF={0x8, 0x4, r2}, @RTA_PREFSRC={0x8, 0x7, @multicast2}]}, 0x2c}, 0x1, 0xffffff7f}, 0x84) 3.114161293s ago: executing program 8 (id=1514): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0xfffffffffffffff5]}, 0x8, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f00000000c0)) 2.962585632s ago: executing program 8 (id=1515): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r0, &(0x7f00000001c0)=[{0x0, 0xe1, 0x0, 0x0, @time={0x0, 0x1}, {}, {}, @result={0x0, 0x1}}], 0x1c) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) 2.833892563s ago: executing program 5 (id=1516): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0, 0x0, 0x4}, 0x18) r1 = syz_open_dev$loop(&(0x7f00000001c0), 0x10, 0x42000) ioctl$LOOP_CHANGE_FD(r1, 0x4c05, 0xffffffffffffffff) 2.816763784s ago: executing program 9 (id=1517): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_ep_write(r0, 0xff, 0x84, &(0x7f0000001200)="b081cde8ad8f9602558f3b9e870c52d5f6ee876206d2018a6f239bffb16fcd5356286fb6636a67e3f946553e6343d9c19994fa949aa080aa26f085f6aedfbef66578b0dbbc7d3cd6907a8b7a8a2032454ea08c6c34dd62b3604883346ec68c24110fc2e49e8f41dca487632e00bb79675fe140efdbb87f689f087f5e151288ca5e91ff31") syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xfffffffffffffea8, &(0x7f0000000640)={[{0x7fd, 0x4e00, "03bb0837f55096adecbaa4f38ca66bf1b8b1a8871c1eadf3170d870ec0ce3198065d89867265c12f7799cd9e55c1c3bbfff5b5065f810f734b6e49534dc38bb04e7e02a1b37cf05c24b275b41227abb76f084c4c2707894939562937ab806dffc8d6036aa0d4c8797bbca0f4341f16609da2fd968eb5e108ee384899e364d747f48fe490967202f835e50d402e6de0af830593b034f1c4297edd1cb7a7187456aabc1d1cba3a36c37fe0151289083a3a4542f2392536687b299d7de72b622b2b48eab0a3461a961b9c0fc330df847d57e82e73c0e98820233a4f0fac683eefaaf497d6b342525aeba5530ff1993a9a597e2aa0c9a2fa054cacd4edd030a6183f515bd7fe99126b365c14231d36874bb9009d80c87f78d83cd108ba3ef77044792ff39b07d83e7dc3e4f31c006e321df111e4e980f42f495dde5a00fe3fbf7de94abb889e8272dbf9ee1117f1b4d9c705a1935e8ad3d885764ddd8c2581b434b7fe3787360f6a3d5d2ad6398b3f9fc797d47673316233750c02f81be45bb664eaa5b58f87ffc31ef36d2768210703a00bb4f9e1c8cef858638cc41b6d7cd4d4a13f22e6fce00ae9442e031e88f667c0ed3ef37b2fa1c0ff8dffd589371c1a0035afeac5919681d50863aa6ce55e923de02ba8492ed15b0b51121a4bcc3152da4691dbfb7a0eb9e5ed66b401b41bda1016dc3636ed34ac51113211d5ebc69970614b637edab2963a5c3da21caf7a9a1f844837d0f38fe6fbb2c153b726ccc9403b9a01226c6fa0d2a5ff2570942297269f0619752e0e5c7b4ee642bed50b522f7b6037ba9afc0b7bf2b20e3c5a31336e9194f2817e2eaf72294c5ea19788bffacac0aaca54da6a867131f2d018cceda5ed69a6bfa454bc5e556bb1e5f95a7037cdf45efde6972363eda5d09771a61e7164df5abcee090f366962b67ab5e493b3ef89b79b9444be557c1501792e95278b44aa8b6f0e046a54239b583aca09636689c4425e1c0469397b4aa0c9bd56327a9ed8ad805447778ac441ab434f4a36da316f1039e0a0d45340361f5a793912025d4b258b306bd3e264cb836ba8cc9031bad2f953f1286b6fd1f248235ef400d4b6a33d9ca4111a1163faba8a4711a5c5676ff9da170e250298c1848497aa4a21296a0ec20bf48fc30df40ed2d8d211421b36dcccb880694821a2f5335810a6acaea601005c94025728c7a0de6d004972c0ed6bf11a909ae6cf3d6f7bd81fd478fa67407349ccb3a65779ec31c7891067d5e005ae97e3d27f424887b2542b776249b2dedef116e0814247a6cfd6302307bc1f68f93f60e408247a7aa82f8fac985582e8426e6dc935a359a227fae2cadf8a7c32c27e7842c87ef9d4e37a69d1fb3b003773c14f79763c7366852574bb1c205467348017656bf7ebaacc4a53eb418f2b50d807d8f937e005528dd74e0eb4428032226b3b55171167ea0c61108d7d6fae4e29f4b127f96fa67b7f4079f53683a069cf3225e723740d66a0e8da4f86f110b927ac72197714b30c50b6ea8490b3046588d0c4da7d2ac1f6c2edb2e3281f526dca0164d27a7a3277e1faf28108f71125dcb3f2cf5f95cbe34f59071fcebbf7bd5f80018c4da823f59647a15f0f12fc8aade2ea9f58a57ce980535fafb06dee5533bcf45e216584075dbea65af3c3806c78dbfc92d33350840000099eb59caea0e628efd30e55821c1231ee897759ff4c3c1cd8f43b66952abbf4e888b748313bd6173bd6983330dfcd3deaa09eef99fd1e0be5b3671c0d0ad72b44e61ffc7b10553d8f4dceceae665fb1de06dacb47c6e51dc52e764de27e8022ffda525eceef4026d58f78b269a2b415c5771741b20d6a2d5eeaa243107039d672f4930e3020bd16aaafac641f50b6eb1fb480f5014999c880c65aae340d868ac8ece2dbd88f96f4a3a73e48ae2c9e8f7ee49efa19a55ef26cd4a36cc355d6d6fbc637ac34adc9edce03325950552a61fecc873db4d2d56ea603240e2da78d4092c2887920be95a172aeac4cb44ec25364a2cbe74abb0eb4253c80c35bb85f6e65530999c481c80cdd54bb9ad32ff101497c5ea208a0bb77c2d5a24bc5fef431066784de9a739609cf7f4bb452c7f244044f5d984ddfd2bae9bb19e0bae233f8b54dea50ce78ef34eb66f6aec2dce0074f4ca33e647450b622987249495796ef5e775b5cb3893453e7fbd1cfef0a7962ecde65ce90906eb9699e0d72874c1c1de6c0b3177925cebaa7d42715a99695ad918f15e87565a0d47b15a7980eec9b09d66144ab46da5072c1b8a65f00c1e5d5997c2f620efafbd14abbb8a632ba8eaf1dfb534c4942990f1965444ae8429550cb3149d71504e0efd5f17840c0f13e04b084be97f7db7e47871d17d81b7e5d77c522768ddfa98e5a7cefd96d42773c75368dc11d5415bc7287a0b7b23b3db351ef6d4a1bbea034bbdb3ce9867d2388f821183756606820bd03107dc5415b46959116798068475681a92825c89ed31a51f4b4bd4cee809bc6190a219ee818a1da53a8106abd4653ecc6bf994732c3dceaa605e852df4b9c3f8930edf4655b898579d5d05ba9f0a50d47226167faaafe62eba427960967a8a98f01d13e51548a07be85b04d159730b36d0ef0341f81c2da93b18c90f9cba330214ae456ff6e9e7a0fb02c8b722cf716a0370589de80e4e4afebdbfd514f21d160c26e2249e7d05326353d0559b370f7fabca855ba211908445f407af8d21a8a9f8156989176dc5eb9317abfe190a3ff0de2cb4ce5a2092664a7fe4e1d759e3201ba388799e106ba59d487dbc2b30728462b0d7a081113ae1827197fc9888e02be0e9639dca88487c5a856eb2935d6c6c0281fab6dcf9bd8581a8f9a3efee9c8305575d91760267ff4"}]}) 2.634575157s ago: executing program 8 (id=1519): r0 = socket(0x2b, 0x1, 0x0) listen(r0, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x3, @dev={0xfe, 0x80, '\x00', 0x2d}, 0xffffffff}, 0x1c) 2.517516628s ago: executing program 5 (id=1520): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000100)=0x50044) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000400)=0x4000) 2.462836379s ago: executing program 8 (id=1521): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x0, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9401"}, @local=@item_4={0x3, 0x2, 0xb, "c8221711"}, @main=@item_4={0x3, 0x0, 0x8}, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) 1.677490977s ago: executing program 7 (id=1522): openat$zero(0xffffffffffffff9c, &(0x7f0000000f40), 0x101002, 0x0) r0 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x18}) io_uring_enter(r0, 0x5370, 0x0, 0x0, 0x0, 0x4e) 1.521984157s ago: executing program 5 (id=1523): openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) exit(0x7) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') write$apparmor_current(r0, 0x0, 0x0) 1.43969385s ago: executing program 7 (id=1524): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000011000100000000000000000007000000", @ANYRES32=r1, @ANYBLOB="60a40200080000001c001a8018000580140005800800020000000000080001"], 0x3c}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x0) 1.150295517s ago: executing program 7 (id=1525): r0 = socket(0x1e, 0x4, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000480), 0x4) recvmmsg(r0, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)=""/206, 0xce}], 0x1, &(0x7f0000000240)=""/198, 0xc6}, 0x5e63b621}], 0x1, 0x40002002, 0x0) sendmsg$tipc(r0, &(0x7f0000000200)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x3, {0x1, 0x1, 0x2}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000500)="e8", 0x1}], 0x1}, 0x4800) 1.00431101s ago: executing program 7 (id=1526): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4000, &(0x7f00000003c0)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000102,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000011,fileset=00000000000000000011,uid=', @ANYBLOB="d6d84c0df937ed4a0cd30000f2e9ea9568eab74a46c525dc386983eade0b0ce5f1dd911706cf7d32d7d508d1823b8871e001000000eb4ce0a008f5cdea622fc6675e5486860a752ed0298a948efa72b2c8d8525181644a3124f3544a50f192b98f055ad125fd4674534413c6044136ea5aefac5267e43739626ea9391d8f346c4694f70400000000000000cee1f628d1cec3462830606bb612bfed91181cdc107bb91a2e86de2ad5", @ANYBLOB=',session=0000\x00000000000000005,\x00'], 0x12, 0xc38, &(0x7f0000001080)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThq3m6ZIZcVy9S+mYhXuqqbZBpBlIRRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNiOSEml9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSoWwEAPExXRr5y+qz7PwA8Vq75/38AAAAAAAAAAAAAANjvUhTxZKSYubKSxqr3HfXL7b47d0eHhjevdiRVNQ9V5cuf+pmz585/8YXBC9283J76gPq77dPx2si1S42Xp2/PzE7MzU2MN0an2jemxye2vYed1t/oZHUCGrdfvzN+8+Zc4+zz59Z9fHfg/f4njg9cHHz21DPdsqNDw8Mja0XqveVrD9yQjq1meByOIk5Fiue++5PUiogidn4u6g937Dc6UnXiZNWJ0aHhqiOT7dbUfPnh1e6JKCIaPZWa3XO0+VhEre+h9mFrzYiFsvllg0+W3RuZac22rk9ONK62Zufb8+3pqaup09qyP40o4kKKWIyI5f77d9cXRdQixbePraTrEXGoex6+UE0M3rodxR72cRvKdjb6IhaLAzBm+1h/FPFqpPjpOyfiRr7OVNeaz0e8Wub3I94q86WIVH4xzke8t8n3iIOpFkX8ZTn+F1fSeHU96F5XLn+18eWpm9M9ZbvXlV/y/nDfleIR3R+ObMiHY59fm+pRRKu64q+kB//NDgAAAAAAAAAAAAAAAAC77UgU8alI8cp//Ek1rziqeenHLg7+4cCv9s4Zf/pD9lOWfT4iFortzck9nCcGXk1XU3rEc4kfZ/Uo4k/z/L9vPurGAAAAAAAAAAAAAAAAAAAAPNaK+HGkePHdE2kxetcUb0/dalxrXZ/srArbXfu3u2b66urqaiN1splzLOdCzsWcSzmXc0aR6+ds5hzLuZBzMedSzuWccSjXz9nMOZZzIedizqWcyzmjluvnbOYcy7mQczEvur+U3y/njH2ydi8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEdJEUX8PFJ86+srKVJENCPGopNL/Y+6dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAqT8V8b1I0fij5r1ttYhI1b8dJ8pfzkfzcJkfj+ZgmS9F81LOVpW15jcfQfvZmb5UxI8iRX/97XsDnse/r/Pu3tcg3vrG2rtP1zp5qPvhwPv9Txw/dnFw+Dee3up12qwBJy+3p+7cbYwODQ+P9Gyu5aN/vGfbQD5usTtdJyLm3njz9dbk5MTsg78ovwI7qH6AXqTa49LTg/3iN3drh1HbD915NC8e9ZWJh6G8/78XKX733f/s3vA79/96/Ern3b07fPzsz9bu/y9u3NE27/+1jfXy/b+8p292/3+yZ9uL+XcjfbWI+vztmb7jEfW5N9481b7dujVxa2Lq/OnTXxoc/NK5032HI+o325MTPa925XQBAAAAAAAAAAAAAAAAPDypiN+PFK0fraRGRNyt5msNXBx89tQzh+JQNd9q3bzt10auXWq8PH17ZnZibm5ivDE61b4xPT6x3cPVq+leo0PDe9KZD3Vkj9t/pP7y9Mwbs+1bfzy/6edH65euz83Ptm5s/nEciSKi2bvlZNXg0aHhqtGT7dZUVfXqppPpf3l9qYj/ihQ3zjfSZ/O2PP9/4wz/dfP/FzbuaI/m/3+sZ1t5zJSK+Fmk+J2/ejo+W7XzaNx3znK5v4sUJy98JpeLw2W5bhs6zxXozAwsy/5fpPinn68v250P+eRa2TPbPrEHRDn+xyLF9/7iO/Fbedv65z9sPv5HN+5oj8b/qZ5tR9c9r2DHXSeP/6lI8dKTb8fn8rYPev5H99kbJ3Lhe8/n2KPx/0TPtoF83N/ena4DAAAAAAAAAAAcaH2piL+PFD8YrqUX8rbt/P2/8Y072qO///XJnm3ju7Ne0Ye+2PFJBQAAAIB9oi8V8eNIcWv+7XtzqNfP/+6Z//l7a/M/h9KGT6s/5/u16rkBu/nnf70G8nHHdt5tAAAAAAAAAAAAAAAAAAAA2FdSKuKFvJ76WDWff3zL9dSXIsUr//NcLpeOl+W668APVL/Wr0xPnbo0OTl9ozXfuj450RiZad2YKOs+FSlW/vYzuW5Rra/eXW++s8b72lrss5Fi+B+6ZTtrsXfXJn9qreyZsuzHIsV//+P6sp/L5T6xVvZsWfZvIsXX/uX+sqXja2XPlWW/Eyl++LVGt+zRsmz3+aifXCv7/I3pYo9GBgAAAAAAAAAAAAAAAAAAgMdJXyrizyPF/95evDeXP6//39fztvLWN3rW+9/gbrXO/0C1/v9Wrx9k/f/quQILWx0VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+mlIU8WakmLmykpb6y/cd9cvtqTt3R4eGN692JFU1D1Xly5/6mbPnzn/xhcEL3fzg+rvtU/HayLVLjZenb8/MTszNTYw3RqfaN6bHJ7a9h53W3+hkdQIat1+/M37z5lzj7PPn1n18d+D9/ieOD1wcfPbUM92yo0PDwyM9ZWp9D3z0+6Qtth+OIv46Ujz33Z+kH/RHFLHzc/Eh3529dqTqxMmqE6NDw1VHJtutqfnyw6vdE1FENHoqNbvn6CGMxY40IxbK5pcNPll2b2SmNdu6PjnRuNqanW/Pt6enrqZOa8v+NKKICyliMSKW++/fXV8U8Xqk+PaxlfSv/RGHuufhC1dGvnL67NbtKPawj9tQtrPRF7FYHIAx28f6o4h/jhQ/fedE/Ft/RC06P/H5iFfL/H7EW9EZ71R+Mc5HvLfJ94iDqRZF/H85/hdX0jv95fWge125/NXGl6duTveU7V5XDvz94WHa59emehTxw+qKv5L+3X/XAAAAAAAAAAAAAAAAAPtIEb8eKV5890Sq5gffm1PcnrrVuNa6PtmZ1ted+9edM726urraSJ1s5hzLuZBzMedSzuWcUeT6OZtl1ldXx/L7hZyLOZdyLueMQ7l+zmbOsZwLORdzLuVczhm1XD9nM+dYzoWcizmXci7njH0ydw8AAAAAAAAAAAAAAAAAAPhoKap/Unzr6ytptb+zvvRYdHLJeqAfeb8IAAD//1qT9HY=") getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) 758.236773ms ago: executing program 9 (id=1527): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) sendto$inet6(r0, &(0x7f0000000180)="f9d342", 0x3, 0x0, &(0x7f0000000080)={0xa, 0x4e22, 0xff, @loopback, 0x7}, 0x1c) 690.240505ms ago: executing program 7 (id=1528): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000001c0)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000180)="b8", 0x1, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x400, @loopback, 0xffffffff}, 0x1c) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000100)={0x0, 0x9, 0x30, 0x5, 0x7ff}, &(0x7f0000000200)=0x18) 542.26178ms ago: executing program 9 (id=1529): mkdir(&(0x7f00000008c0)='./file0\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f00000000c0)='./file0\x00', 0x6400000c) inotify_add_watch(r0, &(0x7f0000000100)='./file0\x00', 0x20000000) 481.496663ms ago: executing program 5 (id=1530): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x282a2, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000200)=0x15) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x8000, 0xc95a, 0xfffffff4, 0x9, 0x80, 0xfffffff7, 0x9, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x7, 0x8, 0x385b, 0x40001, 0x24, 0x4, 0x1, 0x1f461e2c, 0x2, 0xe664, 0x202, 0x7, 0x3, 0x7fff, 0x4c74, 0x80000002, 0x242, 0x3, 0xe, 0x0, 0x71, 0x7, 0x7, 0x3, 0x0, 0x2, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x7d69472d], [0x7, 0xffff, 0x12f, 0x8000, 0x10, 0xeffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffc, 0x3, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x4, 0x8000, 0x9, 0x400, 0x401, 0x6, 0x1, 0xff, 0x4, 0x5, 0x5f31, 0x4, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x7, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x7d, 0x9, 0x3, 0x9033, 0x9, 0x1, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x2], [0x7, 0x4, 0x4, 0x5, 0xfffffffe, 0x100, 0x1, 0x0, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x3, 0x1ff, 0x4, 0x6d01, 0x5, 0x38, 0x4, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0xfffffff9, 0x0, 0x3, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0x25], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xa85b, 0xce7, 0x1ff, 0x2, 0x7, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7fff, 0x10000, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x6, 0x60a7, 0x6, 0x6, 0xfffffffd, 0x80000000, 0x3, 0x8, 0xc8, 0xee1, 0xfffff000, 0xffff, 0x3, 0x7f, 0x100100, 0x9602, 0x7, 0x2, 0x4, 0x6, 0x1, 0x10080, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 466.566435ms ago: executing program 7 (id=1531): syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000040)='./file1\x00', 0x800810, &(0x7f00000001c0)={[{@nossd_spread}, {@compress_force_algo={'compress-force', 0x3d, 'zstd'}}, {@discard_sync}, {@discard_sync}, {@clear_cache}, {@discard_async}, {@acl}, {@nodiscard}]}, 0xfb, 0x50f9, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734d2FpAqhUbJJahw38Xptk4daqqwpVSPSNOuGBlURxcZek8ULdmxTYhQiYxPRCEFpg5R8KMIoimo+QK1ARFJAuEhxhMojoioKIFBoDVEQKSWJSBOkUM3ee2bvnLvz8GONl/5+knfOzP887zw859475wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP8Ph75y1d82iz/82/Oefu7Cicv2rrvw5WvOO/3xECZnH+/Iwh3919868fM7z71r731rbrvnyPkf7M3L5fEwUP3Tmd+5LtZ6ZGkI93aE0J0GVg5mgZ78/mCs712DIZwW5gK1ElP9WYm04fD9vhD2h7lArarv9YUwWAhc8MRDD95YTdzSF8KyEEIlbePZStZGXxo4qzcL9KeBbd1Z4FdvZGqB73ZmAThu8c1Qe9EfnKzPMDJ/uQavv54T1rE3Vzq8rpgYaZzvZ+sWuFMFvekDk8f1tJWqY0GU3h6HvNsWwbuttJ1v9rQVv0jl31DemAtVQufmqS0br5zZFR/pDGNjXY1qWqDn+alXv7TpaNKL5nUYOzByQl6HNz227M6uFZ969J6Vy1488KF9Lx1vN39U2KTF9EKrhPw1t2iex2jC58kiePuVviWN+tIVQtjy+d/7dLN4af4/0nz+H1/O8bazLnes9fWhbG4eHxmMiVeGsrk5AAAALBqLYa/ptrEHPlYoPlxJ6ivN/0fbO/4fD/nnk/lstIdCmJhN7BsO4YzZx7PAHbG5S4ZDeO9sarI+sC4JHArhnbOJFbWqkhJLYonRJPCToTwwkQQOx8BkEvhWDNycBK6LgYNJYFMMHEoC58ZAmK4fx+8P5eNoO9AXAxuyjXgwnoXwi6HYWrKtnqlVBQAAcILks8Oe+ruFcx2ON0OcXh7sa5UhnoHdMEMlqSGdwdamVQ1r6G5VQ2erGmrj3tN8+KWaO1rVXDoNo6M+w62//JvPhCZK8//x5vP/yjwd6Sgd/w9h/ezfmLszj8zU4hsm6zIAAAAAx2Hgf5//ZrN4af4/0d75/3GfSFchc3gk7obYOhzCeH0gq/YPy4HsqPdAHgAAAIDFoHY8vnYsfDq/zU7RTufT5fyTR5k/HvifmDd/76H7NzTrb2n+P9ne+f/99bdZJw7HXnxtOIQlhcAPYi+rgVmjMfDjj9cH8vEfjhvghlhVfmJCraobYokNMTCeBPY3KvHDWokz6gP5k1VrfF9tHNN5iUIAAAAATrq4OyAel4/n/7/vN2uualauNP/fcHTn/8/Og0un988MhLCqO4Su9IcBj/RnCwPGwGBHnnigP6urK63q2v4QzqkOLK3q+Xz9/+50jcEn+rKqYuCM9x149axq4pt9IawqBp783O0friZ2JYFa43/ZF8J7qqNNG//OkqzxnrTxry8J4d2FQK2qS5aEUG2sN63qoUp+HYO0qn+uhPC2QqBW1UcqIewOACxS8b/SzcUHd+6+euvGmZmpHQuYiPvw+8KW6ZmpsU3bZjZXGvRpc9LnumWMri2Pqd0r3zyTL1H02bvXD7aTrv1OcLzYVr4fv3TiYH4/fhfqmR3nmp66u2vTIX/g/eUmQuGbVKMhdy7wkPuLlcw9iaX6Y/7eMBCWXLlzasfYFzfu2rVjdfa33exrsr/xMFO2rVan26p/vr618fJouFpW4li31fJiJat2Xb591c7dV6+cvnzjpVOXTl2x+iNrxs8eXzv+0bNXVUc1nv1tMdTl81WdDPWN29sc1wkc6pndhUpOxqeGhITEYktsG1je9P/k0vx/e/P5f/zUiZ/8+foMjY7/j8TD/Nnjc4f5N8TA/naP/480OppfOzFgNAnsiYE9DvMDAADw1hAn+XFvZtwr/dMV33mxWbnS/H9Pe7//P0Hr/9eWrj+/0TL/K2KJ8Ubr/6fL/NfW/9/TaP3/dJn/2vr/+9+E9f+vrAWSTfIL6/8DAABvBSdv/f+Wy/unFwgoZWi5vH96gYBShpbL+Ld7gYCjXv//2f/8q/8OTZTm/ze3N/+3cD8AAACcOr78Z1f9TrN4af6/v735/8lf/y80Ov9/tFFgstHCgNb/AwAAYJFqtP7fyPX9FzcrV5r/H2xv/h9Pu+isyx1rfX0oW9MupGvavTJU+8kAAAAALA6dYWysp828dSujrjv2Np/KlwJtli56/k+OHN35/4fam//X/S7jpseW3dm14lOPvn7PymUvHvjQvpfmjv8DAAAAC6fd/RIAAAAAAAAAAAAAAMCb7/n/2Lu2Wbz0+/+wfvbxRr//j9f9i78veHtd7lhr6/X/8vsXfPKu3bNLFj4yFML7i4Gte7eeFvJr8y8vBh68aMU7qom9aYn7nzv3hWri4jTwiZWnv1ZNnJMENsRFEt+ZBuJVFV9bmgTi8or/ngbi9jiYBnrzwFeXZuPoSLfVTwezbdWRbqunB0MYLgRq2+rewayNjnSAtySB2gC/kAbiAP88D3SmvbprIOtVDAzGorcNZL0CAOCUFb8F9oQt0zNT4/ErfLw9s7v+NqpbsuzacrUdbTb/TL402WfvXj/YTror/S46d63xnlCpDmF16etqMUvH7ChPTC0tNt3bGwy51WpvnQ3KpY520/U2HlFfNqKxTdtmNve0HPja1lnWdLfMsro02Slm6ZzdpG3U0kZf2hhRm9umjS7H+51hbKwryfUHMTgS6rR6RbT7e/3iOn+NXgXFPFcc2ferZvWV5v8j7c3/K8VxvZZfDGBPvLLe3w1b5h8AAAAW1lfX/fob8d9nrn/4yWZ5S/P/0fbm/3EPVn4oONvbcShe/3/fcAizl9YfyQJ3xOYuGQ7hvbOpyVgiu6D++bHEeBa4I+4wWRFLbJisr2pJDBxMAj8ZygOHksDhGMj3UhwI+a6cvx8K4cOzqfX1JbbHEiNJ4NMxMJoExmJgPAksjYGJJPDy0jwwmQT+LQbCdP22untpvq0AAACORj7P6qm/G9J53sHuVhk6WmXob5Whs1WGSqsMjUYR7387ZuhJTl7pKGTqSWvtS2opZYgXwz/qfpUyhB/W50wLlpqO5x/UzjfoqM9w38e6K6GJ0vx/vL35f3/9bdb64Tj/n7v+Xxb4Qeze1+Kp46Mx8OOP1wfyHQOH42T3hlpVk3mJfNJ+QywxEQOjSWB7DEwkgQ3r88D+d9QH8pl2rfF9tcan8xKFAAAAAJx0cQdB3E0T5/+37fzKQLNypfn/RHvz/9jeQLGx62KtR5aGcG/HXG9qgZWDWSDuxxiMP49/12AIpxV2cNRKTPVnJXqThsP3+7JfqPemVX2vL/vxQbx/wRMPPXhjNXFLXwjLCntfam08W8na6EsDZ/Vmgf40sK07C8Q9P7XAdzuzABy32l7B+ILKT3WpGZm/XIPX31vlmqDp8Er7QOfJN99vrhZKaYdrvk+15uietqb7bzlhSm+PQ95ti/HdNuLdVvwilX9DeWMuVAmdm6e2bLxyZld8pPhL1pIFep6Lv1JtJ30CXod7jr23rVXSDownHx/j85eb/3XYEau76bFld3at+NSj96xc9uKBD+17qe1uNBB/KPzQNf86+KPC5l1olZC/5hbd58mkz5NF8d9A8u4e9bSFENa//PUbmsVL8//J9ub/3cntrF/HjblzOIQPFDbuI3Hz//Fw9jlYCGSfkm8rB7JD7v811PCTEwAAAE602u6O2v6C6fw2OyE8nSeX808eZf64v2Ji3vzt9rv/ry9a1ixemv9vaD7/X5J00/F/x/9ZII7/z+tU3xW9JH1gz3Htii5Vx4Jw/H9ep/q7zfH/eTn+7/j/fBz/b8Hx/3md6k9b6VvSdl+6Qggv/tEDTzeLl+b/29ub/1v/b/5F+2rr/21otP7f9kbr/+2x/h8AALCgGiw0l87zSqv3lTKkq/eVMrRcILDlEoPW/zvq9f9eOPPZ34QmSvP/Pe3N/+PLYaDY+mJZ/290fYOqbo6B7RYGBAAA4FTUaAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb677/uF/NjeLP/zb855+7sKJy/auu/Dla847/fEQpmcf78jCHf3X3zrx8zvPvWvvfWtuu+fI+R+s5OV68tvfrcsda319KIT9hUcGY+KVoeqducAFn7xrd3c18chQCO8vBrbu3XpaNfGtoRCWFwMPXrTiHdXE3rTE/c+d+0I1cXEa+MTK01+rJs7JAx1pd/9xadbdjrS7Ny4NYbgQqHX3sqX1VdXa+NM80Jm28U+DWRsxMBiLfmMwayMGZmKJ6SUhrOoOoSut6uFKVlVXWtW/VLKqutKqvlwJ4ZwQQnda1XO9WVXd6cgf782qioEz3nfg1bOqif29IawqBp783O0fria+kARqjf9Fbwjvqb5k0sa/3ZM13pM2fktPCO8OIfSmJX7ZnZXoTUs83x3C2wqBWuOf7w5hd+AtIX741H2i7dx99daNMzNTOxYw0Zu31Re2TM9MjW3aNrO5kvSpkY5C+o1rj33sz7z6pU3V28/evX6wnXR3Xq5ntstreururj3Vex/71V+sZO75KNUf8/eGgbDkyp1TO8a+uHHXrh2rs7/tZl+T/e3Ko9m2Wr1YttXyYiWrdl2+fdXO3VevnL5846VTl05dsfoja8bPHl87/tGzV1VHNZ79PRFDvf3kD/XM7kIlJ+MDQEJCYrElOus+3cZP9Q/y0hf9uY72hMrsB3RpWlHM0jE7yhMx6HXHOOJj+Z7SckSrSxOHUpY182S5tj7L2tJkYq6WvizL7Pe60uSw2Fjn7CaN9zvD2FhXo+0wUn+3uHl/dhyb96l807WbBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRg9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHApAAD//7IeJCA=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) 416.555447ms ago: executing program 8 (id=1532): r0 = socket(0xa, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x8001, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xa}]}, &(0x7f0000000080)=0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x25, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e23, @rand_addr=0x64010102}}, 0x0, 0x4}, 0x90) 285.352135ms ago: executing program 9 (id=1533): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000004380)=[{{&(0x7f0000004440)={0xa, 0x4e22, 0x0, @private1}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000100)='P', 0x1}], 0x1}}, {{&(0x7f0000000180)={0xa, 0x4e20, 0x401, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7}, 0x1c, &(0x7f0000000780)=[{&(0x7f00000001c0)='K', 0x1}], 0x1}}], 0x2, 0x0) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e24, 0xe, @empty, 0x6}}}, &(0x7f00000000c0)=0x84) 78.548739ms ago: executing program 9 (id=1534): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000340)=0x5) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 849.443µs ago: executing program 5 (id=1535): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380000, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xae, 0x6, 0x7, 0x0, 0xfffffffffffff04f, 0x7, 0x80000000, 0xfffffffffffffff8, 0xffffffffffffffff, 0x2, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8}) clock_adjtime(0x0, &(0x7f0000000900)={0x6, 0x20000000e, 0xf, 0x0, 0xf, 0x8000000000000000, 0xa, 0x2, 0x9, 0x4, 0x5, 0x8000000000000000, 0xc, 0x9, 0x7, 0x9, 0x8, 0x3, 0x8, 0xfffffffffffffffa, 0x0, 0x5, 0x7, 0x7, 0x3, 0x6}) 0s ago: executing program 8 (id=1536): syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x808080, &(0x7f0000000000), 0x2c, 0x516, &(0x7f0000000740)="$eJzs3c9vG1kdAPCvnV9umm6ysIcFAVuWhYKq2om7G632wnJBQqvVIi2cEGqjxI2i2HEUO6UJkUjPXJGoxAn+BA5IHJB64s4NblzKAalABWqQEPJq7HGbOHFiNXHcxp+PNPJ7MxN/v8/SvBc/2/MCGFpXI2I3IsYj4nZETKf7M+kWH7a25LynT3YW957sLGai0fj0n6PpmTuL7fPbLqfPmYv4JKlPHBG3trW9ulAulzbSeqFeWS/UtrZvrFQWlkvLpbVicX5ufvb9m+8Vz6ytb1V++/i7Kx/98A+///KjP+1+66dJzt9OjyVtO7NA+7Rel7GY2rcveeU+6kewARhJ2zM+6ER4IdmI+FxEvJ2Wn8kNLicAoL8ajeloTO+vd5fp4RwA4OWXvOefikw2n77/n4psNp9vzuHl3ojJbLlaq1+/U91cW4rmHNZMjGXvrJRLs+lc4UyMZZL6XLP8vF7sqN+MiNcj4hcTl5r1/GK1vDSof3oAYMhd7hj//zPRGv974BMCAHiVGckBYPgcHv/HBpIHAHB+vP8HgOGzb/w/6re6AMAFlOv47T8AcPGdOP//Zvzsx+eTCgBwTnz+DwBD5fsff5xsjb30/tdLd7c2V6t3byyVaqv5yuZifrG6sZ5frlaXm/fsqZz0fOVqdX3u3di8V6iXavVCbWv7VqW6uVa/1byv962SHxYAwOC9/tbDv2QiYveDS80t2ms5+EIAXHgucxheI4NOABiY0UEnAAyM+Xggc8Lxrl8RetD9by6dIh+g/659ocv8//H/G/y/cT7pAX1k/h+G1+nm/80ewKvM/D8Mr0YjYz1/ABgyPbyD9xVBuOBe+PN/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGGJTzS2TzadrgU9FNpvPR1yJiJkYy9xZKZdmI+K1iPjzxNhEUp8bdNIAwCll/55J1/+6Nv3OVOfR8cx/J5qPEfGTX336y3sL9frGXLL/X8/21x+k+4tHBpjofxsAgH1GO3e0x+n2ON5e3/fpk53F9naeCT7+Tmtx0STuXrq1U28ln4uxiJj8d+ZAYzJntDDx7v2IeLOz/dlnx2fSlU874yexr/QtfjRbOHUgfvZA/GzzWOsxeS0+fwa5wLB5mPQ/Hx51/WXjavMxvf4yBzvTXPz8cOf6Atr9316js/9rXe+fXMk1+5qj+r+rvcZ494/f63rs/kjji6MRe4f63/aK0Llm6aj47/QY/69f+srb3Y41fh1xLY6L3yoV6pX1Qm1r+8ZKZWG5tFxaKxbn5+Zn37/5XrHQnKMutGeqD/vHB9df697+iMku8XMntP/rPbb/N/+7/aOvHhP/m187Kn423jgmfjImfqPH+AuTv+u6fHcSf6lL+0cPxB8/8HfJvus9xn/0t+2lHk8FAM5BbWt7daFcLm0onLaQ69czX35JGqhwTGEkyu35qJcin1MXBtwxAX33/KIfdCYAAAAAAAAAAAAAAEA3tR+kt/zr44/hBt1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALq7PAgAA//+iDcmp") truncate(&(0x7f0000000280)='./file1\x00', 0xf3a3) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) fallocate(r0, 0x0, 0x0, 0x8000c62) kernel console output (not intermixed with test programs): : inode #11: comm syz.3.923: mark_inode_dirty error [ 227.110899][ T9015] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.923: invalid indirect mapped block 1 (level 1) [ 227.170339][ T9015] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #11: comm syz.3.923: corrupted inode contents [ 227.216395][ T9015] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 227.244445][ T9015] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #11: comm syz.3.923: corrupted inode contents [ 227.273152][ T9015] EXT4-fs error (device loop3): ext4_truncate:4597: inode #11: comm syz.3.923: mark_inode_dirty error [ 227.303094][ T9015] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 227.378895][ T9015] EXT4-fs (loop3): 1 truncate cleaned up [ 227.380843][ T5835] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 227.386692][ T9015] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 227.571700][ T5842] EXT4-fs error (device loop3): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 227.679749][ T9042] loop5: detected capacity change from 0 to 16 [ 227.688162][ T5842] EXT4-fs error (device loop3): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 227.709804][ T9042] erofs (device loop5): mounted with root inode @ nid 36. [ 227.719115][ T5842] EXT4-fs error (device loop3): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 227.782429][ T5842] EXT4-fs error (device loop3): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 227.838193][ T5842] EXT4-fs error (device loop3): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 227.869426][ T5842] EXT4-fs error (device loop3): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 227.892319][ T5842] EXT4-fs error (device loop3): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 227.912517][ T5842] EXT4-fs error (device loop3): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 227.926522][ T5842] EXT4-fs error (device loop3): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 227.982864][ T5842] EXT4-fs error (device loop3): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 228.052654][ T9049] serio: Serial port ttyS3 [ 228.181776][ T9056] loop6: detected capacity change from 0 to 512 [ 228.219605][ T9056] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 228.280791][ T9056] EXT4-fs error (device loop6): ext4_orphan_get:1419: comm syz.6.913: bad orphan inode 131083 [ 228.292284][ T9058] ceph: missing cluster fsid [ 228.296929][ T9058] ceph: separator ':' missing in source [ 228.316867][ T9056] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.348532][ T9063] loop4: detected capacity change from 0 to 2048 [ 228.416873][ T9064] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 228.522276][ T9064] NILFS (loop4): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 228.543465][ T9064] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=4) [ 228.556258][ T9064] Remounting filesystem read-only [ 228.615821][ T5835] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer [ 228.633312][ T7147] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.930233][ T65] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.079499][ T6613] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.124333][ T65] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.299523][ T65] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.451549][ T65] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.531986][ T9087] loop5: detected capacity change from 0 to 2048 [ 229.556477][ T9087] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 229.596552][ T9074] loop4: detected capacity change from 0 to 32768 [ 229.642619][ T9089] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 229.784863][ T65] bridge_slave_1: left allmulticast mode [ 229.796230][ T65] bridge_slave_1: left promiscuous mode [ 229.820029][ T65] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.843221][ T65] bridge_slave_0: left allmulticast mode [ 229.858782][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 229.872130][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 229.883808][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 229.891308][ T65] bridge_slave_0: left promiscuous mode [ 229.900482][ T65] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.908942][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 229.918998][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 230.035746][ T9099] loop6: detected capacity change from 0 to 2048 [ 230.081210][ T9099] EXT4-fs (loop6): warning: mounting unchecked fs, running e2fsck is recommended [ 230.129587][ T9099] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 230.146476][ T9099] ext4 filesystem being mounted at /116/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 230.213972][ T6613] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.454823][ T9111] netlink: 8 bytes leftover after parsing attributes in process `syz.6.958'. [ 230.733990][ T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 230.745982][ T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 230.756729][ T65] bond0 (unregistering): Released all slaves [ 231.413134][ T65] hsr_slave_0: left promiscuous mode [ 231.442905][ T65] hsr_slave_1: left promiscuous mode [ 231.468410][ T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 231.476000][ T65] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 231.532440][ T9146] loop4: detected capacity change from 0 to 1024 [ 231.545577][ T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 231.557584][ T65] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 231.601344][ T9150] openvswitch: netlink: IPv4 tunnel dst address is zero [ 231.605114][ T65] veth1_macvtap: left promiscuous mode [ 231.630793][ T9146] hfsplus: xattr searching failed [ 231.630904][ T65] veth0_macvtap: left promiscuous mode [ 231.645855][ T65] veth1_vlan: left promiscuous mode [ 231.662026][ T65] veth0_vlan: left promiscuous mode [ 231.670609][ T9146] hfsplus: catalog searching failed [ 231.743574][ T13] hfsplus: bad catalog file entry [ 231.751501][ T13] hfsplus: b-tree write err: -5, ino 3 [ 231.977826][ T5840] Bluetooth: hci3: command tx timeout [ 232.793880][ T65] team0 (unregistering): Port device team_slave_1 removed [ 232.845995][ T65] team0 (unregistering): Port device team_slave_0 removed [ 233.396477][ T9149] dummy0: entered promiscuous mode [ 233.403925][ T9149] macsec1: entered allmulticast mode [ 233.409455][ T9149] dummy0: entered allmulticast mode [ 233.418860][ T9149] dummy0: left allmulticast mode [ 233.424123][ T9149] dummy0: left promiscuous mode [ 233.566733][ T9167] netlink: 28 bytes leftover after parsing attributes in process `syz.6.982'. [ 233.666972][ T9175] loop6: detected capacity change from 0 to 1024 [ 233.886087][ T3308] hfsplus: b-tree write err: -5, ino 4 [ 233.916536][ T9091] chnl_net:caif_netlink_parms(): no params data found [ 234.061753][ T5840] Bluetooth: hci3: command tx timeout [ 234.092535][ T9187] sp0: Synchronizing with TNC [ 234.104890][ T9186] [U] è`` [ 234.206567][ T65] IPVS: stop unused estimator thread 0... [ 234.333214][ T9193] sp0: Synchronizing with TNC [ 234.418779][ T9091] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.439206][ T9198] Falling back ldisc for ttyprintk. [ 234.445022][ T9091] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.456908][ T9191] [U] è [ 234.532763][ T9091] bridge_slave_0: entered allmulticast mode [ 234.541554][ T9091] bridge_slave_0: entered promiscuous mode [ 234.550808][ T9091] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.558176][ T9091] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.565616][ T9091] bridge_slave_1: entered allmulticast mode [ 234.576170][ T9091] bridge_slave_1: entered promiscuous mode [ 234.644241][ T9091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.684170][ T9091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 234.838316][ T9208] loop5: detected capacity change from 0 to 1024 [ 234.863035][ T9091] team0: Port device team_slave_0 added [ 234.906534][ T9091] team0: Port device team_slave_1 added [ 235.022587][ T9210] hfsplus: can't free extent [ 235.093421][ T12] hfsplus: b-tree write err: -5, ino 4 [ 235.160275][ T9091] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 235.178483][ T9091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 235.267478][ T9091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 235.291033][ T9217] loop4: detected capacity change from 0 to 2048 [ 235.310453][ T9091] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 235.320617][ T9091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 235.363891][ T9091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 235.418327][ T9217] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 235.532430][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.599701][ T9091] hsr_slave_0: entered promiscuous mode [ 235.629749][ T9091] hsr_slave_1: entered promiscuous mode [ 235.644999][ T9091] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 235.667748][ T9091] Cannot create hsr debugfs directory [ 235.908112][ T5831] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 236.107469][ T5831] usb 8-1: Using ep0 maxpacket: 32 [ 236.120624][ T5831] usb 8-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 236.138504][ T5840] Bluetooth: hci3: command tx timeout [ 236.147773][ T5831] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.195641][ T5831] usb 8-1: config 0 descriptor?? [ 236.349492][ T9091] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 236.384815][ T9091] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 236.415690][ T5831] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 236.424091][ T9091] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 236.436175][ T5831] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 236.458734][ T5831] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 236.465957][ T5831] usb 8-1: media controller created [ 236.472044][ T9091] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 236.546066][ T5831] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 236.707947][ T5831] az6027: usb out operation failed. (-71) [ 236.719949][ T5831] az6027: usb out operation failed. (-71) [ 236.747418][ T5831] stb0899_attach: Driver disabled by Kconfig [ 236.754408][ T5831] az6027: no front-end attached [ 236.754408][ T5831] [ 236.784210][ T5831] az6027: usb out operation failed. (-71) [ 236.797486][ T5831] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 236.806971][ T5831] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.7/usb8/8-1/input/input13 [ 236.828838][ T9250] loop4: detected capacity change from 0 to 32768 [ 236.838707][ T5831] dvb-usb: schedule remote query interval to 400 msecs. [ 236.845940][ T5831] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 236.858578][ T9250] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1012 (9250) [ 236.885082][ T5831] usb 8-1: USB disconnect, device number 3 [ 236.937556][ T5885] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 236.963057][ T5831] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 236.977600][ T9250] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 236.991679][ T9250] BTRFS info (device loop4): using sha256 (sha256-x86_64) checksum algorithm [ 237.007951][ T9250] BTRFS info (device loop4): using free-space-tree [ 237.041564][ T9091] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.138031][ T5885] usb 6-1: Using ep0 maxpacket: 32 [ 237.159233][ T5885] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 237.169556][ T9091] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.188617][ T5885] usb 6-1: config 0 has no interface number 0 [ 237.214331][ T5885] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 237.234003][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.242768][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.258913][ T5885] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.275730][ T5885] usb 6-1: Product: syz [ 237.282013][ T5885] usb 6-1: Manufacturer: syz [ 237.286673][ T5885] usb 6-1: SerialNumber: syz [ 237.309835][ T6260] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.317166][ T6260] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.326217][ T5885] usb 6-1: config 0 descriptor?? [ 237.354686][ T5885] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 237.425175][ T5835] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 237.444517][ T9264] loop6: detected capacity change from 0 to 32768 [ 237.492842][ T9264] ocfs2: Slot 0 on device (7,6) was already allocated to this node! [ 237.516922][ T9264] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 237.600804][ T5885] usb 6-1: qt2_attach - failed to power on unit: -71 [ 237.608899][ T5885] quatech2 6-1:0.51: probe with driver quatech2 failed with error -71 [ 237.624927][ T5885] usb 6-1: USB disconnect, device number 5 [ 237.746080][ T6613] ocfs2: Unmounting device (7,6) on (node local) [ 238.039041][ T9293] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 238.046877][ T9293] IPv6: NLM_F_CREATE should be set when creating new route [ 238.056318][ T9091] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 238.069479][ T9295] loop4: detected capacity change from 0 to 256 [ 238.217745][ T5840] Bluetooth: hci3: command tx timeout [ 238.557469][ T30] audit: type=1326 audit(1749098367.941:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9310 comm="syz.6.1029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0ce19858e7 code=0x7ffc0000 [ 238.641798][ T30] audit: type=1326 audit(1749098367.941:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9310 comm="syz.6.1029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0ce192ab19 code=0x7ffc0000 [ 238.708199][ T30] audit: type=1326 audit(1749098367.951:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9310 comm="syz.6.1029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0ce19858e7 code=0x7ffc0000 [ 238.787802][ T30] audit: type=1326 audit(1749098367.951:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9310 comm="syz.6.1029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0ce192ab19 code=0x7ffc0000 [ 238.876623][ T30] audit: type=1326 audit(1749098367.951:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9310 comm="syz.6.1029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ce198e929 code=0x7ffc0000 [ 238.900488][ T30] audit: type=1326 audit(1749098367.951:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9310 comm="syz.6.1029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0ce19858e7 code=0x7ffc0000 [ 238.923158][ T30] audit: type=1326 audit(1749098367.951:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9310 comm="syz.6.1029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0ce192ab19 code=0x7ffc0000 [ 238.948292][ T30] audit: type=1326 audit(1749098367.951:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9310 comm="syz.6.1029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0ce19858e7 code=0x7ffc0000 [ 239.036806][ T9091] veth0_vlan: entered promiscuous mode [ 239.037773][ T30] audit: type=1326 audit(1749098367.951:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9310 comm="syz.6.1029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0ce192ab19 code=0x7ffc0000 [ 239.094090][ T9091] veth1_vlan: entered promiscuous mode [ 239.154030][ T30] audit: type=1326 audit(1749098367.961:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9310 comm="syz.6.1029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0ce19858e7 code=0x7ffc0000 [ 239.216909][ T9091] veth0_macvtap: entered promiscuous mode [ 239.253804][ T9336] sctp: [Deprecated]: syz.6.1040 (pid 9336) Use of int in maxseg socket option. [ 239.253804][ T9336] Use struct sctp_assoc_value instead [ 239.257247][ T9091] veth1_macvtap: entered promiscuous mode [ 239.340257][ T9091] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 239.382403][ T9091] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 239.403793][ T9091] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.429728][ T9091] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.457603][ T9091] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.458176][ T9346] Bluetooth: MGMT ver 1.23 [ 239.466358][ T9091] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.690488][ T9350] netlink: 1010 bytes leftover after parsing attributes in process `syz.4.1046'. [ 239.719813][ T9350] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 239.744824][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 239.771446][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.787456][ T1219] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 239.858085][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 239.882682][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.998868][ T1219] usb 8-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 240.028296][ T1219] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.048437][ T1219] usb 8-1: config 0 descriptor?? [ 240.066865][ T1219] cp210x 8-1:0.0: cp210x converter detected [ 240.124048][ T9342] loop5: detected capacity change from 0 to 32768 [ 240.132912][ T9342] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1041 (9342) [ 240.202243][ T9342] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 240.212589][ T9342] BTRFS info (device loop5): using sha256 (sha256-x86_64) checksum algorithm [ 240.243113][ T9342] BTRFS info (device loop5): using free-space-tree [ 240.354901][ T9382] loop6: detected capacity change from 0 to 64 [ 240.429302][ T9382] Trying to free block not in datazone [ 240.435090][ T9382] Trying to free block not in datazone [ 240.445450][ T9382] Trying to free block not in datazone [ 240.470653][ T1219] cp210x 8-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 240.518723][ T1219] usb 8-1: cp210x converter now attached to ttyUSB0 [ 240.678266][ T6246] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 240.705305][ T5843] usb 8-1: USB disconnect, device number 4 [ 240.738141][ T5843] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 240.753185][ T5843] cp210x 8-1:0.0: device disconnected [ 241.072121][ T9398] loop6: detected capacity change from 0 to 64 [ 241.200568][ T9375] loop8: detected capacity change from 0 to 40427 [ 241.219362][ T9375] F2FS-fs (loop8): build fault injection type: 0x7 [ 241.232194][ T9375] F2FS-fs (loop8): invalid crc value [ 241.382581][ T9375] F2FS-fs (loop8): Start checkpoint disabled! [ 241.412922][ T9375] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6 [ 241.418270][ T9408] netlink: 27 bytes leftover after parsing attributes in process `syz.5.1064'. [ 241.433956][ T9405] loop6: detected capacity change from 0 to 4096 [ 241.496419][ T9375] syz.8.1054: attempt to access beyond end of device [ 241.496419][ T9375] loop8: rw=2049, sector=77824, nr_sectors = 768 limit=40427 [ 241.644733][ T12] kworker/u8:0: attempt to access beyond end of device [ 241.644733][ T12] loop8: rw=1, sector=77824, nr_sectors = 8 limit=40427 [ 241.717278][ T12] kworker/u8:0: attempt to access beyond end of device [ 241.717278][ T12] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 241.755127][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-next-20250604-syzkaller #0 PREEMPT(full) [ 241.755159][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 241.755172][ T12] Workqueue: writeback wb_workfn (flush-7:8) [ 241.755209][ T12] Call Trace: [ 241.755217][ T12] [ 241.755227][ T12] dump_stack_lvl+0x189/0x250 [ 241.755254][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.755272][ T12] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 241.755307][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 241.755330][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 241.755362][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 241.755397][ T12] ? f2fs_hw_is_readonly+0x39b/0x470 [ 241.755430][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 241.755466][ T12] f2fs_write_end_io+0x495/0x810 [ 241.755492][ T12] ? blkg_put+0x22/0x240 [ 241.755539][ T12] __submit_merged_bio+0x27a/0x6a0 [ 241.755574][ T12] __submit_merged_write_cond+0x255/0x530 [ 241.755611][ T12] f2fs_write_data_pages+0x261d/0x3000 [ 241.755686][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 241.755733][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 241.755815][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 241.755859][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 241.755887][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 241.755937][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 241.755984][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 241.756014][ T12] do_writepages+0x32b/0x550 [ 241.756054][ T12] ? reacquire_held_locks+0x127/0x1d0 [ 241.756074][ T12] ? writeback_sb_inodes+0x372/0x1000 [ 241.756123][ T12] __writeback_single_inode+0x145/0xff0 [ 241.756144][ T12] ? do_raw_spin_unlock+0x122/0x240 [ 241.756175][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 241.756245][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 241.756337][ T12] ? rcu_is_watching+0x15/0xb0 [ 241.756383][ T12] wb_writeback+0x43b/0xaf0 [ 241.756427][ T12] ? queue_io+0x391/0x590 [ 241.756463][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 241.756509][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 241.756548][ T12] wb_workfn+0x409/0xef0 [ 241.756598][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 241.756634][ T12] ? __lock_acquire+0xab9/0xd20 [ 241.756678][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 241.756719][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 241.756749][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 241.756778][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 241.756813][ T12] process_scheduled_works+0xae1/0x17b0 [ 241.756887][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 241.756950][ T12] worker_thread+0x8a0/0xda0 [ 241.757013][ T12] kthread+0x70e/0x8a0 [ 241.757043][ T12] ? __pfx_worker_thread+0x10/0x10 [ 241.757062][ T12] ? __pfx_kthread+0x10/0x10 [ 241.757089][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 241.757120][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 241.757139][ T12] ? __pfx_kthread+0x10/0x10 [ 241.757166][ T12] ret_from_fork+0x3fc/0x770 [ 241.757200][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 241.757239][ T12] ? __switch_to_asm+0x39/0x70 [ 241.757258][ T12] ? __switch_to_asm+0x33/0x70 [ 241.757277][ T12] ? __pfx_kthread+0x10/0x10 [ 241.757303][ T12] ret_from_fork_asm+0x1a/0x30 [ 241.757348][ T12] [ 242.124547][ T12] F2FS-fs (loop8): Stopped filesystem due to reason: 3 [ 242.185250][ T9422] loop4: detected capacity change from 0 to 4096 [ 242.303285][ T9425] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 242.536461][ T9428] loop6: detected capacity change from 0 to 4096 [ 242.608980][ T9428] ntfs3(loop6): Different NTFS sector size (1024) and media sector size (512). [ 242.694027][ T9432] loop7: detected capacity change from 0 to 256 [ 242.718308][ T9432] FAT-fs (loop7): Directory bread(block 1285) failed [ 242.754529][ T9432] FAT-fs (loop7): FAT read failed (blocknr 1281) [ 243.014713][ T9438] loop7: detected capacity change from 0 to 1024 [ 243.113857][ T9438] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 243.133140][ T9438] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 243.153801][ T9447] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1078'. [ 243.374146][ T8013] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.385903][ T9457] loop6: detected capacity change from 0 to 512 [ 243.454250][ T9457] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 243.527692][ T9457] ext4 filesystem being mounted at /158/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 243.670671][ T9457] __quota_error: 21 callbacks suppressed [ 243.670704][ T9457] Quota error (device loop6): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 243.727203][ T9457] Quota error (device loop6): qtree_read_dquot: Can't read quota structure for id 0 [ 243.737045][ T9457] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.1082: Failed to acquire dquot type 0 [ 243.813732][ T6613] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.900119][ T9470] loop7: detected capacity change from 0 to 512 [ 243.907326][ T9470] EXT4-fs: Ignoring removed bh option [ 243.971160][ T9470] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem [ 244.016399][ T9470] EXT4-fs (loop7): invalid journal inode [ 244.035001][ T9470] EXT4-fs (loop7): can't get journal size [ 244.070892][ T9470] EXT4-fs (loop7): 1 truncate cleaned up [ 244.109354][ T9470] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 244.176448][ T36] Bluetooth: hci5: Frame reassembly failed (-84) [ 244.200649][ T9480] Bluetooth: hci5: Frame reassembly failed (-84) [ 244.275020][ T8013] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.310934][ T9485] loop5: detected capacity change from 0 to 4096 [ 244.590318][ T9495] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1098'. [ 244.705560][ T9500] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 244.717189][ T9502] af_packet: tpacket_rcv: packet too big, clamped from 82 to 4294967286. macoff=82 [ 245.036400][ T9491] loop6: detected capacity change from 0 to 40427 [ 245.048645][ T9491] F2FS-fs (loop6): build fault injection rate: 771 [ 245.070167][ T9491] F2FS-fs (loop6): invalid crc value [ 245.169082][ T9491] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 245.271601][ T6613] syz-executor: attempt to access beyond end of device [ 245.271601][ T6613] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 245.289203][ T6613] CPU: 0 UID: 0 PID: 6613 Comm: syz-executor Not tainted 6.15.0-next-20250604-syzkaller #0 PREEMPT(full) [ 245.289232][ T6613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 245.289245][ T6613] Call Trace: [ 245.289254][ T6613] [ 245.289262][ T6613] dump_stack_lvl+0x189/0x250 [ 245.289291][ T6613] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.289309][ T6613] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 245.289342][ T6613] ? __pfx_queue_work_on+0x10/0x10 [ 245.289364][ T6613] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 245.289396][ T6613] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 245.289430][ T6613] ? f2fs_hw_is_readonly+0x39b/0x470 [ 245.289463][ T6613] f2fs_handle_critical_error+0x37c/0x540 [ 245.289498][ T6613] f2fs_write_end_io+0x495/0x810 [ 245.289524][ T6613] ? blkg_put+0x22/0x240 [ 245.289571][ T6613] __submit_merged_bio+0x27a/0x6a0 [ 245.289606][ T6613] __submit_merged_write_cond+0x255/0x530 [ 245.289649][ T6613] f2fs_write_data_pages+0x261d/0x3000 [ 245.289725][ T6613] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 245.289826][ T6613] ? do_raw_spin_lock+0x121/0x290 [ 245.289887][ T6613] ? __lock_acquire+0xab9/0xd20 [ 245.289938][ T6613] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 245.289967][ T6613] do_writepages+0x32b/0x550 [ 245.290015][ T6613] ? do_raw_spin_unlock+0x122/0x240 [ 245.290060][ T6613] filemap_fdatawrite+0x191/0x230 [ 245.290081][ T6613] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 245.290165][ T6613] ? do_raw_spin_unlock+0x122/0x240 [ 245.290195][ T6613] f2fs_sync_dirty_inodes+0x31f/0x830 [ 245.290245][ T6613] f2fs_write_checkpoint+0x94a/0x1de0 [ 245.290306][ T6613] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 245.290390][ T6613] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 245.290419][ T6613] ? kfree+0x18e/0x440 [ 245.290439][ T6613] ? kill_f2fs_super+0x298/0x6c0 [ 245.290475][ T6613] kill_f2fs_super+0x2c3/0x6c0 [ 245.290512][ T6613] ? __pfx_kill_f2fs_super+0x10/0x10 [ 245.290538][ T6613] ? radix_tree_delete_item+0x2b6/0x400 [ 245.290569][ T6613] ? shrinker_free+0x2ce/0x3e0 [ 245.290598][ T6613] deactivate_locked_super+0xb9/0x130 [ 245.290636][ T6613] cleanup_mnt+0x425/0x4c0 [ 245.290664][ T6613] ? lockdep_hardirqs_on+0x9c/0x150 [ 245.290690][ T6613] task_work_run+0x1d1/0x260 [ 245.290719][ T6613] ? __pfx_task_work_run+0x10/0x10 [ 245.290741][ T6613] ? __x64_sys_umount+0x122/0x160 [ 245.290768][ T6613] ? exit_to_user_mode_loop+0x40/0x110 [ 245.290802][ T6613] exit_to_user_mode_loop+0xec/0x110 [ 245.290830][ T6613] do_syscall_64+0x2bd/0x3b0 [ 245.290851][ T6613] ? lockdep_hardirqs_on+0x9c/0x150 [ 245.290872][ T6613] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.290891][ T6613] ? clear_bhb_loop+0x60/0xb0 [ 245.290917][ T6613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.290936][ T6613] RIP: 0033:0x7f0ce198fc57 [ 245.290955][ T6613] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 245.290973][ T6613] RSP: 002b:00007ffe29651fc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 245.290995][ T6613] RAX: 0000000000000000 RBX: 00007f0ce1a10925 RCX: 00007f0ce198fc57 [ 245.291008][ T6613] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe29652080 [ 245.291020][ T6613] RBP: 00007ffe29652080 R08: 0000000000000000 R09: 0000000000000000 [ 245.291033][ T6613] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe29653110 [ 245.291046][ T6613] R13: 00007f0ce1a10925 R14: 000000000003bdd9 R15: 00007ffe29653150 [ 245.291084][ T6613] [ 245.291664][ T6613] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 245.656490][ T5831] kernel read not supported for file /dsp (pid: 5831 comm: kworker/0:3) [ 246.212336][ T9520] loop5: detected capacity change from 0 to 32768 [ 246.222032][ T9520] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1108 (9520) [ 246.231688][ T5840] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 246.241462][ T5841] Bluetooth: hci5: command 0x1003 tx timeout [ 246.324736][ T9520] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 246.347783][ T9520] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 246.357288][ T9520] BTRFS info (device loop5): using free-space-tree [ 246.363864][ T9537] loop8: detected capacity change from 0 to 1024 [ 246.402008][ T9537] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 246.493840][ T9531] loop7: detected capacity change from 0 to 32768 [ 246.522987][ T9531] ocfs2: Slot 0 on device (7,7) was already allocated to this node! [ 246.538904][ T9091] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.553845][ T9531] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 246.717810][ T9531] overlayfs: upper fs does not support tmpfile. [ 246.733717][ T9531] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 246.745514][ T6246] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 246.767569][ T9531] overlayfs: failed to set xattr on upper [ 246.773445][ T9531] overlayfs: ...falling back to redirect_dir=nofollow. [ 246.786152][ T9531] overlayfs: ...falling back to index=off. [ 246.809011][ T9531] overlayfs: ...falling back to uuid=null. [ 246.818066][ T9531] overlayfs: upper fs missing required features. [ 246.891464][ T9569] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1122'. [ 247.014554][ T8013] ocfs2: Unmounting device (7,7) on (node local) [ 247.056959][ T9571] loop8: detected capacity change from 0 to 2048 [ 247.105203][ T9571] NILFS (loop8): broken superblock, retrying with spare superblock (blocksize = 1024) [ 247.126112][ T9571] NILFS (loop8): mounting unchecked fs [ 247.212889][ T9571] NILFS (loop8): recovery complete [ 247.287472][ T9577] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 247.354425][ T9578] loop4: detected capacity change from 0 to 2048 [ 247.389691][ T9578] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 247.675469][ T9587] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 247.897552][ T5884] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 247.910725][ T9590] loop6: detected capacity change from 0 to 128 [ 247.992219][ T9575] loop5: detected capacity change from 0 to 32768 [ 248.011462][ T9575] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1120 (9575) [ 248.035990][ T9575] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 248.049573][ T9575] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm [ 248.064256][ T9575] BTRFS info (device loop5): using free-space-tree [ 248.087462][ T5884] usb 9-1: Using ep0 maxpacket: 32 [ 248.114487][ T5884] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 248.141049][ T5884] usb 9-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 248.150918][ T5884] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.169961][ T5884] usb 9-1: Product: syz [ 248.180374][ T5884] usb 9-1: Manufacturer: syz [ 248.202737][ T5884] usb 9-1: SerialNumber: syz [ 248.225541][ T5884] usb 9-1: config 0 descriptor?? [ 248.238305][ T9588] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 248.299747][ T5884] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 248.357657][ T9584] loop7: detected capacity change from 0 to 32768 [ 248.378682][ T9584] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.1128 (9584) [ 248.416488][ T9584] BTRFS info (device loop7): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 248.430006][ T30] audit: type=1326 audit(1749098377.831:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.4.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522378e929 code=0x7ffc0000 [ 248.447584][ T9584] BTRFS info (device loop7): using xxhash64 (xxhash64-generic) checksum algorithm [ 248.480225][ T9584] BTRFS info (device loop7): using free-space-tree [ 248.505410][ T30] audit: type=1326 audit(1749098377.831:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.4.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522378e929 code=0x7ffc0000 [ 248.568441][ T6246] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 248.568637][ T30] audit: type=1326 audit(1749098377.831:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.4.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=444 compat=0 ip=0x7f522378e929 code=0x7ffc0000 [ 248.611552][ T30] audit: type=1326 audit(1749098377.831:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.4.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522378e929 code=0x7ffc0000 [ 248.644854][ T5884] usb 9-1: USB disconnect, device number 2 [ 248.695587][ T9584] BTRFS info (device loop7): rebuilding free space tree [ 248.746405][ T30] audit: type=1326 audit(1749098377.831:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.4.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522378e929 code=0x7ffc0000 [ 248.842160][ T30] audit: type=1326 audit(1749098377.831:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.4.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=446 compat=0 ip=0x7f522378e929 code=0x7ffc0000 [ 248.901305][ T30] audit: type=1326 audit(1749098377.831:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.4.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522378e929 code=0x7ffc0000 [ 248.976961][ T30] audit: type=1326 audit(1749098377.831:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9612 comm="syz.4.1134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f522378e929 code=0x7ffc0000 [ 249.024965][ T9584] BTRFS info (device loop7): balance: start -susage=12582912,drange=65536..8,limit=10376293541461622786,limit=2..2415919104 [ 249.075349][ T9584] BTRFS info (device loop7): relocating block group 1048576 flags system [ 249.282987][ T9584] BTRFS info (device loop7): balance: ended with status: 0 [ 249.419134][ T8013] BTRFS info (device loop7): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 249.781804][ T9611] loop6: detected capacity change from 0 to 32768 [ 250.785723][ T9652] loop7: detected capacity change from 0 to 32768 [ 250.803177][ T9652] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.1140 (9652) [ 250.848905][ T9652] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 250.885402][ T9652] BTRFS info (device loop7): using crc32c (crc32c-x86_64) checksum algorithm [ 250.919980][ T9652] BTRFS info (device loop7): disk space caching is enabled [ 250.926981][ T9669] input: syz0 as /devices/virtual/input/input14 [ 250.940603][ T9652] BTRFS warning (device loop7): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 251.009936][ T9668] netlink: del zone limit has 4 unknown bytes [ 251.042204][ T9677] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1154'. [ 251.121849][ T9652] BTRFS info (device loop7): rebuilding free space tree [ 251.167797][ T9652] BTRFS info (device loop7): disabling free space tree [ 251.179063][ T9652] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 251.181915][ T9654] loop8: detected capacity change from 0 to 32768 [ 251.193662][ T9652] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 251.249250][ T9654] [ 251.249250][ T9654] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 251.249250][ T9654] [ 251.342894][ T9694] loop6: detected capacity change from 0 to 512 [ 251.382400][ T49] ERROR: (device loop8): diWrite: ixpxd invalid [ 251.382400][ T49] [ 251.398900][ T9694] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 251.427614][ T49] ERROR: (device loop8): txCommit: [ 251.427614][ T49] [ 251.450846][ T49] jfs_write_inode: jfs_commit_inode failed! [ 251.456906][ T9091] [ 251.456906][ T9091] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 251.456906][ T9091] [ 251.463702][ T9694] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002] [ 251.488760][ T9091] [ 251.488760][ T9091] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 251.488760][ T9091] [ 251.508985][ T9694] EXT4-fs error (device loop6): ext4_iget_extra_inode:5035: inode #15: comm syz.6.1157: corrupted in-inode xattr: e_value size too large [ 251.528102][ T9694] EXT4-fs error (device loop6): ext4_orphan_get:1398: comm syz.6.1157: couldn't read orphan inode 15 (err -117) [ 251.565819][ T8013] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 251.601784][ T9694] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 251.966531][ T6613] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.204844][ T5884] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 252.371750][ T5884] usb 9-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 252.387737][ T5884] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.407428][ T5884] usb 9-1: Product: syz [ 252.411746][ T5884] usb 9-1: Manufacturer: syz [ 252.416390][ T5884] usb 9-1: SerialNumber: syz [ 252.424277][ T5884] usb 9-1: config 0 descriptor?? [ 252.433270][ T5884] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 252.557860][ T10] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 252.643215][ T9716] loop4: detected capacity change from 0 to 32768 [ 252.654432][ T9716] btrfs: Deprecated parameter 'usebackuproot' [ 252.661827][ T9716] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 252.664335][ T9730] loop5: detected capacity change from 0 to 1024 [ 252.678064][ T9716] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1169 (9716) [ 252.710854][ T9716] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 252.730008][ T9716] BTRFS info (device loop4): using crc32c (crc32c-x86_64) checksum algorithm [ 252.739007][ T10] usb 8-1: Using ep0 maxpacket: 16 [ 252.747699][ T9716] BTRFS info (device loop4): disk space caching is enabled [ 252.759832][ T9716] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 252.774523][ T10] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 252.785926][ T10] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 252.794480][ T9730] loop5: detected capacity change from 0 to 1024 [ 252.796622][ T10] usb 8-1: config 0 interface 0 has no altsetting 0 [ 252.809581][ T10] usb 8-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 252.819543][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.836205][ T10] usb 8-1: config 0 descriptor?? [ 252.908843][ T3308] hfsplus: b-tree write err: -5, ino 4 [ 252.951359][ T9716] BTRFS info (device loop4): rebuilding free space tree [ 252.982303][ T9716] BTRFS info (device loop4): disabling free space tree [ 252.989863][ T9716] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 253.000268][ T9716] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 253.067531][ T5843] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 253.228398][ T5843] usb 7-1: Using ep0 maxpacket: 32 [ 253.241826][ T5843] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 253.241906][ T5835] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 253.258889][ T5843] usb 7-1: config 0 has no interface number 0 [ 253.268709][ T5884] gspca_sunplus: reg_r err -71 [ 253.268810][ T5884] sunplus 9-1:0.0: probe with driver sunplus failed with error -71 [ 253.274494][ T5884] usb 9-1: USB disconnect, device number 3 [ 253.296942][ T10] hid (null): invalid report_count 40908 [ 253.306224][ T10] hid (null): global environment stack underflow [ 253.318065][ T5843] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 253.343368][ T10] hid (null): report_id 0 is invalid [ 253.351965][ T10] hid (null): unknown global tag 0xc [ 253.367699][ T5843] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 253.396521][ T10] hid (null): unknown global tag 0xcf [ 253.413200][ T5843] usb 7-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 253.426574][ T10] hid (null): invalid report_size 10288 [ 253.442239][ T10] hid (null): unknown global tag 0xc [ 253.448223][ T5843] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.479729][ T5843] usb 7-1: config 0 descriptor?? [ 253.572651][ T5884] usb 8-1: USB disconnect, device number 5 [ 253.596606][ T9755] loop5: detected capacity change from 0 to 4096 [ 253.685337][ T9757] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1180'. [ 253.926812][ T30] audit: type=1326 audit(1749098383.321:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9761 comm="syz.8.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e3538e929 code=0x7ffc0000 [ 253.960474][ T30] audit: type=1326 audit(1749098383.351:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9761 comm="syz.8.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e3538e929 code=0x7ffc0000 [ 254.000104][ T30] audit: type=1326 audit(1749098383.381:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9761 comm="syz.8.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f9e3538e929 code=0x7ffc0000 [ 254.033391][ T30] audit: type=1326 audit(1749098383.381:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9761 comm="syz.8.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e3538e929 code=0x7ffc0000 [ 254.073162][ T30] audit: type=1326 audit(1749098383.381:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9761 comm="syz.8.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e3538e929 code=0x7ffc0000 [ 254.114208][ T30] audit: type=1326 audit(1749098383.391:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9761 comm="syz.8.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9e3538e929 code=0x7ffc0000 [ 254.144652][ T5843] uclogic 0003:28BD:0094.0008: pen parameters not found [ 254.177388][ T5843] uclogic 0003:28BD:0094.0008: interface is invalid, ignoring [ 254.196818][ T30] audit: type=1326 audit(1749098383.391:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9761 comm="syz.8.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e3538e929 code=0x7ffc0000 [ 254.221626][ T30] audit: type=1326 audit(1749098383.391:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9761 comm="syz.8.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e3538e929 code=0x7ffc0000 [ 254.244733][ T30] audit: type=1326 audit(1749098383.401:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9761 comm="syz.8.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f9e3538e929 code=0x7ffc0000 [ 254.292979][ T30] audit: type=1326 audit(1749098383.401:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9761 comm="syz.8.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e3538e929 code=0x7ffc0000 [ 254.341120][ T10] usb 7-1: USB disconnect, device number 8 [ 254.372572][ T9771] loop8: detected capacity change from 0 to 4096 [ 254.382101][ T9771] ntfs3(loop8): Different NTFS sector size (4096) and media sector size (512). [ 254.434897][ T9771] ntfs3(loop8): Mark volume as dirty due to NTFS errors [ 254.448071][ T9771] ntfs3(loop8): ino=1a, mi_enum_attr [ 254.453734][ T9771] ntfs3(loop8): Failed to initialize $Extend/$ObjId. [ 254.653626][ T9772] loop7: detected capacity change from 0 to 32768 [ 255.286844][ T9794] loop8: detected capacity change from 0 to 128 [ 255.397541][ T9794] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 255.428932][ T9794] ext4 filesystem being mounted at /23/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 255.538632][ T9794] EXT4-fs warning (device loop8): __ext4_ioctl:1259: Setting inode version is not supported with metadata_csum enabled. [ 255.638996][ T9091] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 255.823228][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.830128][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.855810][ T9819] bridge0: port 3(vlan2) entered blocking state [ 255.888823][ T9819] bridge0: port 3(vlan2) entered disabled state [ 255.889081][ T9819] vlan2: entered allmulticast mode [ 255.889101][ T9819] bridge0: entered allmulticast mode [ 255.893027][ T9819] vlan2: left allmulticast mode [ 255.893051][ T9819] bridge0: left allmulticast mode [ 256.115387][ T9827] loop8: detected capacity change from 0 to 64 [ 256.143281][ T9790] loop6: detected capacity change from 0 to 32768 [ 256.260062][ T9790] JFS: metapage_get_blocks failed [ 256.305661][ T9790] ERROR: (device loop6): release_metapage: metapage_write_one() failed [ 256.305661][ T9790] [ 256.340453][ T9834] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1215'. [ 256.357058][ T9790] ERROR: (device loop6): remounting filesystem as read-only [ 256.481852][ T113] blkno = 5002c, nblocks = 1 [ 256.486521][ T113] ERROR: (device loop6): dbUpdatePMap: blocks are outside the map [ 256.486521][ T113] [ 257.699675][ T9848] loop5: detected capacity change from 0 to 40427 [ 257.711731][ T9848] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 257.720966][ T9848] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 257.746827][ T9857] loop4: detected capacity change from 0 to 32768 [ 257.764208][ T9848] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 257.846094][ T9857] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1222 (9857) [ 257.893945][ T9848] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 257.904405][ T9848] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 257.918646][ T9857] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 257.970449][ T9857] BTRFS info (device loop4): using crc32c (crc32c-x86_64) checksum algorithm [ 257.979731][ T9857] BTRFS info (device loop4): disk space caching is enabled [ 257.987102][ T9857] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 258.172991][ T9857] BTRFS info (device loop4): rebuilding free space tree [ 258.255030][ T9857] BTRFS info (device loop4): disabling free space tree [ 258.267163][ T9857] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 258.277460][ T9857] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 258.325968][ T9907] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1238'. [ 258.346208][ T9907] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1238'. [ 258.356680][ T9907] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1238'. [ 258.436472][ T5835] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 258.531680][ T10] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 258.641820][ T9911] loop6: detected capacity change from 0 to 1024 [ 258.707682][ T10] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 258.720991][ T9911] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 258.744649][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.769905][ T10] usb 9-1: config 0 descriptor?? [ 258.790090][ T10] cp210x 9-1:0.0: cp210x converter detected [ 258.966503][ T6613] EXT4-fs error (device loop6): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 259.001986][ T6613] EXT4-fs error (device loop6): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 259.034198][ T6613] EXT4-fs error (device loop6): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 259.047811][ T6613] EXT4-fs error (device loop6): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 259.066231][ T6613] EXT4-fs error (device loop6): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 259.079071][ T6613] EXT4-fs error (device loop6): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 259.095517][ T6613] EXT4-fs error (device loop6): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 259.118597][ T6613] EXT4-fs error (device loop6): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 259.130617][ T6613] EXT4-fs error (device loop6): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 259.146195][ T6613] EXT4-fs error (device loop6): ext4_empty_dir:3075: inode #11: comm syz-executor: invalid size [ 259.201560][ T10] cp210x 9-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 259.239297][ T10] usb 9-1: cp210x converter now attached to ttyUSB0 [ 259.383933][ T9929] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1247'. [ 259.420580][ T10] usb 9-1: USB disconnect, device number 4 [ 259.454872][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 259.498959][ T10] cp210x 9-1:0.0: device disconnected [ 259.554816][ T9933] loop4: detected capacity change from 0 to 2048 [ 259.575856][ T9933] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 260.082827][ T9941] netlink: 'syz.8.1252': attribute type 83 has an invalid length. [ 260.579968][ T6613] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 260.609452][ T65] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.883895][ T9959] loop7: detected capacity change from 0 to 1024 [ 260.894244][ T65] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.999306][ T65] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.011527][ T9959] hfsplus: xattr searching failed [ 261.024135][ T9959] hfsplus: found bad thread record in catalog [ 261.089325][ T65] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.119356][ T12] hfsplus: found bad thread record in catalog [ 261.125578][ T12] hfsplus: found bad thread record in catalog [ 261.415514][ T65] bridge_slave_1: left allmulticast mode [ 261.431850][ T65] bridge_slave_1: left promiscuous mode [ 261.468052][ T65] bridge0: port 2(bridge_slave_1) entered disabled state [ 261.523875][ T65] bridge_slave_0: left allmulticast mode [ 261.537384][ T65] bridge_slave_0: left promiscuous mode [ 261.547705][ T65] bridge0: port 1(bridge_slave_0) entered disabled state [ 261.593630][ T9957] loop5: detected capacity change from 0 to 32768 [ 261.693503][ T9957] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1261 (9957) [ 261.843020][ T9957] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 261.878094][ T9957] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm [ 261.886309][ T9973] loop8: detected capacity change from 0 to 128 [ 261.909138][ T9957] BTRFS info (device loop5): using free-space-tree [ 262.076285][ T9957] BTRFS info (device loop5): rebuilding free space tree [ 262.184960][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 262.198704][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 262.232959][ T5154] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 262.243204][ T5154] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 262.251384][ T5154] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 262.295100][ T9995] loop8: detected capacity change from 0 to 512 [ 262.334124][ T9995] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 262.412347][ T9995] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 262.419651][ T6246] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 262.424714][ T9995] System zones: 1-12 [ 262.447862][ T9995] EXT4-fs (loop8): 1 truncate cleaned up [ 262.479864][ T9995] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 262.516843][ T9995] EXT4-fs (loop8): shut down requested (2) [ 262.605415][ T9091] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 263.230373][ T9998] loop8: detected capacity change from 0 to 32768 [ 263.426048][ T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 263.454414][ T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 263.469889][ T65] bond0 (unregistering): Released all slaves [ 264.297913][ T5840] Bluetooth: hci4: command tx timeout [ 264.304846][ T65] hsr_slave_0: left promiscuous mode [ 264.337634][ T65] hsr_slave_1: left promiscuous mode [ 264.361118][ T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 264.411273][ T65] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 264.477408][ T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 264.505689][ T65] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 264.535237][T10007] loop7: detected capacity change from 0 to 32768 [ 264.551754][T10022] loop5: detected capacity change from 0 to 512 [ 264.581978][T10022] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 264.618167][ T65] veth1_macvtap: left promiscuous mode [ 264.623765][ T65] veth0_macvtap: left promiscuous mode [ 264.632601][T10007] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 264.646704][T10022] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002] [ 264.650071][ T65] veth1_vlan: left promiscuous mode [ 264.675129][ T65] veth0_vlan: left promiscuous mode [ 264.685034][T10022] EXT4-fs error (device loop5): ext4_iget_extra_inode:5035: inode #15: comm syz.5.1283: corrupted in-inode xattr: e_value size too large [ 264.731106][T10022] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.1283: couldn't read orphan inode 15 (err -117) [ 264.737748][T10007] XFS (loop7): Ending clean mount [ 264.773734][T10007] XFS (loop7): Quotacheck needed: Please wait. [ 264.783808][T10022] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 264.890359][T10007] XFS (loop7): Quotacheck: Done. [ 264.974986][ T6246] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.093391][ T8013] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 266.085463][T10036] loop5: detected capacity change from 0 to 32768 [ 266.122783][T10036] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1285 (10036) [ 266.143171][T10036] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 266.163760][T10036] BTRFS info (device loop5): using sha256 (sha256-x86_64) checksum algorithm [ 266.186583][T10036] BTRFS info (device loop5): using free-space-tree [ 266.342350][T10036] BTRFS info (device loop5): rebuilding free space tree [ 266.377672][ T5840] Bluetooth: hci4: command tx timeout [ 266.531059][ T6246] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 267.074385][T10072] loop4: detected capacity change from 0 to 40427 [ 267.084476][T10072] F2FS-fs (loop4): Image doesn't support compression [ 267.091429][T10072] F2FS-fs (loop4): build fault injection rate: 4 [ 267.101212][T10072] F2FS-fs (loop4): build fault injection type: 0x4 [ 267.114221][T10072] F2FS-fs (loop4): invalid crc value [ 267.114429][ T65] team0 (unregistering): Port device team_slave_1 removed [ 267.126972][T10072] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0 [ 267.145232][T10072] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970 [ 267.168456][T10072] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970 [ 267.181462][T10072] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970 [ 267.240418][ T65] team0 (unregistering): Port device team_slave_0 removed [ 267.310721][T10072] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0 [ 267.399317][T10072] F2FS-fs (loop4): Start checkpoint disabled! [ 267.405576][T10072] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_grab_meta_folio+0x6a/0x1d0 [ 267.463452][T10072] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 267.510310][T10072] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_new_node_folio+0x131/0xa40 [ 267.540029][T10072] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_new_node_folio+0x131/0xa40 [ 267.621490][ T3308] kworker/u8:7: attempt to access beyond end of device [ 267.621490][ T3308] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 267.635602][ T3308] CPU: 0 UID: 0 PID: 3308 Comm: kworker/u8:7 Not tainted 6.15.0-next-20250604-syzkaller #0 PREEMPT(full) [ 267.635629][ T3308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 267.635643][ T3308] Workqueue: writeback wb_workfn (flush-7:4) [ 267.635679][ T3308] Call Trace: [ 267.635687][ T3308] [ 267.635697][ T3308] dump_stack_lvl+0x189/0x250 [ 267.635732][ T3308] ? __pfx_dump_stack_lvl+0x10/0x10 [ 267.635757][ T3308] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 267.635801][ T3308] ? __pfx_queue_work_on+0x10/0x10 [ 267.635828][ T3308] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 267.635867][ T3308] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 267.635906][ T3308] ? f2fs_hw_is_readonly+0x39b/0x470 [ 267.635939][ T3308] f2fs_handle_critical_error+0x37c/0x540 [ 267.635973][ T3308] f2fs_write_end_io+0x495/0x810 [ 267.636000][ T3308] ? blkg_put+0x22/0x240 [ 267.636045][ T3308] __submit_merged_bio+0x27a/0x6a0 [ 267.636067][ T3308] ? up_write+0x1c4/0x420 [ 267.636096][ T3308] __submit_merged_write_cond+0x44c/0x530 [ 267.636130][ T3308] f2fs_sync_node_pages+0x1871/0x1a10 [ 267.636187][ T3308] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 267.636211][ T3308] ? __percpu_counter_sum+0x1c2/0x1e0 [ 267.636276][ T3308] ? __lock_acquire+0xab9/0xd20 [ 267.636310][ T3308] ? rcu_is_watching+0x15/0xb0 [ 267.636340][ T3308] ? blk_start_plug+0x52/0x1b0 [ 267.636364][ T3308] f2fs_write_node_pages+0x303/0x6e0 [ 267.636394][ T3308] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 267.636436][ T3308] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 267.636461][ T3308] do_writepages+0x32b/0x550 [ 267.636501][ T3308] ? reacquire_held_locks+0x127/0x1d0 [ 267.636520][ T3308] ? writeback_sb_inodes+0x372/0x1000 [ 267.636564][ T3308] __writeback_single_inode+0x145/0xff0 [ 267.636585][ T3308] ? do_raw_spin_unlock+0x122/0x240 [ 267.636616][ T3308] writeback_sb_inodes+0x6b5/0x1000 [ 267.636658][ T3308] ? kasan_record_aux_stack+0xbd/0xd0 [ 267.636708][ T3308] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 267.636809][ T3308] ? rcu_is_watching+0x15/0xb0 [ 267.636854][ T3308] wb_writeback+0x43b/0xaf0 [ 267.636896][ T3308] ? queue_io+0x391/0x590 [ 267.636933][ T3308] ? __pfx_wb_writeback+0x10/0x10 [ 267.636976][ T3308] ? _raw_spin_unlock_irq+0x23/0x50 [ 267.637016][ T3308] wb_workfn+0x409/0xef0 [ 267.637065][ T3308] ? __pfx_wb_workfn+0x10/0x10 [ 267.637100][ T3308] ? __lock_acquire+0xab9/0xd20 [ 267.637142][ T3308] ? process_scheduled_works+0x9ef/0x17b0 [ 267.637177][ T3308] ? _raw_spin_unlock_irq+0x23/0x50 [ 267.637205][ T3308] ? process_scheduled_works+0x9ef/0x17b0 [ 267.637233][ T3308] ? process_scheduled_works+0x9ef/0x17b0 [ 267.637267][ T3308] process_scheduled_works+0xae1/0x17b0 [ 267.637357][ T3308] ? __pfx_process_scheduled_works+0x10/0x10 [ 267.637413][ T3308] worker_thread+0x8a0/0xda0 [ 267.637436][ T3308] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 267.637480][ T3308] ? __kthread_parkme+0x7b/0x200 [ 267.637516][ T3308] kthread+0x70e/0x8a0 [ 267.637544][ T3308] ? __pfx_worker_thread+0x10/0x10 [ 267.637563][ T3308] ? __pfx_kthread+0x10/0x10 [ 267.637590][ T3308] ? _raw_spin_unlock_irq+0x23/0x50 [ 267.637619][ T3308] ? lockdep_hardirqs_on+0x9c/0x150 [ 267.637639][ T3308] ? __pfx_kthread+0x10/0x10 [ 267.637664][ T3308] ret_from_fork+0x3fc/0x770 [ 267.637698][ T3308] ? __pfx_ret_from_fork+0x10/0x10 [ 267.637744][ T3308] ? __switch_to_asm+0x39/0x70 [ 267.637764][ T3308] ? __switch_to_asm+0x33/0x70 [ 267.637782][ T3308] ? __pfx_kthread+0x10/0x10 [ 267.637808][ T3308] ret_from_fork_asm+0x1a/0x30 [ 267.637854][ T3308] [ 267.990721][ T3308] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 268.080507][ T5975] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 268.261528][ T5975] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 268.270745][ T5975] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.279371][ T5975] usb 6-1: Product: syz [ 268.283578][ T5975] usb 6-1: Manufacturer: syz [ 268.289054][ T5975] usb 6-1: SerialNumber: syz [ 268.302785][ T5975] usb 6-1: config 0 descriptor?? [ 268.461157][ T5840] Bluetooth: hci4: command tx timeout [ 268.952489][ T9991] chnl_net:caif_netlink_parms(): no params data found [ 268.984628][T10086] loop4: detected capacity change from 0 to 32768 [ 269.103434][T10086] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,degraded=yes,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow [ 269.103434][T10086] allowing incompatible features above 0.0: (unknown version) [ 269.103434][T10086] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 269.158612][T10086] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 269.167067][T10086] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 269.175756][ T5975] usb 6-1: Firmware version (0.0) predates our first public release. [ 269.185052][T10086] bcachefs (loop4): Version upgrade required: [ 269.185052][T10086] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 269.185052][T10086] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 269.185052][T10086] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 269.259259][ T5975] usb 6-1: Please update to version 0.2 or newer [ 269.269856][T10086] bcachefs (loop4): dropping and reconstructing all alloc info [ 269.296779][T10096] netlink: 36 bytes leftover after parsing attributes in process `syz.7.1303'. [ 269.301604][T10086] bcachefs (loop4): accounting_read... done [ 269.317223][T10086] bcachefs (loop4): alloc_read... done [ 269.337498][T10086] bcachefs (loop4): snapshots_read... done [ 269.365267][ T5975] usb 6-1: USB disconnect, device number 6 [ 269.368999][T10086] bcachefs (loop4): done starting filesystem [ 269.561269][ T5835] bcachefs (loop4): shutting down [ 269.576984][ T9991] bridge0: port 1(bridge_slave_0) entered blocking state [ 269.597688][T10105] sp0: Synchronizing with TNC [ 269.611014][ T9991] bridge0: port 1(bridge_slave_0) entered disabled state [ 269.631796][ T9991] bridge_slave_0: entered allmulticast mode [ 269.644370][ T5835] bcachefs (loop4): shutdown complete [ 269.652272][ T9991] bridge_slave_0: entered promiscuous mode [ 269.700066][ T9991] bridge0: port 2(bridge_slave_1) entered blocking state [ 269.715805][ T9991] bridge0: port 2(bridge_slave_1) entered disabled state [ 269.724643][ T9991] bridge_slave_1: entered allmulticast mode [ 269.733171][ T9991] bridge_slave_1: entered promiscuous mode [ 269.861725][ T9991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 269.867595][ T5884] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 269.882394][ T9991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 269.956095][ T9991] team0: Port device team_slave_0 added [ 269.970872][ T9991] team0: Port device team_slave_1 added [ 270.047857][ T5884] usb 8-1: Using ep0 maxpacket: 16 [ 270.055202][ T5884] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 270.067164][ T5884] usb 8-1: New USB device found, idVendor=1c4f, idProduct=0059, bcdDevice= 0.00 [ 270.092134][ T9991] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 270.101343][ T9991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 270.117480][ T5884] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.135745][ T9991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 270.155644][ T9991] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 270.175231][ T5884] usb 8-1: config 0 descriptor?? [ 270.197979][ T9991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 270.274995][ T9991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 270.297164][T10112] loop5: detected capacity change from 0 to 32768 [ 270.351203][T10112] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 270.420422][ T9991] hsr_slave_0: entered promiscuous mode [ 270.438150][ T9991] hsr_slave_1: entered promiscuous mode [ 270.444716][ T9991] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 270.467888][ T9991] Cannot create hsr debugfs directory [ 270.496316][ T6246] ocfs2: Unmounting device (7,5) on (node local) [ 270.545297][ T5840] Bluetooth: hci4: command tx timeout [ 270.639676][ T5884] sigmamicro 0003:1C4F:0059.0009: hidraw0: USB HID v0.09 Device [HID 1c4f:0059] on usb-dummy_hcd.7-1/input0 [ 270.819944][ T5975] usb 8-1: USB disconnect, device number 6 [ 270.915729][T10117] loop8: detected capacity change from 0 to 40427 [ 270.935191][T10117] F2FS-fs (loop8): Small segment_count (9 < 1 * 24) [ 270.943068][T10117] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock [ 270.995217][ T9991] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 271.024722][ T9991] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 271.075919][ T9991] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 271.125528][ T9991] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 271.222248][T10117] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0 [ 271.247048][T10117] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 271.362057][T10117] syz.8.1311: attempt to access beyond end of device [ 271.362057][T10117] loop8: rw=2049, sector=53248, nr_sectors = 16 limit=40427 [ 271.429873][ T9991] 8021q: adding VLAN 0 to HW filter on device bond0 [ 271.506823][ T9991] 8021q: adding VLAN 0 to HW filter on device team0 [ 271.507985][ T9091] syz-executor: attempt to access beyond end of device [ 271.507985][ T9091] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 271.534270][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.541509][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 271.590581][ T9091] CPU: 0 UID: 0 PID: 9091 Comm: syz-executor Not tainted 6.15.0-next-20250604-syzkaller #0 PREEMPT(full) [ 271.590612][ T9091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 271.590625][ T9091] Call Trace: [ 271.590633][ T9091] [ 271.590642][ T9091] dump_stack_lvl+0x189/0x250 [ 271.590673][ T9091] ? __pfx_dump_stack_lvl+0x10/0x10 [ 271.590690][ T9091] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 271.590724][ T9091] ? __pfx_queue_work_on+0x10/0x10 [ 271.590746][ T9091] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 271.590777][ T9091] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 271.590811][ T9091] ? f2fs_hw_is_readonly+0x39b/0x470 [ 271.590844][ T9091] f2fs_handle_critical_error+0x37c/0x540 [ 271.590877][ T9091] f2fs_write_end_io+0x495/0x810 [ 271.590900][ T9091] ? blkg_put+0x22/0x240 [ 271.590945][ T9091] __submit_merged_bio+0x27a/0x6a0 [ 271.590979][ T9091] __submit_merged_write_cond+0x255/0x530 [ 271.591016][ T9091] f2fs_write_data_pages+0x261d/0x3000 [ 271.591090][ T9091] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 271.591136][ T9091] ? arch_stack_walk+0xfc/0x150 [ 271.591197][ T9091] ? __mod_zone_page_state+0xd7/0x140 [ 271.591232][ T9091] ? folios_put_refs+0x560/0x640 [ 271.591273][ T9091] ? __pfx_folios_put_refs+0x10/0x10 [ 271.591297][ T9091] ? rcu_is_watching+0x15/0xb0 [ 271.591342][ T9091] ? __lock_acquire+0xab9/0xd20 [ 271.591393][ T9091] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 271.591431][ T9091] do_writepages+0x32b/0x550 [ 271.591479][ T9091] ? do_raw_spin_unlock+0x122/0x240 [ 271.591510][ T9091] filemap_fdatawrite+0x191/0x230 [ 271.591532][ T9091] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 271.591620][ T9091] ? do_raw_spin_unlock+0x122/0x240 [ 271.591650][ T9091] f2fs_sync_dirty_inodes+0x31f/0x830 [ 271.591702][ T9091] f2fs_write_checkpoint+0x94a/0x1de0 [ 271.591765][ T9091] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 271.591859][ T9091] ? call_rcu+0x6dd/0x990 [ 271.591877][ T9091] ? kill_f2fs_super+0x298/0x6c0 [ 271.591914][ T9091] kill_f2fs_super+0x2c3/0x6c0 [ 271.591953][ T9091] ? __pfx_kill_f2fs_super+0x10/0x10 [ 271.591979][ T9091] ? radix_tree_delete_item+0x2b6/0x400 [ 271.592011][ T9091] ? shrinker_free+0x2ce/0x3e0 [ 271.592042][ T9091] deactivate_locked_super+0xb9/0x130 [ 271.592075][ T9091] cleanup_mnt+0x425/0x4c0 [ 271.592104][ T9091] ? lockdep_hardirqs_on+0x9c/0x150 [ 271.592130][ T9091] task_work_run+0x1d1/0x260 [ 271.592161][ T9091] ? __pfx_task_work_run+0x10/0x10 [ 271.592184][ T9091] ? __x64_sys_umount+0x122/0x160 [ 271.592213][ T9091] ? exit_to_user_mode_loop+0x40/0x110 [ 271.592248][ T9091] exit_to_user_mode_loop+0xec/0x110 [ 271.592278][ T9091] do_syscall_64+0x2bd/0x3b0 [ 271.592299][ T9091] ? lockdep_hardirqs_on+0x9c/0x150 [ 271.592320][ T9091] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.592341][ T9091] ? clear_bhb_loop+0x60/0xb0 [ 271.592368][ T9091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.592388][ T9091] RIP: 0033:0x7f9e3538fc57 [ 271.592414][ T9091] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 271.592432][ T9091] RSP: 002b:00007fff50c26078 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 271.592455][ T9091] RAX: 0000000000000000 RBX: 00007f9e35410925 RCX: 00007f9e3538fc57 [ 271.592470][ T9091] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff50c26130 [ 271.592483][ T9091] RBP: 00007fff50c26130 R08: 0000000000000000 R09: 0000000000000000 [ 271.592496][ T9091] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff50c271c0 [ 271.592510][ T9091] R13: 00007f9e35410925 R14: 000000000004241c R15: 00007fff50c27200 [ 271.592549][ T9091] [ 271.592558][ T9091] F2FS-fs (loop8): Stopped filesystem due to reason: 3 [ 271.710444][ T6260] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.966778][ T6260] bridge0: port 2(bridge_slave_1) entered forwarding state [ 272.678800][T10152] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1323'. [ 272.809838][ T9991] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 273.113633][T10138] loop7: detected capacity change from 0 to 40427 [ 273.507993][T10138] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 273.537954][ T10] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 273.616094][ T9991] veth0_vlan: entered promiscuous mode [ 273.664386][ T9991] veth1_vlan: entered promiscuous mode [ 273.692513][ T8013] syz-executor: attempt to access beyond end of device [ 273.692513][ T8013] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 273.727775][ T8013] CPU: 1 UID: 0 PID: 8013 Comm: syz-executor Not tainted 6.15.0-next-20250604-syzkaller #0 PREEMPT(full) [ 273.727806][ T8013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 273.727819][ T8013] Call Trace: [ 273.727827][ T8013] [ 273.727836][ T8013] dump_stack_lvl+0x189/0x250 [ 273.727864][ T8013] ? __pfx_dump_stack_lvl+0x10/0x10 [ 273.727880][ T8013] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 273.727913][ T8013] ? __pfx_queue_work_on+0x10/0x10 [ 273.727933][ T8013] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 273.727964][ T8013] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 273.727998][ T8013] ? f2fs_hw_is_readonly+0x39b/0x470 [ 273.728011][ T10] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 273.728039][ T8013] f2fs_handle_critical_error+0x37c/0x540 [ 273.728070][ T8013] f2fs_write_end_io+0x495/0x810 [ 273.728096][ T8013] ? blkg_put+0x22/0x240 [ 273.728144][ T8013] __submit_merged_bio+0x27a/0x6a0 [ 273.728182][ T8013] __submit_merged_write_cond+0x255/0x530 [ 273.728219][ T8013] f2fs_write_data_pages+0x261d/0x3000 [ 273.728293][ T8013] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 273.728321][ T8013] ? is_bpf_text_address+0x26/0x2b0 [ 273.728373][ T8013] ? arch_stack_walk+0xfc/0x150 [ 273.728466][ T8013] ? __lock_acquire+0xab9/0xd20 [ 273.728509][ T8013] ? do_raw_spin_lock+0x121/0x290 [ 273.728549][ T8013] ? do_raw_spin_unlock+0x122/0x240 [ 273.728576][ T8013] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 273.728609][ T8013] do_writepages+0x32b/0x550 [ 273.728658][ T8013] ? do_raw_spin_unlock+0x122/0x240 [ 273.728691][ T8013] filemap_fdatawrite+0x191/0x230 [ 273.728715][ T8013] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 273.728797][ T8013] ? do_raw_spin_unlock+0x122/0x240 [ 273.728828][ T8013] f2fs_sync_dirty_inodes+0x31f/0x830 [ 273.728881][ T8013] f2fs_write_checkpoint+0x94a/0x1de0 [ 273.728947][ T8013] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 273.729049][ T8013] ? kill_f2fs_super+0x298/0x6c0 [ 273.729087][ T8013] kill_f2fs_super+0x2c3/0x6c0 [ 273.729128][ T8013] ? __pfx_kill_f2fs_super+0x10/0x10 [ 273.729158][ T8013] ? radix_tree_delete_item+0x2b6/0x400 [ 273.729190][ T8013] ? shrinker_free+0x2ce/0x3e0 [ 273.729224][ T8013] deactivate_locked_super+0xb9/0x130 [ 273.729259][ T8013] cleanup_mnt+0x425/0x4c0 [ 273.729291][ T8013] ? lockdep_hardirqs_on+0x9c/0x150 [ 273.729319][ T8013] task_work_run+0x1d1/0x260 [ 273.729352][ T8013] ? __pfx_task_work_run+0x10/0x10 [ 273.729376][ T8013] ? __x64_sys_umount+0x122/0x160 [ 273.729407][ T8013] ? exit_to_user_mode_loop+0x40/0x110 [ 273.729444][ T8013] exit_to_user_mode_loop+0xec/0x110 [ 273.729477][ T8013] do_syscall_64+0x2bd/0x3b0 [ 273.729500][ T8013] ? lockdep_hardirqs_on+0x9c/0x150 [ 273.729524][ T8013] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.729548][ T8013] ? clear_bhb_loop+0x60/0xb0 [ 273.729578][ T8013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.729599][ T8013] RIP: 0033:0x7f25e958fc57 [ 273.729622][ T8013] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 273.729643][ T8013] RSP: 002b:00007fff45854358 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 273.729669][ T8013] RAX: 0000000000000000 RBX: 00007f25e9610925 RCX: 00007f25e958fc57 [ 273.729685][ T8013] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff45854410 [ 273.729698][ T8013] RBP: 00007fff45854410 R08: 0000000000000000 R09: 0000000000000000 [ 273.729713][ T8013] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff458554a0 [ 273.729729][ T8013] R13: 00007f25e9610925 R14: 0000000000042cb0 R15: 00007fff458554e0 [ 273.729764][ T8013] [ 273.730276][ T8013] F2FS-fs (loop7): Stopped filesystem due to reason: 3 [ 273.750954][ T10] usb 9-1: New USB device found, idVendor=056e, idProduct=00fc, bcdDevice= 0.00 [ 274.010553][ T9991] veth0_macvtap: entered promiscuous mode [ 274.015097][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.087731][ T9991] veth1_macvtap: entered promiscuous mode [ 274.168738][ T10] usb 9-1: config 0 descriptor?? [ 274.277602][ T9991] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 274.312017][ T9991] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 274.335645][ T9991] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.350208][ T9991] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.362587][ T9991] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.376497][ T9991] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.557627][ T978] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 274.575110][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 274.583762][T10175] loop4: detected capacity change from 0 to 32768 [ 274.593984][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 274.607176][ T10] elecom 0003:056E:00FC.000A: unknown main item tag 0x0 [ 274.619017][ T10] elecom 0003:056E:00FC.000A: unknown main item tag 0x0 [ 274.637032][T10175] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 274.639074][ T10] elecom 0003:056E:00FC.000A: unknown main item tag 0x0 [ 274.667682][ T10] elecom 0003:056E:00FC.000A: unknown main item tag 0x0 [ 274.674736][ T10] elecom 0003:056E:00FC.000A: unknown main item tag 0x0 [ 274.695004][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 274.705756][ T10] elecom 0003:056E:00FC.000A: hidraw0: USB HID vff.fe Device [HID 056e:00fc] on usb-dummy_hcd.8-1/input0 [ 274.722072][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 274.740937][ T978] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 274.758626][ T978] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 274.775014][T10175] XFS (loop4): Ending clean mount [ 274.780965][ T978] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 274.805501][T10175] XFS (loop4): Quotacheck needed: Please wait. [ 274.815078][ T978] usb 6-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 274.828209][ T978] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.836309][ T978] usb 6-1: Product: syz [ 274.858206][ T978] usb 6-1: Manufacturer: syz [ 274.862891][ T978] usb 6-1: SerialNumber: syz [ 274.889864][ T978] usb 6-1: config 0 descriptor?? [ 274.920360][T10175] XFS (loop4): Quotacheck: Done. [ 274.921732][T10189] loop7: detected capacity change from 0 to 512 [ 274.926374][T10179] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 274.934618][ T5884] usb 9-1: USB disconnect, device number 5 [ 274.947795][T10179] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 274.956477][ T978] usb 6-1: ucan: probing device on interface #0 [ 274.993095][T10189] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 275.016313][T10189] EXT4-fs (loop7): 1 truncate cleaned up [ 275.026606][ T5835] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 275.035936][T10189] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 275.060641][T10189] EXT4-fs error (device loop7): ext4_generic_delete_entry:2668: inode #2: block 13: comm syz.7.1329: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 275.173617][T10189] EXT4-fs (loop7): Remounting filesystem read-only [ 275.187710][T10189] EXT4-fs warning (device loop7): ext4_rename_delete:3726: inode #2: comm syz.7.1329: Deleting old file: nlink 5, error=-117 [ 275.332163][ T8013] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 275.621695][ T978] ucan 6-1:0.0: probe with driver ucan failed with error -22 [ 275.691832][T10202] loop8: detected capacity change from 0 to 2048 [ 275.728032][T10202] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 275.849054][ T5884] usb 6-1: USB disconnect, device number 7 [ 275.965078][T10209] loop4: detected capacity change from 0 to 736 [ 276.081190][T10213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 276.161689][T10213] bond0: (slave rose0): Enslaving as an active interface with an up link [ 276.213507][T10219] loop9: detected capacity change from 0 to 512 [ 276.354549][T10219] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 276.367608][T10219] ext4 filesystem being mounted at /2/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 276.704809][ T9991] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 276.927177][T10207] loop7: detected capacity change from 0 to 32768 [ 277.066345][T10207] ocfs2: Slot 0 on device (7,7) was already allocated to this node! [ 277.090535][T10207] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 277.211257][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 277.211276][ T30] audit: type=1800 audit(1749098406.611:160): pid=10207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1338" name="file1" dev="loop7" ino=17058 res=0 errno=0 [ 277.326396][ T8013] ocfs2: Unmounting device (7,7) on (node local) [ 277.594826][T10269] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1356'. [ 277.729378][ T10] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 277.824645][T10277] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 277.910891][ T10] usb 10-1: Using ep0 maxpacket: 16 [ 277.941661][ T10] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 277.968797][ T10] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 278.001999][ T10] usb 10-1: config 0 interface 0 has no altsetting 0 [ 278.019011][ T10] usb 10-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 278.047807][ T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.092235][ T10] usb 10-1: config 0 descriptor?? [ 278.370100][T10294] block device autoloading is deprecated and will be removed. [ 278.384327][T10302] loop4: detected capacity change from 0 to 512 [ 278.435635][T10302] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 278.467261][T10302] ext4 filesystem being mounted at /294/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 278.587233][ T30] audit: type=1800 audit(1749098407.981:161): pid=10302 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1367" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 278.639870][ T30] audit: type=1800 audit(1749098408.011:162): pid=10310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1367" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 278.755433][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 278.761836][ T5884] usb 10-1: USB disconnect, device number 2 [ 278.995335][T10326] loop5: detected capacity change from 0 to 2048 [ 279.030711][T10326] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 279.080517][T10331] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 279.485863][T10347] netlink: 71 bytes leftover after parsing attributes in process `syz.9.1379'. [ 279.910332][T10330] loop4: detected capacity change from 0 to 32768 [ 279.926529][T10357] syz.5.1384 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 279.940329][T10330] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1375 (10330) [ 279.979096][T10330] BTRFS info (device loop4): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 280.058449][T10330] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 280.074584][T10330] BTRFS info (device loop4): using free-space-tree [ 280.459540][T10330] BTRFS info (device loop4): rebuilding free space tree [ 280.603232][T10330] BTRFS info (device loop4): balance: start -susage=12582912,drange=65536..8,limit=10376293541461622786,limit=2..2415919104 [ 280.672165][T10330] BTRFS info (device loop4): relocating block group 1048576 flags system [ 280.860934][T10330] BTRFS info (device loop4): balance: ended with status: 0 [ 280.963085][ T5835] BTRFS info (device loop4): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 281.179455][T10387] loop8: detected capacity change from 0 to 32768 [ 281.207909][T10387] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.1390 (10387) [ 281.265738][T10387] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 281.300429][T10387] BTRFS info (device loop8): using crc32c (crc32c-x86_64) checksum algorithm [ 281.321802][T10387] BTRFS info (device loop8): using free-space-tree [ 281.427934][T10403] loop7: detected capacity change from 0 to 2048 [ 281.436745][T10403] NILFS (loop7): broken superblock, retrying with spare superblock (blocksize = 1024) [ 281.537230][T10418] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 281.595107][T10397] loop9: detected capacity change from 0 to 32768 [ 281.615026][T10397] btrfs: Deprecated parameter 'usebackuproot' [ 281.622793][T10397] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 281.640837][T10397] BTRFS: device /dev/loop9 (7:9) using temp-fsid 7ebc46c4-f471-4574-923e-8a943a2ac182 [ 281.670656][T10397] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.1395 (10397) [ 281.712842][T10422] netlink: 284 bytes leftover after parsing attributes in process `syz.4.1399'. [ 281.728093][T10397] BTRFS info (device loop9): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 281.815684][ T9091] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 281.837565][T10397] BTRFS info (device loop9): using crc32c (crc32c-x86_64) checksum algorithm [ 281.846484][T10397] BTRFS info (device loop9): disk space caching is enabled [ 281.886909][T10397] BTRFS warning (device loop9): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 282.155042][T10397] BTRFS info (device loop9): rebuilding free space tree [ 282.235504][T10397] BTRFS info (device loop9): disabling free space tree [ 282.260983][T10397] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 282.319702][T10397] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 282.386637][T10418] NILFS (loop7): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 282.403590][T10418] NILFS error (device loop7): nilfs_bmap_propagate: broken bmap (inode number=4) [ 282.432894][T10418] Remounting filesystem read-only [ 282.444756][ T9991] BTRFS info (device loop9): last unmount of filesystem 7ebc46c4-f471-4574-923e-8a943a2ac182 [ 282.478175][ T8013] NILFS (loop7): disposed unprocessed dirty file(s) when stopping log writer [ 282.878720][T10455] loop8: detected capacity change from 0 to 256 [ 282.912865][T10455] exFAT-fs (loop8): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 282.953431][T10425] loop5: detected capacity change from 0 to 32768 [ 283.089444][T10455] exFAT-fs (loop8): error, invalid access to FAT (entry 0xffffffff) [ 283.125062][T10455] exFAT-fs (loop8): Filesystem has been set read-only [ 283.132772][T10425] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 283.197224][T10455] exFAT-fs (loop8): error, invalid access to FAT (entry 0xffffffff) [ 283.221254][T10455] exFAT-fs (loop8): error, invalid access to FAT (entry 0xffffffff) [ 283.295270][T10425] XFS (loop5): Ending clean mount [ 283.524257][ T6246] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 284.542607][T10507] loop5: detected capacity change from 0 to 1024 [ 284.553349][T10489] loop4: detected capacity change from 0 to 40427 [ 284.563822][T10489] F2FS-fs (loop4): build fault injection rate: 690 [ 284.583233][T10489] F2FS-fs (loop4): build fault injection type: 0x2 [ 284.590058][T10507] EXT4-fs: Ignoring removed orlov option [ 284.590090][T10507] EXT4-fs: Ignoring removed nomblk_io_submit option [ 284.609452][T10489] F2FS-fs (loop4): Image doesn't support compression [ 284.616540][T10489] F2FS-fs (loop4): Image doesn't support compression [ 284.635031][T10489] F2FS-fs (loop4): invalid crc value [ 284.638129][T10507] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 284.763014][T10489] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 284.965326][ T5835] syz-executor: attempt to access beyond end of device [ 284.965326][ T5835] loop4: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 284.994860][ T6246] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 285.005206][T10501] loop7: detected capacity change from 0 to 40427 [ 285.016521][T10501] F2FS-fs (loop7): invalid crc value [ 285.038491][ T5835] syz-executor: attempt to access beyond end of device [ 285.038491][ T5835] loop4: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 285.147612][T10501] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4 [ 285.207717][ T49] kworker/u8:3: attempt to access beyond end of device [ 285.207717][ T49] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 285.262604][ T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.15.0-next-20250604-syzkaller #0 PREEMPT(full) [ 285.262634][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 285.262648][ T49] Workqueue: writeback wb_workfn (flush-7:4) [ 285.262686][ T49] Call Trace: [ 285.262695][ T49] [ 285.262704][ T49] dump_stack_lvl+0x189/0x250 [ 285.262731][ T49] ? __pfx_dump_stack_lvl+0x10/0x10 [ 285.262748][ T49] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 285.262781][ T49] ? __pfx_queue_work_on+0x10/0x10 [ 285.262803][ T49] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 285.262834][ T49] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 285.262868][ T49] ? f2fs_hw_is_readonly+0x39b/0x470 [ 285.262900][ T49] f2fs_handle_critical_error+0x37c/0x540 [ 285.262934][ T49] f2fs_write_end_io+0x495/0x810 [ 285.262959][ T49] ? blkg_put+0x22/0x240 [ 285.263006][ T49] __submit_merged_bio+0x27a/0x6a0 [ 285.263039][ T49] __submit_merged_write_cond+0x255/0x530 [ 285.263075][ T49] f2fs_write_data_pages+0x261d/0x3000 [ 285.263149][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 285.263174][ T49] ? __local_bh_enable_ip+0x12d/0x1c0 [ 285.263224][ T49] ? rcu_is_watching+0x15/0xb0 [ 285.263305][ T49] ? __lock_acquire+0xab9/0xd20 [ 285.263362][ T49] ? __lock_acquire+0xab9/0xd20 [ 285.263400][ T49] ? __lock_acquire+0xab9/0xd20 [ 285.263451][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 285.263481][ T49] do_writepages+0x32b/0x550 [ 285.263520][ T49] ? reacquire_held_locks+0x127/0x1d0 [ 285.263539][ T49] ? writeback_sb_inodes+0x372/0x1000 [ 285.263583][ T49] __writeback_single_inode+0x145/0xff0 [ 285.263603][ T49] ? do_raw_spin_unlock+0x122/0x240 [ 285.263634][ T49] writeback_sb_inodes+0x6b5/0x1000 [ 285.263700][ T49] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 285.263784][ T49] ? rcu_is_watching+0x15/0xb0 [ 285.263829][ T49] wb_writeback+0x43b/0xaf0 [ 285.263872][ T49] ? queue_io+0x391/0x590 [ 285.263908][ T49] ? __pfx_wb_writeback+0x10/0x10 [ 285.263952][ T49] ? _raw_spin_unlock_irq+0x23/0x50 [ 285.263991][ T49] wb_workfn+0x409/0xef0 [ 285.264041][ T49] ? __pfx_wb_workfn+0x10/0x10 [ 285.264076][ T49] ? __lock_acquire+0xab9/0xd20 [ 285.264120][ T49] ? process_scheduled_works+0x9ef/0x17b0 [ 285.264160][ T49] ? _raw_spin_unlock_irq+0x23/0x50 [ 285.264190][ T49] ? process_scheduled_works+0x9ef/0x17b0 [ 285.264219][ T49] ? process_scheduled_works+0x9ef/0x17b0 [ 285.264253][ T49] process_scheduled_works+0xae1/0x17b0 [ 285.264332][ T49] ? __pfx_process_scheduled_works+0x10/0x10 [ 285.264388][ T49] worker_thread+0x8a0/0xda0 [ 285.264447][ T49] kthread+0x70e/0x8a0 [ 285.264476][ T49] ? __pfx_worker_thread+0x10/0x10 [ 285.264494][ T49] ? __pfx_kthread+0x10/0x10 [ 285.264521][ T49] ? _raw_spin_unlock_irq+0x23/0x50 [ 285.264552][ T49] ? lockdep_hardirqs_on+0x9c/0x150 [ 285.264572][ T49] ? __pfx_kthread+0x10/0x10 [ 285.264597][ T49] ret_from_fork+0x3fc/0x770 [ 285.264631][ T49] ? __pfx_ret_from_fork+0x10/0x10 [ 285.264669][ T49] ? __switch_to_asm+0x39/0x70 [ 285.264689][ T49] ? __switch_to_asm+0x33/0x70 [ 285.264709][ T49] ? __pfx_kthread+0x10/0x10 [ 285.264734][ T49] ret_from_fork_asm+0x1a/0x30 [ 285.264788][ T49] [ 285.264797][ T49] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 285.381371][T10501] syz.7.1424: attempt to access beyond end of device [ 285.381371][T10501] loop7: rw=10241, sector=53248, nr_sectors = 8 limit=40427 [ 285.391902][ T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.15.0-next-20250604-syzkaller #0 PREEMPT(full) [ 285.391938][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 285.391955][ T49] Workqueue: writeback wb_workfn (flush-7:4) [ 285.391998][ T49] Call Trace: [ 285.392008][ T49] [ 285.392018][ T49] dump_stack_lvl+0x189/0x250 [ 285.392047][ T49] ? __pfx_dump_stack_lvl+0x10/0x10 [ 285.392065][ T49] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 285.392105][ T49] ? __pfx_queue_work_on+0x10/0x10 [ 285.392130][ T49] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 285.392166][ T49] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 285.392205][ T49] ? f2fs_hw_is_readonly+0x39b/0x470 [ 285.392242][ T49] f2fs_handle_critical_error+0x37c/0x540 [ 285.392292][ T49] f2fs_write_end_io+0x495/0x810 [ 285.392321][ T49] ? blkg_put+0x22/0x240 [ 285.392374][ T49] __submit_merged_bio+0x27a/0x6a0 [ 285.392412][ T49] __submit_merged_write_cond+0x255/0x530 [ 285.392453][ T49] f2fs_write_data_pages+0x261d/0x3000 [ 285.392536][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 285.392564][ T49] ? __local_bh_enable_ip+0x12d/0x1c0 [ 285.392619][ T49] ? rcu_is_watching+0x15/0xb0 [ 285.392701][ T49] ? __lock_acquire+0xab9/0xd20 [ 285.392766][ T49] ? __lock_acquire+0xab9/0xd20 [ 285.392807][ T49] ? __lock_acquire+0xab9/0xd20 [ 285.392866][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 285.392898][ T49] do_writepages+0x32b/0x550 [ 285.392942][ T49] ? reacquire_held_locks+0x127/0x1d0 [ 285.392963][ T49] ? writeback_sb_inodes+0x372/0x1000 [ 285.393012][ T49] __writeback_single_inode+0x145/0xff0 [ 285.393034][ T49] ? do_raw_spin_unlock+0x122/0x240 [ 285.393068][ T49] writeback_sb_inodes+0x6b5/0x1000 [ 285.393146][ T49] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 285.393246][ T49] ? rcu_is_watching+0x15/0xb0 [ 285.393303][ T49] wb_writeback+0x43b/0xaf0 [ 285.393353][ T49] ? queue_io+0x391/0x590 [ 285.393392][ T49] ? __pfx_wb_writeback+0x10/0x10 [ 285.393442][ T49] ? _raw_spin_unlock_irq+0x23/0x50 [ 285.393487][ T49] wb_workfn+0x409/0xef0 [ 285.393541][ T49] ? __pfx_wb_workfn+0x10/0x10 [ 285.393580][ T49] ? __lock_acquire+0xab9/0xd20 [ 285.393630][ T49] ? process_scheduled_works+0x9ef/0x17b0 [ 285.393675][ T49] ? _raw_spin_unlock_irq+0x23/0x50 [ 285.393707][ T49] ? process_scheduled_works+0x9ef/0x17b0 [ 285.393740][ T49] ? process_scheduled_works+0x9ef/0x17b0 [ 285.393778][ T49] process_scheduled_works+0xae1/0x17b0 [ 285.393858][ T49] ? __pfx_process_scheduled_works+0x10/0x10 [ 285.393919][ T49] worker_thread+0x8a0/0xda0 [ 285.393985][ T49] kthread+0x70e/0x8a0 [ 285.394018][ T49] ? __pfx_worker_thread+0x10/0x10 [ 285.394036][ T49] ? __pfx_kthread+0x10/0x10 [ 285.394068][ T49] ? _raw_spin_unlock_irq+0x23/0x50 [ 285.394103][ T49] ? lockdep_hardirqs_on+0x9c/0x150 [ 285.394123][ T49] ? __pfx_kthread+0x10/0x10 [ 285.394151][ T49] ret_from_fork+0x3fc/0x770 [ 285.394189][ T49] ? __pfx_ret_from_fork+0x10/0x10 [ 285.394232][ T49] ? __switch_to_asm+0x39/0x70 [ 285.394255][ T49] ? __switch_to_asm+0x33/0x70 [ 285.394286][ T49] ? __pfx_kthread+0x10/0x10 [ 285.394314][ T49] ret_from_fork_asm+0x1a/0x30 [ 285.394365][ T49] [ 285.394374][ T49] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 285.981982][ T8013] syz-executor: attempt to access beyond end of device [ 285.981982][ T8013] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 286.046095][ T8013] CPU: 1 UID: 0 PID: 8013 Comm: syz-executor Not tainted 6.15.0-next-20250604-syzkaller #0 PREEMPT(full) [ 286.046127][ T8013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 286.046140][ T8013] Call Trace: [ 286.046149][ T8013] [ 286.046158][ T8013] dump_stack_lvl+0x189/0x250 [ 286.046187][ T8013] ? __pfx_dump_stack_lvl+0x10/0x10 [ 286.046205][ T8013] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 286.046237][ T8013] ? __pfx_queue_work_on+0x10/0x10 [ 286.046258][ T8013] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 286.046290][ T8013] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 286.046324][ T8013] ? f2fs_hw_is_readonly+0x39b/0x470 [ 286.046356][ T8013] f2fs_handle_critical_error+0x37c/0x540 [ 286.046389][ T8013] f2fs_write_end_io+0x495/0x810 [ 286.046415][ T8013] ? blkg_put+0x22/0x240 [ 286.046459][ T8013] __submit_merged_bio+0x27a/0x6a0 [ 286.046491][ T8013] __submit_merged_write_cond+0x255/0x530 [ 286.046536][ T8013] f2fs_write_data_pages+0x261d/0x3000 [ 286.046601][ T8013] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 286.046707][ T8013] ? unwind_next_frame+0xa5/0x2390 [ 286.046737][ T8013] ? rcu_is_watching+0x15/0xb0 [ 286.046766][ T8013] ? __kasan_check_byte+0x12/0x40 [ 286.046801][ T8013] ? is_bpf_text_address+0x26/0x2b0 [ 286.046831][ T8013] ? rcu_is_watching+0x15/0xb0 [ 286.046865][ T8013] ? rcu_is_watching+0x15/0xb0 [ 286.046896][ T8013] ? lock_release+0x4b/0x3e0 [ 286.046922][ T8013] ? lock_release+0x4b/0x3e0 [ 286.046967][ T8013] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 286.047005][ T8013] do_writepages+0x32b/0x550 [ 286.047050][ T8013] ? do_raw_spin_unlock+0x122/0x240 [ 286.047080][ T8013] filemap_fdatawrite+0x191/0x230 [ 286.047101][ T8013] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 286.047176][ T8013] ? do_raw_spin_unlock+0x122/0x240 [ 286.047205][ T8013] f2fs_sync_dirty_inodes+0x31f/0x830 [ 286.047253][ T8013] f2fs_write_checkpoint+0x94a/0x1de0 [ 286.047309][ T8013] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 286.047392][ T8013] ? kill_f2fs_super+0x298/0x6c0 [ 286.047429][ T8013] kill_f2fs_super+0x2c3/0x6c0 [ 286.047464][ T8013] ? __pfx_kill_f2fs_super+0x10/0x10 [ 286.047491][ T8013] ? radix_tree_delete_item+0x2b6/0x400 [ 286.047520][ T8013] ? shrinker_free+0x2ce/0x3e0 [ 286.047550][ T8013] deactivate_locked_super+0xb9/0x130 [ 286.047582][ T8013] cleanup_mnt+0x425/0x4c0 [ 286.047611][ T8013] ? lockdep_hardirqs_on+0x9c/0x150 [ 286.047636][ T8013] task_work_run+0x1d1/0x260 [ 286.047665][ T8013] ? __pfx_task_work_run+0x10/0x10 [ 286.047688][ T8013] ? __x64_sys_umount+0x122/0x160 [ 286.047714][ T8013] ? exit_to_user_mode_loop+0x40/0x110 [ 286.047748][ T8013] exit_to_user_mode_loop+0xec/0x110 [ 286.047777][ T8013] do_syscall_64+0x2bd/0x3b0 [ 286.047800][ T8013] ? lockdep_hardirqs_on+0x9c/0x150 [ 286.047820][ T8013] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.047841][ T8013] ? clear_bhb_loop+0x60/0xb0 [ 286.047866][ T8013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.047886][ T8013] RIP: 0033:0x7f25e958fc57 [ 286.047907][ T8013] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 286.047924][ T8013] RSP: 002b:00007fff45854358 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 286.047946][ T8013] RAX: 0000000000000000 RBX: 00007f25e9610925 RCX: 00007f25e958fc57 [ 286.047960][ T8013] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff45854410 [ 286.047973][ T8013] RBP: 00007fff45854410 R08: 0000000000000000 R09: 0000000000000000 [ 286.047993][ T8013] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff458554a0 [ 286.048006][ T8013] R13: 00007f25e9610925 R14: 0000000000045a9c R15: 00007fff458554e0 [ 286.048042][ T8013] [ 286.577441][ T8013] F2FS-fs (loop7): Stopped filesystem due to reason: 3 [ 286.596081][T10525] loop5: detected capacity change from 0 to 32768 [ 286.660384][T10531] loop8: detected capacity change from 0 to 40427 [ 286.673282][T10525] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1429 (10525) [ 286.698110][T10531] F2FS-fs (loop8): build fault injection rate: 771 [ 286.709037][T10531] F2FS-fs (loop8): invalid crc value [ 286.787731][T10525] BTRFS info (device loop5): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 286.817544][T10525] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 286.837491][T10525] BTRFS info (device loop5): using free-space-tree [ 286.888629][T10533] loop9: detected capacity change from 0 to 32768 [ 286.942965][T10533] ocfs2: Slot 0 on device (7,9) was already allocated to this node! [ 286.958614][T10531] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 287.015173][T10533] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode. [ 287.022707][ T3308] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.048869][T10525] BTRFS info (device loop5): rebuilding free space tree [ 287.158378][T10525] BTRFS info (device loop5): balance: start -susage=12582912,drange=65536..8,limit=10376293541461622786,limit=2..2415919104 [ 287.234387][T10525] BTRFS info (device loop5): relocating block group 1048576 flags system [ 287.269117][ T9091] syz-executor: attempt to access beyond end of device [ 287.269117][ T9091] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 287.293055][ T3308] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.321496][ T9091] CPU: 0 UID: 0 PID: 9091 Comm: syz-executor Not tainted 6.15.0-next-20250604-syzkaller #0 PREEMPT(full) [ 287.321529][ T9091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 287.321542][ T9091] Call Trace: [ 287.321551][ T9091] [ 287.321561][ T9091] dump_stack_lvl+0x189/0x250 [ 287.321591][ T9091] ? __pfx_dump_stack_lvl+0x10/0x10 [ 287.321608][ T9091] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 287.321642][ T9091] ? __pfx_queue_work_on+0x10/0x10 [ 287.321664][ T9091] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 287.321697][ T9091] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 287.321732][ T9091] ? f2fs_hw_is_readonly+0x39b/0x470 [ 287.321765][ T9091] f2fs_handle_critical_error+0x37c/0x540 [ 287.321801][ T9091] f2fs_write_end_io+0x495/0x810 [ 287.321827][ T9091] ? blkg_put+0x22/0x240 [ 287.321875][ T9091] __submit_merged_bio+0x27a/0x6a0 [ 287.321923][ T9091] __submit_merged_write_cond+0x255/0x530 [ 287.321959][ T9091] f2fs_write_data_pages+0x261d/0x3000 [ 287.322036][ T9091] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 287.322141][ T9091] ? folios_put_refs+0x559/0x640 [ 287.322183][ T9091] ? __pfx_folios_put_refs+0x10/0x10 [ 287.322208][ T9091] ? rcu_is_watching+0x15/0xb0 [ 287.322253][ T9091] ? __lock_acquire+0xab9/0xd20 [ 287.322305][ T9091] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 287.322335][ T9091] do_writepages+0x32b/0x550 [ 287.322383][ T9091] ? do_raw_spin_unlock+0x122/0x240 [ 287.322414][ T9091] filemap_fdatawrite+0x191/0x230 [ 287.322435][ T9091] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 287.322523][ T9091] ? do_raw_spin_unlock+0x122/0x240 [ 287.322554][ T9091] f2fs_sync_dirty_inodes+0x31f/0x830 [ 287.322605][ T9091] f2fs_write_checkpoint+0x94a/0x1de0 [ 287.322669][ T9091] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 287.322757][ T9091] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 287.322786][ T9091] ? kfree+0x18e/0x440 [ 287.322808][ T9091] ? kill_f2fs_super+0x298/0x6c0 [ 287.322845][ T9091] kill_f2fs_super+0x2c3/0x6c0 [ 287.322884][ T9091] ? __pfx_kill_f2fs_super+0x10/0x10 [ 287.322918][ T9091] ? radix_tree_delete_item+0x2b6/0x400 [ 287.322950][ T9091] ? shrinker_free+0x2ce/0x3e0 [ 287.322981][ T9091] deactivate_locked_super+0xb9/0x130 [ 287.323015][ T9091] cleanup_mnt+0x425/0x4c0 [ 287.323044][ T9091] ? lockdep_hardirqs_on+0x9c/0x150 [ 287.323070][ T9091] task_work_run+0x1d1/0x260 [ 287.323101][ T9091] ? __pfx_task_work_run+0x10/0x10 [ 287.323124][ T9091] ? __x64_sys_umount+0x122/0x160 [ 287.323152][ T9091] ? exit_to_user_mode_loop+0x40/0x110 [ 287.323187][ T9091] exit_to_user_mode_loop+0xec/0x110 [ 287.323218][ T9091] do_syscall_64+0x2bd/0x3b0 [ 287.323239][ T9091] ? lockdep_hardirqs_on+0x9c/0x150 [ 287.323260][ T9091] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.323281][ T9091] ? clear_bhb_loop+0x60/0xb0 [ 287.323307][ T9091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.323327][ T9091] RIP: 0033:0x7f9e3538fc57 [ 287.323347][ T9091] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 287.323365][ T9091] RSP: 002b:00007fff50c26078 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 287.323387][ T9091] RAX: 0000000000000000 RBX: 00007f9e35410925 RCX: 00007f9e3538fc57 [ 287.323401][ T9091] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff50c26130 [ 287.323414][ T9091] RBP: 00007fff50c26130 R08: 0000000000000000 R09: 0000000000000000 [ 287.323426][ T9091] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff50c271c0 [ 287.323440][ T9091] R13: 00007f9e35410925 R14: 00000000000461ab R15: 00007fff50c27200 [ 287.323479][ T9091] [ 287.323487][ T9091] F2FS-fs (loop8): Stopped filesystem due to reason: 3 [ 287.612275][ T9991] ocfs2: Unmounting device (7,9) on (node local) [ 287.801172][T10525] BTRFS info (device loop5): balance: ended with status: 0 [ 287.862558][T10556] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1436'. [ 287.882474][ T3308] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.987883][ T6246] BTRFS info (device loop5): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 288.112488][ T3308] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.669895][ T3308] bridge_slave_1: left allmulticast mode [ 288.675640][ T3308] bridge_slave_1: left promiscuous mode [ 288.705832][ T3308] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.772892][ T3308] bridge_slave_0: left allmulticast mode [ 288.782031][ T3308] bridge_slave_0: left promiscuous mode [ 288.807535][ T3308] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.948404][ T5154] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 288.966007][ T5154] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 288.975655][ T5154] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 288.988468][ T5154] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 288.996437][ T5154] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 289.670482][ T3308] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 289.684152][ T3308] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 289.696978][ T3308] bond0 (unregistering): Released all slaves [ 290.153780][T10605] loop8: detected capacity change from 0 to 512 [ 290.165475][T10605] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256 [ 290.264106][ T3308] hsr_slave_0: left promiscuous mode [ 290.288252][ T3308] hsr_slave_1: left promiscuous mode [ 290.307965][ T3308] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 290.317657][ T43] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 290.344002][ T3308] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 290.359260][T10611] loop8: detected capacity change from 0 to 512 [ 290.359459][ T3308] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 290.397605][ T3308] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 290.427496][ T1219] usb 6-1: new full-speed USB device number 8 using dummy_hcd [ 290.462061][ T3308] veth1_macvtap: left promiscuous mode [ 290.473382][ T3308] veth0_macvtap: left promiscuous mode [ 290.479478][ T3308] veth1_vlan: left promiscuous mode [ 290.479489][ T43] usb 10-1: Using ep0 maxpacket: 32 [ 290.499033][ T43] usb 10-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 290.511950][ T3308] veth0_vlan: left promiscuous mode [ 290.526471][ T43] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.554789][ T43] usb 10-1: config 0 descriptor?? [ 290.572401][T10611] EXT4-fs (loop8): Test dummy encryption mode enabled [ 290.585692][T10611] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 290.600504][ T1219] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 290.617238][ T1219] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.639833][ T1219] usb 6-1: config 0 descriptor?? [ 290.653778][ T1219] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 290.677866][T10611] EXT4-fs (loop8): 1 truncate cleaned up [ 290.693555][T10611] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 290.792661][T10611] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 290.804343][ T43] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 290.818214][ T43] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 290.832500][ T43] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 290.840180][ T43] usb 10-1: media controller created [ 290.855629][ T1219] usb 6-1: Detected FT232B [ 290.917756][ T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 290.948674][ T9091] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 291.020162][ T43] az6027: usb out operation failed. (-71) [ 291.040804][ T43] az6027: usb out operation failed. (-71) [ 291.054027][ T43] stb0899_attach: Driver disabled by Kconfig [ 291.061302][ T43] az6027: no front-end attached [ 291.061302][ T43] [ 291.070173][ T1219] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 291.084054][ T43] az6027: usb out operation failed. (-71) [ 291.093769][ T43] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 291.101766][ T1219] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 291.116040][ T5840] Bluetooth: hci1: command tx timeout [ 291.116540][ T43] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.9/usb10/10-1/input/input17 [ 291.139476][ T43] dvb-usb: schedule remote query interval to 400 msecs. [ 291.146656][ T43] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 291.160684][ T43] usb 10-1: USB disconnect, device number 3 [ 291.259442][ T43] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 291.295565][ T1219] usb 6-1: USB disconnect, device number 8 [ 291.308975][ T1219] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 291.319375][ T1219] ftdi_sio 6-1:0.0: device disconnected [ 291.598268][ T3308] team0 (unregistering): Port device team_slave_1 removed [ 291.694191][ T3308] team0 (unregistering): Port device team_slave_0 removed [ 293.003991][T10574] chnl_net:caif_netlink_parms(): no params data found [ 293.183030][ T5840] Bluetooth: hci1: command tx timeout [ 293.480361][T10667] loop9: detected capacity change from 0 to 4096 [ 293.686321][T10574] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.714582][T10574] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.722327][T10693] loop5: detected capacity change from 0 to 1024 [ 293.735735][T10693] EXT4-fs: Ignoring removed nobh option [ 293.744094][T10693] EXT4-fs: Ignoring removed bh option [ 293.753409][T10574] bridge_slave_0: entered allmulticast mode [ 293.765961][T10574] bridge_slave_0: entered promiscuous mode [ 293.774711][T10574] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.782469][T10574] bridge0: port 2(bridge_slave_1) entered disabled state [ 293.796967][T10574] bridge_slave_1: entered allmulticast mode [ 293.805069][T10693] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 293.820263][T10574] bridge_slave_1: entered promiscuous mode [ 293.982198][T10574] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 294.006873][ T6246] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.026250][T10574] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 294.044110][T10700] loop9: detected capacity change from 0 to 4096 [ 294.109265][T10700] EXT4-fs (loop9): Test dummy encryption mode enabled [ 294.148688][T10700] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a042c018, mo2=0003] [ 294.181460][T10700] System zones: 0-5 [ 294.206430][T10700] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 294.227131][T10574] team0: Port device team_slave_0 added [ 294.243261][T10574] team0: Port device team_slave_1 added [ 294.369510][T10574] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 294.376632][T10574] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 294.377373][ T9991] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.402574][ C1] vkms_vblank_simulate: vblank timer overrun [ 294.437222][T10574] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 294.461990][T10712] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1494'. [ 294.494889][T10574] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 294.505034][T10574] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 294.545037][T10574] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 294.659019][T10574] hsr_slave_0: entered promiscuous mode [ 294.665850][T10574] hsr_slave_1: entered promiscuous mode [ 294.689524][T10574] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 294.697160][T10574] Cannot create hsr debugfs directory [ 295.058426][T10729] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 295.058426][T10729] The task syz.8.1501 (10729) triggered the difference, watch for misbehavior. [ 295.267946][ T5840] Bluetooth: hci1: command tx timeout [ 295.309930][T10731] loop9: detected capacity change from 0 to 4096 [ 295.334973][T10714] loop5: detected capacity change from 0 to 32768 [ 295.381764][T10714] XFS (loop5): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 295.492472][T10714] XFS (loop5): Ending clean mount [ 295.688650][ T6246] XFS (loop5): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 296.472610][T10772] loop5: detected capacity change from 0 to 128 [ 296.545261][T10772] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 296.588095][T10772] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 297.057756][ T5975] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 297.101359][T10574] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 297.215534][T10574] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 297.257730][ T5975] usb 10-1: Using ep0 maxpacket: 32 [ 297.277831][ T5975] usb 10-1: config index 0 descriptor too short (expected 35577, got 27) [ 297.302058][ T5975] usb 10-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 297.311790][ T5975] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 297.338272][ T5840] Bluetooth: hci1: command tx timeout [ 297.351687][ T5975] usb 10-1: config 1 has no interface number 0 [ 297.370795][ T5975] usb 10-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 297.393355][T10574] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 297.403321][ T5975] usb 10-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 297.444090][ T10] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 297.467713][ T5975] usb 10-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 297.477807][ T5975] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.504157][ T5975] snd_usb_pod 10-1:1.1: Line 6 Pocket POD found [ 297.607597][ T10] usb 9-1: Using ep0 maxpacket: 16 [ 297.615340][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 297.800311][ T5975] snd_usb_pod 10-1:1.1: Line 6 Pocket POD now attached [ 297.827398][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 297.837237][ T10] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 297.870888][ T10] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 297.907432][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.941137][ T10] usb 9-1: config 0 descriptor?? [ 297.949921][T10574] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 298.167055][T10574] 8021q: adding VLAN 0 to HW filter on device bond0 [ 298.209634][T10574] 8021q: adding VLAN 0 to HW filter on device team0 [ 298.222426][ T5883] usb 10-1: USB disconnect, device number 4 [ 298.230614][ T5883] snd_usb_pod 10-1:1.1: Line 6 Pocket POD now disconnected [ 298.264127][ T1167] bridge0: port 1(bridge_slave_0) entered blocking state [ 298.271414][ T1167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 298.281935][ T1167] bridge0: port 2(bridge_slave_1) entered blocking state [ 298.289163][ T1167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 298.396574][ T10] input: HID 045e:07da as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:045E:07DA.000C/input/input18 [ 298.498595][ T10] microsoft 0003:045E:07DA.000C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.8-1/input0 [ 298.561694][ T5885] usb 9-1: USB disconnect, device number 6 [ 298.698300][T10832] loop7: detected capacity change from 0 to 2048 [ 298.745211][T10832] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 298.967033][T10574] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 299.170235][T10574] veth0_vlan: entered promiscuous mode [ 299.220443][T10574] veth1_vlan: entered promiscuous mode [ 299.379185][T10574] veth0_macvtap: entered promiscuous mode [ 299.421789][T10574] veth1_macvtap: entered promiscuous mode [ 299.526364][T10574] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 299.588271][T10574] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 299.638812][T10574] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.667956][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 404.687312][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 404.694326][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P10574/1:b..l P10862/1:b..l [ 404.704280][ C0] rcu: (detected by 0, t=10503 jiffies, g=43429, q=355 ncpus=2) [ 404.712043][ C0] task:sed state:R running task stack:25352 pid:10862 tgid:10862 ppid:10859 task_flags:0x400000 flags:0x00004002 [ 404.726950][ C0] Call Trace: [ 404.730264][ C0] [ 404.733224][ C0] __schedule+0x16f5/0x4d00 [ 404.737779][ C0] ? stack_trace_save+0x9c/0xe0 [ 404.742663][ C0] ? preempt_schedule_irq+0xb5/0x150 [ 404.747988][ C0] ? __pfx___schedule+0x10/0x10 [ 404.752869][ C0] ? kasan_save_stack+0x4d/0x60 [ 404.757757][ C0] ? kasan_save_stack+0x3e/0x60 [ 404.762644][ C0] ? kasan_record_aux_stack+0xbd/0xd0 [ 404.768051][ C0] ? call_rcu+0x142/0x990 [ 404.772420][ C0] ? __lock_acquire+0xab9/0xd20 [ 404.777311][ C0] ? preempt_schedule_irq+0xaa/0x150 [ 404.782635][ C0] preempt_schedule_irq+0xb5/0x150 [ 404.787791][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 404.793556][ C0] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 404.799418][ C0] irqentry_exit+0x6f/0x90 [ 404.803866][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 404.809876][ C0] RIP: 0010:unwind_next_frame+0x1853/0x2390 [ 404.815819][ C0] Code: 13 22 b1 00 4d 8b 6e 08 4d 8d 7e 10 4c 89 f8 48 c1 e8 03 80 3c 28 00 74 08 4c 89 ff e8 f6 21 b1 00 49 8b 07 4d 39 e5 0f 96 c1 <4c> 39 e0 0f 97 c2 20 ca 80 fa 01 0f 85 63 01 00 00 49 8d 4c 24 08 [ 404.835472][ C0] RSP: 0018:ffffc9000eebea78 EFLAGS: 00000283 [ 404.841592][ C0] RAX: ffffc9000eec0000 RBX: ffffffff903d9f01 RCX: 0000000000000001 [ 404.849595][ C0] RDX: ffffc9000eebeb88 RSI: dffffc0000000000 RDI: ffffc9000eebeb50 [ 404.857592][ C0] RBP: dffffc0000000000 R08: ffffc9000eebeeb0 R09: 0000000000000000 [ 404.865594][ C0] R10: ffffc9000eebeb98 R11: fffff52001dd7d75 R12: ffffc9000eebeec0 [ 404.873591][ C0] R13: ffffc9000eeb8000 R14: ffffc9000eebeb48 R15: ffffc9000eebeb58 [ 404.881613][ C0] ? unwind_next_frame+0x17c4/0x2390 [ 404.886945][ C0] ? unwind_next_frame+0xa5/0x2390 [ 404.892115][ C0] ? kasan_save_track+0x3e/0x80 [ 404.897026][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 404.903216][ C0] arch_stack_walk+0x11c/0x150 [ 404.908011][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 404.913105][ C0] stack_trace_save+0x9c/0xe0 [ 404.917814][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 404.923223][ C0] ? kasan_save_stack+0x4d/0x60 [ 404.928109][ C0] ? kasan_save_stack+0x3e/0x60 [ 404.933003][ C0] ? kasan_record_aux_stack+0xbd/0xd0 [ 404.938417][ C0] kasan_save_track+0x3e/0x80 [ 404.943160][ C0] ? kasan_save_track+0x3e/0x80 [ 404.948125][ C0] __kasan_slab_alloc+0x6c/0x80 [ 404.953006][ C0] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 404.958531][ C0] ? fill_pool+0x100/0x570 [ 404.962988][ C0] fill_pool+0x100/0x570 [ 404.967267][ C0] ? debug_object_activate+0x35a/0x420 [ 404.972756][ C0] ? __pfx_fill_pool+0x10/0x10 [ 404.977555][ C0] ? mas_wr_store_entry+0x1fa6/0x25b0 [ 404.982988][ C0] ? debug_object_activate+0x35a/0x420 [ 404.988479][ C0] debug_object_activate+0x383/0x420 [ 404.993809][ C0] ? __pfx_mt_free_rcu+0x10/0x10 [ 404.998776][ C0] call_rcu+0x95/0x990 [ 405.002868][ C0] ? __lock_acquire+0xab9/0xd20 [ 405.007766][ C0] ? __pfx_call_rcu+0x10/0x10 [ 405.012477][ C0] ? mas_replace_node+0x472/0x7b0 [ 405.017540][ C0] mas_wr_store_entry+0x1f1b/0x25b0 [ 405.022805][ C0] ? __pfx_mas_wr_store_entry+0x10/0x10 [ 405.028388][ C0] ? unwind_get_return_address+0x4d/0x90 [ 405.034062][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 405.040247][ C0] ? arch_stack_walk+0xfc/0x150 [ 405.045143][ C0] ? stack_trace_save+0x9c/0xe0 [ 405.050029][ C0] ? stack_depot_save_flags+0x40/0x900 [ 405.055534][ C0] ? kasan_save_track+0x4f/0x80 [ 405.060419][ C0] ? kasan_save_track+0x3e/0x80 [ 405.066117][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 405.071190][ C0] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 405.076968][ C0] ? mas_alloc_nodes+0x2e9/0x8e0 [ 405.081930][ C0] ? mas_preallocate+0x39e/0x6b0 [ 405.086893][ C0] ? vma_link+0x102/0x450 [ 405.091259][ C0] ? insert_vm_struct+0x199/0x260 [ 405.096314][ C0] ? _install_special_mapping+0x1b0/0x350 [ 405.102071][ C0] ? map_vdso+0x1df/0x480 [ 405.106434][ C0] ? load_elf_binary+0x1bd9/0x2790 [ 405.111571][ C0] ? bprm_execve+0x999/0x1450 [ 405.116269][ C0] ? do_execveat_common+0x510/0x6a0 [ 405.121506][ C0] ? __x64_sys_execve+0x94/0xb0 [ 405.126385][ C0] ? do_syscall_64+0xfa/0x3b0 [ 405.131094][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.137248][ C0] ? mas_alloc_nodes+0x2e9/0x8e0 [ 405.142237][ C0] ? trace_ma_write+0x87/0x1f0 [ 405.147043][ C0] mas_store_prealloc+0xb00/0xf60 [ 405.152114][ C0] ? __pfx_mas_store_prealloc+0x10/0x10 [ 405.157729][ C0] vma_link+0x254/0x450 [ 405.161929][ C0] ? __pfx_vma_link+0x10/0x10 [ 405.166650][ C0] ? __pfx_find_vma_intersection+0x10/0x10 [ 405.172490][ C0] ? rcu_is_watching+0x15/0xb0 [ 405.177906][ C0] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 405.183308][ C0] ? kmem_cache_alloc_noprof+0x21a/0x3c0 [ 405.188976][ C0] insert_vm_struct+0x199/0x260 [ 405.193872][ C0] _install_special_mapping+0x1b0/0x350 [ 405.199453][ C0] map_vdso+0x1df/0x480 [ 405.203646][ C0] load_elf_binary+0x1bd9/0x2790 [ 405.208632][ C0] ? load_elf_binary+0x891/0x2790 [ 405.213705][ C0] ? __pfx_load_elf_binary+0x10/0x10 [ 405.219041][ C0] bprm_execve+0x999/0x1450 [ 405.223591][ C0] ? __pfx_bprm_execve+0x10/0x10 [ 405.228629][ C0] do_execveat_common+0x510/0x6a0 [ 405.233718][ C0] __x64_sys_execve+0x94/0xb0 [ 405.238426][ C0] do_syscall_64+0xfa/0x3b0 [ 405.242977][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 405.248205][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.254324][ C0] ? clear_bhb_loop+0x60/0xb0 [ 405.259046][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.264968][ C0] RIP: 0033:0x7fc519e71107 [ 405.269413][ C0] RSP: 002b:00007ffd5a2d0df8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 405.277861][ C0] RAX: ffffffffffffffda RBX: 000055a9a8696080 RCX: 00007fc519e71107 [ 405.285873][ C0] RDX: 000055a9a86960a8 RSI: 000055a9a8696080 RDI: 000055a9a8696138 [ 405.293871][ C0] RBP: 000055a9a8696138 R08: 00007ffd5a2d5e70 R09: 0000000000000000 [ 405.301870][ C0] R10: 0000000000000008 R11: 0000000000000246 R12: 000055a9a86960a8 [ 405.309873][ C0] R13: 00007fc51a036e8b R14: 000055a9a86960a8 R15: 0000000000000000 [ 405.317898][ C0] [ 405.320960][ C0] task:syz-executor state:R running task stack:21960 pid:10574 tgid:10574 ppid:10557 task_flags:0x400140 flags:0x00004002 [ 405.334487][ C0] Call Trace: [ 405.337793][ C0] [ 405.340752][ C0] __schedule+0x16f5/0x4d00 [ 405.345300][ C0] ? _prb_read_valid+0xa07/0xa90 [ 405.350281][ C0] ? console_flush_all+0x13a/0xc40 [ 405.355429][ C0] ? preempt_schedule_common+0x83/0xd0 [ 405.360922][ C0] ? __pfx___schedule+0x10/0x10 [ 405.365813][ C0] ? __pfx___console_unlock+0x10/0x10 [ 405.371229][ C0] ? preempt_schedule+0xae/0xc0 [ 405.376110][ C0] preempt_schedule_common+0x83/0xd0 [ 405.381430][ C0] preempt_schedule+0xae/0xc0 [ 405.386138][ C0] ? __pfx_preempt_schedule+0x10/0x10 [ 405.391533][ C0] ? console_unlock+0x21b/0x270 [ 405.396416][ C0] ? __pfx_console_unlock+0x10/0x10 [ 405.401652][ C0] preempt_schedule_thunk+0x16/0x30 [ 405.407066][ C0] ? vprintk_emit+0x695/0x7a0 [ 405.411777][ C0] vprintk_emit+0x69a/0x7a0 [ 405.416490][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 405.421540][ C0] ? look_up_lock_class+0x74/0x170 [ 405.426684][ C0] ? __pfx_snprintf+0x10/0x10 [ 405.431412][ C0] dev_vprintk_emit+0x337/0x3f0 [ 405.436294][ C0] ? register_lock_class+0x51/0x320 [ 405.441538][ C0] ? __pfx_dev_vprintk_emit+0x10/0x10 [ 405.446956][ C0] dev_printk_emit+0xe0/0x130 [ 405.451676][ C0] ? __pfx_dev_printk_emit+0x10/0x10 [ 405.457004][ C0] ? ip4_datagram_release_cb+0x82/0xbb0 [ 405.462602][ C0] __netdev_printk+0x3d7/0x4d0 [ 405.467407][ C0] netdev_info+0x10a/0x160 [ 405.471857][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 405.477089][ C0] ? __pfx_netdev_info+0x10/0x10 [ 405.482069][ C0] ? __inet_bind+0x41e/0xb80 [ 405.486698][ C0] nsim_udp_tunnel_set_port+0x29b/0x440 [ 405.492288][ C0] __udp_tunnel_nic_device_sync+0xb05/0x14c0 [ 405.498569][ C0] ? __pfx_inet_bind_sk+0x10/0x10 [ 405.503646][ C0] ? __pfx___udp_tunnel_nic_device_sync+0x10/0x10 [ 405.510551][ C0] __udp_tunnel_nic_add_port+0xbd5/0xe50 [ 405.516235][ C0] udp_tunnel_notify_add_rx_port+0x293/0x3e0 [ 405.522344][ C0] ? udp_tunnel_notify_add_rx_port+0x10f/0x3e0 [ 405.528529][ C0] ? __pfx_udp_tunnel_notify_add_rx_port+0x10/0x10 [ 405.535075][ C0] geneve_sock_add+0x55d/0x910 [ 405.539895][ C0] ? __pfx_geneve_sock_add+0x10/0x10 [ 405.545216][ C0] ? ib_device_get_by_netdev+0x46b/0x4d0 [ 405.550886][ C0] ? __pfx_ib_device_get_by_netdev+0x10/0x10 [ 405.556909][ C0] ? ip6_route_dev_notify+0x9a/0x5b0 [ 405.562240][ C0] ? notifier_call_chain+0x3bf/0x3e0 [ 405.567649][ C0] geneve_open+0xd2/0x140 [ 405.572017][ C0] __dev_open+0x46d/0x880 [ 405.576393][ C0] ? __pfx___dev_open+0x10/0x10 [ 405.581292][ C0] __dev_change_flags+0x1ea/0x6d0 [ 405.586373][ C0] ? __pfx___dev_change_flags+0x10/0x10 [ 405.591962][ C0] ? do_setlink+0x8ce/0x41c0 [ 405.596594][ C0] netif_change_flags+0x88/0x1a0 [ 405.601948][ C0] do_setlink+0xc55/0x41c0 [ 405.606428][ C0] ? __kernel_text_address+0xd/0x40 [ 405.611679][ C0] ? arch_stack_walk+0xfc/0x150 [ 405.616595][ C0] ? __pfx_do_setlink+0x10/0x10 [ 405.621512][ C0] ? __lock_acquire+0xab9/0xd20 [ 405.626410][ C0] ? __pfx___mutex_trylock_common+0x10/0x10 [ 405.632337][ C0] ? rcu_is_watching+0x15/0xb0 [ 405.637139][ C0] ? trace_contention_end+0x39/0x120 [ 405.642451][ C0] ? __mutex_lock+0x330/0xe80 [ 405.647160][ C0] ? __pfx_aa_get_newest_label+0x10/0x10 [ 405.652832][ C0] ? rtnl_newlink+0x8db/0x1c70 [ 405.657622][ C0] ? rcu_is_watching+0x15/0xb0 [ 405.662430][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 405.667538][ C0] ? ns_capable+0x8a/0xf0 [ 405.671915][ C0] ? rtnl_link_get_net_capable+0x16a/0x350 [ 405.677794][ C0] rtnl_newlink+0x160b/0x1c70 [ 405.682516][ C0] ? netlink_sendmsg+0x805/0xb30 [ 405.687511][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 405.692602][ C0] ? kasan_quarantine_put+0xdd/0x220 [ 405.697926][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 405.703160][ C0] ? nlmon_xmit+0xb0/0x100 [ 405.707606][ C0] ? kmem_cache_free+0x18f/0x400 [ 405.712578][ C0] ? __local_bh_enable_ip+0x12d/0x1c0 [ 405.718014][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 405.723244][ C0] ? __local_bh_enable_ip+0x12d/0x1c0 [ 405.728664][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 405.734431][ C0] ? __dev_queue_xmit+0x27e/0x3a70 [ 405.739581][ C0] ? __dev_queue_xmit+0x27e/0x3a70 [ 405.744719][ C0] ? __dev_queue_xmit+0x27e/0x3a70 [ 405.749875][ C0] ? __lock_acquire+0xab9/0xd20 [ 405.754786][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 405.759845][ C0] rtnetlink_rcv_msg+0x7cc/0xb70 [ 405.764824][ C0] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 405.770055][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 405.775558][ C0] ? ref_tracker_free+0x63a/0x7d0 [ 405.780627][ C0] ? __copy_skb_header+0xa7/0x550 [ 405.785697][ C0] ? __pfx_ref_tracker_free+0x10/0x10 [ 405.791107][ C0] ? __skb_clone+0x63/0x7a0 [ 405.795658][ C0] netlink_rcv_skb+0x208/0x470 [ 405.800554][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 405.806048][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 405.811474][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 405.816708][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 405.821959][ C0] netlink_unicast+0x75b/0x8d0 [ 405.826769][ C0] netlink_sendmsg+0x805/0xb30 [ 405.831581][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 405.836906][ C0] ? aa_sock_msg_perm+0xf1/0x1d0 [ 405.841891][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 405.847223][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 405.852546][ C0] __sock_sendmsg+0x219/0x270 [ 405.857287][ C0] __sys_sendto+0x3bd/0x520 [ 405.861851][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 405.866941][ C0] ? fput_close_sync+0x119/0x200 [ 405.871941][ C0] ? __pfx_fput_close_sync+0x10/0x10 [ 405.877283][ C0] __x64_sys_sendto+0xde/0x100 [ 405.882091][ C0] do_syscall_64+0xfa/0x3b0 [ 405.886631][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.892740][ C0] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 405.898418][ C0] ? clear_bhb_loop+0x60/0xb0 [ 405.903166][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.909091][ C0] RIP: 0033:0x7fa1855907bc [ 405.913623][ C0] RSP: 002b:00007ffc7b7b97d0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 405.922160][ C0] RAX: ffffffffffffffda RBX: 00007fa1862e4620 RCX: 00007fa1855907bc [ 405.930177][ C0] RDX: 000000000000002c RSI: 00007fa1862e4670 RDI: 0000000000000003 [ 405.938178][ C0] RBP: 0000000000000000 R08: 00007ffc7b7b9824 R09: 000000000000000c [ 405.946175][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 405.954168][ C0] R13: 0000000000000000 R14: 00007fa1862e4670 R15: 0000000000000000 [ 405.962184][ C0] [ 405.965227][ C0] rcu: rcu_preempt kthread starved for 10340 jiffies! g43429 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 405.976447][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 405.986447][ C0] rcu: RCU grace-period kthread stack dump: [ 405.992356][ C0] task:rcu_preempt state:R running task stack:27192 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 406.005889][ C0] Call Trace: [ 406.009190][ C0] [ 406.012149][ C0] __schedule+0x16f5/0x4d00 [ 406.016709][ C0] ? schedule+0x165/0x360 [ 406.021072][ C0] ? __pfx___schedule+0x10/0x10 [ 406.025980][ C0] ? schedule+0x91/0x360 [ 406.030266][ C0] schedule+0x165/0x360 [ 406.034450][ C0] schedule_timeout+0x12b/0x270 [ 406.039337][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 406.044747][ C0] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 406.050683][ C0] ? __pfx_process_timeout+0x10/0x10 [ 406.056006][ C0] ? prepare_to_swait_event+0x341/0x380 [ 406.061597][ C0] rcu_gp_fqs_loop+0x301/0x1540 [ 406.066496][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 406.071719][ C0] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 406.077914][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 406.083229][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 406.088479][ C0] ? finish_swait+0xcd/0x1f0 [ 406.093105][ C0] rcu_gp_kthread+0x99/0x390 [ 406.097735][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 406.102967][ C0] ? __kthread_parkme+0x7b/0x200 [ 406.107940][ C0] ? __kthread_parkme+0x1a1/0x200 [ 406.112997][ C0] kthread+0x70e/0x8a0 [ 406.117110][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 406.122344][ C0] ? __pfx_kthread+0x10/0x10 [ 406.126972][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 406.132218][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 406.137543][ C0] ? __pfx_kthread+0x10/0x10 [ 406.142190][ C0] ret_from_fork+0x3fc/0x770 [ 406.146837][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 406.152002][ C0] ? __switch_to_asm+0x39/0x70 [ 406.156798][ C0] ? __switch_to_asm+0x33/0x70 [ 406.161589][ C0] ? __pfx_kthread+0x10/0x10 [ 406.166214][ C0] ret_from_fork_asm+0x1a/0x30 [ 406.171030][ C0] [ 406.174076][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 406.180423][ C0] CPU: 0 UID: 0 PID: 10865 Comm: syz.8.1536 Not tainted 6.15.0-next-20250604-syzkaller #0 PREEMPT(full) [ 406.191654][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 406.201734][ C0] RIP: 0010:smp_call_function_many_cond+0xf69/0x12d0 [ 406.208448][ C0] Code: 00 45 8b 2f 44 89 ee 83 e6 01 31 ff e8 60 78 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 0b 74 0b 00 eb 37 f3 90 <43> 0f b6 04 2c 84 c0 75 10 41 f7 07 01 00 00 00 74 1e e8 f0 73 0b [ 406.228080][ C0] RSP: 0000:ffffc9000ee0f720 EFLAGS: 00000293 [ 406.234178][ C0] RAX: ffffffff81b4eab0 RBX: ffff8880b863cb40 RCX: ffff88807b670000 [ 406.242177][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 406.250186][ C0] RBP: ffffc9000ee0f880 R08: ffffffff8fa123f7 R09: 1ffffffff1f4247e [ 406.258185][ C0] R10: dffffc0000000000 R11: fffffbfff1f4247f R12: 1ffff110170e828d [ 406.266185][ C0] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff8880b8741468 [ 406.274182][ C0] FS: 000055558ccba500(0000) GS:ffff888125c4d000(0000) knlGS:0000000000000000 [ 406.283137][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 406.289746][ C0] CR2: 00007f9e355b6070 CR3: 000000002441e000 CR4: 00000000003526f0 [ 406.297747][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 406.305746][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 406.313755][ C0] Call Trace: [ 406.317065][ C0] [ 406.320031][ C0] ? __pfx_should_flush_tlb+0x10/0x10 [ 406.325442][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 406.331815][ C0] ? try_charge_memcg+0x22a/0x1290 [ 406.336977][ C0] ? rcu_is_watching+0x15/0xb0 [ 406.341794][ C0] ? __pfx_should_flush_tlb+0x10/0x10 [ 406.347197][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 406.352423][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 406.357585][ C0] flush_tlb_mm_range+0x6b1/0x12c0 [ 406.362724][ C0] ? page_table_check_clear+0x187/0x700 [ 406.368313][ C0] ? __pfx_flush_tlb_mm_range+0x10/0x10 [ 406.373891][ C0] ? page_table_check_clear+0x187/0x700 [ 406.379474][ C0] ? page_table_check_clear+0x4f3/0x700 [ 406.385051][ C0] ? page_table_check_clear+0x187/0x700 [ 406.390634][ C0] ptep_clear_flush+0x120/0x170 [ 406.395536][ C0] do_wp_page+0x1bc2/0x5800 [ 406.400089][ C0] ? do_wp_page+0x161d/0x5800 [ 406.404818][ C0] ? __pfx_do_wp_page+0x10/0x10 [ 406.410658][ C0] ? do_raw_spin_lock+0x121/0x290 [ 406.415714][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 406.421126][ C0] __handle_mm_fault+0x1144/0x5620 [ 406.426275][ C0] ? __lock_acquire+0xab9/0xd20 [ 406.431181][ C0] ? __pfx___handle_mm_fault+0x10/0x10 [ 406.436682][ C0] ? lock_vma_under_rcu+0xf8/0x710 [ 406.441849][ C0] ? lock_vma_under_rcu+0xf8/0x710 [ 406.446995][ C0] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 406.452572][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 406.457814][ C0] handle_mm_fault+0x40a/0x8e0 [ 406.462631][ C0] do_user_addr_fault+0xa81/0x1390 [ 406.467794][ C0] ? rcu_is_watching+0x15/0xb0 [ 406.472596][ C0] ? trace_page_fault_user+0x84/0x1e0 [ 406.478041][ C0] exc_page_fault+0x76/0xf0 [ 406.482576][ C0] asm_exc_page_fault+0x26/0x30 [ 406.487456][ C0] RIP: 0033:0x7f9e35255c5a [ 406.491909][ C0] Code: 80 3d ad fa e8 00 00 0f 84 9b 00 00 00 53 48 89 fb 48 85 ff 74 1a 80 3d 6b c4 35 00 00 75 33 48 8b 43 10 48 c7 00 00 00 00 00 43 38 00 5b c3 64 48 8b 1c 25 c0 fe ff ff 48 85 db 0f 84 85 00 [ 406.511636][ C0] RSP: 002b:00007fff50c26f40 EFLAGS: 00010246 [ 406.517741][ C0] RAX: 00007f9e349ff000 RBX: 00007f9e355b6038 RCX: 00007f9e35345f37 [ 406.525745][ C0] RDX: 00007f9e355b5fa0 RSI: 00007f9e355b5fa0 RDI: 00007f9e355b6038 [ 406.533761][ C0] RBP: 0000000000000000 R08: 00007f9e355b5fa0 R09: 00007fff50c26de7 [ 406.541757][ C0] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f9e355b5fac [ 406.549764][ C0] R13: 00007f9e355b5fa0 R14: 0000000000001cce R15: 0000000000000007 [ 406.557784][ C0]