last executing test programs: 4m28.167428824s ago: executing program 2 (id=1757): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) socket(0x10, 0x2, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0xa721) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0) close_range(r3, r3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) mlock2(&(0x7f0000549000/0x1000)=nil, 0x1000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000280), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r4, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0xc0189436, &(0x7f0000000140)) 4m25.508797645s ago: executing program 2 (id=1760): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7fffffff, 0x1}}]}}]}, 0x48}}, 0x8d0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@newtfilter={0x34, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xc}, {0xfff2}, {0xfff1, 0x3d}}, [@filter_kind_options=@f_bpf={{0x8}, {0x8, 0x2, [@TCA_BPF_ACT={0x4}]}}]}, 0x34}}, 0x0) 4m22.092075087s ago: executing program 2 (id=1770): syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x3, 0x0, &(0x7f0000000140)) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10) 4m15.712154478s ago: executing program 2 (id=1785): socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$video4linux(&(0x7f0000001540), 0x3fd, 0x2800) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000ad30664a59f103b1f4cd5a0a1dcaaaaaaaaaaaaa080045090024006400000111907864010102ac14"], 0x36) syz_open_dev$loop(0x0, 0x9, 0x420000) r2 = fsopen(&(0x7f0000000240)='vfat\x00', 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r3, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10) writev(r3, &(0x7f0000000200), 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) shutdown(r3, 0x1) close_range(r2, 0xffffffffffffffff, 0x0) 4m13.17130753s ago: executing program 2 (id=1789): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000300)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bic\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f00000005c0), 0x0, 0x40006df) 4m11.750120968s ago: executing program 2 (id=1802): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)={0x38, 0x1403, 0x1, 0x20000000, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vcan0\x00'}}]}, 0x38}}, 0x0) 3m56.513968148s ago: executing program 32 (id=1802): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)={0x38, 0x1403, 0x1, 0x20000000, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vcan0\x00'}}]}, 0x38}}, 0x0) 20.47558255s ago: executing program 4 (id=2495): r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000140)=0x1, 0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x4f, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) sendmmsg(r4, &(0x7f0000000000), 0x0, 0x24048000) bind$alg(r3, &(0x7f00000005c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx\x00'}, 0x58) r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x802, 0x6b929545a606890f) syz_emit_ethernet(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, 0xffffffffffffffff, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, 0x0, 0x0) syz_io_uring_setup(0x235, &(0x7f0000000500)={0x0, 0x4533, 0x10100, 0x0, 0x24c, 0x0, r7}, &(0x7f00000001c0), &(0x7f0000000280)) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, 0x0) r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r8) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="030300000000fcffffff0c001e0008000300", @ANYRES32, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x60008800}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x17, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000080000002d0017c4b2be5a11d4eedfabe5f54de4b6bed0166a000000"], &(0x7f0000000100)='syzkaller\x00', 0x8, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x2, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffe4, 0x0, 0x0, 0x10, 0xca1}, 0x94) ioctl$SIOCGETMIFCNT_IN6(r7, 0x89e0, &(0x7f0000000300)={0x1}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r5, 0xc1205531, &(0x7f00000010c0)=""/4111) accept4(r3, 0x0, 0x0, 0x800) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) 13.391980322s ago: executing program 4 (id=2513): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$key(0xf, 0x3, 0x2) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2}, {0x0, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0) 13.058648721s ago: executing program 4 (id=2516): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$kcm(0x29, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') preadv(r1, 0x0, 0x0, 0xd, 0x0) 12.205440072s ago: executing program 4 (id=2520): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) io_setup(0x8, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000300)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) r1 = getpid() sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000845, 0x0, 0x0) getpeername$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, 0x0}, 0x20) sched_setaffinity(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='pids.current\x00', 0x0, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80085504, &(0x7f0000000340)={0x1, 0xc}) bind$bt_hci(r4, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6) write$bt_hci(r4, &(0x7f00000002c0)=ANY=[], 0x138) r5 = syz_open_dev$video4linux(&(0x7f0000002000), 0x2000090, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r5, 0xc0585604, &(0x7f0000000080)={0x0, 0x0, {0x7f, 0x7, 0x3012, 0x1, 0x3, 0x0, 0x25d6a0e6996f69e8, 0x2}}) socket$inet_udp(0x2, 0x2, 0x0) 9.739173436s ago: executing program 3 (id=2524): r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000140)=0x1, 0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x4f, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) sendmmsg(r4, &(0x7f0000000000), 0x0, 0x24048000) bind$alg(r3, &(0x7f00000005c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx\x00'}, 0x58) r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x802, 0x6b929545a606890f) syz_emit_ethernet(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, 0xffffffffffffffff, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, 0x0, 0x0) syz_io_uring_setup(0x235, &(0x7f0000000500)={0x0, 0x4533, 0x10100, 0x0, 0x24c, 0x0, r7}, &(0x7f00000001c0), &(0x7f0000000280)) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, 0x0) r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r8) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="030300000000fcffffff0c001e0008000300", @ANYRES32, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x60008800}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x17, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000080000002d0017c4b2be5a11d4eedfabe5f54de4b6bed0166a000000"], &(0x7f0000000100)='syzkaller\x00', 0x8, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x2, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffe4, 0x0, 0x0, 0x10, 0xca1}, 0x94) ioctl$SIOCGETMIFCNT_IN6(r7, 0x89e0, &(0x7f0000000300)={0x1}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r5, 0xc1205531, &(0x7f00000010c0)=""/4111) accept4(r3, 0x0, 0x0, 0x800) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) 9.638609349s ago: executing program 4 (id=2525): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) getrlimit(0x6, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet(0x2, 0x802, 0x1) connect$inet(r4, &(0x7f0000002780)={0x2, 0x4e22, @remote}, 0x10) setsockopt$inet_int(r4, 0x0, 0xc, 0x0, 0x0) write(r4, &(0x7f0000000440)="08008edf773c8000", 0x8) read(r4, &(0x7f0000000040)=""/25, 0x19) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000e50003000000000085100000fcffffff250000001000000007000000faffffff95"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c}, 0x94) 8.133794763s ago: executing program 0 (id=2526): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$rds(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1}, 0x0) 8.13315496s ago: executing program 5 (id=2527): syz_read_part_table(0x5e4, &(0x7f0000000600)="$eJzs3D+oHFUUB+DfzO7OvhcSnpWV4IMUBgWfkFIXo5A80wXRTtDWYkViZSG7SwQLjZWNvRZGIYhtCgUJajorER5aiNhbmMJwZefPrqJWT9TA9xUz95w795xZ5k65E+5uZS8p1Xq02ibHdT/4MckkWT3/RDLtUpN+ar3m2WvnL1zcv1RNN7l1dtnPTrcFm6Fw9vvRjXGuXjt84+13TlVZ5la96NLLZPJRk3F7a926d/9807erthb/uTOflu5BNPk6+fLRE/Nq1D789X56P7knO21wkGSU/rBMdtej5vj9r89urh7vx7vpd9qkixZ5oDzSz01SSil1FqeHlaPkvscOLv9V0Un++Dqs92Ipk5PD2nr7FszvNMM+PPvF94us7t9UbzuW0sVHu8nLR08/3NaquhoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPz/nHnlwc+aITjXHqs++uTJpz5Ivb10mfw6jPd3/qH+12c39668frnOq7MXv3nptR8Of8rPSUY5ODyZTDfXvdCdPn6zPY377L27x+0/v1M3H773+bZOX7pKvjr97e0y6tNHmwu295RZfdz2AAAAAAAAAAAAAAAAAAAA0Dp/4eL+pTrPJFWey/bv/iU7STV8CmAdlFLKL6WTnL0xnl9tcuVEN3/ru/6zAaX6ffVzyd6ppEzfemj4rMCyrTRuW1T/1q/k7/wWAAD//27mZ2s=") open(&(0x7f0000000140)='./file1\x00', 0x141242, 0x40) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = socket$unix(0x1, 0x5, 0x0) r2 = dup2(r1, r0) close_range(r2, 0xffffffffffffffff, 0x0) 7.064375265s ago: executing program 4 (id=2530): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0}], 0x1, 0x40800) sendmsg$NL80211_CMD_SET_BEACON(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003dc0)={0x550, 0x0, 0x300, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x42}}}}, [@NL80211_ATTR_FTM_RESPONDER={0x528, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x59, 0x3, "45a0bdf40cb535cdb888af8bd3b4742bf996665031b99b07bdbd1a2f10594dee36b142ae460a8f67d039b4e86c4c2553327a74c4ad07552e1b2a7ff1679e4c691a2e33e171c442ee284969ef25a3abddd811d63e43"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x21, 0x3, "4dacb7f9ccb3a83f1d09ad732bc4e9b7285e20c9ebe80ee51ea1810c32"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x45, 0x2, "8de64880a9bdcff7490ca6706ec79f52cbff08a92cf8dc4df4218ef5ec4fdd81e3c2fb62d9591ce858a77d87ace2711f4749b743517c62475bd4b5a41395815b52"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0xcd, 0x3, "cc05fd742d8e602cef156d81fe9b5eb04a1205783d8a7d8098e9312bf3425af2304ff4dcc7968fcc751daeda1892b94dcf91bca45f67b48055841264ecb0d6a04d3df2d5265675e67f25c85207429973e991736c334533646b36b336e2dbed3daa207276000d8dc4ac59f2f38ff129cfa3b452ff898a42b8c704b96f6f30afeaeac885f2e12a9abeada264bd46a195cda2fd5dd6c236823ca2aa5cf809c0f1cc048f1b3b627edd8c3094e9bdfb31aee6e4e4dca25bf2cad093c384c4f03cd1b9a7ab901ec763a2b9cb"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x381, 0x3, "b66fdf93d0e7b782a68431c34e18361b6fb0a638f2993c45ebaa9d99464ebcf771613c10107716b8e91cfb3cc194f151325fc71ea2feba5604a85a2043f09b58f6908f93991dde3b9ffbe5a420803375c32988919eb8eee71dea122cff9342829d64b9d3056dd688b73a2f6ea4201e9f69713869d67ae850f96e9e647a318001f69326af112817a1bf687535c672703afd75358e18acaa882835de20695fa526edbed52f4c7a0825e21a6be14477f2e91438e8f13fbabe86e8a2219d3481d4a60642b1e76404c193e6423dfedae1213340a4c2b241ca3de0a096c04bc3d31a8d9adc2ce9c7a50babd33b32512f8413b288e2e29d89c379efe41c74ed82c2bb92b065dffbce9b52360d2eabc60669d72a156d8240c01bec5c8f0977ca7d674c02f602dee15e5542b707767b8d241b35e5dccc23e0b0121e7c8645a9435ab4017cd4e126024a895c4a37c83a4176bb159b544d9cae5a1d2f61b51c39504964de9e6b447be80ced04072d6a3a9a80183e5c5c7daa34ebab5f9cc49059c4aee4f465f6ae12f65de2301e1eb1f74df04ee6f42def2a8dff42e1b3a97d259065d6ccbe293327773d5eb739eff96e9208d6abcb7a1f3849f4f9815e54fd45ead3ab153f522e661cd3b07f007510ec8a8c59247f83de548726a80db0d068804aa3f92eceea3a71765a81e7478d14c285347bfb78ad64c715f7adc3ad2ce06dac27c36bc5125d977d520e12d58826a95b36036c7962a7aeeca23f091ad560faabcfb096d0076362a3ceb5073b3a11ec3ac6e041a51fdf5a855ee501242926bdc445686cb1472427f7955526b4fde1977a42a5c47d1c6f71676e17901ca40b30299a21c1cb0b34e16c96119fd5e5e7e08769807f4e4f117c6d824832efb1cb0480e93d0fafbe988dbaab016449b9bfcc1a58a03527c5becdb5f4173934c678d23a3e8ca7dd84bc82c3aade7d81af8f214611994c90e7b2c4c52f2c46d52302256e254a58493033f23db6ca813899836ce90bf24a7eb08b973c97bc01786f147567bc0c5a1a13aa8e65af3e49cc19469e46bd14342c4420c98922040a107c6b342ce5daa1e8368394148f00d3a6c898c1b22319ad80fdfb4fd6381095fa78aac3dedc0ba973bc138f13f063d2ef5d125ed48cf1e4d774c915a46d0c95a8d1fb5cb00de06ddb814cc8212b6a91d5605b78ec49581af4932ac1b1bb0f450bd072cf1a3cfe3874e3fc6b4002c14d9e4a4fd23793714bd6388e74a188826e2fdf5db25def"}]}]}, 0x550}}, 0x40040a1) recvmsg$can_raw(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000ac0)=""/4096, 0x1000}], 0x1}, 0x40) 7.020075167s ago: executing program 5 (id=2531): r0 = socket(0x10, 0x803, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6_icmp(0xa, 0x2, 0x3a) syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x200cc84, &(0x7f0000000880)=ANY=[], 0x1, 0x22d, &(0x7f0000000400)="$eJzs3c1qE1EUAOAzbdok4qI7URBGXOiqqOC+IhXEgFCJoLuCXTWrZJNk0z6Gr+Bz6QNIV92UkTgzzZhO2iD9MfX7Njm5556Ze2eSmUDITRa5H/e+RquVxMpWbMVxEhuxEqXDAABuk+Msi59ZrtLcWKx6wW4AwD9lzv2/6mRebeL2DwBL6cOnz+9edTrbO2naijg6HHaH3fwxz79529l+lv62Ma06Gg67q6f55+nsZ4dJfi3uFPkXeX16ml6PiO56PH2c5ye51+876Z/1zfgyd9S+kQAAAAAAAAAAAAAAAAAAAAAAYLk9jLRUu77P5uZsvl3k82eV9YFm1u9pxINyfcDp8kDZwXVMCgAAAAAAAAAAAAAAAAAAAJbMYDTe3+319vrToBkR1ZZGTZ/5QVJseKHOVxF8v//y42QAi1WttOtTycxBmA3axTQrqZMsd9FOk+IQXe3RaNef3EWCaNzIibvEIL2sDTbL03w21Y7knPIsmwT174JyWYy55esRcf7Anuz87byOJ6/Qb4/6g1Fk53aeXiOa13UxAgAAAAAAAAAAAAAAAACA/1zlV99ntFZvYkQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcP0Go3H5L//j/d1eb68/GI33d1tF27SlLjiIiLsX9NnrD8p9rUXrZiYJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADArfcrAAD//8u5Gqc=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x84c00, 0x0, 0x0, 0x0, &(0x7f0000000000)) getresgid(0x0, 0x0, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETS(r6, 0x40045431, 0x0) read(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x840}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in=@broadcast, {}, {0x0, 0x0, 0x0, 0xfffffffffffffffd}, {}, 0x0, 0x0, 0x2}}}, 0xf8}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24008080}, 0x4040) 6.535151185s ago: executing program 3 (id=2533): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 6.043405973s ago: executing program 0 (id=2534): r0 = bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e0000000400000000000000000000000000702ff056ee36bd", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000000100"], 0x50) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) connect$unix(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x4) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000001600)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x14, 0x6, 0xff, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x0, 0x0, 0x1}}}}}}}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r3, &(0x7f0000000740)={0x1f, @none}, 0x8) listen(r3, 0x0) fcntl$dupfd(r0, 0x0, r1) accept4(r3, 0x0, 0x0, 0x80800) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0, 0x26}, 0x28) 5.871005821s ago: executing program 5 (id=2535): mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) r0 = syz_usb_connect$hid(0x5, 0x36, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000e40)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000b00)={0x20, 0x0, 0x4, {0x2, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 5.116118325s ago: executing program 3 (id=2536): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40, 0x1ff) execveat(r1, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x800) migrate_pages(0x0, 0x4, &(0x7f00000002c0)=0x7f, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000100)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, 0x0, 0x0) sendmmsg$inet(r4, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680), 0x0, 0x0, 0x0, 0x2000000}}], 0x1, 0x0) syz_clone(0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb) r6 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) pread64(r6, 0x0, 0x0, 0xa) ioctl$VIDIOC_S_INPUT(r6, 0xc0045627, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r7, 0x890b, &(0x7f0000000000)={0x4000000, {}, {0x2, 0x0, @empty}, {0x2, 0x0, @empty}, 0x2a0, 0x0, 0x0, 0x0, 0x20}) r8 = memfd_secret(0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) futimesat(r8, 0x0, 0x0) connect$ax25(r5, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48) mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, 0x0) 4.511724534s ago: executing program 0 (id=2538): r0 = fsopen(&(0x7f0000000240)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x1) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x800009c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000004c0)={0x3, 0x0, [{0x4000, 0xa4, &(0x7f0000000400)=""/164}, {0xf000, 0x46, &(0x7f0000000100)=""/70}, {0x4, 0x1b, &(0x7f00000001c0)=""/27}]}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r2, &(0x7f000001b700)=""/102400, 0x19000) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000540), 0x0, 0x0) ioctl$TCSETSW2(r3, 0x5453, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x5c}}, 0x20000000) sendmsg$IPSET_CMD_DESTROY(r4, 0x0, 0x44084) 3.740181414s ago: executing program 1 (id=2539): syz_mount_image$iso9660(&(0x7f0000000180), &(0x7f0000000280)='./file0\x00', 0x14806, &(0x7f00000000c0)=ANY=[@ANYRES32=0x0], 0x0, 0x700, &(0x7f0000000a40)="$eJzs3V2P21gZB/D/STJJJoWqAlStqm7ndMpKUzGkTmabKipIGOckY0jiyPbAjIS0KnRmNWqmQFskmpt2bniRli/A3d5wwYdYiQuu9lvAFUgrEBJiBUJGPrbzMnEykzadbtn/b7Qbx358zuNjr896xj4GERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERQVgNw6gItO3uzq6czWq4Tif5ksXU8qi0FdyMJm7Oq3MlrBcQ4T8oFvFWNPutr4xCLof/WsfV6NtVFMOPIgYXLl+6++VcJll/TsIvAosW+Pjp4MG9fn//0Rlis1i4+NcJmTMEtVTX9hy7Y7aUtD1H1ms149Z205NNu628Pc9XHWm5KuM7rtywbspKvb4lVXnP2em2GmZbJTPvfL1qGDX5nUK0owGUPWvbbrftbkvHhIvDmDvygx9EAcrsSHlw2N/fGsvnWVobh0GVlOQz48FhUPW0za0a1WqlUq1Warfrt+8YRm5qhhESxhCmIpZ+0NIbZrkncKKXkLEa/zH+JIA2iuhiB7uQqT8WGnDhoDNjeSzp/9+5pebWO97/J738ymjxFej+/1r07dqs/n9GLhJSr5C2RMyYv9jPis5I4jGeYoAHuIc++tjHoyWULSHXXrqEvBG35FLymfnTgkIXNjw4sNGBiRa+CBnPkaijhhoMvIdtNOFBogkbbSh42IMHHyo8ovJhpgomfDhwIbEBCzchUUEddWxBQqGMPTjYQRctNGDiX0EQHOBQt/tWnM/zlK1GElSZsREF5JLjbh/VOVs7q///4bNo7bj/N9j/f15Fx0Eh+vh4XgzRZ0AQX/8vaO3VZENEREREREREr4LQv30X+q/ybwMI0LTbypiIKby27IiIiIiIiIhoGQSCAq5CRHfl422I6et/IiIiIiIiInqzCf2MnQBQ0jf1i9HjUmf5JUD2HFIkIiIiIiIiopekn/y/lgcCfZf/GsRC1/9ERERERERE9Ab41dgY+7lsPMZukPxZPwNg7c8F8dHfCnBXxHFv96viyAyXmEdxzNQdAH7zirgYD9SrP/IA9DdLXRVxbRL4Z/Lbh9AnB+lj/T8PIkII90QC+ex4ATMSEGHNtVz8DR/gerTK9Xic+fuDDPSSaEThUtNuq7LltO9WYJoXM77a9X/28PDngDvczoPD/n75Rz/u39e5HIezjo/CQp9NpJNJb4xRLk/0eAv6mYu00Y1X0Uyq/HW3UxK6XiPZ/izMo8x4RfN2QG0ViLbyF1iP9tl6EMWWBsMR9wWwpgd/qJT1LpvYendFjLKonNzytB0xY8uLOosbUcyNjRvRR9ImYTkZUfxaFqiWp/fBRBbV8SxObwvx9xPtPz8LiGLYFlthFn8ICzqRxfc/ilbe6u0mw2OcJYupo4CI6HU5GPVCehDzqTH2k+4hOamdvd9BDojPcjN691EtQdx/JL37k98GUQ+VBXLx3ybSa0n6FYRn9A2hy8lHA7rnrqSc0Y3yp0EQmBeLGD+j/zcIkg0yFujdjoMgOHlG//3oHUhx2lNZ/DsIgrsV3ZP85kSv+mG4wocz6/Xa1SyKKODJ0U/0APih9/ff339YrW7VjHcN43YVK/p/FeKPLNj3EBHRlNPfsaMjMnMixLu4HpVx/f5f34mmJnq8L8W3FGi3gD7uYzN5hcBaeqklHOCb/4huQ9iMrlqB9VL0WRrIy5fuhle1w9hDkdNveNmceVWn+9IoVt/eUB3GJu8dOnkFOIrdesV7gYiI6Hytz+iHgYn+H5P9f3Gi/9/ERhSxcSX1urs0dkvhZnJ1PLykH1w4To2tnJ78t5bcGERERJ8Tyv1ElPxfCte1e+9V6vWK6W8r6TrWd6VrN1pK2l1fuda22W0p2XMd37Gctuy5KNirypPeTq/nuL5sOq7sOZ69q9/8LuNXv3uqY3Z92/J6bWV6SlpO1zctXzZsz5K9nW+3bW9buXplr6csu2lbpm87Xek5O66lylJ6So0F2g3V9e2mHU52Zc+1O6a7J7/ntHc6SjaUZ7l2z3eiApO67G7TcTu62DKChV90SERE9P/o8dPBg3v9/v6jkxOr4aV5NOcYM2KmJ/IpBXKMICIios+YUXe9wErFV5gQERERERERERERERERERERERERERERERFNOf2RvgUnVtIeFgSGc356MZ6D5xg9YjhVjsDL5vOp+0c9sN+LrJ5ZtNLkkYjBg4/nBK8O5yTNPx5zvEiluAS8cPv85QvABT0H0ZzcEg+A6edHl36MpU184yBq0VkxemHqosJwX+SW/59DOPHwd9OLRNjyQRAE81cvTLZh/uzHcw7Ao/ycXbB6yvFz3mciIjpv/wsAAP//eO06pA==") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) getdents64(r0, 0x0, 0x0) 3.73998114s ago: executing program 5 (id=2540): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, 0x39, 0x301, 0x270bd24, 0x25dfdbfa, {0x1}}, 0x14}}, 0x4000000) 3.729628444s ago: executing program 3 (id=2541): syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a327172040201b655a290102030109021b0801000010000904e800017c577a00090582"], 0x0) 3.45196354s ago: executing program 5 (id=2542): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10) sendmmsg$inet(r3, &(0x7f0000003cc0)=[{{&(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000d40)=[@ip_retopts={{0x14, 0x0, 0x7, {[@ra={0x94, 0x4}]}}}], 0x18}}], 0x1, 0x44008004) write$binfmt_misc(r3, &(0x7f0000000300), 0xfdef) 3.059652788s ago: executing program 1 (id=2543): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2ff8}], 0x0, 0x0, 0x0}) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000005180)={0x2020}, 0x2020) 2.913384787s ago: executing program 1 (id=2544): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @random="bb7fb37b9489", 'bond0\x00'}}, 0x1e) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x2, @multicast, 'wlan1\x00'}}, 0x1e) 2.337359825s ago: executing program 0 (id=2545): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x0, 0x0, &(0x7f0000000480)='syzkaller\x00'}, 0x94) 2.127379398s ago: executing program 5 (id=2546): openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) connect$inet(r4, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) sendto$inet(r4, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0) splice(r4, 0x0, r3, 0x0, 0xfea8, 0xa) 1.196101533s ago: executing program 0 (id=2547): r0 = bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e0000000400000000000000000000000000702ff056ee36bd", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000000100"], 0x50) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) connect$unix(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x4) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000001600)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x14, 0x6, 0xff, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x0, 0x0, 0x1}}}}}}}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r3, &(0x7f0000000740)={0x1f, @none}, 0x8) listen(r3, 0x0) fcntl$dupfd(r0, 0x0, r1) accept4(r3, 0x0, 0x0, 0x80800) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[], 0x0, 0x26}, 0x28) 1.195838247s ago: executing program 1 (id=2548): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioprio_get$pid(0x2, 0xffffffffffffffff) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) read(r1, &(0x7f00000003c0)=""/4096, 0x1000) 563.393853ms ago: executing program 3 (id=2549): syz_mount_image$bfs(&(0x7f0000000140), &(0x7f0000000100)='./bus\x00', 0x80, &(0x7f0000000180)=ANY=[], 0x1, 0xb0, &(0x7f0000000500)="$eJzs1z9KA0EcBeC3i/in0QN4hz2BIB5FrEQ7K0XIiXKVHCFtqhRp00wIky3CErKkWQLfBzPwm1fMFNO8xXb+nMekzJJym73S+/n9+3r/rnsGmuERV6fNZ+6S3Kf+gTbJ+q1mTeq83Px/9CvJzdRvBgAALtOmy+vqaO5y6APnjaoCLw8no/I06hoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACACe0CAAD//73NIaI=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0) 254.032299ms ago: executing program 1 (id=2550): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40, 0x1ff) execveat(r1, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x800) migrate_pages(0x0, 0x4, &(0x7f00000002c0)=0x7f, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000100)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, 0x0, 0x0) sendmmsg$inet(r4, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680), 0x0, 0x0, 0x0, 0x2000000}}], 0x1, 0x0) syz_clone(0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb) r6 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) pread64(r6, 0x0, 0x0, 0xa) ioctl$VIDIOC_S_INPUT(r6, 0xc0045627, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r7, 0x890b, &(0x7f0000000000)={0x4000000, {}, {0x2, 0x0, @empty}, {0x2, 0x0, @empty}, 0x2a0, 0x0, 0x0, 0x0, 0x20}) r8 = memfd_secret(0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) futimesat(r8, 0x0, 0x0) connect$ax25(r5, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48) mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, 0x0) 148.583559ms ago: executing program 0 (id=2551): mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000080)=ANY=[], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000e40)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000b00)={0x20, 0x0, 0x4, {0x2, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 72.432905ms ago: executing program 1 (id=2552): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000540)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r3, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0) 0s ago: executing program 3 (id=2553): r0 = syz_usb_connect$cdc_ncm(0x2, 0x7a, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) chdir(0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f00000003c0)={[{@nodiscard}, {}, {@background_gc_on}, {@alloc_mode_reuse}, {@noquota}, {@disable_roll_forward}, {@gc_merge}, {@nouser_xattr}, {@checkpoint_diasble}, {@user_xattr}, {@fsync_mode_strict}, {@adaptive_mode}, {@block_mode}, {@noinline_dentry}]}, 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1811b000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x183341, 0x2) ioctl$F2FS_IOC_SET_PIN_FILE(r4, 0x4004f50d, &(0x7f0000000180)=0xfffffff9) r5 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) fallocate(r5, 0x0, 0xfc01, 0x1000f4) creat(0x0, 0x0) kernel console output (not intermixed with test programs): 0x27a/0x6a0 [ 669.180409][ T6904] __submit_merged_write_cond+0x255/0x530 [ 669.180439][ T6904] f2fs_write_data_pages+0x261d/0x3000 [ 669.180502][ T6904] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 669.180623][ T6904] ? f2fs_write_meta_pages+0x357/0x450 [ 669.180659][ T6904] ? __lock_acquire+0xab9/0xd20 [ 669.180686][ T6904] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 669.180710][ T6904] do_writepages+0x32e/0x550 [ 669.180739][ T6904] ? reacquire_held_locks+0x127/0x1d0 [ 669.180761][ T6904] ? writeback_sb_inodes+0x384/0x1010 [ 669.180796][ T6904] __writeback_single_inode+0x145/0xff0 [ 669.180819][ T6904] ? do_raw_spin_unlock+0x122/0x240 [ 669.180842][ T6904] writeback_sb_inodes+0x6c7/0x1010 [ 669.180905][ T6904] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 669.180979][ T6904] ? rcu_is_watching+0x15/0xb0 [ 669.181013][ T6904] wb_writeback+0x43b/0xaf0 [ 669.181048][ T6904] ? queue_io+0x3d1/0x590 [ 669.181074][ T6904] ? __pfx_wb_writeback+0x10/0x10 [ 669.181108][ T6904] ? _raw_spin_unlock_irq+0x23/0x50 [ 669.181137][ T6904] wb_workfn+0x409/0xef0 [ 669.181178][ T6904] ? __pfx_wb_workfn+0x10/0x10 [ 669.181203][ T6904] ? __lock_acquire+0xab9/0xd20 [ 669.181239][ T6904] ? process_scheduled_works+0x9ef/0x17b0 [ 669.181269][ T6904] ? _raw_spin_unlock_irq+0x23/0x50 [ 669.181291][ T6904] ? process_scheduled_works+0x9ef/0x17b0 [ 669.181312][ T6904] ? process_scheduled_works+0x9ef/0x17b0 [ 669.181336][ T6904] process_scheduled_works+0xae1/0x17b0 [ 669.181391][ T6904] ? __pfx_process_scheduled_works+0x10/0x10 [ 669.181430][ T6904] worker_thread+0x8a0/0xda0 [ 669.181455][ T6904] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 669.181485][ T6904] ? __kthread_parkme+0x7b/0x200 [ 669.181517][ T6904] kthread+0x70e/0x8a0 [ 669.181536][ T6904] ? __pfx_worker_thread+0x10/0x10 [ 669.181553][ T6904] ? __pfx_kthread+0x10/0x10 [ 669.181573][ T6904] ? _raw_spin_unlock_irq+0x23/0x50 [ 669.181593][ T6904] ? lockdep_hardirqs_on+0x9c/0x150 [ 669.181614][ T6904] ? __pfx_kthread+0x10/0x10 [ 669.181631][ T6904] ret_from_fork+0x3fc/0x770 [ 669.181657][ T6904] ? __pfx_ret_from_fork+0x10/0x10 [ 669.181684][ T6904] ? __switch_to_asm+0x39/0x70 [ 669.181700][ T6904] ? __switch_to_asm+0x33/0x70 [ 669.181715][ T6904] ? __pfx_kthread+0x10/0x10 [ 669.181733][ T6904] ret_from_fork_asm+0x1a/0x30 [ 669.181770][ T6904] [ 669.181778][ T6904] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 669.195191][T11921] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1716'. [ 671.202467][ T9214] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 672.030639][T11955] loop0: detected capacity change from 0 to 16 [ 672.051000][T11956] tipc: Enabling of bearer rejected, already enabled [ 672.111081][T11955] erofs (device loop0): mounted with root inode @ nid 36. [ 672.125525][T11953] loop1: detected capacity change from 0 to 40427 [ 672.137207][T11953] F2FS-fs (loop1): invalid crc value [ 672.145369][ T9214] usb 3-1: not running at top speed; connect to a high speed hub [ 672.163120][ T9214] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 672.222062][ T9214] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 672.237143][T11953] F2FS-fs (loop1): Start checkpoint disabled! [ 672.243798][ T9214] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 672.256813][ T9214] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 672.272451][ T9214] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 672.285811][T11953] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 672.298608][ T9214] usb 3-1: Product: syz [ 672.305040][ T9214] usb 3-1: Manufacturer: syz [ 672.499913][ T9214] usb 3-1: SerialNumber: syz [ 673.597250][T11969] syz.0.1727: attempt to access beyond end of device [ 673.597250][T11969] loop0: rw=0, sector=1259035608, nr_sectors = 8 limit=16 [ 673.664202][T11969] erofs (device loop0): read error -5 @ 87 of nid 36 [ 674.162645][T11969] erofs (device loop0): failed to readdir of logical block 87 of nid 36 [ 674.657600][ T9214] usb 3-1: 0:2 : does not exist [ 674.681999][ T9214] usb 3-1: USB disconnect, device number 6 [ 674.857894][ T7611] kworker/u8:16: attempt to access beyond end of device [ 674.857894][ T7611] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 674.912377][ T7611] CPU: 1 UID: 0 PID: 7611 Comm: kworker/u8:16 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 674.912403][ T7611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 674.912415][ T7611] Workqueue: writeback wb_workfn (flush-7:1) [ 674.912446][ T7611] Call Trace: [ 674.912454][ T7611] [ 674.912462][ T7611] dump_stack_lvl+0x189/0x250 [ 674.912492][ T7611] ? __pfx_dump_stack_lvl+0x10/0x10 [ 674.912513][ T7611] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 674.912535][ T7611] ? __pfx_queue_work_on+0x10/0x10 [ 674.912558][ T7611] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 674.912578][ T7611] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 674.912600][ T7611] ? f2fs_hw_is_readonly+0x39b/0x470 [ 674.912626][ T7611] f2fs_handle_critical_error+0x37c/0x540 [ 674.912653][ T7611] f2fs_write_end_io+0x495/0x810 [ 674.912676][ T7611] ? blkg_put+0x22/0x240 [ 674.912710][ T7611] __submit_merged_bio+0x27a/0x6a0 [ 674.912737][ T7611] __submit_merged_write_cond+0x255/0x530 [ 674.912764][ T7611] f2fs_write_data_pages+0x261d/0x3000 [ 674.912796][ T7611] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 674.912850][ T7611] ? f2fs_write_meta_pages+0x357/0x450 [ 674.912868][ T7611] ? __lock_acquire+0xab9/0xd20 [ 674.912883][ T7611] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 674.912896][ T7611] do_writepages+0x32e/0x550 [ 674.912912][ T7611] ? reacquire_held_locks+0x127/0x1d0 [ 674.912924][ T7611] ? writeback_sb_inodes+0x384/0x1010 [ 674.912942][ T7611] __writeback_single_inode+0x145/0xff0 [ 674.912955][ T7611] ? do_raw_spin_unlock+0x122/0x240 [ 674.912967][ T7611] writeback_sb_inodes+0x6c7/0x1010 [ 674.912994][ T7611] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 674.913029][ T7611] ? rcu_is_watching+0x15/0xb0 [ 674.913047][ T7611] wb_writeback+0x43b/0xaf0 [ 674.913064][ T7611] ? queue_io+0x3d1/0x590 [ 674.913078][ T7611] ? __pfx_wb_writeback+0x10/0x10 [ 674.913095][ T7611] ? _raw_spin_unlock_irq+0x23/0x50 [ 674.913110][ T7611] wb_workfn+0x409/0xef0 [ 674.913130][ T7611] ? __pfx_wb_workfn+0x10/0x10 [ 674.913143][ T7611] ? __lock_acquire+0xab9/0xd20 [ 674.913160][ T7611] ? process_scheduled_works+0x9ef/0x17b0 [ 674.913185][ T7611] ? _raw_spin_unlock_irq+0x23/0x50 [ 674.913197][ T7611] ? process_scheduled_works+0x9ef/0x17b0 [ 674.913208][ T7611] ? process_scheduled_works+0x9ef/0x17b0 [ 674.913221][ T7611] process_scheduled_works+0xae1/0x17b0 [ 674.913248][ T7611] ? __pfx_process_scheduled_works+0x10/0x10 [ 674.913269][ T7611] worker_thread+0x8a0/0xda0 [ 674.913296][ T7611] kthread+0x70e/0x8a0 [ 674.913308][ T7611] ? __pfx_worker_thread+0x10/0x10 [ 674.913319][ T7611] ? __pfx_kthread+0x10/0x10 [ 674.913330][ T7611] ? _raw_spin_unlock_irq+0x23/0x50 [ 674.913341][ T7611] ? lockdep_hardirqs_on+0x9c/0x150 [ 674.913358][ T7611] ? __pfx_kthread+0x10/0x10 [ 674.913368][ T7611] ret_from_fork+0x3fc/0x770 [ 674.913382][ T7611] ? __pfx_ret_from_fork+0x10/0x10 [ 674.913397][ T7611] ? __switch_to_asm+0x39/0x70 [ 674.913405][ T7611] ? __switch_to_asm+0x33/0x70 [ 674.913414][ T7611] ? __pfx_kthread+0x10/0x10 [ 674.913423][ T7611] ret_from_fork_asm+0x1a/0x30 [ 674.913441][ T7611] [ 674.914002][ T7611] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 676.320383][T11996] tipc: Enabling of bearer rejected, already enabled [ 679.832132][ T120] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 680.020364][ T120] usb 2-1: not running at top speed; connect to a high speed hub [ 680.068543][ T120] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 680.110219][ T120] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 680.186648][ T120] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 681.041488][ T120] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 681.165822][ T120] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 681.175452][ T120] usb 2-1: Product: syz [ 681.179644][ T120] usb 2-1: Manufacturer: syz [ 681.189383][ T120] usb 2-1: SerialNumber: syz [ 681.400825][T12051] loop3: detected capacity change from 0 to 256 [ 682.302070][T12056] tipc: Enabling of bearer rejected, already enabled [ 683.225560][T12067] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1758'. [ 683.344007][T12070] random: crng reseeded on system resumption [ 685.762903][ T120] usb 2-1: 0:2 : does not exist [ 686.096836][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.117687][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.295140][ T120] usb 2-1: USB disconnect, device number 6 [ 687.259758][T12083] overlayfs: failed to clone upperpath [ 688.403421][T12096] tipc: Enabling of bearer rejected, already enabled [ 693.448216][T12134] loop1: detected capacity change from 0 to 32768 [ 693.506097][T12134] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 693.546580][T12134] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 693.809626][ T5836] ocfs2: Unmounting device (7,1) on (node local) [ 695.686754][T12158] tipc: Enabling of bearer rejected, already enabled [ 695.951639][T12144] loop0: detected capacity change from 0 to 32768 [ 695.994315][T12144] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1780 (12144) [ 696.826491][T12144] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 696.963437][T12144] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm [ 697.048529][T12144] BTRFS info (device loop0): using free-space-tree [ 697.166334][T12144] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 697.215004][T12144] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 697.382599][T12144] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 697.600343][T12144] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 697.685979][T12144] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 697.755189][T12144] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 697.774664][T12144] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 697.787368][T12144] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 697.798329][T12144] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 697.844671][T12144] BTRFS error (device loop0): open_ctree failed: -12 [ 697.893563][T12190] netlink: 'syz.3.1791': attribute type 1 has an invalid length. [ 699.215499][T12218] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 699.533018][T12222] tipc: Enabling of bearer rejected, already enabled [ 700.193611][T12227] vcan0 speed is unknown, defaulting to 1000 [ 700.203315][T12227] vcan0 speed is unknown, defaulting to 1000 [ 700.211778][T12227] vcan0 speed is unknown, defaulting to 1000 [ 701.833759][T12227] infiniband syz1: set active [ 701.847978][T12227] infiniband syz1: added vcan0 [ 701.849787][T12260] sp0: Synchronizing with TNC [ 701.853733][ T5824] vcan0 speed is unknown, defaulting to 1000 [ 701.863142][T12227] syz1: rxe_create_cq: returned err = -12 [ 701.931353][T12270] overlayfs: failed to clone upperpath [ 702.110964][T12227] infiniband syz1: Couldn't create ib_mad CQ [ 702.480743][T12227] infiniband syz1: Couldn't open port 1 [ 702.987736][T12278] loop9: detected capacity change from 0 to 7 [ 703.003380][T12278] buffer_io_error: 4 callbacks suppressed [ 703.009412][T12278] Buffer I/O error on dev loop9, logical block 0, async page read [ 703.020275][T12278] Buffer I/O error on dev loop9, logical block 0, async page read [ 703.030671][T12278] Buffer I/O error on dev loop9, logical block 0, async page read [ 703.040772][T12278] Buffer I/O error on dev loop9, logical block 0, async page read [ 703.052879][T12278] Buffer I/O error on dev loop9, logical block 0, async page read [ 703.063497][T12278] Buffer I/O error on dev loop9, logical block 0, async page read [ 703.074460][T12278] Buffer I/O error on dev loop9, logical block 0, async page read [ 703.085169][T12278] ldm_validate_partition_table(): Disk read failed. [ 703.093166][T12278] Buffer I/O error on dev loop9, logical block 0, async page read [ 703.104619][T12278] Buffer I/O error on dev loop9, logical block 0, async page read [ 703.114673][T12278] Buffer I/O error on dev loop9, logical block 0, async page read [ 703.125736][T12278] Dev loop9: unable to read RDB block 0 [ 703.138828][T12278] loop9: unable to read partition table [ 703.148468][T12278] loop9: partition table beyond EOD, truncated [ 703.154976][T12278] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 703.154976][T12278] ) failed (rc=-5) [ 704.185396][T12227] RDS/IB: syz1: added [ 704.202024][T12227] smc: adding ib device syz1 with port count 1 [ 704.226095][T12227] smc: ib device syz1 port 1 has pnetid [ 704.243479][ T120] vcan0 speed is unknown, defaulting to 1000 [ 704.269713][T12227] vcan0 speed is unknown, defaulting to 1000 [ 704.305269][T12287] Driver unsupported XDP return value 0 on prog (id 385) dev N/A, expect packet loss! [ 704.633516][T12295] tipc: Enabling of bearer rejected, already enabled [ 706.650866][T12314] overlayfs: failed to clone upperpath [ 707.505117][T12322] netlink: 'syz.1.1824': attribute type 1 has an invalid length. [ 707.651119][T12227] vcan0 speed is unknown, defaulting to 1000 [ 709.008582][T12343] loop0: detected capacity change from 0 to 256 [ 709.248002][T12344] tipc: Enabling of bearer rejected, already enabled [ 711.821753][T12227] vcan0 speed is unknown, defaulting to 1000 [ 712.759294][T12367] loop3: detected capacity change from 0 to 4096 [ 712.788348][T12373] netlink: 'syz.0.1840': attribute type 1 has an invalid length. [ 712.843266][T12375] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 712.937375][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 712.937393][ T30] audit: type=1800 audit(2000000605.743:186): pid=12367 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1837" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 713.211480][T12227] vcan0 speed is unknown, defaulting to 1000 [ 715.007833][T12394] tipc: Enabling of bearer rejected, already enabled [ 716.161990][T12227] vcan0 speed is unknown, defaulting to 1000 [ 716.840966][T12413] netlink: 'syz.1.1852': attribute type 1 has an invalid length. [ 717.159247][T10446] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 717.169982][T10446] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 717.180125][T10446] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 717.189183][T10446] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 717.203614][T10446] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 717.364871][T12424] vcan0 speed is unknown, defaulting to 1000 [ 717.532206][T12429] loop0: detected capacity change from 0 to 256 [ 718.697819][T12429] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 719.289876][T10446] Bluetooth: hci5: command tx timeout [ 719.879448][T12440] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1860'. [ 719.888666][T12440] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1860'. [ 720.454846][T12445] overlayfs: failed to clone upperpath [ 721.352017][T10446] Bluetooth: hci5: command tx timeout [ 721.777509][T12250] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 721.972237][T12459] kAFS: No cell specified [ 722.416883][T12463] loop1: detected capacity change from 0 to 128 [ 722.426523][T12463] zonefs: Bad value for 'errors' [ 722.825013][T12456] veth0: entered promiscuous mode [ 722.830312][T12456] veth0: left promiscuous mode [ 723.179056][T12250] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 723.429672][T10446] Bluetooth: hci5: command tx timeout [ 724.046328][T12250] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 724.157762][T12486] overlayfs: failed to clone upperpath [ 724.194549][T12424] chnl_net:caif_netlink_parms(): no params data found [ 725.142317][T12250] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.518367][T10446] Bluetooth: hci5: command tx timeout [ 726.265721][T12505] netlink: 'syz.0.1879': attribute type 1 has an invalid length. [ 726.355424][T12507] kAFS: No cell specified [ 727.388973][T12424] bridge0: port 1(bridge_slave_0) entered blocking state [ 727.407480][T12424] bridge0: port 1(bridge_slave_0) entered disabled state [ 727.429069][T12424] bridge_slave_0: entered allmulticast mode [ 727.455664][T12424] bridge_slave_0: entered promiscuous mode [ 727.534302][T12424] bridge0: port 2(bridge_slave_1) entered blocking state [ 727.561293][T12424] bridge0: port 2(bridge_slave_1) entered disabled state [ 727.584116][T12424] bridge_slave_1: entered allmulticast mode [ 727.606595][T12424] bridge_slave_1: entered promiscuous mode [ 727.673944][T12522] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1883'. [ 727.840953][T12424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 727.931409][T12424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 729.922094][T12547] overlayfs: failed to clone upperpath [ 731.130552][T12552] slcan: can't register candev [ 731.135533][T12552] Falling back ldisc for ttyS3. [ 731.895642][T12562] loop3: detected capacity change from 0 to 32768 [ 731.902626][T12562] XFS: ikeep mount option is deprecated. [ 731.940276][T12562] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 732.009175][T12562] XFS (loop3): Ending clean mount [ 732.016196][T12562] XFS (loop3): Quotacheck needed: Please wait. [ 732.051573][T12562] XFS (loop3): Quotacheck: Done. [ 733.799197][ T5846] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 733.938141][T12250] bond0 (unregistering): Released all slaves [ 734.174043][T12250] bond1 (unregistering): Released all slaves [ 734.302975][T12424] team0: Port device team_slave_0 added [ 734.319231][T12424] team0: Port device team_slave_1 added [ 734.872862][T12250] tipc: Disabling bearer [ 735.220229][T12250] tipc: Left network mode [ 735.224963][T12424] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 735.234961][T12424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 735.266689][T12424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 735.296502][T12424] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 735.306837][T12424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 735.384274][T12424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 735.721152][T12593] syz.1.1902 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 736.748125][T12424] hsr_slave_0: entered promiscuous mode [ 736.755264][T12424] hsr_slave_1: entered promiscuous mode [ 736.765233][T12424] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 736.783567][T12604] loop0: detected capacity change from 0 to 512 [ 736.798788][T12424] Cannot create hsr debugfs directory [ 736.872236][T12587] loop3: detected capacity change from 0 to 32768 [ 736.887887][T12604] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.1906: casefold flag without casefold feature [ 736.903810][T12587] btrfs: Deprecated parameter 'usebackuproot' [ 736.940713][T12587] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 736.956341][T12587] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1900 (12587) [ 737.013774][T12604] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.1906: couldn't read orphan inode 15 (err -117) [ 737.072681][T12604] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 737.088648][T12587] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 737.102827][T12587] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 737.114032][T12587] BTRFS info (device loop3): using free-space-tree [ 737.804698][T12268] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 737.871136][T12587] BTRFS error (device loop3): failed to load root extent [ 737.898806][T12587] BTRFS warning (device loop3): try to load backup roots slot 1 [ 737.909524][T12268] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 737.953520][ T5831] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 737.999423][T12587] BTRFS warning (device loop3): couldn't read tree root [ 738.006405][T12587] BTRFS warning (device loop3): try to load backup roots slot 2 [ 738.040139][T12268] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 738.092251][T12587] BTRFS warning (device loop3): couldn't read tree root [ 738.261534][T12424] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 738.269526][T12587] BTRFS warning (device loop3): try to load backup roots slot 3 [ 738.825413][T12424] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 739.040799][T12424] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 739.136215][T12587] BTRFS error (device loop3): open_ctree failed: -4 [ 739.234279][T12250] hsr_slave_0: left promiscuous mode [ 739.267100][T12250] hsr_slave_1: left promiscuous mode [ 740.219243][T12250] veth1_macvtap: left promiscuous mode [ 740.244085][T12250] veth0_macvtap: left promiscuous mode [ 740.250334][T12250] veth1_vlan: left promiscuous mode [ 740.256231][T12250] veth0_vlan: left promiscuous mode [ 742.210839][T12661] loop3: detected capacity change from 0 to 512 [ 742.239850][T12661] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.1916: casefold flag without casefold feature [ 742.273706][T12661] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.1916: couldn't read orphan inode 15 (err -117) [ 742.311315][T12661] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 743.317639][ T5846] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 743.777920][T12671] loop3: detected capacity change from 0 to 256 [ 743.797845][ T49] smc: removing ib device syz1 [ 743.827466][T12424] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 744.588161][ T9] vcan0 speed is unknown, defaulting to 1000 [ 744.595434][ T9] syz1: Port: 1 Link DOWN [ 746.221311][T12424] 8021q: adding VLAN 0 to HW filter on device bond0 [ 746.430267][T12424] 8021q: adding VLAN 0 to HW filter on device team0 [ 746.477537][T12268] bridge0: port 1(bridge_slave_0) entered blocking state [ 746.484765][T12268] bridge0: port 1(bridge_slave_0) entered forwarding state [ 746.680429][T12268] bridge0: port 2(bridge_slave_1) entered blocking state [ 746.687582][T12268] bridge0: port 2(bridge_slave_1) entered forwarding state [ 747.408736][T12714] loop0: detected capacity change from 0 to 256 [ 747.643628][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.650997][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 749.912308][T12424] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 751.101753][T12736] netlink: 'syz.4.1933': attribute type 39 has an invalid length. [ 753.226405][T12760] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 753.256431][T12424] veth0_vlan: entered promiscuous mode [ 754.000656][T12424] veth1_vlan: entered promiscuous mode [ 754.106516][T12424] veth0_macvtap: entered promiscuous mode [ 754.168116][T12424] veth1_macvtap: entered promiscuous mode [ 754.248974][T12424] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 754.271873][T12424] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 754.295246][ T49] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 754.313637][ T49] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 754.329248][ T49] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 754.354022][ T49] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 754.418155][T12249] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 754.463170][T12249] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 754.589220][T12250] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 754.664032][T12250] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 757.027066][ T5930] IPVS: starting estimator thread 0... [ 757.073307][T12788] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 757.128050][T12791] IPVS: using max 50 ests per chain, 120000 per kthread [ 759.864998][T12813] loop1: detected capacity change from 0 to 128 [ 759.879177][T12813] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 759.946147][T12818] loop5: detected capacity change from 0 to 256 [ 760.820513][T12813] FAT-fs (loop1): FAT read failed (blocknr 128) [ 761.635708][ T5930] IPVS: starting estimator thread 0... [ 761.635932][T12831] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 761.750541][T12837] IPVS: using max 50 ests per chain, 120000 per kthread [ 761.894639][ T5902] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 761.907540][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 762.012240][T12845] loop9: detected capacity change from 0 to 7 [ 762.019544][T12845] buffer_io_error: 4 callbacks suppressed [ 762.019600][T12845] Buffer I/O error on dev loop9, logical block 0, async page read [ 762.033483][T12845] Buffer I/O error on dev loop9, logical block 0, async page read [ 762.041718][T12845] Buffer I/O error on dev loop9, logical block 0, async page read [ 762.049844][T12845] Buffer I/O error on dev loop9, logical block 0, async page read [ 762.058013][T12845] Buffer I/O error on dev loop9, logical block 0, async page read [ 762.066979][T12845] Buffer I/O error on dev loop9, logical block 0, async page read [ 762.075473][T12845] Buffer I/O error on dev loop9, logical block 0, async page read [ 762.083720][T12845] ldm_validate_partition_table(): Disk read failed. [ 762.090713][T12845] Buffer I/O error on dev loop9, logical block 0, async page read [ 762.099044][T12845] Buffer I/O error on dev loop9, logical block 0, async page read [ 762.107381][T12845] Buffer I/O error on dev loop9, logical block 0, async page read [ 762.115849][T12845] Dev loop9: unable to read RDB block 0 [ 762.122521][T12845] loop9: unable to read partition table [ 762.128524][T12845] loop9: partition table beyond EOD, truncated [ 762.134768][T12845] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 762.134768][T12845] ) failed (rc=-5) [ 762.947305][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 762.997432][ T5902] usb 2-1: Using ep0 maxpacket: 32 [ 763.004989][ T5902] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 147, changing to 11 [ 763.016271][ T5902] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 42046, setting to 1024 [ 763.034540][ T5902] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 763.651489][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 763.731955][ T5902] usb 2-1: config 0 descriptor?? [ 763.737567][T12833] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 763.746038][ T5902] hub 2-1:0.0: USB hub found [ 763.987360][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 764.069254][ T5902] hub 2-1:0.0: 1 port detected [ 765.027300][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 765.469137][ T9214] hub 2-1:0.0: hub_ext_port_status failed (err = -71) [ 765.507674][ T9214] usb 2-1-port1: connect-debounce failed [ 765.519684][ T5902] usb 2-1: USB disconnect, device number 7 [ 766.067202][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 766.506867][T12875] loop5: detected capacity change from 0 to 256 [ 767.107099][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 768.157005][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 769.196948][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 770.226902][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 771.266883][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 771.478147][T10446] Bluetooth: hci5: unexpected cc 0x0c2d length: 69 > 4 [ 772.212026][T12931] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 772.243777][T12931] overlayfs: failed to set xattr on upper [ 772.292670][T12931] overlayfs: ...falling back to redirect_dir=nofollow. [ 772.306783][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 772.335512][T12931] overlayfs: ...falling back to index=off. [ 772.369498][T12931] overlayfs: ...falling back to uuid=null. [ 773.356735][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 774.387245][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 775.426701][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 776.476555][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 776.477813][T12975] loop9: detected capacity change from 0 to 7 [ 776.497440][T12975] buffer_io_error: 4 callbacks suppressed [ 776.504088][T12975] Buffer I/O error on dev loop9, logical block 0, async page read [ 776.514617][T12975] Buffer I/O error on dev loop9, logical block 0, async page read [ 776.524666][T12975] Buffer I/O error on dev loop9, logical block 0, async page read [ 776.534168][T12975] Buffer I/O error on dev loop9, logical block 0, async page read [ 776.545124][T12975] Buffer I/O error on dev loop9, logical block 0, async page read [ 776.556673][T12975] Buffer I/O error on dev loop9, logical block 0, async page read [ 776.569758][T12975] Buffer I/O error on dev loop9, logical block 0, async page read [ 776.579810][T12975] ldm_validate_partition_table(): Disk read failed. [ 776.588091][T12975] Buffer I/O error on dev loop9, logical block 0, async page read [ 776.598098][T12975] Buffer I/O error on dev loop9, logical block 0, async page read [ 776.609303][T12975] Buffer I/O error on dev loop9, logical block 0, async page read [ 776.621635][T12975] Dev loop9: unable to read RDB block 0 [ 776.635616][T12975] loop9: unable to read partition table [ 776.645277][T12975] loop9: partition table beyond EOD, truncated [ 776.651783][T12975] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 776.651783][T12975] ) failed (rc=-5) [ 777.506591][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 777.897261][ T5930] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 778.051956][ T5930] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 778.080267][ T5930] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 778.095312][ T5930] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 778.116856][ T5930] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 778.141651][ T5930] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 778.154350][ T5930] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 778.209151][ T5930] usb 1-1: config 0 descriptor?? [ 778.216047][T12980] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 778.546430][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 778.671964][ T5930] plantronics 0003:047F:FFFF.0003: reserved main item tag 0xd [ 778.754245][ T5930] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 779.586376][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 779.707939][T13003] loop3: detected capacity change from 0 to 2048 [ 779.897738][T13003] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 779.955020][ T30] audit: type=1800 audit(2000000672.767:187): pid=13003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2016" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 780.244015][ T9] usb 1-1: reset high-speed USB device number 10 using dummy_hcd [ 780.626364][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 780.648634][ T5846] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 781.235905][ T5824] usb 1-1: USB disconnect, device number 10 [ 781.608612][T13027] loop9: detected capacity change from 0 to 7 [ 781.617559][T13027] buffer_io_error: 4 callbacks suppressed [ 781.617575][T13027] Buffer I/O error on dev loop9, logical block 0, async page read [ 781.632617][T13027] Buffer I/O error on dev loop9, logical block 0, async page read [ 781.641271][T13027] Buffer I/O error on dev loop9, logical block 0, async page read [ 781.650386][T13027] Buffer I/O error on dev loop9, logical block 0, async page read [ 781.659602][T13027] Buffer I/O error on dev loop9, logical block 0, async page read [ 781.668184][T13027] Buffer I/O error on dev loop9, logical block 0, async page read [ 781.676274][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 781.676375][T13027] Buffer I/O error on dev loop9, logical block 0, async page read [ 781.702048][T13027] ldm_validate_partition_table(): Disk read failed. [ 781.709116][T13027] Buffer I/O error on dev loop9, logical block 0, async page read [ 781.718372][T13027] Buffer I/O error on dev loop9, logical block 0, async page read [ 781.737176][T13027] Buffer I/O error on dev loop9, logical block 0, async page read [ 781.746735][T13027] Dev loop9: unable to read RDB block 0 [ 781.753899][T13027] loop9: unable to read partition table [ 781.760459][T13027] loop9: partition table beyond EOD, truncated [ 781.766840][T13027] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 781.766840][T13027] ) failed (rc=-5) [ 782.497238][T13029] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2023'. [ 782.506301][T13029] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2023'. [ 782.706451][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 783.746149][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 784.372198][ T9214] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 784.490840][T13051] netlink: 'syz.4.2028': attribute type 1 has an invalid length. [ 784.556258][ T9214] usb 4-1: Using ep0 maxpacket: 32 [ 784.631232][ T9214] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 147, changing to 11 [ 784.646159][ T9214] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 42046, setting to 1024 [ 784.657567][ T9214] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 784.667315][ T9214] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 784.698692][ T9214] usb 4-1: config 0 descriptor?? [ 784.782564][T13038] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 784.789827][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 784.826793][ T9214] hub 4-1:0.0: USB hub found [ 784.980159][T13056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 784.990184][ T5921] IPVS: starting estimator thread 0... [ 785.076087][ T9214] hub 4-1:0.0: 1 port detected [ 785.136161][T13058] IPVS: using max 50 ests per chain, 120000 per kthread [ 785.826013][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 786.373468][ T9214] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 786.373782][ T9] usb 4-1: USB disconnect, device number 5 [ 786.865966][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 787.905909][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 788.771331][T13096] netlink: 'syz.4.2040': attribute type 1 has an invalid length. [ 788.955846][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 789.705949][ T30] audit: type=1800 audit(2000000682.208:188): pid=13102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2041" name="bus" dev="overlay" ino=2308 res=0 errno=0 [ 789.985790][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 790.109981][T13107] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2036'. [ 790.119447][T13107] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2036'. [ 791.035842][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 792.065889][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 792.884115][T13132] loop5: detected capacity change from 0 to 32768 [ 792.891143][T13132] XFS: ikeep mount option is deprecated. [ 793.071851][T13132] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 793.105811][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 793.362045][T13132] XFS (loop5): Ending clean mount [ 793.372042][T13132] XFS (loop5): Quotacheck needed: Please wait. [ 794.035273][T13132] XFS (loop5): Quotacheck: Done. [ 794.145840][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 795.185676][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 796.225439][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 796.529890][T12424] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 796.562250][T13156] netlink: 'syz.1.2055': attribute type 1 has an invalid length. [ 796.585124][T13158] netlink: 196 bytes leftover after parsing attributes in process `syz.4.2053'. [ 796.875300][T13163] loop3: detected capacity change from 0 to 1024 [ 797.090955][T13164] ceph: No source [ 797.275377][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 798.315560][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 799.345308][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 800.385208][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 800.842873][T13205] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2066'. [ 800.851976][T13205] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2066'. [ 801.425944][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 801.514216][T13211] netlink: 'syz.4.2069': attribute type 1 has an invalid length. [ 802.051682][T13217] loop3: detected capacity change from 0 to 1024 [ 802.331816][T13219] ceph: No source [ 802.416172][T13222] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 802.427494][T13222] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 802.475114][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 803.505028][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 804.436230][ T9214] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 804.480556][T13244] loop0: detected capacity change from 0 to 256 [ 804.545162][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 804.638598][ T5921] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 804.668800][ T9214] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 804.771320][ T9214] usb 2-1: config 0 interface 0 has no altsetting 0 [ 804.782691][ T9214] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 804.811137][ T9214] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 804.909689][ T5921] usb 4-1: Using ep0 maxpacket: 32 [ 804.952658][ T5921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 147, changing to 11 [ 805.431595][ T9214] usb 2-1: Product: syz [ 805.440949][ T5921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 42046, setting to 1024 [ 805.477248][ T9214] usb 2-1: Manufacturer: syz [ 805.481877][ T9214] usb 2-1: SerialNumber: syz [ 805.506356][ T5921] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 805.516488][ T9214] usb 2-1: config 0 descriptor?? [ 805.523304][ T5921] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 805.584936][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 805.649415][ T9214] usb 2-1: selecting invalid altsetting 0 [ 805.678328][ T5921] usb 4-1: config 0 descriptor?? [ 805.707799][T13240] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 805.928507][T13254] block device autoloading is deprecated and will be removed. [ 806.307602][ T5921] hub 4-1:0.0: USB hub found [ 806.316822][ T5921] hub 4-1:0.0: 1 port detected [ 806.346034][T13015] usb 2-1: USB disconnect, device number 8 [ 806.624858][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 807.151027][T13259] loop5: detected capacity change from 0 to 1024 [ 807.308378][T13263] netlink: 'syz.0.2085': attribute type 2 has an invalid length. [ 807.465066][ T9214] usb 4-1: USB disconnect, device number 6 [ 807.472364][T13264] ceph: No source [ 807.664836][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 808.704743][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 809.021505][T13283] loop5: detected capacity change from 0 to 512 [ 809.055100][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.062829][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.713995][T13286] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2091'. [ 809.744804][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 809.816485][T13288] loop1: detected capacity change from 0 to 256 [ 810.784666][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 811.205200][T13308] loop1: detected capacity change from 0 to 40427 [ 811.228240][T13308] F2FS-fs (loop1): invalid crc value [ 811.300803][T13308] F2FS-fs (loop1): Start checkpoint disabled! [ 811.312238][T13308] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 811.834628][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 812.586682][T13300] loop0: detected capacity change from 0 to 32768 [ 812.594276][T13300] ocfs2: Unknown parameter 'defcontext' [ 812.731580][T13333] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2104'. [ 812.864516][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 812.921624][T13335] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2105'. [ 813.814923][T13347] loop0: detected capacity change from 0 to 256 [ 813.904466][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 814.794506][ T7615] kworker/u8:18: attempt to access beyond end of device [ 814.794506][ T7615] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 814.814975][ T7615] CPU: 1 UID: 0 PID: 7615 Comm: kworker/u8:18 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 814.815002][ T7615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 814.815014][ T7615] Workqueue: writeback wb_workfn (flush-7:1) [ 814.815046][ T7615] Call Trace: [ 814.815053][ T7615] [ 814.815061][ T7615] dump_stack_lvl+0x189/0x250 [ 814.815091][ T7615] ? __pfx_dump_stack_lvl+0x10/0x10 [ 814.815115][ T7615] ? __pfx_queue_work_on+0x10/0x10 [ 814.815148][ T7615] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 814.815171][ T7615] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 814.815196][ T7615] ? f2fs_hw_is_readonly+0x39b/0x470 [ 814.815224][ T7615] f2fs_handle_critical_error+0x37c/0x540 [ 814.815251][ T7615] f2fs_write_end_io+0x495/0x810 [ 814.815273][ T7615] ? blkg_put+0x22/0x240 [ 814.815310][ T7615] __submit_merged_bio+0x27a/0x6a0 [ 814.815339][ T7615] __submit_merged_write_cond+0x255/0x530 [ 814.815368][ T7615] f2fs_write_data_pages+0x261d/0x3000 [ 814.815426][ T7615] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 814.815531][ T7615] ? f2fs_write_meta_pages+0x357/0x450 [ 814.815563][ T7615] ? __lock_acquire+0xab9/0xd20 [ 814.815588][ T7615] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 814.815612][ T7615] do_writepages+0x32e/0x550 [ 814.815641][ T7615] ? reacquire_held_locks+0x127/0x1d0 [ 814.815663][ T7615] ? writeback_sb_inodes+0x384/0x1010 [ 814.815695][ T7615] __writeback_single_inode+0x145/0xff0 [ 814.815718][ T7615] ? do_raw_spin_unlock+0x122/0x240 [ 814.815741][ T7615] writeback_sb_inodes+0x6c7/0x1010 [ 814.815793][ T7615] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 814.815860][ T7615] ? rcu_is_watching+0x15/0xb0 [ 814.815888][ T7615] wb_writeback+0x43b/0xaf0 [ 814.815912][ T7615] ? queue_io+0x3d1/0x590 [ 814.815938][ T7615] ? __pfx_wb_writeback+0x10/0x10 [ 814.815971][ T7615] ? _raw_spin_unlock_irq+0x23/0x50 [ 814.815999][ T7615] wb_workfn+0x409/0xef0 [ 814.816035][ T7615] ? __pfx_wb_workfn+0x10/0x10 [ 814.816060][ T7615] ? __lock_acquire+0xab9/0xd20 [ 814.816092][ T7615] ? process_scheduled_works+0x9ef/0x17b0 [ 814.816125][ T7615] ? _raw_spin_unlock_irq+0x23/0x50 [ 814.816146][ T7615] ? process_scheduled_works+0x9ef/0x17b0 [ 814.816166][ T7615] ? process_scheduled_works+0x9ef/0x17b0 [ 814.816189][ T7615] process_scheduled_works+0xae1/0x17b0 [ 814.816242][ T7615] ? __pfx_process_scheduled_works+0x10/0x10 [ 814.816283][ T7615] worker_thread+0x8a0/0xda0 [ 814.816333][ T7615] kthread+0x70e/0x8a0 [ 814.816354][ T7615] ? __pfx_worker_thread+0x10/0x10 [ 814.816375][ T7615] ? __pfx_kthread+0x10/0x10 [ 814.816394][ T7615] ? _raw_spin_unlock_irq+0x23/0x50 [ 814.816416][ T7615] ? lockdep_hardirqs_on+0x9c/0x150 [ 814.816437][ T7615] ? __pfx_kthread+0x10/0x10 [ 814.816453][ T7615] ret_from_fork+0x3fc/0x770 [ 814.816476][ T7615] ? __pfx_ret_from_fork+0x10/0x10 [ 814.816504][ T7615] ? __switch_to_asm+0x39/0x70 [ 814.816519][ T7615] ? __switch_to_asm+0x33/0x70 [ 814.816534][ T7615] ? __pfx_kthread+0x10/0x10 [ 814.816552][ T7615] ret_from_fork_asm+0x1a/0x30 [ 814.816586][ T7615] [ 814.816631][ T7615] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 814.946818][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 815.636387][T13352] Can't find ip_set type hash:i [ 815.994529][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 817.024275][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 818.064220][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 818.292662][T13379] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2118'. [ 819.104254][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 819.544344][ T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 819.552705][T13389] loop1: detected capacity change from 0 to 512 [ 819.559855][T13389] EXT4-fs: Ignoring removed mblk_io_submit option [ 819.566892][T13389] EXT4-fs: inline encryption not supported [ 819.574541][T13389] EXT4-fs: Ignoring removed mblk_io_submit option [ 819.581092][T13389] EXT4-fs: Ignoring removed nomblk_io_submit option [ 819.588527][T13389] EXT4-fs (loop1): Test dummy encryption mode enabled [ 819.601968][T13389] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 819.751158][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 819.769950][ T9] usb 6-1: config 0 has an invalid interface number: 41 but max is 0 [ 819.789222][ T9] usb 6-1: config 0 has no interface number 0 [ 819.807256][ T9] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 819.840498][T13389] EXT4-fs (loop1): 1 truncate cleaned up [ 819.851641][ T9] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 819.863766][T13389] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 819.921862][T13392] loop3: detected capacity change from 0 to 40427 [ 819.940135][T13392] F2FS-fs (loop3): invalid crc value [ 819.990371][ T5836] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 820.070159][ T9] usb 6-1: config 0 interface 41 has no altsetting 0 [ 820.079317][ T9] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 820.104099][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 820.112114][ T9] usb 6-1: Product: syz [ 820.116348][ T9] usb 6-1: Manufacturer: syz [ 820.129961][ T9] usb 6-1: SerialNumber: syz [ 820.144102][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 820.258888][T13392] F2FS-fs (loop3): Start checkpoint disabled! [ 820.297176][T13392] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 820.499914][ T9] usb 6-1: config 0 descriptor?? [ 820.817192][T13384] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 820.861755][T13384] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 821.184093][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 821.509661][T13384] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 821.517719][T13384] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 821.929173][ T9] Error reading MAC address [ 822.014994][T13384] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 822.022463][T13384] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 822.223991][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 822.260851][ T9] sr9700 6-1:0.41 (unnamed net_device) (uninitialized): Error reading MAC address [ 822.282245][ T9] usb 6-1: USB disconnect, device number 2 [ 822.967204][ T7168] kworker/u8:12: attempt to access beyond end of device [ 822.967204][ T7168] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 823.066074][ T7168] CPU: 0 UID: 0 PID: 7168 Comm: kworker/u8:12 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 823.066103][ T7168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 823.066114][ T7168] Workqueue: writeback wb_workfn (flush-7:3) [ 823.066144][ T7168] Call Trace: [ 823.066152][ T7168] [ 823.066160][ T7168] dump_stack_lvl+0x189/0x250 [ 823.066191][ T7168] ? __pfx_dump_stack_lvl+0x10/0x10 [ 823.066212][ T7168] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 823.066236][ T7168] ? __pfx_queue_work_on+0x10/0x10 [ 823.066262][ T7168] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 823.066285][ T7168] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 823.066310][ T7168] ? f2fs_hw_is_readonly+0x39b/0x470 [ 823.066338][ T7168] f2fs_handle_critical_error+0x37c/0x540 [ 823.066368][ T7168] f2fs_write_end_io+0x495/0x810 [ 823.066389][ T7168] ? blkg_put+0x22/0x240 [ 823.066429][ T7168] __submit_merged_bio+0x27a/0x6a0 [ 823.066459][ T7168] __submit_merged_write_cond+0x255/0x530 [ 823.066488][ T7168] f2fs_write_data_pages+0x261d/0x3000 [ 823.066550][ T7168] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 823.066675][ T7168] ? f2fs_write_meta_pages+0x357/0x450 [ 823.066709][ T7168] ? __lock_acquire+0xab9/0xd20 [ 823.066736][ T7168] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 823.066760][ T7168] do_writepages+0x32e/0x550 [ 823.066792][ T7168] ? reacquire_held_locks+0x127/0x1d0 [ 823.066813][ T7168] ? writeback_sb_inodes+0x384/0x1010 [ 823.066841][ T7168] __writeback_single_inode+0x145/0xff0 [ 823.066864][ T7168] ? do_raw_spin_unlock+0x122/0x240 [ 823.066889][ T7168] writeback_sb_inodes+0x6c7/0x1010 [ 823.066946][ T7168] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 823.067029][ T7168] ? rcu_is_watching+0x15/0xb0 [ 823.067065][ T7168] wb_writeback+0x43b/0xaf0 [ 823.067099][ T7168] ? queue_io+0x3d1/0x590 [ 823.067126][ T7168] ? __pfx_wb_writeback+0x10/0x10 [ 823.067161][ T7168] ? _raw_spin_unlock_irq+0x23/0x50 [ 823.067191][ T7168] wb_workfn+0x409/0xef0 [ 823.067230][ T7168] ? __pfx_wb_workfn+0x10/0x10 [ 823.067256][ T7168] ? __lock_acquire+0xab9/0xd20 [ 823.067288][ T7168] ? process_scheduled_works+0x9ef/0x17b0 [ 823.067314][ T7168] ? _raw_spin_unlock_irq+0x23/0x50 [ 823.067333][ T7168] ? process_scheduled_works+0x9ef/0x17b0 [ 823.067352][ T7168] ? process_scheduled_works+0x9ef/0x17b0 [ 823.067375][ T7168] process_scheduled_works+0xae1/0x17b0 [ 823.067433][ T7168] ? __pfx_process_scheduled_works+0x10/0x10 [ 823.067477][ T7168] worker_thread+0x8a0/0xda0 [ 823.067503][ T7168] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 823.067537][ T7168] ? __kthread_parkme+0x7b/0x200 [ 823.067573][ T7168] kthread+0x70e/0x8a0 [ 823.067594][ T7168] ? __pfx_worker_thread+0x10/0x10 [ 823.067614][ T7168] ? __pfx_kthread+0x10/0x10 [ 823.067634][ T7168] ? _raw_spin_unlock_irq+0x23/0x50 [ 823.067656][ T7168] ? lockdep_hardirqs_on+0x9c/0x150 [ 823.067677][ T7168] ? __pfx_kthread+0x10/0x10 [ 823.067696][ T7168] ret_from_fork+0x3fc/0x770 [ 823.067722][ T7168] ? __pfx_ret_from_fork+0x10/0x10 [ 823.067752][ T7168] ? __switch_to_asm+0x39/0x70 [ 823.067768][ T7168] ? __switch_to_asm+0x33/0x70 [ 823.067783][ T7168] ? __pfx_kthread+0x10/0x10 [ 823.067802][ T7168] ret_from_fork_asm+0x1a/0x30 [ 823.067840][ T7168] [ 823.067848][ T7168] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 823.263944][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 823.476758][T10446] Bluetooth: hci3: unexpected event for opcode 0x2042 [ 823.611707][T13428] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2132'. [ 824.303892][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 825.343807][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 825.729014][T13451] bond1: (slave vcan4): The slave device specified does not support setting the MAC address [ 825.746930][T13451] bond1: (slave vcan4): Enslaving as a backup interface with an up link [ 826.105777][T13456] loop1: detected capacity change from 0 to 40427 [ 826.244308][T13456] F2FS-fs (loop1): invalid crc value [ 826.393754][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 826.952867][T13456] F2FS-fs (loop1): Start checkpoint disabled! [ 826.976426][T13456] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 827.423702][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 827.555546][T10446] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 827.793548][T10446] Bluetooth: hci3: Injecting HCI hardware error event [ 827.806564][T10446] Bluetooth: hci3: hardware error 0x00 [ 828.473634][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 829.238969][T12263] kworker/u8:26: attempt to access beyond end of device [ 829.238969][T12263] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 829.503601][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 829.538529][T13482] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2148'. [ 829.547517][T13482] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2148'. [ 829.641021][T12263] CPU: 0 UID: 0 PID: 12263 Comm: kworker/u8:26 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 829.641049][T12263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 829.641061][T12263] Workqueue: writeback wb_workfn (flush-7:1) [ 829.641091][T12263] Call Trace: [ 829.641098][T12263] [ 829.641106][T12263] dump_stack_lvl+0x189/0x250 [ 829.641136][T12263] ? __pfx_dump_stack_lvl+0x10/0x10 [ 829.641158][T12263] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 829.641181][T12263] ? __pfx_queue_work_on+0x10/0x10 [ 829.641205][T12263] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 829.641227][T12263] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 829.641251][T12263] ? f2fs_hw_is_readonly+0x39b/0x470 [ 829.641277][T12263] f2fs_handle_critical_error+0x37c/0x540 [ 829.641304][T12263] f2fs_write_end_io+0x495/0x810 [ 829.641325][T12263] ? blkg_put+0x22/0x240 [ 829.641362][T12263] __submit_merged_bio+0x27a/0x6a0 [ 829.641389][T12263] __submit_merged_write_cond+0x255/0x530 [ 829.641418][T12263] f2fs_write_data_pages+0x261d/0x3000 [ 829.641475][T12263] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 829.641584][T12263] ? f2fs_write_meta_pages+0x357/0x450 [ 829.641616][T12263] ? __lock_acquire+0xab9/0xd20 [ 829.641641][T12263] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 829.641665][T12263] do_writepages+0x32e/0x550 [ 829.641694][T12263] ? reacquire_held_locks+0x127/0x1d0 [ 829.641715][T12263] ? writeback_sb_inodes+0x384/0x1010 [ 829.641746][T12263] __writeback_single_inode+0x145/0xff0 [ 829.641769][T12263] ? do_raw_spin_unlock+0x122/0x240 [ 829.641789][T12263] writeback_sb_inodes+0x6c7/0x1010 [ 829.641838][T12263] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 829.641903][T12263] ? rcu_is_watching+0x15/0xb0 [ 829.641935][T12263] wb_writeback+0x43b/0xaf0 [ 829.641966][T12263] ? queue_io+0x3d1/0x590 [ 829.641991][T12263] ? __pfx_wb_writeback+0x10/0x10 [ 829.642023][T12263] ? _raw_spin_unlock_irq+0x23/0x50 [ 829.642050][T12263] wb_workfn+0x409/0xef0 [ 829.642086][T12263] ? __pfx_wb_workfn+0x10/0x10 [ 829.642110][T12263] ? __lock_acquire+0xab9/0xd20 [ 829.642141][T12263] ? process_scheduled_works+0x9ef/0x17b0 [ 829.642170][T12263] ? _raw_spin_unlock_irq+0x23/0x50 [ 829.642191][T12263] ? process_scheduled_works+0x9ef/0x17b0 [ 829.642211][T12263] ? process_scheduled_works+0x9ef/0x17b0 [ 829.642234][T12263] process_scheduled_works+0xae1/0x17b0 [ 829.642286][T12263] ? __pfx_process_scheduled_works+0x10/0x10 [ 829.642325][T12263] worker_thread+0x8a0/0xda0 [ 829.642375][T12263] kthread+0x70e/0x8a0 [ 829.642396][T12263] ? __pfx_worker_thread+0x10/0x10 [ 829.642417][T12263] ? __pfx_kthread+0x10/0x10 [ 829.642436][T12263] ? _raw_spin_unlock_irq+0x23/0x50 [ 829.642458][T12263] ? lockdep_hardirqs_on+0x9c/0x150 [ 829.642480][T12263] ? __pfx_kthread+0x10/0x10 [ 829.642497][T12263] ret_from_fork+0x3fc/0x770 [ 829.642522][T12263] ? __pfx_ret_from_fork+0x10/0x10 [ 829.642555][T12263] ? __switch_to_asm+0x39/0x70 [ 829.642570][T12263] ? __switch_to_asm+0x33/0x70 [ 829.642585][T12263] ? __pfx_kthread+0x10/0x10 [ 829.642604][T12263] ret_from_fork_asm+0x1a/0x30 [ 829.642637][T12263] [ 829.642644][T12263] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 829.833706][T10446] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 830.543738][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 831.556386][ T30] audit: type=1326 audit(2000000724.380:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.0.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6f633858e7 code=0x7ffc0000 [ 831.583755][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 832.111605][ T30] audit: type=1326 audit(2000000724.410:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.0.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6f6332ab19 code=0x7ffc0000 [ 832.138440][ T30] audit: type=1326 audit(2000000724.410:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.0.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6f633858e7 code=0x7ffc0000 [ 832.161015][ T30] audit: type=1326 audit(2000000724.410:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.0.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6f6332ab19 code=0x7ffc0000 [ 832.184958][ T30] audit: type=1326 audit(2000000724.410:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.0.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6f633858e7 code=0x7ffc0000 [ 832.236307][ T30] audit: type=1326 audit(2000000724.410:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.0.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6f6332ab19 code=0x7ffc0000 [ 832.297768][ T30] audit: type=1326 audit(2000000724.410:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.0.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6f633858e7 code=0x7ffc0000 [ 832.427586][ T30] audit: type=1326 audit(2000000724.410:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.0.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6f6332ab19 code=0x7ffc0000 [ 832.450386][ T30] audit: type=1326 audit(2000000724.410:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.0.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6f633858e7 code=0x7ffc0000 [ 832.623735][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 832.639644][ T30] audit: type=1326 audit(2000000724.410:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.0.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6f6332ab19 code=0x7ffc0000 [ 832.931738][T13514] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2147'. [ 833.663508][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 834.399497][T13535] loop1: detected capacity change from 0 to 1024 [ 834.610357][T13535] EXT4-fs: Ignoring removed bh option [ 834.713656][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 834.832488][T13541] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2169'. [ 834.848918][T13535] EXT4-fs (loop1): mounted filesystem 05000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 834.919877][T13548] loop9: detected capacity change from 0 to 7 [ 834.927306][T13548] buffer_io_error: 4 callbacks suppressed [ 834.927374][T13548] Buffer I/O error on dev loop9, logical block 0, async page read [ 834.941474][T13548] Buffer I/O error on dev loop9, logical block 0, async page read [ 834.949865][T13548] Buffer I/O error on dev loop9, logical block 0, async page read [ 834.957962][T13548] Buffer I/O error on dev loop9, logical block 0, async page read [ 834.966369][T13548] Buffer I/O error on dev loop9, logical block 0, async page read [ 834.974914][T13548] Buffer I/O error on dev loop9, logical block 0, async page read [ 834.983222][T13548] Buffer I/O error on dev loop9, logical block 0, async page read [ 834.991280][T13548] ldm_validate_partition_table(): Disk read failed. [ 834.998170][T13548] Buffer I/O error on dev loop9, logical block 0, async page read [ 835.006573][T13548] Buffer I/O error on dev loop9, logical block 0, async page read [ 835.014875][T13548] Buffer I/O error on dev loop9, logical block 0, async page read [ 835.023309][T13548] Dev loop9: unable to read RDB block 0 [ 835.030110][T13548] loop9: unable to read partition table [ 835.036791][T13548] loop9: partition table beyond EOD, truncated [ 835.043094][T13548] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 835.043094][T13548] ) failed (rc=-5) [ 835.743227][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 835.968191][ T5836] EXT4-fs (loop1): unmounting filesystem 05000000-0000-0000-0000-000000000000. [ 836.108083][T13553] netlink: 'syz.5.2172': attribute type 280 has an invalid length. [ 836.783203][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 836.857732][T13529] loop0: detected capacity change from 0 to 32768 [ 837.354398][T13572] loop3: detected capacity change from 0 to 40427 [ 837.369157][T13572] F2FS-fs (loop3): invalid crc value [ 837.545960][T13572] F2FS-fs (loop3): Start checkpoint disabled! [ 837.556615][T13572] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 837.823120][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 838.406132][ T49] kworker/u8:3: attempt to access beyond end of device [ 838.406132][ T49] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 838.524094][ T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 838.524123][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 838.524135][ T49] Workqueue: writeback wb_workfn (flush-7:3) [ 838.524163][ T49] Call Trace: [ 838.524171][ T49] [ 838.524178][ T49] dump_stack_lvl+0x189/0x250 [ 838.524207][ T49] ? __pfx_dump_stack_lvl+0x10/0x10 [ 838.524228][ T49] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 838.524250][ T49] ? __pfx_queue_work_on+0x10/0x10 [ 838.524274][ T49] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 838.524297][ T49] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 838.524320][ T49] ? f2fs_hw_is_readonly+0x39b/0x470 [ 838.524347][ T49] f2fs_handle_critical_error+0x37c/0x540 [ 838.524375][ T49] f2fs_write_end_io+0x495/0x810 [ 838.524397][ T49] ? blkg_put+0x22/0x240 [ 838.524433][ T49] __submit_merged_bio+0x27a/0x6a0 [ 838.524461][ T49] __submit_merged_write_cond+0x255/0x530 [ 838.524488][ T49] f2fs_write_data_pages+0x261d/0x3000 [ 838.524551][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 838.524641][ T49] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 838.524674][ T49] ? f2fs_write_meta_pages+0x357/0x450 [ 838.524705][ T49] ? __lock_acquire+0xab9/0xd20 [ 838.524731][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 838.524754][ T49] do_writepages+0x32e/0x550 [ 838.524783][ T49] ? reacquire_held_locks+0x127/0x1d0 [ 838.524803][ T49] ? writeback_sb_inodes+0x384/0x1010 [ 838.524835][ T49] __writeback_single_inode+0x145/0xff0 [ 838.524858][ T49] ? do_raw_spin_unlock+0x122/0x240 [ 838.524880][ T49] writeback_sb_inodes+0x6c7/0x1010 [ 838.524931][ T49] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 838.524997][ T49] ? rcu_is_watching+0x15/0xb0 [ 838.525029][ T49] wb_writeback+0x43b/0xaf0 [ 838.525060][ T49] ? queue_io+0x3d1/0x590 [ 838.525086][ T49] ? __pfx_wb_writeback+0x10/0x10 [ 838.525117][ T49] ? _raw_spin_unlock_irq+0x23/0x50 [ 838.525145][ T49] wb_workfn+0x409/0xef0 [ 838.525181][ T49] ? __pfx_wb_workfn+0x10/0x10 [ 838.525206][ T49] ? __lock_acquire+0xab9/0xd20 [ 838.525236][ T49] ? process_scheduled_works+0x9ef/0x17b0 [ 838.525264][ T49] ? _raw_spin_unlock_irq+0x23/0x50 [ 838.525285][ T49] ? process_scheduled_works+0x9ef/0x17b0 [ 838.525305][ T49] ? process_scheduled_works+0x9ef/0x17b0 [ 838.525329][ T49] process_scheduled_works+0xae1/0x17b0 [ 838.525381][ T49] ? __pfx_process_scheduled_works+0x10/0x10 [ 838.525422][ T49] worker_thread+0x8a0/0xda0 [ 838.525471][ T49] kthread+0x70e/0x8a0 [ 838.525491][ T49] ? __pfx_worker_thread+0x10/0x10 [ 838.525517][ T49] ? __pfx_kthread+0x10/0x10 [ 838.525536][ T49] ? _raw_spin_unlock_irq+0x23/0x50 [ 838.525557][ T49] ? lockdep_hardirqs_on+0x9c/0x150 [ 838.525579][ T49] ? __pfx_kthread+0x10/0x10 [ 838.525597][ T49] ret_from_fork+0x3fc/0x770 [ 838.525622][ T49] ? __pfx_ret_from_fork+0x10/0x10 [ 838.525649][ T49] ? __switch_to_asm+0x39/0x70 [ 838.525666][ T49] ? __switch_to_asm+0x33/0x70 [ 838.525680][ T49] ? __pfx_kthread+0x10/0x10 [ 838.525698][ T49] ret_from_fork_asm+0x1a/0x30 [ 838.525733][ T49] [ 838.525769][ T49] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 838.863048][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 839.902989][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 839.980160][T13602] netlink: 320 bytes leftover after parsing attributes in process `syz.5.2184'. [ 840.943040][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 841.504452][T13623] loop1: detected capacity change from 0 to 40427 [ 841.628655][T13628] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2182'. [ 841.632024][T13623] F2FS-fs (loop1): invalid crc value [ 841.691149][T13623] F2FS-fs (loop1): Start checkpoint disabled! [ 841.710157][T13623] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 841.982917][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 843.022827][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 843.410149][T12263] kworker/u8:26: attempt to access beyond end of device [ 843.410149][T12263] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 843.657012][T12263] CPU: 0 UID: 0 PID: 12263 Comm: kworker/u8:26 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 843.657041][T12263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 843.657053][T12263] Workqueue: writeback wb_workfn (flush-7:1) [ 843.657083][T12263] Call Trace: [ 843.657090][T12263] [ 843.657098][T12263] dump_stack_lvl+0x189/0x250 [ 843.657130][T12263] ? __pfx_dump_stack_lvl+0x10/0x10 [ 843.657151][T12263] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 843.657175][T12263] ? __pfx_queue_work_on+0x10/0x10 [ 843.657200][T12263] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 843.657223][T12263] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 843.657248][T12263] ? f2fs_hw_is_readonly+0x39b/0x470 [ 843.657276][T12263] f2fs_handle_critical_error+0x37c/0x540 [ 843.657306][T12263] f2fs_write_end_io+0x495/0x810 [ 843.657327][T12263] ? blkg_put+0x22/0x240 [ 843.657367][T12263] __submit_merged_bio+0x27a/0x6a0 [ 843.657397][T12263] __submit_merged_write_cond+0x255/0x530 [ 843.657428][T12263] f2fs_write_data_pages+0x261d/0x3000 [ 843.657493][T12263] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 843.657616][T12263] ? f2fs_write_meta_pages+0x357/0x450 [ 843.657651][T12263] ? __lock_acquire+0xab9/0xd20 [ 843.657677][T12263] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 843.657702][T12263] do_writepages+0x32e/0x550 [ 843.657733][T12263] ? reacquire_held_locks+0x127/0x1d0 [ 843.657760][T12263] ? writeback_sb_inodes+0x384/0x1010 [ 843.657795][T12263] __writeback_single_inode+0x145/0xff0 [ 843.657818][T12263] ? do_raw_spin_unlock+0x122/0x240 [ 843.657840][T12263] writeback_sb_inodes+0x6c7/0x1010 [ 843.657896][T12263] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 843.657972][T12263] ? rcu_is_watching+0x15/0xb0 [ 843.658005][T12263] wb_writeback+0x43b/0xaf0 [ 843.658039][T12263] ? queue_io+0x3d1/0x590 [ 843.658066][T12263] ? __pfx_wb_writeback+0x10/0x10 [ 843.658100][T12263] ? _raw_spin_unlock_irq+0x23/0x50 [ 843.658129][T12263] wb_workfn+0x409/0xef0 [ 843.658169][T12263] ? __pfx_wb_workfn+0x10/0x10 [ 843.658196][T12263] ? __lock_acquire+0xab9/0xd20 [ 843.658230][T12263] ? process_scheduled_works+0x9ef/0x17b0 [ 843.658261][T12263] ? _raw_spin_unlock_irq+0x23/0x50 [ 843.658282][T12263] ? process_scheduled_works+0x9ef/0x17b0 [ 843.658302][T12263] ? process_scheduled_works+0x9ef/0x17b0 [ 843.658327][T12263] process_scheduled_works+0xae1/0x17b0 [ 843.658386][T12263] ? __pfx_process_scheduled_works+0x10/0x10 [ 843.658431][T12263] worker_thread+0x8a0/0xda0 [ 843.658485][T12263] kthread+0x70e/0x8a0 [ 843.658507][T12263] ? __pfx_worker_thread+0x10/0x10 [ 843.658528][T12263] ? __pfx_kthread+0x10/0x10 [ 843.658549][T12263] ? _raw_spin_unlock_irq+0x23/0x50 [ 843.658571][T12263] ? lockdep_hardirqs_on+0x9c/0x150 [ 843.658593][T12263] ? __pfx_kthread+0x10/0x10 [ 843.658612][T12263] ret_from_fork+0x3fc/0x770 [ 843.658636][T12263] ? __pfx_ret_from_fork+0x10/0x10 [ 843.658665][T12263] ? __switch_to_asm+0x39/0x70 [ 843.658680][T12263] ? __switch_to_asm+0x33/0x70 [ 843.658696][T12263] ? __pfx_kthread+0x10/0x10 [ 843.658716][T12263] ret_from_fork_asm+0x1a/0x30 [ 843.658786][T12263] [ 843.658793][T12263] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 843.768204][T13655] loop5: detected capacity change from 0 to 1024 [ 844.032995][T13660] trusted_key: encrypted_key: insufficient parameters specified [ 844.062765][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 844.610777][T13670] cgroup: Unknown subsys name 'cpuset' [ 844.682917][T13325] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 845.112756][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 845.183706][T13325] usb 1-1: Using ep0 maxpacket: 16 [ 845.198204][T13325] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 845.383185][T13325] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 845.566619][T13675] loop1: detected capacity change from 0 to 32768 [ 845.588000][T13325] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 845.615897][T13325] usb 1-1: config 0 descriptor?? [ 845.630126][T13675] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 845.701351][T13675] XFS (loop1): Ending clean mount [ 845.710274][T13675] XFS (loop1): Quotacheck needed: Please wait. [ 845.750939][T13675] XFS (loop1): Quotacheck: Done. [ 845.900956][T13675] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 846.102247][T13325] mcp2221 0003:04D8:00DD.0004: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 846.152646][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 847.136543][T13663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 847.177461][T13663] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 847.188505][T10446] Bluetooth: hci5: command 0x0406 tx timeout [ 847.192597][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 847.421910][T13325] usb 1-1: USB disconnect, device number 11 [ 848.222535][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 849.262845][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 850.041508][T13720] loop0: detected capacity change from 0 to 1024 [ 850.302417][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 851.167704][T13741] loop9: detected capacity change from 0 to 7 [ 851.176302][T13741] buffer_io_error: 4 callbacks suppressed [ 851.176358][T13741] Buffer I/O error on dev loop9, logical block 0, async page read [ 851.190581][T13741] Buffer I/O error on dev loop9, logical block 0, async page read [ 851.199007][T13741] Buffer I/O error on dev loop9, logical block 0, async page read [ 851.207398][T13741] Buffer I/O error on dev loop9, logical block 0, async page read [ 851.215856][T13741] Buffer I/O error on dev loop9, logical block 0, async page read [ 851.224634][T13741] Buffer I/O error on dev loop9, logical block 0, async page read [ 851.232956][T13741] Buffer I/O error on dev loop9, logical block 0, async page read [ 851.241069][T13741] ldm_validate_partition_table(): Disk read failed. [ 851.248463][T13741] Buffer I/O error on dev loop9, logical block 0, async page read [ 851.256926][T13741] Buffer I/O error on dev loop9, logical block 0, async page read [ 851.265418][T13741] Buffer I/O error on dev loop9, logical block 0, async page read [ 851.274037][T13741] Dev loop9: unable to read RDB block 0 [ 851.280820][T13741] loop9: unable to read partition table [ 851.287483][T13741] loop9: partition table beyond EOD, truncated [ 851.293807][T13741] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 851.293807][T13741] ) failed (rc=-5) [ 851.352356][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 852.382308][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 853.422233][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 853.670587][T13760] overlayfs: missing 'lowerdir' [ 854.462320][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 855.383681][T13789] overlayfs: failed to resolve './file1': -2 [ 855.502166][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 855.656449][T13785] loop3: detected capacity change from 0 to 32768 [ 855.669377][T13791] loop5: detected capacity change from 0 to 16 [ 856.349655][T13791] erofs (device loop5): mounted with root inode @ nid 36. [ 856.359428][T13785] XFS (loop3): DAX unsupported by block device. Turning off DAX. [ 856.369778][T13785] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 856.460531][T13785] XFS (loop3): Ending clean mount [ 856.479427][T13785] XFS (loop3): Quotacheck needed: Please wait. [ 856.547662][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 856.560002][T13785] XFS (loop3): Quotacheck: Done. [ 857.224196][T13816] overlayfs: missing 'lowerdir' [ 857.299507][ T5846] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 857.374611][T13815] loop5: detected capacity change from 0 to 1024 [ 857.582069][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 858.621953][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 859.485195][T13841] overlayfs: failed to resolve './file1': -2 [ 859.591942][ T120] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 859.661912][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 859.663520][T13842] loop3: detected capacity change from 0 to 32768 [ 859.675850][T13842] XFS: ikeep mount option is deprecated. [ 859.729747][T13842] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 859.796159][T13842] XFS (loop3): Ending clean mount [ 859.804797][T13842] XFS (loop3): Quotacheck needed: Please wait. [ 859.831912][ T120] usb 1-1: Using ep0 maxpacket: 32 [ 859.840238][ T120] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 147, changing to 11 [ 859.855512][ T120] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 42046, setting to 1024 [ 859.865669][T13842] XFS (loop3): Quotacheck: Done. [ 859.930302][ T120] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 860.006634][ T120] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 860.343143][ T120] usb 1-1: config 0 descriptor?? [ 860.372276][T13838] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 860.415031][ T120] hub 1-1:0.0: USB hub found [ 860.701883][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 861.741790][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 862.134418][ T120] hub 1-1:0.0: 1 port detected [ 862.777494][ T5846] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 862.781730][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 862.791839][ T5824] usb 1-1: USB disconnect, device number 12 [ 863.821667][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 864.344867][T13889] loop3: detected capacity change from 0 to 1024 [ 864.374396][T13889] EXT4-fs: Ignoring removed bh option [ 864.383742][T13889] EXT4-fs (loop3): can't mount with journal_async_commit, fs mounted w/o journal [ 864.861614][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 865.134547][T13898] overlayfs: failed to resolve './file1': -2 [ 865.477600][T13902] use of bytesused == 0 is deprecated and will be removed in the future, [ 865.486843][T13902] use the actual size instead. [ 865.901593][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 866.941498][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 867.396389][T13910] loop0: detected capacity change from 0 to 128 [ 867.849113][T13920] ceph: No source [ 867.981445][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 868.040503][T13927] fuse: Bad value for 'fd' [ 868.064464][T13930] loop5: detected capacity change from 0 to 512 [ 868.102349][T13930] EXT4-fs error (device loop5): ext4_orphan_get:1393: inode #15: comm syz.5.2283: casefold flag without casefold feature [ 868.145962][T13930] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.2283: couldn't read orphan inode 15 (err -117) [ 868.160648][T13930] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 868.268905][T13936] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 868.827097][T13942] overlayfs: failed to clone upperpath [ 869.031381][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 869.264258][T13948] fuse: Bad value for 'fd' [ 870.061310][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 870.143476][T12424] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 870.288393][T13967] fuse: Bad value for 'fd' [ 870.374821][T13972] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2296'. [ 870.397594][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.405420][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.407380][T13973] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2290'. [ 870.553615][T13976] loop0: detected capacity change from 0 to 256 [ 871.101288][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 871.721638][T13976] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 872.141237][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 872.391355][T13989] fuse: Invalid rootmode [ 872.794048][T14002] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2308'. [ 872.909408][T14005] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2310'. [ 873.181145][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 874.221189][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 875.261016][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 875.333006][T14028] fuse: Invalid rootmode [ 876.300958][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 877.341008][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 878.380947][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 879.306023][T14072] fuse: Invalid rootmode [ 879.420801][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 880.460732][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 881.412074][T14096] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2337'. [ 881.510922][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 882.540838][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 882.783191][T14111] fuse: Bad value for 'rootmode' [ 883.580761][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 883.671979][T14133] loop5: detected capacity change from 0 to 32768 [ 883.963098][T14135] loop3: detected capacity change from 0 to 32768 [ 883.970366][T14135] XFS: ikeep mount option is deprecated. [ 884.027877][T14133] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.2350 (14133) [ 884.173763][T14143] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 884.284863][T14135] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 884.295482][T14133] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 884.305937][T14133] BTRFS info (device loop5): using sha256 (sha256-x86_64) checksum algorithm [ 884.317653][T14133] BTRFS info (device loop5): disk space caching is enabled [ 884.325100][T14133] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 884.404699][T14135] XFS (loop3): Ending clean mount [ 884.412075][T14135] XFS (loop3): Quotacheck needed: Please wait. [ 884.424876][T14155] overlayfs: failed to clone upperpath [ 884.572894][T14135] XFS (loop3): Quotacheck: Done. [ 884.620494][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 885.660458][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 886.445268][ T5846] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 886.448113][T14133] BTRFS info (device loop5): rebuilding free space tree [ 886.472639][T14133] BTRFS info (device loop5): disabling free space tree [ 886.480291][T14133] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 886.490093][T14133] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 886.590599][T12424] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 886.710380][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 887.646907][T14183] loop3: detected capacity change from 0 to 40427 [ 887.681689][T14183] F2FS-fs (loop3): invalid crc value [ 887.750337][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 887.766345][T14183] F2FS-fs (loop3): Start checkpoint disabled! [ 887.860828][T14183] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 888.094361][T14193] loop5: detected capacity change from 0 to 16 [ 888.123132][T14193] erofs (device loop5): mounted with root inode @ nid 36. [ 888.572537][T14193] syz.5.2359: attempt to access beyond end of device [ 888.572537][T14193] loop5: rw=0, sector=1259035608, nr_sectors = 8 limit=16 [ 888.597456][T14193] erofs (device loop5): read error -5 @ 87 of nid 36 [ 888.604659][T14193] erofs (device loop5): failed to readdir of logical block 87 of nid 36 [ 888.780259][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 889.393163][T14202] loop9: detected capacity change from 0 to 7 [ 889.404136][T14202] buffer_io_error: 4 callbacks suppressed [ 889.410085][T14202] Buffer I/O error on dev loop9, logical block 0, async page read [ 889.419879][T14202] Buffer I/O error on dev loop9, logical block 0, async page read [ 889.429173][T14202] Buffer I/O error on dev loop9, logical block 0, async page read [ 889.438549][T14202] Buffer I/O error on dev loop9, logical block 0, async page read [ 889.448348][T14202] Buffer I/O error on dev loop9, logical block 0, async page read [ 889.458443][T14202] Buffer I/O error on dev loop9, logical block 0, async page read [ 889.483772][T14202] Buffer I/O error on dev loop9, logical block 0, async page read [ 889.492337][T14202] ldm_validate_partition_table(): Disk read failed. [ 889.499410][T14202] Buffer I/O error on dev loop9, logical block 0, async page read [ 889.510719][T14202] Buffer I/O error on dev loop9, logical block 0, async page read [ 889.520773][T14202] Buffer I/O error on dev loop9, logical block 0, async page read [ 889.531228][T14202] Dev loop9: unable to read RDB block 0 [ 889.541002][T14202] loop9: unable to read partition table [ 889.549744][T14202] loop9: partition table beyond EOD, truncated [ 889.556175][T14202] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 889.556175][T14202] ) failed (rc=-5) [ 889.820232][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 890.326696][T14206] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 890.548079][T12268] kworker/u8:31: attempt to access beyond end of device [ 890.548079][T12268] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 890.608485][T12268] CPU: 0 UID: 0 PID: 12268 Comm: kworker/u8:31 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 890.608514][T12268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 890.608526][T12268] Workqueue: writeback wb_workfn (flush-7:3) [ 890.608559][T12268] Call Trace: [ 890.608567][T12268] [ 890.608576][T12268] dump_stack_lvl+0x189/0x250 [ 890.608608][T12268] ? __pfx_dump_stack_lvl+0x10/0x10 [ 890.608636][T12268] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 890.608660][T12268] ? __pfx_queue_work_on+0x10/0x10 [ 890.608686][T12268] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 890.608709][T12268] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 890.608735][T12268] ? f2fs_hw_is_readonly+0x39b/0x470 [ 890.608763][T12268] f2fs_handle_critical_error+0x37c/0x540 [ 890.608792][T12268] f2fs_write_end_io+0x495/0x810 [ 890.608813][T12268] ? blkg_put+0x22/0x240 [ 890.608851][T12268] __submit_merged_bio+0x27a/0x6a0 [ 890.608880][T12268] __submit_merged_write_cond+0x255/0x530 [ 890.608910][T12268] f2fs_write_data_pages+0x261d/0x3000 [ 890.608972][T12268] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 890.609012][T12268] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 890.609081][T12268] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 890.609104][T12268] ? look_up_lock_class+0x74/0x170 [ 890.609140][T12268] ? trace_f2fs_writepages+0x7f/0x200 [ 890.609164][T12268] ? f2fs_write_node_pages+0x478/0x6e0 [ 890.609203][T12268] ? sched_clock+0x3f/0x60 [ 890.609222][T12268] ? sched_clock_cpu+0x74/0x430 [ 890.609243][T12268] ? psi_task_switch+0x16a/0x6d0 [ 890.609268][T12268] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 890.609293][T12268] do_writepages+0x32e/0x550 [ 890.609322][T12268] ? reacquire_held_locks+0x127/0x1d0 [ 890.609345][T12268] ? writeback_sb_inodes+0x384/0x1010 [ 890.609379][T12268] __writeback_single_inode+0x145/0xff0 [ 890.609403][T12268] ? do_raw_spin_unlock+0x122/0x240 [ 890.609426][T12268] writeback_sb_inodes+0x6c7/0x1010 [ 890.609448][T12268] ? lockdep_hardirqs_on+0x9c/0x150 [ 890.609479][T12268] ? rcu_is_watching+0x15/0xb0 [ 890.609522][T12268] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 890.609599][T12268] ? rcu_is_watching+0x15/0xb0 [ 890.609641][T12268] wb_writeback+0x43b/0xaf0 [ 890.609674][T12268] ? queue_io+0x3d1/0x590 [ 890.609702][T12268] ? __pfx_wb_writeback+0x10/0x10 [ 890.609736][T12268] ? _raw_spin_unlock_irq+0x23/0x50 [ 890.609765][T12268] wb_workfn+0x409/0xef0 [ 890.609805][T12268] ? __pfx_wb_workfn+0x10/0x10 [ 890.609832][T12268] ? __lock_acquire+0xab9/0xd20 [ 890.609865][T12268] ? process_scheduled_works+0x9ef/0x17b0 [ 890.609896][T12268] ? _raw_spin_unlock_irq+0x23/0x50 [ 890.609917][T12268] ? process_scheduled_works+0x9ef/0x17b0 [ 890.609937][T12268] ? process_scheduled_works+0x9ef/0x17b0 [ 890.609962][T12268] process_scheduled_works+0xae1/0x17b0 [ 890.610025][T12268] ? __pfx_process_scheduled_works+0x10/0x10 [ 890.610069][T12268] worker_thread+0x8a0/0xda0 [ 890.610096][T12268] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 890.610126][T12268] ? __kthread_parkme+0x7b/0x200 [ 890.610157][T12268] kthread+0x70e/0x8a0 [ 890.610178][T12268] ? __pfx_worker_thread+0x10/0x10 [ 890.610199][T12268] ? __pfx_kthread+0x10/0x10 [ 890.610219][T12268] ? _raw_spin_unlock_irq+0x23/0x50 [ 890.610239][T12268] ? lockdep_hardirqs_on+0x9c/0x150 [ 890.610259][T12268] ? __pfx_kthread+0x10/0x10 [ 890.610278][T12268] ret_from_fork+0x3fc/0x770 [ 890.610302][T12268] ? __pfx_ret_from_fork+0x10/0x10 [ 890.610331][T12268] ? __switch_to_asm+0x39/0x70 [ 890.610346][T12268] ? __switch_to_asm+0x33/0x70 [ 890.610360][T12268] ? __pfx_kthread+0x10/0x10 [ 890.610378][T12268] ret_from_fork_asm+0x1a/0x30 [ 890.610416][T12268] [ 890.860869][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 890.861814][ C0] vkms_vblank_simulate: vblank timer overrun [ 890.973239][ C0] vkms_vblank_simulate: vblank timer overrun [ 891.253475][T14211] loop5: detected capacity change from 0 to 32768 [ 891.260808][T14211] XFS: ikeep mount option is deprecated. [ 891.315801][T12268] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 891.323119][T14216] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 891.331924][T14216] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 891.411518][T14211] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 891.464813][T14211] XFS (loop5): Ending clean mount [ 891.480133][T14211] XFS (loop5): Quotacheck needed: Please wait. [ 891.782624][T14211] XFS (loop5): Quotacheck: Done. [ 891.900088][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 892.327668][T12424] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 892.940029][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 893.597065][T14247] loop5: detected capacity change from 0 to 16 [ 893.601184][T14248] loop3: detected capacity change from 0 to 256 [ 893.746769][T14247] erofs (device loop5): mounted with root inode @ nid 36. [ 893.979978][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 894.653992][T14254] loop0: detected capacity change from 0 to 40427 [ 894.680460][T14254] F2FS-fs (loop0): invalid crc value [ 894.778191][T14254] F2FS-fs (loop0): Start checkpoint disabled! [ 894.802364][T14254] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 895.003211][T14263] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 895.012325][T14263] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 895.020680][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 896.059863][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 897.099813][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 897.734105][ T49] kworker/u8:3: attempt to access beyond end of device [ 897.734105][ T49] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 897.775542][ T49] CPU: 1 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 897.775570][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 897.775582][ T49] Workqueue: writeback wb_workfn (flush-7:0) [ 897.775612][ T49] Call Trace: [ 897.775620][ T49] [ 897.775628][ T49] dump_stack_lvl+0x189/0x250 [ 897.775659][ T49] ? __pfx_dump_stack_lvl+0x10/0x10 [ 897.775681][ T49] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 897.775705][ T49] ? __pfx_queue_work_on+0x10/0x10 [ 897.775729][ T49] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 897.775752][ T49] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 897.775776][ T49] ? f2fs_hw_is_readonly+0x39b/0x470 [ 897.775802][ T49] f2fs_handle_critical_error+0x37c/0x540 [ 897.775830][ T49] f2fs_write_end_io+0x495/0x810 [ 897.775854][ T49] ? blkg_put+0x22/0x240 [ 897.775893][ T49] __submit_merged_bio+0x27a/0x6a0 [ 897.775929][ T49] __submit_merged_write_cond+0x255/0x530 [ 897.775959][ T49] f2fs_write_data_pages+0x261d/0x3000 [ 897.776017][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 897.776061][ T49] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 897.776122][ T49] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 897.776157][ T49] ? trace_f2fs_writepages+0x7f/0x200 [ 897.776180][ T49] ? f2fs_write_node_pages+0x478/0x6e0 [ 897.776226][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 897.776250][ T49] do_writepages+0x32e/0x550 [ 897.776280][ T49] ? reacquire_held_locks+0x127/0x1d0 [ 897.776302][ T49] ? writeback_sb_inodes+0x384/0x1010 [ 897.776334][ T49] __writeback_single_inode+0x145/0xff0 [ 897.776357][ T49] ? do_raw_spin_unlock+0x122/0x240 [ 897.776379][ T49] writeback_sb_inodes+0x6c7/0x1010 [ 897.776430][ T49] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 897.776497][ T49] ? rcu_is_watching+0x15/0xb0 [ 897.776529][ T49] wb_writeback+0x43b/0xaf0 [ 897.776561][ T49] ? queue_io+0x3d1/0x590 [ 897.776587][ T49] ? __pfx_wb_writeback+0x10/0x10 [ 897.776620][ T49] ? _raw_spin_unlock_irq+0x23/0x50 [ 897.776648][ T49] wb_workfn+0x409/0xef0 [ 897.776684][ T49] ? __pfx_wb_workfn+0x10/0x10 [ 897.776702][ T49] ? lockdep_hardirqs_on+0x9c/0x150 [ 897.776733][ T49] ? process_scheduled_works+0x9ef/0x17b0 [ 897.776756][ T49] ? process_scheduled_works+0x9ef/0x17b0 [ 897.776781][ T49] ? lock_acquire+0x175/0x360 [ 897.776810][ T49] ? _raw_spin_unlock_irq+0x23/0x50 [ 897.776831][ T49] ? process_scheduled_works+0x9ef/0x17b0 [ 897.776851][ T49] ? process_scheduled_works+0x9ef/0x17b0 [ 897.776875][ T49] process_scheduled_works+0xae1/0x17b0 [ 897.776929][ T49] ? __pfx_process_scheduled_works+0x10/0x10 [ 897.776970][ T49] worker_thread+0x8a0/0xda0 [ 897.777021][ T49] kthread+0x70e/0x8a0 [ 897.777047][ T49] ? __pfx_worker_thread+0x10/0x10 [ 897.777068][ T49] ? __pfx_kthread+0x10/0x10 [ 897.777088][ T49] ? _raw_spin_unlock_irq+0x23/0x50 [ 897.777109][ T49] ? lockdep_hardirqs_on+0x9c/0x150 [ 897.777131][ T49] ? __pfx_kthread+0x10/0x10 [ 897.777149][ T49] ret_from_fork+0x3fc/0x770 [ 897.777174][ T49] ? __pfx_ret_from_fork+0x10/0x10 [ 897.777203][ T49] ? __switch_to_asm+0x39/0x70 [ 897.777218][ T49] ? __switch_to_asm+0x33/0x70 [ 897.777233][ T49] ? __pfx_kthread+0x10/0x10 [ 897.777252][ T49] ret_from_fork_asm+0x1a/0x30 [ 897.777286][ T49] [ 898.051793][ T49] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 898.053613][ C1] vkms_vblank_simulate: vblank timer overrun [ 898.112654][ C1] vkms_vblank_simulate: vblank timer overrun [ 898.139734][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 898.299441][T14291] fuse: Unknown parameter 'use00000000000000000000' [ 898.308266][T14289] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2390'. [ 899.189701][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 899.200914][T14298] loop3: detected capacity change from 0 to 16 [ 899.286783][T14301] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 899.295966][T14301] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 899.450723][T14298] erofs (device loop3): mounted with root inode @ nid 36. [ 900.219674][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 901.259569][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 901.333332][T14324] loop9: detected capacity change from 0 to 7 [ 901.340653][T14324] buffer_io_error: 4 callbacks suppressed [ 901.340739][T14324] Buffer I/O error on dev loop9, logical block 0, async page read [ 901.354889][T14324] Buffer I/O error on dev loop9, logical block 0, async page read [ 901.362999][T14324] Buffer I/O error on dev loop9, logical block 0, async page read [ 901.371115][T14324] Buffer I/O error on dev loop9, logical block 0, async page read [ 901.379190][T14324] Buffer I/O error on dev loop9, logical block 0, async page read [ 901.387577][T14324] Buffer I/O error on dev loop9, logical block 0, async page read [ 901.395870][T14324] Buffer I/O error on dev loop9, logical block 0, async page read [ 901.404026][T14324] ldm_validate_partition_table(): Disk read failed. [ 901.410987][T14324] Buffer I/O error on dev loop9, logical block 0, async page read [ 901.419882][T14324] Buffer I/O error on dev loop9, logical block 0, async page read [ 901.428152][T14324] Buffer I/O error on dev loop9, logical block 0, async page read [ 901.436546][T14324] Dev loop9: unable to read RDB block 0 [ 901.443047][T14324] loop9: unable to read partition table [ 901.449502][T14324] loop9: partition table beyond EOD, truncated [ 901.455763][T14324] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 901.455763][T14324] ) failed (rc=-5) [ 902.299580][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 902.326633][T14328] fuse: Unknown parameter 'use00000000000000000000' [ 902.646635][T14336] loop3: detected capacity change from 0 to 256 [ 902.719514][T13325] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 903.249869][T13325] usb 6-1: Using ep0 maxpacket: 16 [ 903.339482][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 903.410682][T13325] usb 6-1: config 0 has an invalid interface number: 41 but max is 0 [ 903.545213][T13325] usb 6-1: config 0 has no interface number 0 [ 903.561993][T13325] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 903.599442][T13325] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 903.964559][T13325] usb 6-1: config 0 interface 41 has no altsetting 0 [ 903.988768][T13325] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 904.000860][T13325] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 904.010306][T13325] usb 6-1: Product: syz [ 904.014579][T13325] usb 6-1: Manufacturer: syz [ 904.019269][T13325] usb 6-1: SerialNumber: syz [ 904.142052][T13325] usb 6-1: config 0 descriptor?? [ 904.212112][T14332] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 904.298472][T14332] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 904.379482][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 904.867256][T14332] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 904.874832][T14332] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 905.331225][T13325] Error reading MAC address [ 905.357713][T13325] sr9700 6-1:0.41: probe with driver sr9700 failed with error -71 [ 905.405494][T13325] usb 6-1: USB disconnect, device number 3 [ 905.419497][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 905.730225][T14361] fuse: Unknown parameter 'use00000000000000000000' [ 905.777943][T14363] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 906.459371][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 907.499260][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 908.549252][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 909.377846][T14401] fuse: Unknown parameter 'user_i00000000000000000000' [ 909.579101][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 909.771291][T14408] loop9: detected capacity change from 0 to 7 [ 909.783541][T14408] buffer_io_error: 4 callbacks suppressed [ 909.783557][T14408] Buffer I/O error on dev loop9, logical block 0, async page read [ 909.798825][T14408] Buffer I/O error on dev loop9, logical block 0, async page read [ 909.808097][T14408] Buffer I/O error on dev loop9, logical block 0, async page read [ 909.817721][T14408] Buffer I/O error on dev loop9, logical block 0, async page read [ 909.827102][T14408] Buffer I/O error on dev loop9, logical block 0, async page read [ 909.836426][T14408] Buffer I/O error on dev loop9, logical block 0, async page read [ 909.845832][T14408] Buffer I/O error on dev loop9, logical block 0, async page read [ 909.855149][T14408] ldm_validate_partition_table(): Disk read failed. [ 909.862469][T14408] Buffer I/O error on dev loop9, logical block 0, async page read [ 909.871767][T14408] Buffer I/O error on dev loop9, logical block 0, async page read [ 909.881120][T14408] Buffer I/O error on dev loop9, logical block 0, async page read [ 909.893137][T14408] Dev loop9: unable to read RDB block 0 [ 909.903120][T14408] loop9: unable to read partition table [ 909.911297][T14408] loop9: partition table beyond EOD, truncated [ 909.917569][T14408] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 909.917569][T14408] ) failed (rc=-5) [ 910.619145][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 910.620087][T14414] loop5: detected capacity change from 0 to 512 [ 910.690269][T14414] EXT4-fs (loop5): too many log groups per flexible block group [ 910.707649][T14414] EXT4-fs (loop5): failed to initialize mballoc (-12) [ 910.714768][T14414] EXT4-fs (loop5): mount failed [ 910.857130][T14420] loop3: detected capacity change from 0 to 16 [ 910.936545][T14420] erofs (device loop3): mounted with root inode @ nid 36. [ 911.658982][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 912.042974][T14433] fuse: Unknown parameter 'user_i00000000000000000000' [ 912.229025][T14431] loop0: detected capacity change from 0 to 40427 [ 912.266456][T14431] F2FS-fs (loop0): invalid crc value [ 912.349442][T14429] syz.3.2435: attempt to access beyond end of device [ 912.349442][T14429] loop3: rw=0, sector=1259035608, nr_sectors = 8 limit=16 [ 912.396447][T14429] erofs (device loop3): read error -5 @ 87 of nid 36 [ 912.427588][T14429] erofs (device loop3): failed to readdir of logical block 87 of nid 36 [ 912.698998][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 913.738863][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 914.194281][T14431] F2FS-fs (loop0): Start checkpoint disabled! [ 914.211526][T14431] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 914.778900][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 915.552758][T12262] kworker/u8:25: attempt to access beyond end of device [ 915.552758][T12262] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 915.640644][T12262] CPU: 1 UID: 0 PID: 12262 Comm: kworker/u8:25 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 915.640672][T12262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 915.640683][T12262] Workqueue: writeback wb_workfn (flush-7:0) [ 915.640712][T12262] Call Trace: [ 915.640719][T12262] [ 915.640727][T12262] dump_stack_lvl+0x189/0x250 [ 915.640758][T12262] ? __pfx_dump_stack_lvl+0x10/0x10 [ 915.640780][T12262] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 915.640803][T12262] ? __pfx_queue_work_on+0x10/0x10 [ 915.640827][T12262] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 915.640849][T12262] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 915.640873][T12262] ? f2fs_hw_is_readonly+0x39b/0x470 [ 915.640900][T12262] f2fs_handle_critical_error+0x37c/0x540 [ 915.640927][T12262] f2fs_write_end_io+0x495/0x810 [ 915.640949][T12262] ? blkg_put+0x22/0x240 [ 915.640985][T12262] __submit_merged_bio+0x27a/0x6a0 [ 915.641012][T12262] __submit_merged_write_cond+0x255/0x530 [ 915.641039][T12262] f2fs_write_data_pages+0x261d/0x3000 [ 915.641094][T12262] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 915.641138][T12262] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 915.641198][T12262] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 915.641219][T12262] ? look_up_lock_class+0x74/0x170 [ 915.641254][T12262] ? trace_f2fs_writepages+0x7f/0x200 [ 915.641276][T12262] ? f2fs_write_node_pages+0x478/0x6e0 [ 915.641301][T12262] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 915.641336][T12262] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 915.641360][T12262] do_writepages+0x32e/0x550 [ 915.641389][T12262] ? reacquire_held_locks+0x127/0x1d0 [ 915.641411][T12262] ? writeback_sb_inodes+0x384/0x1010 [ 915.641443][T12262] __writeback_single_inode+0x145/0xff0 [ 915.641466][T12262] ? do_raw_spin_unlock+0x122/0x240 [ 915.641488][T12262] writeback_sb_inodes+0x6c7/0x1010 [ 915.641536][T12262] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 915.641596][T12262] ? rcu_is_watching+0x15/0xb0 [ 915.641628][T12262] wb_writeback+0x43b/0xaf0 [ 915.641659][T12262] ? queue_io+0x3d1/0x590 [ 915.641685][T12262] ? __pfx_wb_writeback+0x10/0x10 [ 915.641716][T12262] ? _raw_spin_unlock_irq+0x23/0x50 [ 915.641744][T12262] wb_workfn+0x409/0xef0 [ 915.641779][T12262] ? __pfx_wb_workfn+0x10/0x10 [ 915.641804][T12262] ? __lock_acquire+0xab9/0xd20 [ 915.641835][T12262] ? process_scheduled_works+0x9ef/0x17b0 [ 915.641863][T12262] ? _raw_spin_unlock_irq+0x23/0x50 [ 915.641884][T12262] ? process_scheduled_works+0x9ef/0x17b0 [ 915.641904][T12262] ? process_scheduled_works+0x9ef/0x17b0 [ 915.641928][T12262] process_scheduled_works+0xae1/0x17b0 [ 915.641980][T12262] ? __pfx_process_scheduled_works+0x10/0x10 [ 915.642020][T12262] worker_thread+0x8a0/0xda0 [ 915.642070][T12262] kthread+0x70e/0x8a0 [ 915.642091][T12262] ? __pfx_worker_thread+0x10/0x10 [ 915.642118][T12262] ? __pfx_kthread+0x10/0x10 [ 915.642136][T12262] ? _raw_spin_unlock_irq+0x23/0x50 [ 915.642157][T12262] ? lockdep_hardirqs_on+0x9c/0x150 [ 915.642179][T12262] ? __pfx_kthread+0x10/0x10 [ 915.642196][T12262] ret_from_fork+0x3fc/0x770 [ 915.642221][T12262] ? __pfx_ret_from_fork+0x10/0x10 [ 915.642249][T12262] ? __switch_to_asm+0x39/0x70 [ 915.642264][T12262] ? __switch_to_asm+0x33/0x70 [ 915.642279][T12262] ? __pfx_kthread+0x10/0x10 [ 915.642297][T12262] ret_from_fork_asm+0x1a/0x30 [ 915.642330][T12262] [ 915.642338][T12262] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 915.823920][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 916.659256][T14475] overlayfs: failed to clone upperpath [ 916.858859][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 917.513513][T14478] fuse: Unknown parameter 'user_i00000000000000000000' [ 917.799404][T14485] fuse: Bad value for 'group_id' [ 917.804808][T14485] fuse: Bad value for 'group_id' [ 917.898660][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 918.413765][T14497] loop9: detected capacity change from 0 to 7 [ 918.421886][T14497] buffer_io_error: 4 callbacks suppressed [ 918.421938][T14497] Buffer I/O error on dev loop9, logical block 0, async page read [ 918.435902][T14497] Buffer I/O error on dev loop9, logical block 0, async page read [ 918.444128][T14497] Buffer I/O error on dev loop9, logical block 0, async page read [ 918.452108][T14497] Buffer I/O error on dev loop9, logical block 0, async page read [ 918.472220][T14497] Buffer I/O error on dev loop9, logical block 0, async page read [ 918.483698][T14497] Buffer I/O error on dev loop9, logical block 0, async page read [ 918.494792][T14497] Buffer I/O error on dev loop9, logical block 0, async page read [ 918.505321][T14497] ldm_validate_partition_table(): Disk read failed. [ 918.512941][T14497] Buffer I/O error on dev loop9, logical block 0, async page read [ 918.528052][T14497] Buffer I/O error on dev loop9, logical block 0, async page read [ 918.537080][T14497] Buffer I/O error on dev loop9, logical block 0, async page read [ 918.560697][T14497] Dev loop9: unable to read RDB block 0 [ 918.570650][T14497] loop9: unable to read partition table [ 918.578221][T14497] loop9: partition table beyond EOD, truncated [ 918.584719][T14497] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 918.584719][T14497] ) failed (rc=-5) [ 918.938634][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 919.244329][T14495] loop0: detected capacity change from 0 to 40427 [ 919.305563][T14495] F2FS-fs (loop0): invalid crc value [ 919.367104][T14495] F2FS-fs (loop0): Start checkpoint disabled! [ 919.384154][T14495] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 919.786662][T14514] overlayfs: failed to clone upperpath [ 919.978520][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 921.018912][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 921.200226][T14524] fuse: Unknown parameter 'user_id00000000000000000000' [ 921.383612][T12263] kworker/u8:26: attempt to access beyond end of device [ 921.383612][T12263] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 921.414906][T14529] fuse: Bad value for 'group_id' [ 921.423634][T12263] CPU: 1 UID: 0 PID: 12263 Comm: kworker/u8:26 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 921.423659][T12263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 921.423671][T12263] Workqueue: writeback wb_workfn (flush-7:0) [ 921.423700][T12263] Call Trace: [ 921.423707][T12263] [ 921.423716][T12263] dump_stack_lvl+0x189/0x250 [ 921.423745][T12263] ? __pfx_dump_stack_lvl+0x10/0x10 [ 921.423766][T12263] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 921.423788][T12263] ? __pfx_queue_work_on+0x10/0x10 [ 921.423812][T12263] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 921.423836][T12263] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 921.423858][T12263] ? f2fs_hw_is_readonly+0x39b/0x470 [ 921.423884][T12263] f2fs_handle_critical_error+0x37c/0x540 [ 921.423912][T12263] f2fs_write_end_io+0x495/0x810 [ 921.423933][T12263] ? blkg_put+0x22/0x240 [ 921.423972][T12263] __submit_merged_bio+0x27a/0x6a0 [ 921.424000][T12263] __submit_merged_write_cond+0x255/0x530 [ 921.424032][T12263] f2fs_write_data_pages+0x261d/0x3000 [ 921.424095][T12263] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 921.424134][T12263] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 921.424210][T12263] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 921.424233][T12263] ? look_up_lock_class+0x74/0x170 [ 921.424268][T12263] ? trace_f2fs_writepages+0x7f/0x200 [ 921.424290][T12263] ? f2fs_write_node_pages+0x478/0x6e0 [ 921.424318][T12263] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 921.424357][T12263] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 921.424379][T12263] do_writepages+0x32e/0x550 [ 921.424408][T12263] ? reacquire_held_locks+0x127/0x1d0 [ 921.424429][T12263] ? writeback_sb_inodes+0x384/0x1010 [ 921.424462][T12263] __writeback_single_inode+0x145/0xff0 [ 921.424486][T12263] ? do_raw_spin_unlock+0x122/0x240 [ 921.424509][T12263] writeback_sb_inodes+0x6c7/0x1010 [ 921.424563][T12263] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 921.424649][T12263] ? rcu_is_watching+0x15/0xb0 [ 921.424684][T12263] wb_writeback+0x43b/0xaf0 [ 921.424716][T12263] ? queue_io+0x3d1/0x590 [ 921.424742][T12263] ? __pfx_wb_writeback+0x10/0x10 [ 921.424773][T12263] ? _raw_spin_unlock_irq+0x23/0x50 [ 921.424802][T12263] wb_workfn+0x409/0xef0 [ 921.424840][T12263] ? __pfx_wb_workfn+0x10/0x10 [ 921.424865][T12263] ? __lock_acquire+0xab9/0xd20 [ 921.424897][T12263] ? process_scheduled_works+0x9ef/0x17b0 [ 921.424925][T12263] ? _raw_spin_unlock_irq+0x23/0x50 [ 921.424945][T12263] ? process_scheduled_works+0x9ef/0x17b0 [ 921.424964][T12263] ? process_scheduled_works+0x9ef/0x17b0 [ 921.424987][T12263] process_scheduled_works+0xae1/0x17b0 [ 921.425043][T12263] ? __pfx_process_scheduled_works+0x10/0x10 [ 921.425085][T12263] worker_thread+0x8a0/0xda0 [ 921.425138][T12263] kthread+0x70e/0x8a0 [ 921.425158][T12263] ? __pfx_worker_thread+0x10/0x10 [ 921.425179][T12263] ? __pfx_kthread+0x10/0x10 [ 921.425205][T12263] ? _raw_spin_unlock_irq+0x23/0x50 [ 921.425226][T12263] ? lockdep_hardirqs_on+0x9c/0x150 [ 921.425247][T12263] ? __pfx_kthread+0x10/0x10 [ 921.425266][T12263] ret_from_fork+0x3fc/0x770 [ 921.425290][T12263] ? __pfx_ret_from_fork+0x10/0x10 [ 921.425319][T12263] ? __switch_to_asm+0x39/0x70 [ 921.425335][T12263] ? __switch_to_asm+0x33/0x70 [ 921.425349][T12263] ? __pfx_kthread+0x10/0x10 [ 921.425367][T12263] ret_from_fork_asm+0x1a/0x30 [ 921.425399][T12263] [ 921.426935][T12263] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 921.437293][T14529] fuse: Bad value for 'group_id' [ 922.058427][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 923.098434][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 924.138289][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 924.236888][T14556] overlayfs: failed to clone upperpath [ 924.321533][T14551] loop3: detected capacity change from 0 to 32768 [ 924.328544][T14551] XFS: ikeep mount option is deprecated. [ 924.745282][T14551] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 925.188299][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 925.474106][T14551] XFS (loop3): Ending clean mount [ 925.484009][T14551] XFS (loop3): Quotacheck needed: Please wait. [ 925.682780][T14551] XFS (loop3): Quotacheck: Done. [ 926.215186][ T5846] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 926.218176][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 927.183677][T14593] loop3: detected capacity change from 0 to 40427 [ 927.208309][T14593] F2FS-fs (loop3): invalid crc value [ 927.268181][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 927.336501][T14593] F2FS-fs (loop3): Start checkpoint disabled! [ 927.348274][T14593] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 927.525994][T14597] fuse: Bad value for 'group_id' [ 927.542379][T14597] fuse: Bad value for 'group_id' [ 928.308094][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 929.348224][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 930.102671][T12249] kworker/u8:9: attempt to access beyond end of device [ 930.102671][T12249] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 930.155452][T12249] CPU: 0 UID: 0 PID: 12249 Comm: kworker/u8:9 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 930.155478][T12249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 930.155490][T12249] Workqueue: writeback wb_workfn (flush-7:3) [ 930.155526][T12249] Call Trace: [ 930.155534][T12249] [ 930.155541][T12249] dump_stack_lvl+0x189/0x250 [ 930.155569][T12249] ? __pfx_dump_stack_lvl+0x10/0x10 [ 930.155590][T12249] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 930.155612][T12249] ? __pfx_queue_work_on+0x10/0x10 [ 930.155636][T12249] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 930.155660][T12249] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 930.155684][T12249] ? f2fs_hw_is_readonly+0x39b/0x470 [ 930.155711][T12249] f2fs_handle_critical_error+0x37c/0x540 [ 930.155738][T12249] f2fs_write_end_io+0x495/0x810 [ 930.155759][T12249] ? blkg_put+0x22/0x240 [ 930.155794][T12249] __submit_merged_bio+0x27a/0x6a0 [ 930.155821][T12249] __submit_merged_write_cond+0x255/0x530 [ 930.155850][T12249] f2fs_write_data_pages+0x261d/0x3000 [ 930.155908][T12249] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 930.155928][T12249] ? __local_bh_enable_ip+0x12d/0x1c0 [ 930.155964][T12249] ? rcu_is_watching+0x15/0xb0 [ 930.156062][T12249] ? unwind_next_frame+0xa5/0x2390 [ 930.156084][T12249] ? unwind_next_frame+0x19ae/0x2390 [ 930.156108][T12249] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 930.156132][T12249] do_writepages+0x32e/0x550 [ 930.156160][T12249] ? reacquire_held_locks+0x127/0x1d0 [ 930.156182][T12249] ? writeback_sb_inodes+0x384/0x1010 [ 930.156214][T12249] __writeback_single_inode+0x145/0xff0 [ 930.156237][T12249] ? do_raw_spin_unlock+0x122/0x240 [ 930.156258][T12249] writeback_sb_inodes+0x6c7/0x1010 [ 930.156308][T12249] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 930.156374][T12249] ? rcu_is_watching+0x15/0xb0 [ 930.156405][T12249] wb_writeback+0x43b/0xaf0 [ 930.156437][T12249] ? queue_io+0x3d1/0x590 [ 930.156462][T12249] ? __pfx_wb_writeback+0x10/0x10 [ 930.156494][T12249] ? _raw_spin_unlock_irq+0x23/0x50 [ 930.156528][T12249] wb_workfn+0x409/0xef0 [ 930.156565][T12249] ? __pfx_wb_workfn+0x10/0x10 [ 930.156590][T12249] ? __lock_acquire+0xab9/0xd20 [ 930.156622][T12249] ? process_scheduled_works+0x9ef/0x17b0 [ 930.156650][T12249] ? _raw_spin_unlock_irq+0x23/0x50 [ 930.156671][T12249] ? process_scheduled_works+0x9ef/0x17b0 [ 930.156691][T12249] ? process_scheduled_works+0x9ef/0x17b0 [ 930.156715][T12249] process_scheduled_works+0xae1/0x17b0 [ 930.156768][T12249] ? __pfx_process_scheduled_works+0x10/0x10 [ 930.156808][T12249] worker_thread+0x8a0/0xda0 [ 930.156858][T12249] kthread+0x70e/0x8a0 [ 930.156879][T12249] ? __pfx_worker_thread+0x10/0x10 [ 930.156900][T12249] ? __pfx_kthread+0x10/0x10 [ 930.156919][T12249] ? _raw_spin_unlock_irq+0x23/0x50 [ 930.156940][T12249] ? lockdep_hardirqs_on+0x9c/0x150 [ 930.156962][T12249] ? __pfx_kthread+0x10/0x10 [ 930.156980][T12249] ret_from_fork+0x3fc/0x770 [ 930.157005][T12249] ? __pfx_ret_from_fork+0x10/0x10 [ 930.157033][T12249] ? __switch_to_asm+0x39/0x70 [ 930.157048][T12249] ? __switch_to_asm+0x33/0x70 [ 930.157064][T12249] ? __pfx_kthread+0x10/0x10 [ 930.157081][T12249] ret_from_fork_asm+0x1a/0x30 [ 930.157114][T12249] [ 930.397943][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 930.402513][T12249] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 931.139654][T14633] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2496'. [ 931.417963][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 931.924443][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.934429][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.457833][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 933.497828][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 934.537705][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 935.579450][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 936.617614][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 937.657616][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 938.697476][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 939.737612][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 940.777507][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 941.129204][T14720] loop0: detected capacity change from 0 to 40427 [ 941.149485][T14720] F2FS-fs (loop0): invalid crc value [ 941.225025][T14718] loop5: detected capacity change from 0 to 4096 [ 941.226370][T14720] F2FS-fs (loop0): Start checkpoint disabled! [ 941.247576][T14720] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 941.390240][T14730] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 941.817419][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 941.847670][T12268] kworker/u8:31: attempt to access beyond end of device [ 941.847670][T12268] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 941.992627][T12268] CPU: 0 UID: 0 PID: 12268 Comm: kworker/u8:31 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 941.992655][T12268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 941.992667][T12268] Workqueue: writeback wb_workfn (flush-7:0) [ 941.992692][T12268] Call Trace: [ 941.992700][T12268] [ 941.992708][T12268] dump_stack_lvl+0x189/0x250 [ 941.992740][T12268] ? __pfx_dump_stack_lvl+0x10/0x10 [ 941.992762][T12268] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 941.992785][T12268] ? __pfx_queue_work_on+0x10/0x10 [ 941.992811][T12268] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 941.992833][T12268] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 941.992858][T12268] ? f2fs_hw_is_readonly+0x39b/0x470 [ 941.992887][T12268] f2fs_handle_critical_error+0x37c/0x540 [ 941.992918][T12268] f2fs_write_end_io+0x495/0x810 [ 941.992940][T12268] ? blkg_put+0x22/0x240 [ 941.992978][T12268] __submit_merged_bio+0x27a/0x6a0 [ 941.993008][T12268] __submit_merged_write_cond+0x255/0x530 [ 941.993039][T12268] f2fs_write_data_pages+0x261d/0x3000 [ 941.993105][T12268] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 941.993146][T12268] ? rcu_is_watching+0x15/0xb0 [ 941.993281][T12268] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 941.993305][T12268] do_writepages+0x32e/0x550 [ 941.993337][T12268] ? reacquire_held_locks+0x127/0x1d0 [ 941.993359][T12268] ? writeback_sb_inodes+0x384/0x1010 [ 941.993394][T12268] __writeback_single_inode+0x145/0xff0 [ 941.993418][T12268] ? do_raw_spin_unlock+0x122/0x240 [ 941.993440][T12268] writeback_sb_inodes+0x6c7/0x1010 [ 941.993498][T12268] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 941.993576][T12268] ? rcu_is_watching+0x15/0xb0 [ 941.993614][T12268] wb_writeback+0x43b/0xaf0 [ 941.993648][T12268] ? queue_io+0x3d1/0x590 [ 941.993672][T12268] ? __pfx_wb_writeback+0x10/0x10 [ 941.993703][T12268] ? _raw_spin_unlock_irq+0x23/0x50 [ 941.993730][T12268] wb_workfn+0x409/0xef0 [ 941.993766][T12268] ? __pfx_wb_workfn+0x10/0x10 [ 941.993786][T12268] ? __lock_acquire+0xab9/0xd20 [ 941.993813][T12268] ? process_scheduled_works+0x9ef/0x17b0 [ 941.993841][T12268] ? _raw_spin_unlock_irq+0x23/0x50 [ 941.993859][T12268] ? process_scheduled_works+0x9ef/0x17b0 [ 941.993876][T12268] ? process_scheduled_works+0x9ef/0x17b0 [ 941.993899][T12268] process_scheduled_works+0xae1/0x17b0 [ 941.993951][T12268] ? __pfx_process_scheduled_works+0x10/0x10 [ 941.993987][T12268] worker_thread+0x8a0/0xda0 [ 941.994008][T12268] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 941.994035][T12268] ? __kthread_parkme+0x7b/0x200 [ 941.994065][T12268] kthread+0x70e/0x8a0 [ 941.994083][T12268] ? __pfx_worker_thread+0x10/0x10 [ 941.994100][T12268] ? __pfx_kthread+0x10/0x10 [ 941.994116][T12268] ? _raw_spin_unlock_irq+0x23/0x50 [ 941.994133][T12268] ? lockdep_hardirqs_on+0x9c/0x150 [ 941.994152][T12268] ? __pfx_kthread+0x10/0x10 [ 941.994168][T12268] ret_from_fork+0x3fc/0x770 [ 941.994189][T12268] ? __pfx_ret_from_fork+0x10/0x10 [ 941.994214][T12268] ? __switch_to_asm+0x39/0x70 [ 941.994235][T12268] ? __switch_to_asm+0x33/0x70 [ 941.994247][T12268] ? __pfx_kthread+0x10/0x10 [ 941.994263][T12268] ret_from_fork_asm+0x1a/0x30 [ 941.994296][T12268] [ 942.327329][T12268] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 942.857312][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 943.045057][T14739] loop5: detected capacity change from 0 to 2048 [ 943.094735][T14739] loop5: p1 < > p3 p4 < > [ 943.101218][T14739] loop5: p3 start 4284289 is beyond EOD, truncated [ 943.897251][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 943.951432][T14747] loop5: detected capacity change from 0 to 256 [ 944.937121][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 945.977127][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 947.017014][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 947.111196][T12250] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 947.432614][T10446] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 947.445839][T10446] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 947.462871][T10446] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 947.463554][T14773] overlayfs: failed to resolve './file0': -2 [ 947.472041][T10446] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 947.497084][T10446] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 947.611744][T12250] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 948.057020][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 948.590977][T12250] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 949.097017][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 949.667759][T10446] Bluetooth: hci1: command tx timeout [ 950.136929][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 950.316343][T12250] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 950.650233][T14809] loop3: detected capacity change from 0 to 64 [ 950.675097][T14809] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 950.785553][T14778] chnl_net:caif_netlink_parms(): no params data found [ 951.176775][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 951.211587][T14821] loop3: detected capacity change from 0 to 40427 [ 951.227559][T14821] F2FS-fs (loop3): invalid crc value [ 951.232249][T12250] bridge_slave_1: left allmulticast mode [ 951.239233][T12250] bridge_slave_1: left promiscuous mode [ 951.248460][T12250] bridge0: port 2(bridge_slave_1) entered disabled state [ 951.341420][T12250] bridge_slave_0: left allmulticast mode [ 951.347480][T12250] bridge_slave_0: left promiscuous mode [ 951.355853][T12250] bridge0: port 1(bridge_slave_0) entered disabled state [ 951.737714][ T31] INFO: task kworker/1:4:5902 blocked for more than 143 seconds. [ 951.746562][ T31] Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 [ 951.755200][T10446] Bluetooth: hci1: command tx timeout [ 951.772356][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 951.781146][ T31] task:kworker/1:4 state:D stack:22856 pid:5902 tgid:5902 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 951.793743][ T31] Workqueue: events_power_efficient hub_init_func3 [ 951.800941][ T31] Call Trace: [ 951.923018][ T31] [ 951.926079][ T31] __schedule+0x16f5/0x4d00 [ 951.931452][T14821] F2FS-fs (loop3): Start checkpoint disabled! [ 951.935144][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 951.943198][ T31] ? schedule+0x165/0x360 [ 951.943282][T14821] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 951.947767][ T31] ? __pfx___schedule+0x10/0x10 [ 951.961551][ T31] ? schedule+0x91/0x360 [ 951.965828][ T31] schedule+0x165/0x360 [ 951.971408][ T31] schedule_preempt_disabled+0x13/0x30 [ 951.977057][ T31] __mutex_lock+0x724/0xe80 [ 951.981712][ T31] ? __mutex_lock+0x51b/0xe80 [ 951.986476][ T31] ? hub_activate+0xb7/0x1ea0 [ 951.991375][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 951.996488][ T31] ? __lock_acquire+0xab9/0xd20 [ 952.001920][ T31] hub_activate+0xb7/0x1ea0 [ 952.006516][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 952.015741][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 952.022319][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 952.031043][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 952.038264][ T31] process_scheduled_works+0xae1/0x17b0 [ 952.046491][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 952.058277][ T31] worker_thread+0x8a0/0xda0 [ 952.062991][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 952.070737][ T31] ? __kthread_parkme+0x7b/0x200 [ 952.079476][ T31] kthread+0x70e/0x8a0 [ 952.083729][ T31] ? __pfx_worker_thread+0x10/0x10 [ 952.090405][ T31] ? __pfx_kthread+0x10/0x10 [ 952.095162][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 952.103394][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 952.110970][ T31] ? __pfx_kthread+0x10/0x10 [ 952.115656][ T31] ret_from_fork+0x3fc/0x770 [ 952.123357][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 952.130087][ T31] ? __switch_to_asm+0x39/0x70 [ 952.135008][ T31] ? __switch_to_asm+0x33/0x70 [ 952.143056][ T31] ? __pfx_kthread+0x10/0x10 [ 952.150510][ T31] ret_from_fork_asm+0x1a/0x30 [ 952.164828][ T31] [ 952.167935][ T31] INFO: task kworker/1:3:9214 blocked for more than 143 seconds. [ 952.176323][ T31] Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 [ 952.183637][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 952.192382][ T31] task:kworker/1:3 state:D stack:21864 pid:9214 tgid:9214 ppid:2 task_flags:0x4288060 flags:0x00004000 [ 952.204672][ T31] Workqueue: usb_hub_wq hub_event [ 952.210046][ T31] Call Trace: [ 952.213329][ T31] [ 952.216384][ T31] __schedule+0x16f5/0x4d00 [ 952.216821][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 952.229509][ T31] ? schedule+0x165/0x360 [ 952.236855][ T31] ? __pfx___schedule+0x10/0x10 [ 952.241852][ T31] ? preempt_schedule_common+0x83/0xd0 [ 952.248998][ T31] ? __pfx_preempt_schedule+0x10/0x10 [ 952.254393][ T31] ? schedule+0x91/0x360 [ 952.258757][ T31] schedule+0x165/0x360 [ 952.262932][ T31] schedule_timeout+0x9a/0x270 [ 952.268139][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 952.274816][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 952.280059][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 952.285273][ T31] ? wait_for_completion+0x267/0x5d0 [ 952.290638][ T31] wait_for_completion+0x2bf/0x5d0 [ 952.295882][ T31] ? __pfx_wait_for_completion+0x10/0x10 [ 952.316711][ T31] ? __flush_work+0xd2/0xbc0 [ 952.321343][ T31] ? __flush_work+0xd2/0xbc0 [ 952.325923][ T31] __flush_work+0x9b9/0xbc0 [ 952.346670][ T31] ? __flush_work+0xd2/0xbc0 [ 952.351287][ T31] ? __pfx___flush_work+0x10/0x10 [ 952.356308][ T31] ? __pfx_wq_barrier_func+0x10/0x10 [ 952.376676][ T31] ? __queue_work+0xc56/0xfb0 [ 952.381394][ T31] ? flush_delayed_work+0x11d/0x190 [ 952.386603][ T31] flush_delayed_work+0x13e/0x190 [ 952.396672][ T31] ? __pfx_flush_delayed_work+0x10/0x10 [ 952.402233][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 952.426663][ T31] ? usb_hcd_flush_endpoint+0x3e9/0x400 [ 952.432231][ T31] hub_quiesce+0x1f0/0x330 [ 952.446664][ T31] hub_disconnect+0xc8/0x470 [ 952.451281][ T31] usb_unbind_interface+0x26b/0x910 [ 952.456478][ T31] ? __pfx_usb_unbind_interface+0x10/0x10 [ 952.476770][ T31] device_release_driver_internal+0x4d6/0x7c0 [ 952.483454][ T31] bus_remove_device+0x34d/0x410 [ 952.496914][ T31] device_del+0x511/0x8e0 [ 952.501273][ T31] ? kfree+0x18e/0x440 [ 952.505345][ T31] ? __pfx_device_del+0x10/0x10 [ 952.526764][ T31] ? kobject_put+0x446/0x480 [ 952.531396][ T31] usb_disable_device+0x3e9/0x8a0 [ 952.536428][ T31] usb_disconnect+0x330/0x950 [ 952.556862][ T31] hub_event+0x1cdb/0x4a00 [ 952.561312][ T31] ? do_raw_spin_lock+0x121/0x290 [ 952.566321][ T31] ? register_lock_class+0x51/0x320 [ 952.586676][ T31] ? __pfx_hub_event+0x10/0x10 [ 952.591492][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 952.606659][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 952.611884][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 952.626648][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 952.632387][ T31] process_scheduled_works+0xae1/0x17b0 [ 952.646683][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 952.652711][ T31] worker_thread+0x8a0/0xda0 [ 952.676662][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 952.683591][ T31] ? __kthread_parkme+0x7b/0x200 [ 952.694017][ T31] kthread+0x70e/0x8a0 [ 952.698208][ T31] ? __pfx_worker_thread+0x10/0x10 [ 952.703328][ T31] ? __pfx_kthread+0x10/0x10 [ 952.708138][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 952.713354][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 952.718898][ T31] ? __pfx_kthread+0x10/0x10 [ 952.723500][ T31] ret_from_fork+0x3fc/0x770 [ 952.728368][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 952.733500][ T31] ? __switch_to_asm+0x39/0x70 [ 952.738287][ T31] ? __switch_to_asm+0x33/0x70 [ 952.743057][ T31] ? __pfx_kthread+0x10/0x10 [ 952.747681][ T31] ret_from_fork_asm+0x1a/0x30 [ 952.752455][ T31] [ 952.755508][ T31] [ 952.755508][ T31] Showing all locks held in the system: [ 952.763248][ T31] 1 lock held by khungtaskd/31: [ 952.768152][ T31] #0: ffffffff8e13bee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 952.778089][ T31] 2 locks held by getty/5593: [ 952.782835][ T31] #0: ffff88814d46a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 952.793728][ T31] #1: ffffc9000331b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 952.803875][ T31] 5 locks held by kworker/0:3/5824: [ 952.809096][ T31] #0: ffff8880212a5548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 952.820457][ T31] #1: ffffc9000403fbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 952.832549][ T31] #2: ffff88802819a198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 [ 952.841605][ T31] #3: ffff8880116c3198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x950 [ 952.850772][ T31] #4: ffff8880116c7160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x7c0 [ 952.861354][ T31] 3 locks held by kworker/1:4/5902: [ 952.866533][ T31] #0: ffff88801a482148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 952.878927][ T31] #1: ffffc900044bfbc0 ((work_completion)(&(&hub->init_work)->work)#2){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 952.892701][ T31] #2: ffff88802705b198 (&dev->mutex){....}-{4:4}, at: hub_activate+0xb7/0x1ea0 [ 952.901825][ T31] 3 locks held by kworker/0:5/5930: [ 952.907060][ T31] #0: ffff88801a482148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 952.919489][ T31] #1: ffffc90004ecfbc0 ((work_completion)(&(&hub->init_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 952.932617][ T31] #2: ffff8880116c3198 (&dev->mutex){....}-{4:4}, at: hub_activate+0xb7/0x1ea0 [ 952.944967][ T31] 3 locks held by kworker/u8:12/7168: [ 952.950574][ T31] #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 952.962295][ T31] #1: ffffc9001c027bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 952.973263][ T31] #2: ffffffff8f516c88 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 952.982258][ T31] 5 locks held by kworker/1:3/9214: [ 952.987465][ T31] #0: ffff8880212a5548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 952.999508][ T31] #1: ffffc9000c147bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 953.011406][ T31] #2: ffff8880283ed198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 [ 953.020801][ T31] #3: ffff88802705b198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x950 [ 953.030302][ T31] #4: ffff88807fd93160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x7c0 [ 953.040898][ T31] 5 locks held by kworker/u8:17/12250: [ 953.046339][ T31] #0: ffff88801b2fe948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 953.057418][ T31] #1: ffffc90003eafbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 953.067978][ T31] #2: ffffffff8f509fd0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 953.077340][ T31] #3: ffffffff8f516c88 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x2a4/0x990 [ 953.086375][ T31] #4: ffffffff8e1419f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730 [ 953.097808][ T31] 1 lock held by kworker/u8:31/12268: [ 953.103181][ T31] #0: ffff8880b8739f58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 953.113122][ T31] 3 locks held by kworker/1:7/13705: [ 953.118565][ T31] #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 953.129927][ T31] #1: ffffc9000caa7bc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 953.141080][ T31] #2: ffffffff8f516c88 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 953.151611][ T31] 2 locks held by syz-executor/14778: [ 953.157050][ T31] #0: ffffffff8fa1aed8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 953.166658][ T31] #1: ffffffff8f516c88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 953.175856][ T31] [ 953.186614][ T31] ============================================= [ 953.186614][ T31] [ 953.195589][ T31] NMI backtrace for cpu 0 [ 953.195606][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 953.195627][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 953.195637][ T31] Call Trace: [ 953.195644][ T31] [ 953.195652][ T31] dump_stack_lvl+0x189/0x250 [ 953.195678][ T31] ? __wake_up_klogd+0xd9/0x110 [ 953.195698][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 953.195727][ T31] ? __pfx__printk+0x10/0x10 [ 953.195759][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 953.195783][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 953.195800][ T31] ? _printk+0xcf/0x120 [ 953.195820][ T31] ? __pfx__printk+0x10/0x10 [ 953.195831][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 953.195844][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 953.195861][ T31] watchdog+0xfee/0x1030 [ 953.195880][ T31] ? watchdog+0x1de/0x1030 [ 953.195903][ T31] kthread+0x70e/0x8a0 [ 953.195922][ T31] ? __pfx_watchdog+0x10/0x10 [ 953.195938][ T31] ? __pfx_kthread+0x10/0x10 [ 953.195950][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 953.195963][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 953.195978][ T31] ? __pfx_kthread+0x10/0x10 [ 953.195987][ T31] ret_from_fork+0x3fc/0x770 [ 953.196001][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 953.196015][ T31] ? __switch_to_asm+0x39/0x70 [ 953.196024][ T31] ? __switch_to_asm+0x33/0x70 [ 953.196032][ T31] ? __pfx_kthread+0x10/0x10 [ 953.196041][ T31] ret_from_fork_asm+0x1a/0x30 [ 953.196058][ T31] [ 953.196062][ T31] Sending NMI from CPU 0 to CPUs 1: [ 953.259714][ C1] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 953.262303][ C1] NMI backtrace for cpu 1 [ 953.262315][ C1] CPU: 1 UID: 0 PID: 12250 Comm: kworker/u8:17 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 953.262333][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 953.262344][ C1] Workqueue: netns cleanup_net [ 953.262372][ C1] RIP: 0010:__asan_memset+0x0/0x50 [ 953.262392][ C1] Code: 48 8b 0c 24 ba 01 00 00 00 e9 bc e4 ff ff 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 55 41 56 53 48 89 d3 89 f5 49 89 fe 48 8b 4c 24 18 48 [ 953.262405][ C1] RSP: 0018:ffffc90000a075b8 EFLAGS: 00000246 [ 953.262417][ C1] RAX: ffffffff8b6c0365 RBX: ffffffff8b8b72e0 RCX: ffff88802c6fbc00 [ 953.262429][ C1] RDX: 0000000000000018 RSI: 0000000000000000 RDI: ffffc90000a07620 [ 953.262439][ C1] RBP: ffffc90000a076b0 R08: ffffc90000a0782f R09: 0000000000000000 [ 953.262450][ C1] R10: ffffc90000a07800 R11: fffff52000140f06 R12: 1ffff92000140ec0 [ 953.262461][ C1] R13: dffffc0000000000 R14: ffffc90000a07800 R15: ffffc90000a07620 [ 953.262473][ C1] FS: 0000000000000000(0000) GS:ffff888125d1d000(0000) knlGS:0000000000000000 [ 953.262485][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 953.262495][ C1] CR2: 000000110c2b1509 CR3: 0000000050d12000 CR4: 00000000003526f0 [ 953.262509][ C1] Call Trace: [ 953.262516][ C1] [ 953.262521][ C1] sprintf+0xa4/0x120 [ 953.262543][ C1] ? __pfx_sprintf+0x10/0x10 [ 953.262561][ C1] ? desc_read+0x208/0x3f0 [ 953.262583][ C1] info_print_prefix+0x155/0x310 [ 953.262600][ C1] ? __pfx_info_print_prefix+0x10/0x10 [ 953.262614][ C1] ? _prb_read_valid+0xa7b/0xa90 [ 953.262631][ C1] ? desc_read+0x1b8/0x3f0 [ 953.262652][ C1] record_print_text+0x154/0x430 [ 953.262675][ C1] ? __pfx__prb_read_valid+0x10/0x10 [ 953.262693][ C1] ? __pfx_record_print_text+0x10/0x10 [ 953.262714][ C1] ? this_cpu_in_panic+0x4f/0x80 [ 953.262736][ C1] printk_get_next_message+0x26d/0x7b0 [ 953.262761][ C1] ? __pfx_printk_get_next_message+0x10/0x10 [ 953.262782][ C1] ? __lock_acquire+0xab9/0xd20 [ 953.262804][ C1] ? console_flush_all+0x13a/0xc40 [ 953.262820][ C1] ? console_flush_all+0x476/0xc40 [ 953.262836][ C1] console_flush_all+0x4ca/0xc40 [ 953.262851][ C1] ? console_flush_all+0x13a/0xc40 [ 953.262865][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 953.262886][ C1] ? __pfx_console_flush_all+0x10/0x10 [ 953.262904][ C1] ? is_printk_cpu_sync_owner+0x32/0x40 [ 953.262921][ C1] console_unlock+0xc4/0x270 [ 953.262941][ C1] ? __pfx_console_unlock+0x10/0x10 [ 953.262970][ C1] ? vprintk_emit+0x444/0x7a0 [ 953.262987][ C1] ? vprintk_emit+0x444/0x7a0 [ 953.263006][ C1] vprintk_emit+0x5b7/0x7a0 [ 953.263023][ C1] ? vprintk_emit+0x444/0x7a0 [ 953.263042][ C1] ? __pfx_vprintk_emit+0x10/0x10 [ 953.263064][ C1] ? ___ratelimit+0x622/0xab0 [ 953.263087][ C1] _printk+0xcf/0x120 [ 953.263106][ C1] ? __pfx__printk+0x10/0x10 [ 953.263123][ C1] ? ip_vs_proto_name+0x81/0xe0 [ 953.263145][ C1] ? ip_vs_scheduler_err+0x27c/0x3a0 [ 953.263166][ C1] ip_vs_wrr_schedule+0x43e/0x4c0 [ 953.263185][ C1] ? __lock_acquire+0xab9/0xd20 [ 953.263207][ C1] ip_vs_schedule+0xa0a/0x1c80 [ 953.263232][ C1] ? __ip_vs_conn_in_get+0xa3e/0xaa0 [ 953.263248][ C1] ? ip_vs_conn_out_get+0x9c/0xa70 [ 953.263266][ C1] ? __pfx_ip_vs_schedule+0x10/0x10 [ 953.263285][ C1] ? __ip_vs_conn_in_get+0x99/0xaa0 [ 953.263303][ C1] ? __pfx___ip_vs_conn_in_get+0x10/0x10 [ 953.263325][ C1] ? ip_vs_conn_in_get_proto+0x363/0x4d0 [ 953.263343][ C1] ? ip_vs_service_find+0xd4b/0xf00 [ 953.263362][ C1] udp_conn_schedule+0x332/0x710 [ 953.263382][ C1] ? __pfx_udp_conn_schedule+0x10/0x10 [ 953.263401][ C1] ? ipt_do_table+0x13dd/0x1640 [ 953.263418][ C1] ip_vs_in_hook+0xc06/0x1be0 [ 953.263443][ C1] ? ip_vs_out_hook+0x9b5/0xef0 [ 953.263461][ C1] ? __pfx_ip_vs_in_hook+0x10/0x10 [ 953.263491][ C1] ? nf_nat_ipv4_local_fn+0x1de/0x540 [ 953.263510][ C1] ? __pfx_ip_vs_in_hook+0x10/0x10 [ 953.263530][ C1] nf_hook_slow+0xc2/0x220 [ 953.263546][ C1] nf_hook+0x217/0x380 [ 953.263563][ C1] ? nf_hook+0x9d/0x380 [ 953.263578][ C1] ? __pfx_nf_hook+0x10/0x10 [ 953.263594][ C1] ? __pfx_dst_output+0x10/0x10 [ 953.263610][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 953.263629][ C1] ? ip_fast_csum+0x1ee/0x2b0 [ 953.263651][ C1] __ip_local_out+0x4db/0x600 [ 953.263665][ C1] ? __pfx_dst_output+0x10/0x10 [ 953.263682][ C1] ip_local_out+0x26/0x70 [ 953.263699][ C1] iptunnel_xmit+0x592/0xa40 [ 953.263726][ C1] udp_tunnel_xmit_skb+0x26e/0x3c0 [ 953.263751][ C1] tipc_udp_xmit+0x7bd/0xaa0 [ 953.263771][ C1] ? tipc_crypto_xmit+0x1e2/0x23a0 [ 953.263787][ C1] ? tipc_udp_xmit+0xa4/0xaa0 [ 953.263802][ C1] ? __pfx_tipc_udp_xmit+0x10/0x10 [ 953.263819][ C1] ? tipc_net+0x45/0x270 [ 953.263843][ C1] ? tipc_udp_send_msg+0x2a6/0x3f0 [ 953.263861][ C1] tipc_bearer_xmit_skb+0x2b3/0x400 [ 953.263882][ C1] ? tipc_bearer_xmit_skb+0xa9/0x400 [ 953.263901][ C1] ? __pfx_tipc_bearer_xmit_skb+0x10/0x10 [ 953.263927][ C1] tipc_disc_timeout+0x580/0x6d0 [ 953.263949][ C1] ? __pfx_tipc_disc_timeout+0x10/0x10 [ 953.263981][ C1] call_timer_fn+0x17b/0x5f0 [ 953.263997][ C1] ? __pfx_tipc_disc_timeout+0x10/0x10 [ 953.264015][ C1] ? call_timer_fn+0xbe/0x5f0 [ 953.264030][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 953.264050][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 953.264068][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 953.264086][ C1] ? __pfx_tipc_disc_timeout+0x10/0x10 [ 953.264105][ C1] __run_timer_base+0x61a/0x860 [ 953.264120][ C1] ? ktime_get+0x3e/0x1f0 [ 953.264144][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 953.264158][ C1] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 953.264186][ C1] run_timer_softirq+0xb7/0x180 [ 953.264201][ C1] handle_softirqs+0x286/0x870 [ 953.264222][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 953.264242][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 953.264264][ C1] __irq_exit_rcu+0xca/0x1f0 [ 953.264281][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 953.264303][ C1] irq_exit_rcu+0x9/0x30 [ 953.264319][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 953.264338][ C1] [ 953.264344][ C1] [ 953.264349][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 953.264366][ C1] RIP: 0010:lockdep_unregister_key+0x2c5/0x310 [ 953.264383][ C1] Code: 65 48 8b 05 1d 73 02 11 48 3b 44 24 10 0f 84 26 fe ff ff e8 ed e1 d1 09 e8 18 e3 d1 09 41 f7 c7 00 02 00 00 74 bd fb 40 84 ed <75> bc eb cd 90 0f 0b 90 e9 19 ff ff ff 90 0f 0b 90 e9 2a ff ff ff [ 953.264395][ C1] RSP: 0018:ffffc90003eaf638 EFLAGS: 00000202 [ 953.264408][ C1] RAX: 5f31031c1e592f00 RBX: 0000000000000000 RCX: 5f31031c1e592f00 [ 953.264418][ C1] RDX: ffffffff9363e358 RSI: ffffffff8d9a65dc RDI: ffffffff8be31d00 [ 953.264429][ C1] RBP: ffff88807c0f8201 R08: 0000000000000000 R09: ffffffff81aaac58 [ 953.264440][ C1] R10: dffffc0000000000 R11: fffffbfff1f42e87 R12: 0000000000000000 [ 953.264450][ C1] R13: 0000000000001000 R14: 0000000000000000 R15: 0000000000000206 [ 953.264463][ C1] ? __is_module_percpu_address+0x28/0x3f0 [ 953.264491][ C1] __qdisc_destroy+0x166/0x420 [ 953.264507][ C1] dev_shutdown+0x34c/0x440 [ 953.264523][ C1] unregister_netdevice_many_notify+0xea7/0x2320 [ 953.264550][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 953.264572][ C1] ? irqentry_exit+0x74/0x90 [ 953.264591][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 953.264618][ C1] ops_undo_list+0x3dc/0x990 [ 953.264636][ C1] ? __pfx_ops_undo_list+0x10/0x10 [ 953.264656][ C1] cleanup_net+0x4c5/0x800 [ 953.264671][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 953.264687][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 953.264704][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 953.264722][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 953.264741][ C1] process_scheduled_works+0xae1/0x17b0 [ 953.264771][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 953.264797][ C1] worker_thread+0x8a0/0xda0 [ 953.264827][ C1] kthread+0x70e/0x8a0 [ 953.264842][ C1] ? __pfx_worker_thread+0x10/0x10 [ 953.264859][ C1] ? __pfx_kthread+0x10/0x10 [ 953.264874][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 953.264891][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 953.264909][ C1] ? __pfx_kthread+0x10/0x10 [ 953.264923][ C1] ret_from_fork+0x3fc/0x770 [ 953.264942][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 953.264967][ C1] ? __switch_to_asm+0x39/0x70 [ 953.264981][ C1] ? __switch_to_asm+0x33/0x70 [ 953.264994][ C1] ? __pfx_kthread+0x10/0x10 [ 953.265008][ C1] ret_from_fork_asm+0x1a/0x30 [ 953.265030][ C1] [ 953.265336][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 953.265350][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 953.265371][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 953.265381][ T31] Call Trace: [ 953.265390][ T31] [ 953.265397][ T31] dump_stack_lvl+0x99/0x250 [ 953.265423][ T31] ? __asan_memcpy+0x40/0x70 [ 953.265445][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 953.265469][ T31] ? __pfx__printk+0x10/0x10 [ 953.265498][ T31] panic+0x2db/0x790 [ 953.265526][ T31] ? __pfx_panic+0x10/0x10 [ 953.265549][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 953.265576][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 953.265596][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 953.265624][ T31] watchdog+0x102d/0x1030 [ 953.265646][ T31] ? watchdog+0x1de/0x1030 [ 953.265671][ T31] kthread+0x70e/0x8a0 [ 953.265691][ T31] ? __pfx_watchdog+0x10/0x10 [ 953.265755][ T31] ? __pfx_kthread+0x10/0x10 [ 953.265774][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 953.265796][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 953.265817][ T31] ? __pfx_kthread+0x10/0x10 [ 953.265834][ T31] ret_from_fork+0x3fc/0x770 [ 953.265857][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 953.265882][ T31] ? __switch_to_asm+0x39/0x70 [ 953.265898][ T31] ? __switch_to_asm+0x33/0x70 [ 953.265913][ T31] ? __pfx_kthread+0x10/0x10 [ 953.265931][ T31] ret_from_fork_asm+0x1a/0x30 [ 953.265960][ T31] [ 953.269838][ T31] Kernel Offset: disabled