last executing test programs: 17.688667967s ago: executing program 4 (id=258): timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x25, 0x800000000004}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 17.527994323s ago: executing program 4 (id=259): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x5b81, 0xfffffffffffffffe, 0x0, 0x7, 0x9, 0x0, 0x0, 0xde}) 17.340725385s ago: executing program 4 (id=261): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x300, 0x14}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x3c, 0x3a, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0xa200, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"4adcda08f6e83e2aa00e133f88a8349f246e"}}}}, 0x48) 16.856388265s ago: executing program 4 (id=265): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x1be) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000001c0)='./file0/file0\x00', 0x0, 0x31001, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x84000, 0x0) 16.697467937s ago: executing program 2 (id=267): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="040e04001120"], 0x7) 16.60465995s ago: executing program 4 (id=269): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x1, 0x6}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r1, 0x1, 0x6, @broadcast}, 0x10) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000440)={0x0, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x10) 16.260611148s ago: executing program 2 (id=272): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002bbd7000000000001000000008000600", @ANYRES32=r2, @ANYBLOB="08000300", @ANYRES32=r3, @ANYBLOB='\b\x00;'], 0x2c}}, 0x20004810) 16.115186966s ago: executing program 4 (id=274): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626", 0xa) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4140aecd, &(0x7f0000000040)) 16.095921074s ago: executing program 2 (id=275): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000e40)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10) socket$kcm(0x2, 0x200000000000001, 0x106) 15.478962418s ago: executing program 32 (id=274): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626", 0xa) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4140aecd, &(0x7f0000000040)) 15.436479975s ago: executing program 2 (id=277): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x78, 0x24, 0xf0b, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0xff, 0xec2, 0x5, 0x1, 0x400}, 0x10000, 0x1, 0x7ff, 0xe, 0xe, 0x14, 0x1f, 0x1b, 0x6, 0x2, {0x6, 0x19d, 0x7fff, 0x8, 0x7743, 0xfd1}}}}]}, 0x78}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 15.436088205s ago: executing program 2 (id=279): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000021c0)=0x1, 0x4) setsockopt(r0, 0x1, 0x10000000000009, &(0x7f0000000100)="0100ddff", 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f0000000040)=0x3e, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e1e, 0x0, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x2}, 0x1c) 11.653954725s ago: executing program 0 (id=293): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x34, r2, 0x60b, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x3}]}, 0x34}}, 0x40050) 11.232607608s ago: executing program 0 (id=295): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0) recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/153, 0x99}, {&(0x7f0000001c40)=""/4096, 0x1000}], 0x2}, 0x7}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000005c80)=""/4108, 0x100c}, {&(0x7f0000000440)=""/163, 0xa3}, {&(0x7f0000000340)=""/219, 0xdb}, {&(0x7f0000003c40)=""/4092, 0xffc}, {&(0x7f0000000240)=""/115, 0x73}, {&(0x7f00000018c0)=""/147, 0x93}], 0x6}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x6}], 0x5, 0x40018022, 0x0) 10.865435526s ago: executing program 3 (id=296): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000020c0)={@ipv4={'\x00', '\xff\xff', @empty}, 0x80, r2}) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000140)={@loopback, 0x80, r2}) 9.716629165s ago: executing program 1 (id=298): syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000140)={[{@nossd_spread}, {@nodatacow}, {@enospc_debug}, {@nossd}, {@nodatasum}, {@autodefrag}, {@user_subvol_rm}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=") r0 = open(&(0x7f0000000100)='./bus\x00', 0x14927e, 0x100) rename(&(0x7f0000001980)='./bus\x00', &(0x7f00000001c0)='./file1\x00') rename(0x0, 0x0) write$cgroup_int(r0, &(0x7f0000000380)=0xffffffffffffffff, 0x12) 9.106742229s ago: executing program 3 (id=299): r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x0, 0x0) ppoll(&(0x7f0000000100)=[{r0, 0x8408}], 0x1, 0x0, 0x0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = dup(r1) write$UHID_INPUT(r2, &(0x7f0000001040)={0xf, {"a2e3ad21ed1a09f91b48090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f390068090890e0878f0e1ac6e7049b074a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000095802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 8.955848104s ago: executing program 0 (id=300): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000300)={r2, 0x3, 0x9, 0x3, 0xffff, 0x800}, &(0x7f0000000340)=0x14) 8.144543058s ago: executing program 1 (id=301): r0 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0x68000000}, 0x0) r1 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e23, 0x0, @private1}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x18, 0x68000000}, 0x80fe) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x18, 0x68000000}, 0x80fe) 8.030194286s ago: executing program 3 (id=302): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000000)={0x5}) ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000280)={0x2, 0xfffffffa}) 7.830807163s ago: executing program 0 (id=303): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x6a855000) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xa0242, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) ioprio_set$pid(0x1, 0xffffffffffffffff, 0x0) 940.11247ms ago: executing program 5 (id=276): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, &(0x7f0000000000)=0x6}) 938.564852ms ago: executing program 0 (id=313): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1f0000000000000000000000000004"], 0x48) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 936.244825ms ago: executing program 1 (id=314): setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, "aeb81d8ee3a82d67eea9e5bdf2247481041a5b9cddbc936efc471c56ae3d5f6945d296a285858a891a3b4e7bff572ef69992da867f406182d70f47773434b8349435f2ad628d62a3b45bb98872fb1900"}, 0xd8) r0 = socket$inet6(0xa, 0x2, 0x3a) r1 = dup(r0) bind$unix(r1, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x8, 0x3a, 0x0, @remote, @local, {[], @echo_reply={0x81, 0x0, 0x0, 0x200}}}}}}, 0x0) 935.538674ms ago: executing program 3 (id=315): r0 = socket$inet(0x2, 0x802, 0x1) connect$inet(r0, &(0x7f0000002780)={0x2, 0x4e22, @remote}, 0x10) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000140)=0x2, 0x4) write(r0, &(0x7f0000000440)="08008edf773c8000", 0x8) recvmsg$inet_nvme(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x10002) 585.320175ms ago: executing program 5 (id=304): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f00000003c0)='wg1\x00', 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x74) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 584.170924ms ago: executing program 1 (id=317): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0) syz_emit_ethernet(0x7a, &(0x7f0000000600)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x16, 0x2, 0x0, 0x0, 0x1000, {[@window={0x3, 0x3, 0x6}, @generic={0x22, 0x4, "f0b2"}, @md5sig={0x13, 0x12, "2313a3101166d6c856214c013c019043"}, @generic={0x13, 0x4, "5d05"}, @sack={0x5, 0xe, [0x5, 0x3, 0x20]}, @sack={0x5, 0x16, [0xfffe, 0x8, 0x9, 0x17, 0xf46400]}]}}}}}}}, 0x0) 583.472738ms ago: executing program 3 (id=305): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b800294429118927"], 0xfdef) 372.559391ms ago: executing program 0 (id=306): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000600), 0x6828, 0x0) ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000000)={0x5, 0xe, 0xfff, 0x8, "c400523a6f29960fce66e2e7aadce2988b5ec056b7577f87586a324b565ffcbb"}) 343.793332ms ago: executing program 1 (id=307): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast2, @local}, 0xc) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000500)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000680)={0x5, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @dev}}}, 0x108) getsockopt$inet_buf(r0, 0x0, 0x29, &(0x7f0000000000)=""/145, &(0x7f0000695ffc)=0x24b) 152.828778ms ago: executing program 2 (id=279): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000021c0)=0x1, 0x4) setsockopt(r0, 0x1, 0x10000000000009, &(0x7f0000000100)="0100ddff", 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f0000000040)=0x3e, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e1e, 0x0, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x2}, 0x1c) 64.324ms ago: executing program 3 (id=308): r0 = syz_io_uring_setup(0x3b, &(0x7f00000001c0)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f00000018c0)=ANY=[@ANYBLOB=' '], 0x20}, 0x0, 0xe3d08660d3cd4684}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) io_uring_enter(r0, 0x92, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=309): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001640)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f42fc3199f000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af735ed41793bdf9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbc68223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f00001000000000eeff7c5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729eec082830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d424c14283a94395b64645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d620100000000000000494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd779a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9b0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000002684c2d8eb8cac98930fa6a893ca44c0f64c07a87eb7b05f56ca6c70cb3a0eb328a15fe96a88235155e6d64bd434f641ddf9db2245e47e5904453577895dd81d"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.233' (ED25519) to the list of known hosts. [ 84.743543][ T5821] cgroup: Unknown subsys name 'net' [ 84.874194][ T5821] cgroup: Unknown subsys name 'cpuset' [ 84.883387][ T5821] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.578365][ T5821] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.244835][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.260587][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.290559][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.301630][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.330319][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.401478][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.410431][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.421365][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.440286][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.449288][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.457799][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.465932][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.475045][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.482957][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.499573][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.503594][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.509255][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.522081][ T5833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.539240][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.547376][ T5833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.613053][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.630368][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.638265][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.647074][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.654953][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.123340][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 90.181412][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 90.427957][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.438605][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.448123][ T5831] bridge_slave_0: entered allmulticast mode [ 90.456926][ T5831] bridge_slave_0: entered promiscuous mode [ 90.487813][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.496558][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.503845][ T5831] bridge_slave_1: entered allmulticast mode [ 90.511213][ T5831] bridge_slave_1: entered promiscuous mode [ 90.557323][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 90.582289][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 90.594188][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.601728][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.608902][ T5838] bridge_slave_0: entered allmulticast mode [ 90.616752][ T5838] bridge_slave_0: entered promiscuous mode [ 90.665583][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.673910][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.681802][ T5838] bridge_slave_1: entered allmulticast mode [ 90.689095][ T5838] bridge_slave_1: entered promiscuous mode [ 90.729847][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.807828][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.839883][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.853063][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.933796][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 90.947680][ T5831] team0: Port device team_slave_0 added [ 90.985213][ T5838] team0: Port device team_slave_0 added [ 91.006199][ T5831] team0: Port device team_slave_1 added [ 91.035606][ T5838] team0: Port device team_slave_1 added [ 91.094095][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.101476][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.108740][ T5835] bridge_slave_0: entered allmulticast mode [ 91.116902][ T5835] bridge_slave_0: entered promiscuous mode [ 91.168680][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.177455][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.203744][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.216473][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.224641][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.232377][ T5835] bridge_slave_1: entered allmulticast mode [ 91.239658][ T5835] bridge_slave_1: entered promiscuous mode [ 91.276615][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.284000][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.291306][ T5843] bridge_slave_0: entered allmulticast mode [ 91.298617][ T5843] bridge_slave_0: entered promiscuous mode [ 91.308033][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.315283][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.322573][ T5843] bridge_slave_1: entered allmulticast mode [ 91.329921][ T5843] bridge_slave_1: entered promiscuous mode [ 91.344269][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.351313][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.377292][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.388651][ T5833] Bluetooth: hci0: command tx timeout [ 91.415303][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.422493][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.450925][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.527936][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.538588][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.546454][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.551035][ T51] Bluetooth: hci1: command tx timeout [ 91.576929][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.578284][ T5833] Bluetooth: hci2: command tx timeout [ 91.603156][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.620206][ T5833] Bluetooth: hci3: command tx timeout [ 91.647594][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.659949][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.697201][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.704742][ T5833] Bluetooth: hci4: command tx timeout [ 91.704924][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.717737][ T5847] bridge_slave_0: entered allmulticast mode [ 91.726732][ T5847] bridge_slave_0: entered promiscuous mode [ 91.788818][ T5831] hsr_slave_0: entered promiscuous mode [ 91.798817][ T5831] hsr_slave_1: entered promiscuous mode [ 91.820308][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.827505][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.835136][ T5847] bridge_slave_1: entered allmulticast mode [ 91.842618][ T5847] bridge_slave_1: entered promiscuous mode [ 91.878726][ T5835] team0: Port device team_slave_0 added [ 91.887873][ T5843] team0: Port device team_slave_0 added [ 91.934542][ T5838] hsr_slave_0: entered promiscuous mode [ 91.941505][ T5838] hsr_slave_1: entered promiscuous mode [ 91.949346][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.957199][ T5838] Cannot create hsr debugfs directory [ 91.967513][ T5835] team0: Port device team_slave_1 added [ 92.002818][ T5843] team0: Port device team_slave_1 added [ 92.024341][ T9] cfg80211: failed to load regulatory.db [ 92.091716][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.098759][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.125281][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.139156][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.146193][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.173149][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.201012][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.215220][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.302572][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.309633][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.335901][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.391381][ T5847] team0: Port device team_slave_0 added [ 92.405617][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.412792][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.439607][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.482526][ T5835] hsr_slave_0: entered promiscuous mode [ 92.489732][ T5835] hsr_slave_1: entered promiscuous mode [ 92.496259][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.504090][ T5835] Cannot create hsr debugfs directory [ 92.519935][ T5847] team0: Port device team_slave_1 added [ 92.615878][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.623138][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.653425][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.710357][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.717351][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.743462][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.780743][ T5843] hsr_slave_0: entered promiscuous mode [ 92.787183][ T5843] hsr_slave_1: entered promiscuous mode [ 92.794033][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.801952][ T5843] Cannot create hsr debugfs directory [ 92.912261][ T5847] hsr_slave_0: entered promiscuous mode [ 92.918806][ T5847] hsr_slave_1: entered promiscuous mode [ 92.926105][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.933909][ T5847] Cannot create hsr debugfs directory [ 93.175789][ T5831] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.222880][ T5831] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.267288][ T5831] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.282468][ T5831] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.402997][ T5838] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.435335][ T5838] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.449136][ T5838] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.460207][ T5833] Bluetooth: hci0: command tx timeout [ 93.479476][ T5838] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.555364][ T5843] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.577434][ T5843] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.601249][ T5843] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.613116][ T5843] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.620831][ T5833] Bluetooth: hci2: command tx timeout [ 93.622221][ T51] Bluetooth: hci1: command tx timeout [ 93.700307][ T51] Bluetooth: hci3: command tx timeout [ 93.764148][ T5835] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.776732][ T5835] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.783718][ T51] Bluetooth: hci4: command tx timeout [ 93.796595][ T5835] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.809487][ T5835] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.956240][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.968626][ T5847] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 93.995399][ T5847] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 94.015870][ T5847] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.027884][ T5847] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 94.049128][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.067468][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.105036][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.154382][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.161769][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.181625][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.207062][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.214321][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.229782][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.236986][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.255387][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.275975][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.283205][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.318918][ T1110] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.326140][ T1110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.365182][ T1110] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.372361][ T1110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.424327][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.459675][ T5843] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.517588][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.577968][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.585242][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.636850][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.644055][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.769285][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.907427][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.954798][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.962036][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.018727][ T1153] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.025984][ T1153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.112565][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.318423][ T5843] veth0_vlan: entered promiscuous mode [ 95.342983][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.355503][ T5843] veth1_vlan: entered promiscuous mode [ 95.374557][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.449879][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.523928][ T5843] veth0_macvtap: entered promiscuous mode [ 95.542091][ T51] Bluetooth: hci0: command tx timeout [ 95.558088][ T5843] veth1_macvtap: entered promiscuous mode [ 95.615450][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.628495][ T5831] veth0_vlan: entered promiscuous mode [ 95.658855][ T5835] veth0_vlan: entered promiscuous mode [ 95.675268][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.708657][ T51] Bluetooth: hci2: command tx timeout [ 95.708670][ T5833] Bluetooth: hci1: command tx timeout [ 95.739735][ T5843] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.749402][ T5843] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.759105][ T5843] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.769016][ T5843] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.793400][ T51] Bluetooth: hci3: command tx timeout [ 95.805107][ T5838] veth0_vlan: entered promiscuous mode [ 95.813076][ T5831] veth1_vlan: entered promiscuous mode [ 95.822865][ T5835] veth1_vlan: entered promiscuous mode [ 95.860481][ T51] Bluetooth: hci4: command tx timeout [ 95.874750][ T5838] veth1_vlan: entered promiscuous mode [ 95.899899][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.018144][ T5835] veth0_macvtap: entered promiscuous mode [ 96.046495][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.057783][ T5838] veth0_macvtap: entered promiscuous mode [ 96.064606][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.086516][ T5831] veth0_macvtap: entered promiscuous mode [ 96.098106][ T5835] veth1_macvtap: entered promiscuous mode [ 96.123031][ T5838] veth1_macvtap: entered promiscuous mode [ 96.134978][ T5831] veth1_macvtap: entered promiscuous mode [ 96.218485][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.243077][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.288219][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.304053][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.319442][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.328534][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.335547][ T5835] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.348483][ T5835] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.358965][ T5835] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.368073][ T5835] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.389624][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.404552][ T5838] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.413993][ T5838] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.423849][ T5838] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.433098][ T5838] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.453764][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.468049][ T5831] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.478000][ T5831] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.491299][ T5831] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.507247][ T5831] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.555507][ T5843] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.752397][ T5847] veth0_vlan: entered promiscuous mode [ 96.797486][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.824928][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.842774][ T5847] veth1_vlan: entered promiscuous mode [ 96.857619][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.870576][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.915487][ T1110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.934290][ T1110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.039376][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.057949][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.093720][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.122590][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.148152][ T5847] veth0_macvtap: entered promiscuous mode [ 97.194917][ T5847] veth1_macvtap: entered promiscuous mode [ 97.217222][ T5904] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.249004][ T5904] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.265647][ T5920] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 97.305840][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.370842][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.395223][ T5847] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.433874][ T5847] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.463653][ T5847] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.483119][ T5847] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.642678][ T51] Bluetooth: hci0: command tx timeout [ 97.711178][ T5926] loop3: detected capacity change from 0 to 8192 [ 97.768337][ T5918] loop1: detected capacity change from 0 to 40427 [ 97.777959][ T5926] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 97.794857][ T51] Bluetooth: hci1: command tx timeout [ 97.801071][ T5833] Bluetooth: hci2: command tx timeout [ 97.866712][ T51] Bluetooth: hci3: command tx timeout [ 97.887724][ T5918] F2FS-fs (loop1): inline encryption not supported [ 97.905337][ T5904] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.921322][ T5918] F2FS-fs (loop1): build fault injection rate: 690 [ 97.927924][ T5918] F2FS-fs (loop1): Image doesn't support compression [ 97.940688][ T51] Bluetooth: hci4: command tx timeout [ 97.950444][ T5918] F2FS-fs (loop1): Image doesn't support compression [ 97.958999][ T5929] netlink: 104 bytes leftover after parsing attributes in process `syz.0.7'. [ 97.962582][ T5904] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.984959][ T5918] F2FS-fs (loop1): build fault injection type: 0x4 [ 97.996899][ T5918] F2FS-fs (loop1): invalid crc value [ 98.014810][ T5929] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 98.073528][ T5929] netlink: 104 bytes leftover after parsing attributes in process `syz.0.7'. [ 98.111649][ T5929] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 98.269578][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.310102][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.414391][ T5918] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 98.673395][ T5918] syz.1.2: attempt to access beyond end of device [ 98.673395][ T5918] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 98.728470][ T5918] CPU: 0 UID: 0 PID: 5918 Comm: syz.1.2 Not tainted 6.15.0-rc7-next-20250522-syzkaller #0 PREEMPT(full) [ 98.728501][ T5918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 98.728527][ T5918] Call Trace: [ 98.728537][ T5918] [ 98.728546][ T5918] dump_stack_lvl+0x189/0x250 [ 98.728581][ T5918] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.728602][ T5918] ? __pfx_queue_work_on+0x10/0x10 [ 98.728621][ T5918] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 98.728654][ T5918] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 98.728699][ T5918] f2fs_handle_critical_error+0x37c/0x540 [ 98.728735][ T5918] f2fs_write_end_io+0x5b8/0x7e0 [ 98.728766][ T5918] ? __submit_merged_bio+0x251/0x6a0 [ 98.728807][ T5918] __submit_merged_bio+0x27a/0x6a0 [ 98.728840][ T5918] __submit_merged_write_cond+0x255/0x530 [ 98.728874][ T5918] f2fs_write_data_pages+0x261d/0x3000 [ 98.728942][ T5918] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 98.729056][ T5918] ? __lock_acquire+0xab9/0xd20 [ 98.729098][ T5918] ? do_raw_spin_lock+0x121/0x290 [ 98.729137][ T5918] ? do_raw_spin_unlock+0x122/0x240 [ 98.729162][ T5918] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 98.729192][ T5918] do_writepages+0x32e/0x550 [ 98.729239][ T5918] ? do_raw_spin_unlock+0x122/0x240 [ 98.729268][ T5918] filemap_fdatawrite+0x191/0x230 [ 98.729289][ T5918] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 98.729363][ T5918] ? do_raw_spin_unlock+0x122/0x240 [ 98.729393][ T5918] f2fs_sync_dirty_inodes+0x31f/0x830 [ 98.729441][ T5918] f2fs_write_checkpoint+0x94a/0x1de0 [ 98.729505][ T5918] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 98.729584][ T5918] ? __pfx_down_write+0x10/0x10 [ 98.729618][ T5918] f2fs_issue_checkpoint+0x328/0x490 [ 98.729652][ T5918] ? __pfx_f2fs_issue_checkpoint+0x10/0x10 [ 98.729681][ T5918] ? __lock_acquire+0xab9/0xd20 [ 98.729725][ T5918] ? __up_read+0x280/0x680 [ 98.729753][ T5918] ? f2fs_sync_fs+0x200/0x3d0 [ 98.729779][ T5918] f2fs_do_sync_file+0x86a/0x1860 [ 98.729820][ T5918] ? __pfx_f2fs_do_sync_file+0x10/0x10 [ 98.729901][ T5918] ? __pfx_down_write+0x10/0x10 [ 98.729926][ T5918] ? sb_start_write+0x114/0x1c0 [ 98.729956][ T5918] ? mnt_want_write_file+0x164/0x200 [ 98.729988][ T5918] __f2fs_ioctl+0x485a/0xb610 [ 98.730032][ T5918] ? do_vfs_ioctl+0xe80/0x1990 [ 98.730075][ T5918] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 98.730115][ T5918] ? kasan_quarantine_put+0xdd/0x220 [ 98.730153][ T5918] ? __pfx___f2fs_ioctl+0x10/0x10 [ 98.730177][ T5918] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 98.730209][ T5918] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 98.730238][ T5918] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 98.730265][ T5918] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 98.730295][ T5918] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 98.730347][ T5918] ? rcu_is_watching+0x15/0xb0 [ 98.730389][ T5918] ? lockdep_hardirqs_on+0x9c/0x150 [ 98.730425][ T5918] ? f2fs_ioctl+0x135/0x250 [ 98.730445][ T5918] ? __pfx_f2fs_ioctl+0x10/0x10 [ 98.730464][ T5918] __se_sys_ioctl+0xfc/0x170 [ 98.730499][ T5918] do_syscall_64+0xfa/0x3b0 [ 98.730520][ T5918] ? lockdep_hardirqs_on+0x9c/0x150 [ 98.730539][ T5918] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.730559][ T5918] ? clear_bhb_loop+0x60/0xb0 [ 98.730585][ T5918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.730605][ T5918] RIP: 0033:0x7fbf31d8e969 [ 98.730634][ T5918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.730652][ T5918] RSP: 002b:00007fbf32c78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 98.730676][ T5918] RAX: ffffffffffffffda RBX: 00007fbf31fb5fa0 RCX: 00007fbf31d8e969 [ 98.730691][ T5918] RDX: 0000000000000000 RSI: 000000000000f502 RDI: 0000000000000004 [ 98.730704][ T5918] RBP: 00007fbf31e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 98.730716][ T5918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 98.730729][ T5918] R13: 0000000000000000 R14: 00007fbf31fb5fa0 R15: 00007fffb1f08218 [ 98.730764][ T5918] [ 99.170173][ T5918] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 99.752567][ T5934] loop2: detected capacity change from 0 to 65536 [ 99.867875][ T5934] XFS (loop2): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 100.008545][ T5934] XFS (loop2): Ending clean mount [ 100.370805][ T5835] XFS (loop2): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 101.163192][ T5948] loop4: detected capacity change from 0 to 40427 [ 101.174765][ T5948] F2FS-fs (loop4): Invalid segment/section count (31 != 24 * 1) [ 101.236806][ T5948] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 101.328602][ T5948] F2FS-fs (loop4): heap/no_heap options were deprecated [ 101.392359][ T5948] F2FS-fs (loop4): invalid crc value [ 101.729915][ T5948] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 101.763551][ T5948] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 102.001737][ T5910] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 102.075423][ T30] audit: type=1800 audit(1747918960.387:2): pid=5948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.12" name="file1" dev="loop4" ino=10 res=0 errno=0 [ 102.187142][ T5948] syz.4.12: attempt to access beyond end of device [ 102.187142][ T5948] loop4: rw=2049, sector=53248, nr_sectors = 800 limit=40427 [ 102.230611][ T5910] usb 2-1: config 0 has no interfaces? [ 102.257980][ T5910] usb 2-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice=90.11 [ 102.282369][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.309967][ T5910] usb 2-1: Product: syz [ 102.328924][ T5910] usb 2-1: Manufacturer: syz [ 102.340488][ T5910] usb 2-1: SerialNumber: syz [ 102.358147][ T5948] syz.4.12: attempt to access beyond end of device [ 102.358147][ T5948] loop4: rw=2049, sector=53288, nr_sectors = 96 limit=40427 [ 102.394475][ T5910] usb 2-1: config 0 descriptor?? [ 102.478262][ T5847] syz-executor: attempt to access beyond end of device [ 102.478262][ T5847] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 102.493960][ T5847] CPU: 0 UID: 0 PID: 5847 Comm: syz-executor Not tainted 6.15.0-rc7-next-20250522-syzkaller #0 PREEMPT(full) [ 102.493999][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 102.494011][ T5847] Call Trace: [ 102.494020][ T5847] [ 102.494029][ T5847] dump_stack_lvl+0x189/0x250 [ 102.494060][ T5847] ? __pfx_dump_stack_lvl+0x10/0x10 [ 102.494081][ T5847] ? __pfx_queue_work_on+0x10/0x10 [ 102.494099][ T5847] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 102.494130][ T5847] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 102.494177][ T5847] f2fs_handle_critical_error+0x37c/0x540 [ 102.494213][ T5847] f2fs_write_end_io+0x5b8/0x7e0 [ 102.494241][ T5847] ? __submit_merged_bio+0x251/0x6a0 [ 102.494282][ T5847] __submit_merged_bio+0x27a/0x6a0 [ 102.494315][ T5847] __submit_merged_write_cond+0x255/0x530 [ 102.494348][ T5847] f2fs_write_data_pages+0x261d/0x3000 [ 102.494424][ T5847] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 102.494448][ T5847] ? is_bpf_text_address+0x26/0x2b0 [ 102.494483][ T5847] ? check_noncircular+0xe0/0x160 [ 102.494503][ T5847] ? __bfs+0x154/0x2a0 [ 102.494568][ T5847] ? check_path+0x21/0x40 [ 102.494585][ T5847] ? check_noncircular+0xe0/0x160 [ 102.494668][ T5847] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 102.494699][ T5847] do_writepages+0x32e/0x550 [ 102.494747][ T5847] ? do_raw_spin_unlock+0x122/0x240 [ 102.494778][ T5847] filemap_fdatawrite+0x191/0x230 [ 102.494800][ T5847] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 102.494880][ T5847] ? preempt_schedule_thunk+0x16/0x30 [ 102.494918][ T5847] f2fs_sync_dirty_inodes+0x31f/0x830 [ 102.494977][ T5847] f2fs_write_checkpoint+0x94a/0x1de0 [ 102.495040][ T5847] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 102.495132][ T5847] ? call_rcu+0x6dd/0x990 [ 102.495151][ T5847] ? kill_f2fs_super+0x298/0x6c0 [ 102.495189][ T5847] kill_f2fs_super+0x2c3/0x6c0 [ 102.495228][ T5847] ? __pfx_kill_f2fs_super+0x10/0x10 [ 102.495255][ T5847] ? radix_tree_delete_item+0x2b6/0x400 [ 102.495297][ T5847] ? shrinker_free+0x2ce/0x3e0 [ 102.495327][ T5847] deactivate_locked_super+0xb9/0x130 [ 102.495359][ T5847] cleanup_mnt+0x425/0x4c0 [ 102.495387][ T5847] ? lockdep_hardirqs_on+0x9c/0x150 [ 102.495410][ T5847] task_work_run+0x1d4/0x260 [ 102.495439][ T5847] ? __pfx_task_work_run+0x10/0x10 [ 102.495462][ T5847] ? __x64_sys_umount+0x122/0x160 [ 102.495490][ T5847] ? exit_to_user_mode_loop+0x40/0x110 [ 102.495524][ T5847] exit_to_user_mode_loop+0xec/0x110 [ 102.495554][ T5847] do_syscall_64+0x2bd/0x3b0 [ 102.495573][ T5847] ? lockdep_hardirqs_on+0x9c/0x150 [ 102.495591][ T5847] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.495611][ T5847] ? clear_bhb_loop+0x60/0xb0 [ 102.495637][ T5847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.495656][ T5847] RIP: 0033:0x7fa78938fc97 [ 102.495675][ T5847] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 102.495691][ T5847] RSP: 002b:00007ffff1c3eec8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 102.495712][ T5847] RAX: 0000000000000000 RBX: 00007fa78941089d RCX: 00007fa78938fc97 [ 102.495725][ T5847] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffff1c3ef80 [ 102.495738][ T5847] RBP: 00007ffff1c3ef80 R08: 0000000000000000 R09: 0000000000000000 [ 102.495749][ T5847] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffff1c40010 [ 102.495763][ T5847] R13: 00007fa78941089d R14: 0000000000018fde R15: 00007ffff1c40050 [ 102.495800][ T5847] [ 102.496123][ T5847] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 102.988186][ T6002] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.998605][ T6002] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.074327][ T5910] usb 2-1: USB disconnect, device number 2 [ 103.333045][ T51] block nbd2: Receive control failed (result -104) [ 103.334153][ T5999] block nbd2: shutting down sockets [ 103.455886][ T6006] loop0: detected capacity change from 0 to 1024 [ 103.542871][ T6004] loop3: detected capacity change from 0 to 32768 [ 103.579055][ T6006] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.592085][ T6006] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.617171][ T6004] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 103.714163][ T6006] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 103.757172][ T6006] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 103.832081][ T6006] EXT4-fs (loop0): This should not happen!! Data will be lost [ 103.832081][ T6006] [ 103.893107][ T6006] EXT4-fs (loop0): Total free blocks count 0 [ 103.915730][ T6006] EXT4-fs (loop0): Free/Dirty block details [ 103.925793][ T6026] syz.1.36 uses obsolete (PF_INET,SOCK_PACKET) [ 103.938623][ T6006] EXT4-fs (loop0): free_blocks=4293918720 [ 103.965314][ T6006] EXT4-fs (loop0): dirty_blocks=16 [ 103.980473][ T6004] XFS (loop3): Ending clean mount [ 103.993927][ T6006] EXT4-fs (loop0): Block reservation details [ 104.028096][ T6004] XFS (loop3): Quotacheck needed: Please wait. [ 104.066761][ T6006] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 104.134297][ T6004] XFS (loop3): Quotacheck: Done. [ 104.205966][ T1168] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 104.436125][ T6037] loop4: detected capacity change from 0 to 2048 [ 104.517126][ T5838] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 104.541995][ T6037] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.556341][ T6037] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 104.806409][ T6048] loop1: detected capacity change from 0 to 512 [ 104.850454][ T6048] ======================================================= [ 104.850454][ T6048] WARNING: The mand mount option has been deprecated and [ 104.850454][ T6048] and is ignored by this kernel. Remove the mand [ 104.850454][ T6048] option from the mount to silence this warning. [ 104.850454][ T6048] ======================================================= [ 104.885354][ C0] vkms_vblank_simulate: vblank timer overrun [ 104.916005][ T6040] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 345: padding at end of block bitmap is not set [ 105.050192][ T6048] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 105.122512][ T6048] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.45: invalid indirect mapped block 4294967295 (level 1) [ 105.145678][ T6048] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.45: invalid indirect mapped block 4294967295 (level 1) [ 105.178633][ T6048] EXT4-fs (loop1): 2 truncates cleaned up [ 105.236589][ T6048] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.340263][ T6051] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 105.502134][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.217933][ T6055] loop3: detected capacity change from 0 to 32768 [ 106.263305][ T5886] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 106.309365][ T6067] smc: net device bond0 applied user defined pnetid SYZ0 [ 106.331599][ T6055] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 106.430957][ T5886] usb 2-1: Using ep0 maxpacket: 32 [ 106.463314][ T5886] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 106.504723][ T6055] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 106.534114][ T5886] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 106.585281][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 106.609232][ T5886] usb 2-1: Product: syz [ 106.627999][ T5886] usb 2-1: Manufacturer: syz [ 106.643110][ T5886] usb 2-1: SerialNumber: syz [ 106.665118][ T5886] usb 2-1: config 0 descriptor?? [ 106.683784][ T6063] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 106.703071][ T5886] hub 2-1:0.0: bad descriptor, ignoring hub [ 106.719462][ T5886] hub 2-1:0.0: probe with driver hub failed with error -5 [ 106.739524][ T6055] syz.3.42 (6055) used greatest stack depth: 19848 bytes left [ 106.879572][ T5838] ocfs2: Unmounting device (7,3) on (node local) [ 107.346359][ T6065] loop2: detected capacity change from 0 to 32768 [ 107.411658][ T6063] usb 2-1: reset high-speed USB device number 3 using dummy_hcd [ 107.444813][ T6065] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 107.574251][ T6063] usb 2-1: device firmware changed [ 107.584011][ T5848] usb 2-1: USB disconnect, device number 3 [ 107.722051][ T6065] XFS (loop2): Ending clean mount [ 107.766766][ T5848] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 107.957510][ T6076] loop0: detected capacity change from 0 to 32768 [ 107.970504][ T5848] usb 2-1: Using ep0 maxpacket: 32 [ 107.988596][ T5835] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 107.995633][ T5848] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 108.019273][ T6076] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 108.023362][ T5848] usb 2-1: string descriptor 0 read error: -22 [ 108.060216][ T5848] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 108.069329][ T5848] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 108.099231][ T5848] usb 2-1: config 0 descriptor?? [ 108.106804][ T6073] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 108.126812][ T5848] hub 2-1:0.0: bad descriptor, ignoring hub [ 108.136525][ T5848] hub 2-1:0.0: probe with driver hub failed with error -5 [ 108.165039][ T6076] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 108.519125][ T5847] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.530485][ T5848] usb 2-1: USB disconnect, device number 4 [ 108.787362][ T5831] ocfs2: Unmounting device (7,0) on (node local) [ 109.234160][ T6108] loop2: detected capacity change from 0 to 2048 [ 109.345579][ T6114] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 109.347081][ T6108] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 109.515398][ T6116] loop4: detected capacity change from 0 to 4096 [ 109.628082][ T6120] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 109.681220][ T6116] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 648518346341351424 [ 109.705465][ T6116] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=12) [ 109.754490][ T6116] Remounting filesystem read-only [ 109.773661][ T6116] NILFS (loop4): error -5 truncating bmap (ino=12) [ 109.866849][ T5847] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 110.007281][ T6102] loop3: detected capacity change from 0 to 40427 [ 110.110326][ T6102] F2FS-fs (loop3): build fault injection rate: 690 [ 110.135227][ T6102] F2FS-fs (loop3): Image doesn't support compression [ 110.176577][ T6102] F2FS-fs (loop3): heap/no_heap options were deprecated [ 110.220609][ T6102] F2FS-fs (loop3): Image doesn't support compression [ 110.304199][ T6102] F2FS-fs (loop3): invalid crc value [ 110.470686][ T6131] loop4: detected capacity change from 0 to 2048 [ 110.544933][ T6131] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 110.686984][ T6102] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 110.860842][ T6102] syz.3.60: attempt to access beyond end of device [ 110.860842][ T6102] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 110.883566][ T6118] loop0: detected capacity change from 0 to 32768 [ 110.908203][ T6102] syz.3.60: attempt to access beyond end of device [ 110.908203][ T6102] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 110.975707][ T5838] syz-executor: attempt to access beyond end of device [ 110.975707][ T5838] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 110.993096][ T5838] CPU: 0 UID: 0 PID: 5838 Comm: syz-executor Not tainted 6.15.0-rc7-next-20250522-syzkaller #0 PREEMPT(full) [ 110.993123][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 110.993136][ T5838] Call Trace: [ 110.993144][ T5838] [ 110.993153][ T5838] dump_stack_lvl+0x189/0x250 [ 110.993183][ T5838] ? __pfx_dump_stack_lvl+0x10/0x10 [ 110.993203][ T5838] ? __pfx_queue_work_on+0x10/0x10 [ 110.993221][ T5838] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 110.993252][ T5838] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 110.993306][ T5838] f2fs_handle_critical_error+0x37c/0x540 [ 110.993343][ T5838] f2fs_write_end_io+0x5b8/0x7e0 [ 110.993372][ T5838] ? __submit_merged_bio+0x251/0x6a0 [ 110.993416][ T5838] __submit_merged_bio+0x27a/0x6a0 [ 110.993451][ T5838] __submit_merged_write_cond+0x255/0x530 [ 110.993486][ T5838] f2fs_write_data_pages+0x261d/0x3000 [ 110.993561][ T5838] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 110.993647][ T5838] ? __mod_zone_page_state+0xd7/0x140 [ 110.993680][ T5838] ? folios_put_refs+0x560/0x640 [ 110.993718][ T5838] ? __pfx_folios_put_refs+0x10/0x10 [ 110.993743][ T5838] ? rcu_is_watching+0x15/0xb0 [ 110.993771][ T5838] ? __lock_acquire+0xab9/0xd20 [ 110.993820][ T5838] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 110.993850][ T5838] do_writepages+0x32e/0x550 [ 110.993898][ T5838] ? do_raw_spin_unlock+0x122/0x240 [ 110.993929][ T5838] filemap_fdatawrite+0x191/0x230 [ 110.993950][ T5838] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 110.994035][ T5838] ? do_raw_spin_unlock+0x122/0x240 [ 110.994065][ T5838] f2fs_sync_dirty_inodes+0x31f/0x830 [ 110.994116][ T5838] f2fs_write_checkpoint+0x94a/0x1de0 [ 110.994178][ T5838] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 110.994281][ T5838] ? kill_f2fs_super+0x298/0x6c0 [ 110.994318][ T5838] kill_f2fs_super+0x2c3/0x6c0 [ 110.994356][ T5838] ? __pfx_kill_f2fs_super+0x10/0x10 [ 110.994383][ T5838] ? radix_tree_delete_item+0x2b6/0x400 [ 110.994424][ T5838] ? shrinker_free+0x2ce/0x3e0 [ 110.994454][ T5838] deactivate_locked_super+0xb9/0x130 [ 110.994487][ T5838] cleanup_mnt+0x425/0x4c0 [ 110.994516][ T5838] ? lockdep_hardirqs_on+0x9c/0x150 [ 110.994539][ T5838] task_work_run+0x1d4/0x260 [ 110.994570][ T5838] ? __pfx_task_work_run+0x10/0x10 [ 110.994593][ T5838] ? __x64_sys_umount+0x122/0x160 [ 110.994620][ T5838] ? exit_to_user_mode_loop+0x40/0x110 [ 110.994655][ T5838] exit_to_user_mode_loop+0xec/0x110 [ 110.994685][ T5838] do_syscall_64+0x2bd/0x3b0 [ 110.994704][ T5838] ? lockdep_hardirqs_on+0x9c/0x150 [ 110.994723][ T5838] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.994743][ T5838] ? clear_bhb_loop+0x60/0xb0 [ 110.994769][ T5838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.994788][ T5838] RIP: 0033:0x7f742118fc97 [ 110.994807][ T5838] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 110.994824][ T5838] RSP: 002b:00007ffe4abb02d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 110.994845][ T5838] RAX: 0000000000000000 RBX: 00007f742121089d RCX: 00007f742118fc97 [ 110.994858][ T5838] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe4abb0390 [ 110.994871][ T5838] RBP: 00007ffe4abb0390 R08: 0000000000000000 R09: 0000000000000000 [ 110.994883][ T5838] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe4abb1420 [ 110.994896][ T5838] R13: 00007f742121089d R14: 000000000001b0d8 R15: 00007ffe4abb1460 [ 110.994933][ T5838] [ 110.994942][ T5838] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 111.150505][ T6118] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 111.451777][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 111.481529][ T6118] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 111.629109][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 111.647930][ T6118] __find_get_block_slow() failed. block=2810246167479189504, b_blocknr=0, b_state=0x00000019, b_size=512, device loop0 blocksize: 512 [ 111.670436][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 111.695689][ T9] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 111.708610][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 111.712986][ T6118] grow_buffers: requested out-of-range block 2810246167479189504 for device loop0 [ 111.725906][ T9] usb 5-1: SerialNumber: syz [ 111.760261][ T6118] (syz.0.66,6118,1):ocfs2_read_blocks_sync:112 ERROR: status = -12 [ 111.770176][ T6118] (syz.0.66,6118,0):ocfs2_group_add:503 ERROR: Can't read the group descriptor # 2810246167479189504 from the device. [ 111.902866][ T5831] ocfs2: Unmounting device (7,0) on (node local) [ 111.974391][ T9] usb 5-1: 0:2 : does not exist [ 112.095020][ T9] usb 5-1: USB disconnect, device number 2 [ 112.218912][ T5836] udevd[5836]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 112.382329][ T6150] loop2: detected capacity change from 0 to 32768 [ 112.446062][ T6150] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 112.587730][ T6150] XFS (loop2): Ending clean mount [ 112.662264][ T6150] XFS (loop2): Quotacheck needed: Please wait. [ 112.781406][ T6165] loop1: detected capacity change from 0 to 16 [ 112.828142][ T6150] XFS (loop2): Quotacheck: Done. [ 112.866874][ T6165] erofs (device loop1): rootino(nid 36) is not a directory(i_mode 145700) [ 112.956296][ T6169] loop3: detected capacity change from 0 to 512 [ 113.008342][ T6169] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 113.076084][ T6169] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 113.136715][ T5835] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 113.208246][ T6169] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 113.295275][ T6169] EXT4-fs (loop3): 1 truncate cleaned up [ 113.366972][ T6169] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.664001][ T6179] loop1: detected capacity change from 0 to 32768 [ 113.759973][ T6179] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 113.811721][ T6179] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fix_errors=yes,norecovery,version_upgrade=none [ 113.811721][ T6179] allowing incompatible features above 0.0: (unknown version) [ 113.811721][ T6179] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 113.847462][ T5838] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.852645][ T6179] bcachefs (loop1): recovering from clean shutdown, journal seq 10 [ 113.869468][ T6179] bcachefs (loop1): Version upgrade required: [ 113.869468][ T6179] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 113.869468][ T6179] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 113.869468][ T6179] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 113.965132][ T6162] loop0: detected capacity change from 0 to 40427 [ 114.007673][ T6179] bcachefs (loop1): accounting_read... done [ 114.017254][ T6179] bcachefs (loop1): alloc_read... done [ 114.025057][ T6179] bcachefs (loop1): snapshots_read... done [ 114.031791][ T6179] bcachefs (loop1): check_allocations... [ 114.036241][ T6179] bcachefs (loop1): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 114.036272][ T6179] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 114.052499][ T6162] F2FS-fs (loop0): Invalid segment/section count (31 != 24 * 1) [ 114.077091][ T6179] bcachefs (loop1): bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 114.077112][ T6179] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 114.104045][ T6179] bcachefs (loop1): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 114.104066][ T6179] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 114.131081][ T6179] bcachefs (loop1): bucket 0:35 data type btree ptr gen 0 missing in alloc btree [ 114.131104][ T6179] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 114.158310][ T6179] bcachefs (loop1): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 114.158333][ T6179] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 114.184396][ T6179] bcachefs (loop1): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 114.194580][ T6179] bcachefs (loop1): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 114.208175][ T6179] bcachefs (loop1): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 114.218492][ T6179] bcachefs (loop1): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 114.230224][ T6179] bcachefs (loop1): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 114.240264][ T6179] bcachefs (loop1): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 114.251816][ T6179] bcachefs (loop1): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 114.260357][ T6162] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 114.269958][ T6179] bcachefs (loop1): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 114.281566][ T6179] bcachefs (loop1): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 114.291622][ T6179] bcachefs (loop1): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 114.304103][ T6179] bcachefs (loop1): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 114.314163][ T6179] bcachefs (loop1): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 114.322012][ T6162] F2FS-fs (loop0): heap/no_heap options were deprecated [ 114.332648][ T6179] bcachefs (loop1): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 114.343054][ T6179] bcachefs (loop1): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 114.354609][ T6179] bcachefs (loop1): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 114.364675][ T6179] bcachefs (loop1): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 114.376068][ T6179] bcachefs (loop1): bucket 0:9 gen 0 has wrong data_type: got free, should be journal, fixing [ 114.386523][ T6179] bcachefs (loop1): bucket 0:9 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 114.398485][ T6179] bcachefs (loop1): bucket 0:10 gen 0 has wrong data_type: got free, should be journal, fixing [ 114.410483][ T6179] bcachefs (loop1): bucket 0:10 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 114.422777][ T6179] bcachefs (loop1): bucket 0:11 gen 0 has wrong data_type: got free, should be journal, fixing [ 114.422799][ T6179] Ratelimiting new instances of previous error [ 114.429935][ T6162] F2FS-fs (loop0): invalid crc value [ 114.446307][ T6179] bcachefs (loop1): bucket 0:11 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 114.446330][ T6179] Ratelimiting new instances of previous error [ 114.482337][ T6179] done [ 114.486703][ T6179] bcachefs (loop1): going read-write [ 114.534906][ T6179] bcachefs (loop1): journal_replay... [ 114.738425][ T6162] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 114.836784][ T6162] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 114.860174][ T6179] done [ 114.863680][ T6179] bcachefs (loop1): check_alloc_info... done [ 114.875578][ T6179] bcachefs (loop1): check_lrus... done [ 114.881836][ T6179] bcachefs (loop1): check_btree_backpointers... done [ 114.889421][ T6179] bcachefs (loop1): check_backpointers_to_extents... done [ 114.900374][ T6179] bcachefs (loop1): check_extents_to_backpointers... [ 114.901968][ T6179] bcachefs (loop1): scanning for missing backpointers in 5/128 buckets [ 114.919412][ T6179] done [ 114.926829][ T6179] bcachefs (loop1): check_alloc_to_lru_refs... done [ 114.935660][ T6179] bcachefs (loop1): bucket_gens_init... done [ 114.949534][ T6179] bcachefs (loop1): check_snapshot_trees... done [ 114.957058][ T6197] loop3: detected capacity change from 0 to 32768 [ 114.958228][ T6179] bcachefs (loop1): check_snapshots... [ 114.965979][ T6179] bcachefs (loop1): snapshot points to missing/incorrect tree: [ 114.966005][ T6179] u64s 8 type snapshot 0:4294967295:0 len 0 ver 0: subvol parent 0 children 0 0 subvol 1 tree 0, fixing [ 115.009099][ T6179] done [ 115.012319][ T6179] bcachefs (loop1): check_subvols... done [ 115.020402][ T6179] bcachefs (loop1): check_subvol_children... done [ 115.027289][ T6179] bcachefs (loop1): delete_dead_snapshots... done [ 115.035106][ T6179] bcachefs (loop1): check_inodes... done [ 115.042421][ T6179] bcachefs (loop1): check_extents... done [ 115.048315][ T6197] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 115.049553][ T6179] bcachefs (loop1): check_indirect_extents... done [ 115.059847][ T6197] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 115.064799][ T6179] bcachefs (loop1): check_dirents... done [ 115.081522][ T6179] bcachefs (loop1): check_xattrs... done [ 115.088249][ T6179] bcachefs (loop1): check_root... done [ 115.092280][ T6197] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 115.094587][ T6179] bcachefs (loop1): check_unreachable_inodes... done [ 115.107519][ T5886] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 115.109521][ T6179] bcachefs (loop1): check_subvolume_structure... done [ 115.124211][ T6179] bcachefs (loop1): check_directory_structure... done [ 115.132434][ T6179] bcachefs (loop1): check_nlinks... [ 115.133291][ T6179] bcachefs (loop1): inode 536870914 type reg has wrong i_nlink (2780562353, should be 1), fixing [ 115.149733][ T6179] done [ 115.168975][ T5886] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 115.191346][ T6179] bcachefs (loop1): check_rebalance_work... done [ 115.198684][ T6179] bcachefs (loop1): resume_logged_ops... done [ 115.205542][ T6179] bcachefs (loop1): delete_dead_inodes... done [ 115.214957][ T6179] bcachefs (loop1): set_fs_needs_rebalance... done [ 115.240064][ T6179] bcachefs (loop1): Fixed errors, running fsck a second time to verify fs is clean [ 115.249457][ T6179] bcachefs (loop1): check_alloc_info... done [ 115.259328][ T6179] bcachefs (loop1): check_lrus... done [ 115.265363][ T6179] bcachefs (loop1): check_btree_backpointers... done [ 115.273227][ T6179] bcachefs (loop1): check_backpointers_to_extents... done [ 115.283096][ T6179] bcachefs (loop1): check_extents_to_backpointers... [ 115.283889][ T6179] bcachefs (loop1): scanning for missing backpointers in 1/128 buckets [ 115.300329][ T6179] done [ 115.303419][ T6179] bcachefs (loop1): check_alloc_to_lru_refs... done [ 115.311750][ T6179] bcachefs (loop1): bucket_gens_init... done [ 115.319136][ T6179] bcachefs (loop1): check_snapshot_trees... done [ 115.327478][ T6179] bcachefs (loop1): check_snapshots... done [ 115.334143][ T6179] bcachefs (loop1): check_subvols... done [ 115.340363][ T6179] bcachefs (loop1): check_subvol_children... done [ 115.348475][ T6179] bcachefs (loop1): delete_dead_snapshots... done [ 115.355438][ T6179] bcachefs (loop1): check_inodes... done [ 115.361989][ T6179] bcachefs (loop1): check_extents... done [ 115.368947][ T6179] bcachefs (loop1): check_indirect_extents... done [ 115.375979][ T6179] bcachefs (loop1): check_dirents... done [ 115.380350][ T30] audit: type=1800 audit(1747918973.667:3): pid=6162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.78" name="file1" dev="loop0" ino=10 res=0 errno=0 [ 115.383077][ T6179] bcachefs (loop1): check_xattrs... done [ 115.409142][ T6179] bcachefs (loop1): check_root... done [ 115.415240][ T6179] bcachefs (loop1): check_unreachable_inodes... done [ 115.422590][ T6179] bcachefs (loop1): check_subvolume_structure... done [ 115.430405][ T6179] bcachefs (loop1): check_directory_structure... done [ 115.438401][ T6179] bcachefs (loop1): check_nlinks... done [ 115.445026][ T6179] bcachefs (loop1): check_rebalance_work... done [ 115.451982][ T6179] bcachefs (loop1): resume_logged_ops... done [ 115.458511][ T6179] bcachefs (loop1): delete_dead_inodes... done [ 115.465122][ T6179] bcachefs (loop1): set_fs_needs_rebalance... done [ 115.484578][ T6179] bcachefs (loop1): going read-only [ 115.490349][ T6179] bcachefs (loop1): finished waiting for writes to stop [ 115.497845][ T6179] bcachefs (loop1): flushing journal and stopping allocators, journal seq 26 [ 115.508616][ T6179] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 26 [ 115.520284][ T6179] bcachefs (loop1): clean shutdown complete, journal seq 27 [ 115.528811][ T6179] bcachefs (loop1): marking filesystem clean [ 115.536736][ T6179] bcachefs (loop1): done starting filesystem [ 115.561773][ T6162] syz.0.78: attempt to access beyond end of device [ 115.561773][ T6162] loop0: rw=2049, sector=53248, nr_sectors = 800 limit=40427 [ 115.709333][ T6179] syz.1.86 (6179) used greatest stack depth: 14376 bytes left [ 115.729310][ T5886] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 560ms [ 115.787828][ T5843] bcachefs (loop1): shutting down [ 115.788171][ T5886] gfs2: fsid=syz:syz.0: jid=0: Done [ 115.804595][ T6197] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 115.810359][ T5831] syz-executor: attempt to access beyond end of device [ 115.810359][ T5831] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 115.910824][ T5831] CPU: 1 UID: 0 PID: 5831 Comm: syz-executor Not tainted 6.15.0-rc7-next-20250522-syzkaller #0 PREEMPT(full) [ 115.910854][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 115.910867][ T5831] Call Trace: [ 115.910875][ T5831] [ 115.910884][ T5831] dump_stack_lvl+0x189/0x250 [ 115.910912][ T5831] ? __pfx_dump_stack_lvl+0x10/0x10 [ 115.910941][ T5831] ? __pfx_queue_work_on+0x10/0x10 [ 115.910959][ T5831] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 115.910989][ T5831] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 115.911029][ T5831] f2fs_handle_critical_error+0x37c/0x540 [ 115.911062][ T5831] f2fs_write_end_io+0x5b8/0x7e0 [ 115.911090][ T5831] ? __submit_merged_bio+0x251/0x6a0 [ 115.911130][ T5831] __submit_merged_bio+0x27a/0x6a0 [ 115.911161][ T5831] __submit_merged_write_cond+0x255/0x530 [ 115.911194][ T5831] f2fs_write_data_pages+0x261d/0x3000 [ 115.911260][ T5831] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 115.911285][ T5831] ? is_bpf_text_address+0x26/0x2b0 [ 115.911318][ T5831] ? arch_stack_walk+0xfc/0x150 [ 115.911411][ T5831] ? __lock_acquire+0xab9/0xd20 [ 115.911458][ T5831] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 115.911487][ T5831] do_writepages+0x32e/0x550 [ 115.911532][ T5831] ? do_raw_spin_unlock+0x122/0x240 [ 115.911562][ T5831] filemap_fdatawrite+0x191/0x230 [ 115.911583][ T5831] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 115.911655][ T5831] ? do_raw_spin_unlock+0x122/0x240 [ 115.911684][ T5831] f2fs_sync_dirty_inodes+0x31f/0x830 [ 115.911730][ T5831] f2fs_write_checkpoint+0x94a/0x1de0 [ 115.911785][ T5831] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 115.911865][ T5831] ? call_rcu+0x6dd/0x990 [ 115.911884][ T5831] ? kill_f2fs_super+0x298/0x6c0 [ 115.911926][ T5831] kill_f2fs_super+0x2c3/0x6c0 [ 115.911964][ T5831] ? __pfx_kill_f2fs_super+0x10/0x10 [ 115.911991][ T5831] ? radix_tree_delete_item+0x2b6/0x400 [ 115.912030][ T5831] ? shrinker_free+0x2ce/0x3e0 [ 115.912060][ T5831] deactivate_locked_super+0xb9/0x130 [ 115.912092][ T5831] cleanup_mnt+0x425/0x4c0 [ 115.912121][ T5831] ? lockdep_hardirqs_on+0x9c/0x150 [ 115.912143][ T5831] task_work_run+0x1d4/0x260 [ 115.912173][ T5831] ? __pfx_task_work_run+0x10/0x10 [ 115.912197][ T5831] ? __x64_sys_umount+0x122/0x160 [ 115.912222][ T5831] ? exit_to_user_mode_loop+0x40/0x110 [ 115.912256][ T5831] exit_to_user_mode_loop+0xec/0x110 [ 115.912285][ T5831] do_syscall_64+0x2bd/0x3b0 [ 115.912305][ T5831] ? lockdep_hardirqs_on+0x9c/0x150 [ 115.912323][ T5831] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.912343][ T5831] ? clear_bhb_loop+0x60/0xb0 [ 115.912368][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.912388][ T5831] RIP: 0033:0x7fe717f8fc97 [ 115.912406][ T5831] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 115.912423][ T5831] RSP: 002b:00007fff674a13f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 115.912444][ T5831] RAX: 0000000000000000 RBX: 00007fe71801089d RCX: 00007fe717f8fc97 [ 115.912458][ T5831] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff674a14b0 [ 115.912470][ T5831] RBP: 00007fff674a14b0 R08: 0000000000000000 R09: 0000000000000000 [ 115.912482][ T5831] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff674a2540 [ 115.912495][ T5831] R13: 00007fe71801089d R14: 000000000001c3ad R15: 00007fff674a2580 [ 115.912529][ T5831] [ 115.912537][ T5831] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 116.103556][ T6197] gfs2: fsid=syz:syz.0: found 1 quota changes [ 116.264478][ T5843] bcachefs (loop1): shutdown complete [ 116.276431][ T6204] loop2: detected capacity change from 0 to 32768 [ 116.324806][ T6204] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.91 (6204) [ 116.421732][ T6204] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 116.475986][ T6204] BTRFS info (device loop2): using crc32c (crc32c-x86_64) checksum algorithm [ 116.550357][ T6204] BTRFS info (device loop2): using free-space-tree [ 117.223046][ T5835] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 117.348201][ T6239] vlan2: entered allmulticast mode [ 117.389221][ T6239] bridge0: port 3(vlan2) entered blocking state [ 117.427771][ T6239] bridge0: port 3(vlan2) entered disabled state [ 117.470504][ T6239] vlan2: entered promiscuous mode [ 117.488690][ T6239] bridge0: mtu less than device minimum [ 117.981799][ T6247] loop3: detected capacity change from 0 to 4096 [ 118.021372][ T6247] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512). [ 118.606860][ T6257] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 119.009827][ T6253] loop2: detected capacity change from 0 to 32768 [ 119.489278][ T6273] syzkaller1: entered promiscuous mode [ 119.512786][ T6273] syzkaller1: entered allmulticast mode [ 119.783525][ T6282] process 'syz.4.115' launched './file1' with NULL argv: empty string added [ 119.871441][ T6285] loop0: detected capacity change from 0 to 64 [ 119.878672][ T6283] Illegal XDP return value 752229888 on prog (id 18) dev syz_tun, expect packet loss! [ 119.901959][ T6262] loop3: detected capacity change from 0 to 32768 [ 119.919182][ T6262] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.109 (6262) [ 120.019694][ T6262] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 120.056054][ T6262] BTRFS info (device loop3): using sha256 (sha256-x86_64) checksum algorithm [ 120.101426][ T6262] BTRFS info (device loop3): using free-space-tree [ 120.342886][ T6262] BTRFS info (device loop3): rebuilding free space tree [ 120.399436][ T6262] BTRFS info (device loop3): checking UUID tree [ 120.460105][ T5839] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 120.634981][ T5839] usb 2-1: Using ep0 maxpacket: 8 [ 120.646541][ T5839] usb 2-1: config 0 has no interfaces? [ 120.679230][ T5839] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 120.717095][ T5839] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.748104][ T5839] usb 2-1: Product: syz [ 120.773647][ T5839] usb 2-1: Manufacturer: syz [ 120.778333][ T5839] usb 2-1: SerialNumber: syz [ 120.806368][ T5838] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 120.828418][ T5839] usb 2-1: config 0 descriptor?? [ 121.031318][ T5848] kernel write not supported for file /70/loginuid (pid: 5848 comm: kworker/1:3) [ 121.269858][ T5848] kernel write not supported for file /54/attr/exec (pid: 5848 comm: kworker/1:3) [ 121.356227][ T5839] IPVS: starting estimator thread 0... [ 121.419537][ T5839] usb 2-1: USB disconnect, device number 5 [ 121.498743][ T6330] IPVS: using max 25 ests per chain, 60000 per kthread [ 122.044242][ T6343] loop2: detected capacity change from 0 to 4096 [ 122.171665][ T6349] loop1: detected capacity change from 0 to 4096 [ 122.249962][ T6352] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 122.325234][ T30] audit: type=1800 audit(1747918980.637:4): pid=6349 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.136" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 122.529688][ T6343] ntfs3(loop2): failed to convert "0000" to iso8859-14 [ 122.845024][ T6358] loop1: detected capacity change from 0 to 128 [ 122.895087][ T6358] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 123.033328][ T6357] loop4: detected capacity change from 0 to 4096 [ 123.120142][ T6357] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 123.729499][ T6354] loop0: detected capacity change from 0 to 131072 [ 123.760912][ T6354] F2FS-fs (loop0): Skip to start discard thread for readonly image [ 123.901783][ T6354] F2FS-fs (loop0): Mounted with checkpoint version = 1b41e955 [ 123.978639][ T6354] F2FS-fs (loop0): Inconsistent error blkaddr:5633, sit bitmap:0 [ 123.988594][ T6354] CPU: 0 UID: 0 PID: 6354 Comm: syz.0.137 Not tainted 6.15.0-rc7-next-20250522-syzkaller #0 PREEMPT(full) [ 123.988621][ T6354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 123.988633][ T6354] Call Trace: [ 123.988641][ T6354] [ 123.988650][ T6354] dump_stack_lvl+0x189/0x250 [ 123.988678][ T6354] ? __pfx_dump_stack_lvl+0x10/0x10 [ 123.988697][ T6354] ? __pfx_f2fs_get_dnode_of_data+0x10/0x10 [ 123.988726][ T6354] ? __pfx_f2fs_lookup_read_extent_cache_block+0x10/0x10 [ 123.988760][ T6354] __f2fs_is_valid_blkaddr+0xd84/0x14f0 [ 123.988796][ T6354] f2fs_get_read_data_folio+0x3d2/0x7d0 [ 123.988827][ T6354] ? __pfx_f2fs_get_read_data_folio+0x10/0x10 [ 123.988858][ T6354] ? __filemap_get_folio+0x9a6/0xaf0 [ 123.988885][ T6354] ? f2fs_hash_filename+0x821/0xad0 [ 123.988920][ T6354] f2fs_find_data_folio+0x195/0x3c0 [ 123.988948][ T6354] __f2fs_find_entry+0x739/0xdf0 [ 123.989013][ T6354] ? __pfx___f2fs_find_entry+0x10/0x10 [ 123.989040][ T6354] ? d_alloc_parallel+0x2e0/0x14e0 [ 123.989087][ T6354] f2fs_lookup+0x264/0x9f0 [ 123.989116][ T6354] ? __pfx_f2fs_lookup+0x10/0x10 [ 123.989144][ T6354] ? __pfx_d_alloc_parallel+0x10/0x10 [ 123.989185][ T6354] ? mode_strip_sgid+0x6a/0x1b0 [ 123.989216][ T6354] path_openat+0x1101/0x3830 [ 123.989245][ T6354] ? arch_stack_walk+0xfc/0x150 [ 123.989303][ T6354] ? __pfx_path_openat+0x10/0x10 [ 123.989330][ T6354] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.989373][ T6354] do_filp_open+0x1fa/0x410 [ 123.989402][ T6354] ? __lock_acquire+0xab9/0xd20 [ 123.989435][ T6354] ? __pfx_do_filp_open+0x10/0x10 [ 123.989488][ T6354] ? _raw_spin_unlock+0x28/0x50 [ 123.989517][ T6354] ? alloc_fd+0x64c/0x6c0 [ 123.989552][ T6354] do_sys_openat2+0x121/0x1c0 [ 123.989579][ T6354] ? __se_sys_futex+0x36f/0x400 [ 123.989604][ T6354] ? __pfx_do_sys_openat2+0x10/0x10 [ 123.989638][ T6354] ? rcu_is_watching+0x15/0xb0 [ 123.989662][ T6354] __x64_sys_openat+0x138/0x170 [ 123.989695][ T6354] do_syscall_64+0xfa/0x3b0 [ 123.989715][ T6354] ? lockdep_hardirqs_on+0x9c/0x150 [ 123.989733][ T6354] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.989753][ T6354] ? clear_bhb_loop+0x60/0xb0 [ 123.989779][ T6354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.989798][ T6354] RIP: 0033:0x7fe717f8e969 [ 123.989817][ T6354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.989834][ T6354] RSP: 002b:00007fe718d42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 123.989855][ T6354] RAX: ffffffffffffffda RBX: 00007fe7181b5fa0 RCX: 00007fe717f8e969 [ 123.989870][ T6354] RDX: 000000000000275a RSI: 0000200000000040 RDI: ffffffffffffff9c [ 123.989883][ T6354] RBP: 00007fe718010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 123.989896][ T6354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.989908][ T6354] R13: 0000000000000000 R14: 00007fe7181b5fa0 R15: 00007fff674a2168 [ 123.989941][ T6354] [ 124.469132][ T6374] F2FS-fs (loop0): Inconsistent error blkaddr:5633, sit bitmap:0 [ 124.540313][ T6374] CPU: 0 UID: 0 PID: 6374 Comm: syz.0.137 Not tainted 6.15.0-rc7-next-20250522-syzkaller #0 PREEMPT(full) [ 124.540343][ T6374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 124.540355][ T6374] Call Trace: [ 124.540364][ T6374] [ 124.540373][ T6374] dump_stack_lvl+0x189/0x250 [ 124.540403][ T6374] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.540424][ T6374] ? __pfx_f2fs_get_dnode_of_data+0x10/0x10 [ 124.540451][ T6374] ? __filemap_get_folio+0x79f/0xaf0 [ 124.540479][ T6374] ? __pfx_f2fs_lookup_read_extent_cache_block+0x10/0x10 [ 124.540515][ T6374] __f2fs_is_valid_blkaddr+0xd84/0x14f0 [ 124.540553][ T6374] f2fs_get_read_data_folio+0x3d2/0x7d0 [ 124.540579][ T6374] ? __pfx_folio_mark_accessed+0x10/0x10 [ 124.540610][ T6374] ? __pfx_f2fs_get_read_data_folio+0x10/0x10 [ 124.540644][ T6374] ? __filemap_get_folio+0x79f/0xaf0 [ 124.540671][ T6374] ? f2fs_hash_filename+0x821/0xad0 [ 124.540705][ T6374] f2fs_find_data_folio+0x195/0x3c0 [ 124.540734][ T6374] __f2fs_find_entry+0x739/0xdf0 [ 124.540799][ T6374] ? __pfx___f2fs_find_entry+0x10/0x10 [ 124.540828][ T6374] ? __pfx___schedule+0x10/0x10 [ 124.540856][ T6374] ? d_alloc_parallel+0x2e0/0x14e0 [ 124.540893][ T6374] f2fs_lookup+0x264/0x9f0 [ 124.540924][ T6374] ? __pfx_f2fs_lookup+0x10/0x10 [ 124.540950][ T6374] ? __pfx_d_alloc_parallel+0x10/0x10 [ 124.540984][ T6374] ? __raw_spin_lock_init+0x45/0x100 [ 124.541011][ T6374] ? __init_waitqueue_head+0xa9/0x150 [ 124.541042][ T6374] __lookup_slow+0x294/0x3d0 [ 124.541072][ T6374] ? __pfx___lookup_slow+0x10/0x10 [ 124.541118][ T6374] ? down_read+0x1ad/0x2e0 [ 124.541143][ T6374] lookup_slow+0x53/0x70 [ 124.541172][ T6374] walk_component+0x2d2/0x400 [ 124.541207][ T6374] ? path_lookupat+0x156/0x430 [ 124.541237][ T6374] path_lookupat+0x163/0x430 [ 124.541273][ T6374] filename_lookup+0x212/0x570 [ 124.541306][ T6374] ? __pfx_filename_lookup+0x10/0x10 [ 124.541360][ T6374] ? strncpy_from_user+0x150/0x290 [ 124.541397][ T6374] ? getname_flags+0x1e5/0x540 [ 124.541427][ T6374] user_path_at+0x3a/0x60 [ 124.541456][ T6374] __se_sys_chdir+0x91/0x280 [ 124.541479][ T6374] ? __pfx___se_sys_chdir+0x10/0x10 [ 124.541512][ T6374] ? do_syscall_64+0xbe/0x3b0 [ 124.541537][ T6374] do_syscall_64+0xfa/0x3b0 [ 124.541556][ T6374] ? lockdep_hardirqs_on+0x9c/0x150 [ 124.541575][ T6374] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.541594][ T6374] ? clear_bhb_loop+0x60/0xb0 [ 124.541619][ T6374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.541638][ T6374] RIP: 0033:0x7fe717f8e969 [ 124.541657][ T6374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.541675][ T6374] RSP: 002b:00007fe718d21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000050 [ 124.541697][ T6374] RAX: ffffffffffffffda RBX: 00007fe7181b6080 RCX: 00007fe717f8e969 [ 124.541712][ T6374] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000140 [ 124.541725][ T6374] RBP: 00007fe718010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 124.541738][ T6374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 124.541750][ T6374] R13: 0000000000000001 R14: 00007fe7181b6080 R15: 00007fff674a2168 [ 124.541782][ T6374] [ 125.166817][ T6382] loop3: detected capacity change from 0 to 32768 [ 125.267746][ T6382] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 125.304630][ T6382] XFS (loop3): Log size 516 blocks too small, minimum size is 636 blocks [ 125.321360][ T6382] XFS (loop3): AAIEEE! Log failed size checks. Abort! [ 125.363698][ T6382] XFS (loop3): log mount failed [ 125.578579][ T6398] Bluetooth: MGMT ver 1.23 [ 126.046345][ T6404] netlink: 'syz.3.154': attribute type 34 has an invalid length. [ 126.332120][ T6410] netlink: 12 bytes leftover after parsing attributes in process `syz.3.156'. [ 126.427069][ T6387] loop4: detected capacity change from 0 to 32768 [ 126.506348][ T6387] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 126.636538][ T6420] netlink: 14 bytes leftover after parsing attributes in process `syz.3.157'. [ 126.709664][ T6387] XFS (loop4): Ending clean mount [ 126.799618][ T6387] XFS (loop4): Quotacheck needed: Please wait. [ 126.948120][ T6387] XFS (loop4): Quotacheck: Done. [ 127.146019][ T5847] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 127.471057][ T6426] netlink: 8 bytes leftover after parsing attributes in process `syz.3.160'. [ 127.623373][ T51] Bluetooth: hci0: command 0x1407 tx timeout [ 127.629565][ T5833] Bluetooth: hci0: Opcode 0x1407 failed: -110 [ 128.917178][ T6459] loop4: detected capacity change from 0 to 16 [ 128.953644][ T6459] erofs (device loop4): mounted with root inode @ nid 36. [ 129.263567][ T6467] loop1: detected capacity change from 0 to 512 [ 129.343224][ T6467] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.707907][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.090276][ T5886] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 130.297564][ T5886] usb 1-1: Using ep0 maxpacket: 16 [ 130.331263][ T5886] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 130.360464][ T5886] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 130.380675][ T5886] usb 1-1: New USB device found, idVendor=046b, idProduct=0000, bcdDevice= 0.00 [ 130.389790][ T5886] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.447499][ T5886] usb 1-1: 0:2 : does not exist [ 130.656621][ T5886] usb 1-1: string descriptor 0 read error: -71 [ 130.752892][ T5886] usb 1-1: USB disconnect, device number 2 [ 130.939546][ T6481] loop1: detected capacity change from 0 to 40427 [ 130.946289][ T5848] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 130.970817][ T6481] F2FS-fs (loop1): Invalid segment/section count (31 != 24 * 1) [ 130.978815][ T6481] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 130.995857][ T6481] F2FS-fs (loop1): heap/no_heap options were deprecated [ 131.015910][ T6481] F2FS-fs (loop1): invalid crc value [ 131.114964][ T5848] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32 [ 131.140408][ T5848] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.192236][ T5848] usb 5-1: config 0 descriptor?? [ 131.207093][ T5848] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 131.258851][ T6481] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 131.266230][ T6481] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 131.374096][ T30] audit: type=1800 audit(1747918989.687:5): pid=6481 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.181" name="file1" dev="loop1" ino=10 res=0 errno=0 [ 131.428018][ T6481] syz.1.181: attempt to access beyond end of device [ 131.428018][ T6481] loop1: rw=2049, sector=53248, nr_sectors = 800 limit=40427 [ 131.443030][ T5848] gp8psk: usb in 128 operation failed. [ 131.463639][ T5848] gp8psk: usb in 137 operation failed. [ 131.469195][ T5848] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 131.481498][ T6492] syz.1.181: attempt to access beyond end of device [ 131.481498][ T6492] loop1: rw=2049, sector=53288, nr_sectors = 96 limit=40427 [ 131.509417][ T5848] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver) [ 131.549324][ T5848] usb 5-1: media controller created [ 131.645297][ T5848] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 131.682566][ T5843] syz-executor: attempt to access beyond end of device [ 131.682566][ T5843] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 131.730146][ T5843] CPU: 1 UID: 0 PID: 5843 Comm: syz-executor Not tainted 6.15.0-rc7-next-20250522-syzkaller #0 PREEMPT(full) [ 131.730175][ T5843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.730187][ T5843] Call Trace: [ 131.730196][ T5843] [ 131.730204][ T5843] dump_stack_lvl+0x189/0x250 [ 131.730233][ T5843] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.730252][ T5843] ? __pfx_queue_work_on+0x10/0x10 [ 131.730269][ T5843] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 131.730298][ T5843] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 131.730349][ T5843] f2fs_handle_critical_error+0x37c/0x540 [ 131.730383][ T5843] f2fs_write_end_io+0x5b8/0x7e0 [ 131.730412][ T5843] ? __submit_merged_bio+0x251/0x6a0 [ 131.730451][ T5843] __submit_merged_bio+0x27a/0x6a0 [ 131.730484][ T5843] __submit_merged_write_cond+0x255/0x530 [ 131.730516][ T5843] f2fs_write_data_pages+0x261d/0x3000 [ 131.730576][ T5843] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 131.730611][ T5843] ? arch_stack_walk+0xfc/0x150 [ 131.730659][ T5843] ? __mod_zone_page_state+0xd7/0x140 [ 131.730690][ T5843] ? folios_put_refs+0x560/0x640 [ 131.730728][ T5843] ? __pfx_folios_put_refs+0x10/0x10 [ 131.730751][ T5843] ? rcu_is_watching+0x15/0xb0 [ 131.730780][ T5843] ? __lock_acquire+0xab9/0xd20 [ 131.730827][ T5843] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 131.730856][ T5843] do_writepages+0x32e/0x550 [ 131.730901][ T5843] ? do_raw_spin_unlock+0x122/0x240 [ 131.730925][ T5843] filemap_fdatawrite+0x191/0x230 [ 131.730942][ T5843] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 131.730998][ T5843] ? do_raw_spin_unlock+0x122/0x240 [ 131.731020][ T5843] f2fs_sync_dirty_inodes+0x31f/0x830 [ 131.731058][ T5843] f2fs_write_checkpoint+0x94a/0x1de0 [ 131.731101][ T5843] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 131.731162][ T5843] ? call_rcu+0x6dd/0x990 [ 131.731176][ T5843] ? kill_f2fs_super+0x298/0x6c0 [ 131.731204][ T5843] kill_f2fs_super+0x2c3/0x6c0 [ 131.731234][ T5843] ? __pfx_kill_f2fs_super+0x10/0x10 [ 131.731255][ T5843] ? radix_tree_delete_item+0x2b6/0x400 [ 131.731285][ T5843] ? shrinker_free+0x2ce/0x3e0 [ 131.731308][ T5843] deactivate_locked_super+0xb9/0x130 [ 131.731341][ T5843] cleanup_mnt+0x425/0x4c0 [ 131.731364][ T5843] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.731381][ T5843] task_work_run+0x1d4/0x260 [ 131.731404][ T5843] ? __pfx_task_work_run+0x10/0x10 [ 131.731423][ T5843] ? __x64_sys_umount+0x122/0x160 [ 131.731443][ T5843] ? exit_to_user_mode_loop+0x40/0x110 [ 131.731469][ T5843] exit_to_user_mode_loop+0xec/0x110 [ 131.731493][ T5843] do_syscall_64+0x2bd/0x3b0 [ 131.731509][ T5843] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.731523][ T5843] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.731538][ T5843] ? clear_bhb_loop+0x60/0xb0 [ 131.731558][ T5843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.731572][ T5843] RIP: 0033:0x7fbf31d8fc97 [ 131.731588][ T5843] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 131.731603][ T5843] RSP: 002b:00007fffb1f074a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 131.731620][ T5843] RAX: 0000000000000000 RBX: 00007fbf31e1089d RCX: 00007fbf31d8fc97 [ 131.731630][ T5843] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffb1f07560 [ 131.731639][ T5843] RBP: 00007fffb1f07560 R08: 0000000000000000 R09: 0000000000000000 [ 131.731648][ T5843] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffb1f085f0 [ 131.731658][ T5843] R13: 00007fbf31e1089d R14: 00000000000201de R15: 00007fffb1f08630 [ 131.731684][ T5843] [ 131.894189][ T5843] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 132.154931][ T5848] gp8psk_fe: Frontend attached [ 132.233366][ T5848] usb 5-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 132.285659][ T5848] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 132.467509][ T5848] gp8psk: usb in 138 operation failed. [ 132.479490][ T5848] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected. [ 132.498209][ T5848] gp8psk: found Genpix USB device pID = 203 (hex) [ 132.674336][ T5848] usb 5-1: USB disconnect, device number 3 [ 132.997035][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.004246][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.055183][ T5848] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected. [ 133.319297][ T6508] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 133.646500][ T6516] loop2: detected capacity change from 0 to 1024 [ 133.891619][ T6516] hfsplus: request for non-existent node 33554434 in B*Tree [ 133.899260][ T6516] hfsplus: request for non-existent node 33554434 in B*Tree [ 134.462105][ T5886] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 134.665508][ T5886] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 134.680659][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 134.700079][ T5886] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.745175][ T5886] usb 1-1: config 0 descriptor?? [ 134.766918][ T5886] cp210x 1-1:0.0: cp210x converter detected [ 134.803939][ T6531] loop4: detected capacity change from 0 to 256 [ 135.170712][ T5886] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 135.207452][ T5886] cp210x 1-1:0.0: GPIO initialisation failed: -524 [ 135.262566][ T6540] loop4: detected capacity change from 0 to 2048 [ 135.264835][ T5886] usb 1-1: cp210x converter now attached to ttyUSB0 [ 135.316005][ T6540] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 135.348220][ T6540] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 135.422033][ T5886] usb 1-1: USB disconnect, device number 3 [ 135.493162][ T5886] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 135.549668][ T5886] cp210x 1-1:0.0: device disconnected [ 136.180446][ T3080] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 136.296922][ T6561] netlink: 'syz.1.218': attribute type 3 has an invalid length. [ 136.316848][ T6561] netlink: 4 bytes leftover after parsing attributes in process `syz.1.218'. [ 136.379205][ T6561] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 136.380357][ T3080] usb 5-1: Using ep0 maxpacket: 16 [ 136.433784][ T3080] usb 5-1: config 0 has an invalid interface number: 251 but max is 0 [ 136.452329][ T3080] usb 5-1: config 0 has no interface number 0 [ 136.458515][ T3080] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 136.486167][ T6545] loop2: detected capacity change from 0 to 32768 [ 136.500184][ T3080] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 136.527888][ T6545] XFS: ikeep mount option is deprecated. [ 136.547392][ T6545] XFS: noikeep mount option is deprecated. [ 136.559582][ T3080] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 136.579074][ T3080] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.598004][ T3080] usb 5-1: Product: syz [ 136.613407][ T3080] usb 5-1: Manufacturer: syz [ 136.618141][ T3080] usb 5-1: SerialNumber: syz [ 136.623219][ T6545] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 136.656173][ T3080] usb 5-1: config 0 descriptor?? [ 136.678055][ T6545] XFS (loop2): Log size 516 blocks too small, minimum size is 636 blocks [ 136.699541][ T6553] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 136.714765][ T6553] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 136.756511][ T6545] XFS (loop2): AAIEEE! Log failed size checks. Abort! [ 136.815466][ T6545] XFS (loop2): log mount failed [ 136.991240][ T6553] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 137.039771][ T6553] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 137.675707][ T3080] asix 5-1:0.251 (unnamed net_device) (uninitialized): Invalid PHY address 0x89 [ 137.715578][ T6591] IPVS: Scheduler module ip_vs_ not found [ 137.946270][ T5886] usb 5-1: USB disconnect, device number 4 [ 138.480880][ T5886] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 138.660284][ T5886] usb 2-1: Using ep0 maxpacket: 8 [ 138.684895][ T5886] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 138.702381][ T5886] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 138.734047][ T5886] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 138.770516][ T5886] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 138.801463][ T6631] loop3: detected capacity change from 0 to 64 [ 138.819782][ T5886] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 138.860094][ T5886] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 138.907353][ T6633] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 138.936045][ T5886] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.963575][ T6631] Trying to free block not in datazone [ 139.001268][ T6635] netlink: 'syz.0.246': attribute type 2 has an invalid length. [ 139.056809][ T6635] netlink: 32 bytes leftover after parsing attributes in process `syz.0.246'. [ 139.206933][ T5886] usb 2-1: usb_control_msg returned -32 [ 139.240473][ T5886] usbtmc 2-1:16.0: can't read capabilities [ 139.578747][ T6623] loop2: detected capacity change from 0 to 32768 [ 139.594036][ T6651] usbtmc 2-1:16.0: INITIATE_ABORT_BULK_OUT returned 0 [ 139.638418][ T6623] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 139.776702][ T6623] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 139.787595][ T6663] netlink: 4 bytes leftover after parsing attributes in process `syz.4.253'. [ 139.800769][ T5886] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 139.812413][ T5848] usb 2-1: USB disconnect, device number 6 [ 139.832473][ T6623] XFS (loop2): Starting recovery (logdev: internal) [ 139.913450][ T6623] XFS (loop2): Ending recovery (logdev: internal) [ 140.000529][ T5886] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.029511][ T5886] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.034407][ T5835] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 140.050684][ T5886] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 140.080927][ T5886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.131409][ T5886] usb 4-1: config 0 descriptor?? [ 140.492034][ T6671] warning: `syz.1.257' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 140.556493][ T5886] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 140.592514][ T5886] cp2112 0003:10C4:EA90.0001: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 140.607878][ T6657] loop0: detected capacity change from 0 to 32768 [ 140.753538][ T5886] cp2112 0003:10C4:EA90.0001: Part Number: 0x82 Device Version: 0xFE [ 140.764031][ T6680] loop1: detected capacity change from 0 to 512 [ 140.776087][ T6657] ERROR: (device loop0): dtReadFirst: DT_GETPAGE: dtree page corrupt [ 140.776087][ T6657] [ 140.829461][ T6657] ERROR: (device loop0): remounting filesystem as read-only [ 140.867881][ T6680] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 140.895510][ T6657] jfs_readdir: unexpected rc = -5 from dtReadNext [ 140.958771][ T5886] cp2112 0003:10C4:EA90.0001: error requesting SMBus config [ 140.979817][ T6680] EXT4-fs (loop1): 1 truncate cleaned up [ 141.006241][ T6680] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 141.027006][ T5886] cp2112 0003:10C4:EA90.0001: probe with driver cp2112 failed with error -71 [ 141.032848][ T6682] syzkaller1: entered promiscuous mode [ 141.041607][ T6682] syzkaller1: entered allmulticast mode [ 141.069954][ T113] blkno = 8ed2c, nblocks = 1 [ 141.075242][ T113] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 141.075242][ T113] [ 141.086550][ T113] JFS: metapage_get_blocks failed [ 141.094884][ T113] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 141.094884][ T113] [ 141.134272][ T113] blkno = 8ed2c, nblocks = 1 [ 141.138944][ T113] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 141.138944][ T113] [ 141.190404][ T5886] usb 4-1: USB disconnect, device number 2 [ 141.207558][ T6686] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 141.251776][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.729690][ T6700] loop3: detected capacity change from 0 to 512 [ 141.758757][ T6700] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 141.808437][ T6700] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 141.887598][ T6700] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 142.057258][ T6700] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 142.090223][ T6700] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 7 with max blocks 1 with error 28 [ 142.135076][ T6700] EXT4-fs (loop3): This should not happen!! Data will be lost [ 142.135076][ T6700] [ 142.180472][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.200286][ T6700] EXT4-fs (loop3): Total free blocks count 0 [ 142.210133][ T6700] EXT4-fs (loop3): Free/Dirty block details [ 142.220410][ T5848] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 142.238375][ T6700] EXT4-fs (loop3): free_blocks=39626 [ 142.250528][ T6700] EXT4-fs (loop3): dirty_blocks=7 [ 142.265938][ T6700] EXT4-fs (loop3): Block reservation details [ 142.276067][ T6700] EXT4-fs (loop3): i_reserved_data_blocks=7 [ 142.293559][ T6710] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 7 with error 28 [ 142.404081][ T5848] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 142.416538][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.436014][ T5848] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 142.471861][ T5848] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 142.501500][ T5848] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 142.520264][ T5848] usb 1-1: SerialNumber: syz [ 142.723949][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.768666][ T5848] usb 1-1: 0:2 : does not exist [ 142.794575][ T5848] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 142.813307][ T6715] netlink: 4 bytes leftover after parsing attributes in process `syz.3.278'. [ 142.840443][ T5848] usb 1-1: USB disconnect, device number 4 [ 142.848078][ T6707] loop1: detected capacity change from 0 to 32768 [ 142.885947][ T6707] XFS: ikeep mount option is deprecated. [ 142.937561][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.947510][ T6707] XFS: noikeep mount option is deprecated. [ 142.990946][ T5836] udevd[5836]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 143.025984][ T6707] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 143.077788][ T6707] XFS (loop1): Log size 516 blocks too small, minimum size is 636 blocks [ 143.142470][ T6707] XFS (loop1): AAIEEE! Log failed size checks. Abort! [ 143.144426][ T6715] Zero length message leads to an empty skb [ 143.176870][ T6707] XFS (loop1): log mount failed [ 143.573565][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 143.591259][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 143.599618][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 143.614879][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 143.625668][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 143.738917][ T12] bridge_slave_1: left allmulticast mode [ 143.759539][ T12] bridge_slave_1: left promiscuous mode [ 143.783676][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.868731][ T12] bridge_slave_0: left allmulticast mode [ 143.888064][ T12] bridge_slave_0: left promiscuous mode [ 143.908383][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.170073][ T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 144.345939][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 144.362214][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.378548][ T10] usb 4-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00 [ 144.402989][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.427625][ T10] usb 4-1: config 0 descriptor?? [ 144.489401][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 144.514155][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 144.524360][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 144.533645][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 144.548590][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 144.644010][ T6739] loop0: detected capacity change from 0 to 32768 [ 144.670868][ T6739] btrfs: Deprecated parameter 'usebackuproot' [ 144.681038][ T6739] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 144.692546][ T6739] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.285 (6739) [ 144.773639][ T6739] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 144.787184][ T6739] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm [ 144.797430][ T6739] BTRFS info (device loop0): using free-space-tree [ 144.862324][ T10] apple 0003:05AC:024B.0002: item fetching failed at offset 2/69 [ 144.871145][ T10] apple 0003:05AC:024B.0002: parse failed [ 144.877071][ T10] apple 0003:05AC:024B.0002: probe with driver apple failed with error -22 [ 144.989916][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 145.006218][ T6739] BTRFS info (device loop0): rebuilding free space tree [ 145.014652][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 145.033606][ T12] bond0 (unregistering): Released all slaves [ 145.062246][ T10] usb 4-1: USB disconnect, device number 3 [ 145.343183][ T5831] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 145.709380][ T5833] Bluetooth: hci1: command tx timeout [ 146.344883][ T6775] loop1: detected capacity change from 0 to 65536 [ 146.418510][ T6775] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 146.434118][ T12] hsr_slave_0: left promiscuous mode [ 146.459496][ T12] hsr_slave_1: left promiscuous mode [ 146.480488][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 146.487997][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 146.504554][ T6775] XFS (loop1): Ending clean mount [ 146.513031][ T6775] XFS (loop1): Quotacheck needed: Please wait. [ 146.525482][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 146.541605][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 146.639616][ T6775] XFS (loop1): Quotacheck: Done. [ 146.665259][ T5833] Bluetooth: hci4: command tx timeout [ 146.728649][ T12] veth1_macvtap: left promiscuous mode [ 146.734774][ T12] veth0_macvtap: left promiscuous mode [ 146.741285][ T12] veth1_vlan: left promiscuous mode [ 146.746886][ T12] veth0_vlan: left promiscuous mode [ 146.788924][ T5843] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 147.783389][ T5833] Bluetooth: hci1: command tx timeout [ 147.994356][ T12] team0 (unregistering): Port device team_slave_1 removed [ 148.042134][ T12] team0 (unregistering): Port device team_slave_0 removed [ 148.750317][ T5833] Bluetooth: hci4: command tx timeout [ 149.036754][ T6820] loop1: detected capacity change from 0 to 32768 [ 149.059921][ T6820] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.298 (6820) [ 149.205913][ T6820] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 149.245425][ T6820] BTRFS info (device loop1): using crc32c (crc32c-x86_64) checksum algorithm [ 149.299057][ T6820] BTRFS info (device loop1): using free-space-tree [ 149.709242][ T6724] chnl_net:caif_netlink_parms(): no params data found [ 149.861184][ T5833] Bluetooth: hci1: command tx timeout [ 149.956088][ T5843] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 150.203091][ T6742] chnl_net:caif_netlink_parms(): no params data found [ 150.240310][ T6724] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.270269][ T6724] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.277609][ T6724] bridge_slave_0: entered allmulticast mode [ 150.332882][ T6724] bridge_slave_0: entered promiscuous mode [ 150.386038][ T6724] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.444474][ T6724] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.494211][ T6724] bridge_slave_1: entered allmulticast mode [ 150.532101][ T6724] bridge_slave_1: entered promiscuous mode [ 150.714358][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.825103][ T5833] Bluetooth: hci4: command tx timeout [ 150.988949][ T6724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 151.002270][ T6724] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 151.076645][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.188963][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.211091][ T6724] team0: Port device team_slave_0 added [ 151.222137][ T6724] team0: Port device team_slave_1 added [ 151.288615][ T6742] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.295884][ T6742] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.303326][ T6742] bridge_slave_0: entered allmulticast mode [ 151.313280][ T6742] bridge_slave_0: entered promiscuous mode [ 151.332181][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.347893][ T6724] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 151.356510][ T6724] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.384922][ T6724] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 151.402856][ T6724] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 151.410301][ T6724] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.436621][ T6724] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 151.450292][ T6742] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.457528][ T6742] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.465461][ T6742] bridge_slave_1: entered allmulticast mode [ 151.475356][ T6742] bridge_slave_1: entered promiscuous mode [ 151.518675][ T6742] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 151.547568][ T6742] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 151.688105][ T6724] hsr_slave_0: entered promiscuous mode [ 151.695225][ T6724] hsr_slave_1: entered promiscuous mode [ 151.707875][ T6724] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 151.715878][ T6724] Cannot create hsr debugfs directory [ 151.735371][ T6742] team0: Port device team_slave_0 added [ 151.786869][ T6742] team0: Port device team_slave_1 added [ 151.940520][ T5833] Bluetooth: hci1: command tx timeout [ 151.949314][ T6742] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 151.964625][ T6742] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.993424][ T6742] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 152.006548][ T6742] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 152.014056][ T6742] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 152.041134][ T6742] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 152.186694][ T12] bridge_slave_1: left allmulticast mode [ 152.195581][ T12] bridge_slave_1: left promiscuous mode [ 152.201979][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.217116][ T12] bridge_slave_0: left allmulticast mode [ 152.224413][ T12] bridge_slave_0: left promiscuous mode [ 152.237015][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.656738][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 152.669588][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 152.681379][ T12] bond0 (unregistering): Released all slaves [ 152.817296][ T6742] hsr_slave_0: entered promiscuous mode [ 152.824861][ T6742] hsr_slave_1: entered promiscuous mode [ 152.831853][ T6742] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 152.839444][ T6742] Cannot create hsr debugfs directory [ 152.900784][ T5833] Bluetooth: hci4: command tx timeout [ 153.150923][ T12] hsr_slave_0: left promiscuous mode [ 153.160192][ T12] hsr_slave_1: left promiscuous mode [ 153.166144][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 153.173975][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 153.189733][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 153.198655][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 153.239601][ T12] veth1_macvtap: left promiscuous mode [ 153.245742][ T12] veth0_macvtap: left promiscuous mode [ 153.257840][ T12] veth1_vlan: left promiscuous mode [ 153.263376][ T12] veth0_vlan: left promiscuous mode [ 153.986311][ T12] team0 (unregistering): Port device team_slave_1 removed [ 154.039114][ T12] team0 (unregistering): Port device team_slave_0 removed [ 154.508924][ T6724] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 154.579758][ T6724] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 154.594722][ T6724] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 154.614435][ T6724] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 154.847523][ T6724] 8021q: adding VLAN 0 to HW filter on device bond0 [ 154.906920][ T6724] 8021q: adding VLAN 0 to HW filter on device team0 [ 154.949890][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.957149][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.975694][ T1153] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.982939][ T1153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.079075][ T12] IPVS: stop unused estimator thread 0... [ 155.167590][ T6742] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 155.206237][ T6742] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 155.245095][ T6742] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 155.278421][ T6742] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 155.528136][ T6742] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.567353][ T6742] 8021q: adding VLAN 0 to HW filter on device team0 [ 155.588394][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.595648][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.634310][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.641538][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.756777][ T6724] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.045653][ T6742] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.142341][ T6742] veth0_vlan: entered promiscuous mode [ 156.163685][ T6742] veth1_vlan: entered promiscuous mode [ 156.253735][ T6742] veth0_macvtap: entered promiscuous mode [ 156.281753][ T6742] veth1_macvtap: entered promiscuous mode [ 156.335127][ T6742] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 156.366155][ T6742] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 156.396531][ T6724] veth0_vlan: entered promiscuous mode [ 156.422469][ T6742] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.438470][ T6742] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.449882][ T6742] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.463658][ T6742] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.519534][ T6724] veth1_vlan: entered promiscuous mode [ 156.636837][ T6724] veth0_macvtap: entered promiscuous mode [ 156.656791][ T6724] veth1_macvtap: entered promiscuous mode [ 156.677051][ T1168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.700481][ T1168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.749907][ T6724] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 156.773879][ T1110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.790039][ T1110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.804044][ T6724] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 156.833457][ T6724] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.843096][ T6724] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.852395][ T6724] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.864504][ T6724] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.049340][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.068226][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.106522][ T1110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.114708][ T1110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 158.144653][ T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 158.208534][ T1168] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.284711][ T6980] [ 158.287127][ T6980] ====================================================== [ 158.294178][ T6980] WARNING: possible circular locking dependency detected [ 158.301246][ T6980] 6.15.0-rc7-next-20250522-syzkaller #0 Not tainted [ 158.307871][ T6980] ------------------------------------------------------ [ 158.314916][ T6980] syz.1.309/6980 is trying to acquire lock: [ 158.320840][ T6980] ffff888024b64358 (&disk->open_mutex){+.+.}-{4:4}, at: __del_gendisk+0x129/0x9e0 [ 158.330131][ T6980] [ 158.330131][ T6980] but task is already holding lock: [ 158.337529][ T6980] ffff888024b63368 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160 [ 158.347182][ T6980] [ 158.347182][ T6980] which lock already depends on the new lock. [ 158.347182][ T6980] [ 158.357612][ T6980] [ 158.357612][ T6980] the existing dependency chain (in reverse order) is: [ 158.357942][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.366635][ T6980] [ 158.366635][ T6980] -> #2 (&set->update_nr_hwq_lock){++++}-{4:4}: [ 158.366677][ T6980] lock_acquire+0x120/0x360 [ 158.366709][ T6980] down_write+0x96/0x1f0 [ 158.366729][ T6980] blk_mq_update_nr_hw_queues+0x3b/0x14c0 [ 158.366755][ T6980] nbd_start_device+0x16c/0xac0 [ 158.366777][ T6980] nbd_ioctl+0x636/0xeb0 [ 158.366800][ T6980] blkdev_ioctl+0x5a8/0x6d0 [ 158.366820][ T6980] __se_sys_ioctl+0xfc/0x170 [ 158.366847][ T6980] do_syscall_64+0xfa/0x3b0 [ 158.366865][ T6980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.366883][ T6980] [ 158.366883][ T6980] -> #1 (&nbd->config_lock){+.+.}-{4:4}: [ 158.366915][ T6980] lock_acquire+0x120/0x360 [ 158.446687][ T6980] __mutex_lock+0x182/0xe80 [ 158.451733][ T6980] refcount_dec_and_mutex_lock+0x30/0xa0 [ 158.457912][ T6980] nbd_config_put+0x2c/0x790 [ 158.463051][ T6980] nbd_release+0xfe/0x140 [ 158.467915][ T6980] bdev_release+0x536/0x650 [ 158.472955][ T6980] blkdev_release+0x15/0x20 [ 158.477994][ T6980] __fput+0x44c/0xa70 [ 158.482511][ T6980] fput_close_sync+0x119/0x200 [ 158.487808][ T6980] __x64_sys_close+0x7f/0x110 [ 158.493019][ T6980] do_syscall_64+0xfa/0x3b0 [ 158.498051][ T6980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.504477][ T6980] [ 158.504477][ T6980] -> #0 (&disk->open_mutex){+.+.}-{4:4}: [ 158.512331][ T6980] validate_chain+0xb9b/0x2140 [ 158.517635][ T6980] __lock_acquire+0xab9/0xd20 [ 158.522863][ T6980] lock_acquire+0x120/0x360 [ 158.527924][ T6980] __mutex_lock+0x182/0xe80 [ 158.532961][ T6980] __del_gendisk+0x129/0x9e0 [ 158.538174][ T6980] del_gendisk+0xe8/0x160 [ 158.543058][ T6980] loop_remove+0x42/0xc0 [ 158.547839][ T6980] loop_control_ioctl+0x4a6/0x590 [ 158.553408][ T6980] __se_sys_ioctl+0xfc/0x170 [ 158.558543][ T6980] do_syscall_64+0xfa/0x3b0 [ 158.563578][ T6980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.570003][ T6980] [ 158.570003][ T6980] other info that might help us debug this: [ 158.570003][ T6980] [ 158.580252][ T6980] Chain exists of: [ 158.580252][ T6980] &disk->open_mutex --> &nbd->config_lock --> &set->update_nr_hwq_lock [ 158.580252][ T6980] [ 158.594475][ T6980] Possible unsafe locking scenario: [ 158.594475][ T6980] [ 158.601928][ T6980] CPU0 CPU1 [ 158.607296][ T6980] ---- ---- [ 158.612663][ T6980] rlock(&set->update_nr_hwq_lock); [ 158.617980][ T6980] lock(&nbd->config_lock); [ 158.625108][ T6980] lock(&set->update_nr_hwq_lock); [ 158.632838][ T6980] lock(&disk->open_mutex); [ 158.637438][ T6980] [ 158.637438][ T6980] *** DEADLOCK *** [ 158.637438][ T6980] [ 158.645590][ T6980] 1 lock held by syz.1.309/6980: [ 158.650537][ T6980] #0: ffff888024b63368 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160 [ 158.660573][ T6980] [ 158.660573][ T6980] stack backtrace: [ 158.666472][ T6980] CPU: 1 UID: 0 PID: 6980 Comm: syz.1.309 Not tainted 6.15.0-rc7-next-20250522-syzkaller #0 PREEMPT(full) [ 158.666493][ T6980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 158.666503][ T6980] Call Trace: [ 158.666510][ T6980] [ 158.666517][ T6980] dump_stack_lvl+0x189/0x250 [ 158.666538][ T6980] ? __pfx_dump_stack_lvl+0x10/0x10 [ 158.666553][ T6980] ? __pfx__printk+0x10/0x10 [ 158.666571][ T6980] ? print_lock_name+0xde/0x100 [ 158.666589][ T6980] print_circular_bug+0x2ee/0x310 [ 158.666608][ T6980] check_noncircular+0x134/0x160 [ 158.666627][ T6980] validate_chain+0xb9b/0x2140 [ 158.666644][ T6980] ? stack_depot_save_flags+0x40/0x900 [ 158.666669][ T6980] __lock_acquire+0xab9/0xd20 [ 158.666695][ T6980] ? __del_gendisk+0x129/0x9e0 [ 158.666715][ T6980] lock_acquire+0x120/0x360 [ 158.666736][ T6980] ? __del_gendisk+0x129/0x9e0 [ 158.666759][ T6980] ? lockdep_unlock+0x89/0x120 [ 158.666781][ T6980] __mutex_lock+0x182/0xe80 [ 158.666797][ T6980] ? __del_gendisk+0x129/0x9e0 [ 158.666821][ T6980] ? __del_gendisk+0x129/0x9e0 [ 158.666841][ T6980] ? __pfx___mutex_lock+0x10/0x10 [ 158.666857][ T6980] ? __pfx___might_resched+0x10/0x10 [ 158.666875][ T6980] ? __lock_acquire+0xab9/0xd20 [ 158.666897][ T6980] ? disk_del_events+0xb5/0x210 [ 158.666919][ T6980] ? __del_gendisk+0xc1/0x9e0 [ 158.666939][ T6980] __del_gendisk+0x129/0x9e0 [ 158.666959][ T6980] ? del_gendisk+0xe0/0x160 [ 158.666981][ T6980] ? __pfx___del_gendisk+0x10/0x10 [ 158.667003][ T6980] ? down_read+0x1ad/0x2e0 [ 158.667020][ T6980] del_gendisk+0xe8/0x160 [ 158.667041][ T6980] loop_remove+0x42/0xc0 [ 158.667066][ T6980] loop_control_ioctl+0x4a6/0x590 [ 158.667088][ T6980] ? __fget_files+0x2a/0x420 [ 158.667109][ T6980] ? __pfx_loop_control_ioctl+0x10/0x10 [ 158.667132][ T6980] ? __fget_files+0x2a/0x420 [ 158.667151][ T6980] ? bpf_lsm_file_ioctl+0x9/0x20 [ 158.667165][ T6980] ? __pfx_loop_control_ioctl+0x10/0x10 [ 158.667195][ T6980] __se_sys_ioctl+0xfc/0x170 [ 158.667221][ T6980] do_syscall_64+0xfa/0x3b0 [ 158.667236][ T6980] ? lockdep_hardirqs_on+0x9c/0x150 [ 158.667251][ T6980] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.667266][ T6980] ? clear_bhb_loop+0x60/0xb0 [ 158.667284][ T6980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.667300][ T6980] RIP: 0033:0x7fbf31d8e969 [ 158.667315][ T6980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.667329][ T6980] RSP: 002b:00007fbf32c78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 158.667346][ T6980] RAX: ffffffffffffffda RBX: 00007fbf31fb5fa0 RCX: 00007fbf31d8e969 [ 158.667358][ T6980] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000003 [ 158.667368][ T6980] RBP: 00007fbf31e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 158.667378][ T6980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 158.667387][ T6980] R13: 0000000000000000 R14: 00007fbf31fb5fa0 R15: 00007fffb1f08218 [ 158.667405][ T6980] [ 158.964625][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.974741][ T9] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 158.984063][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.082276][ T9] usb 1-1: config 0 descriptor?? SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 159.881730][ T1168] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.093131][ T9] usbhid 1-1:0.0: can't add hid device: -71 [ 160.099180][ T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 160.162993][ T9] usb 1-1: USB disconnect, device number 5 [ 160.199622][ T1168] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.246160][ T1168] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.374392][ T1168] bridge_slave_1: left allmulticast mode [ 160.392002][ T1168] bridge_slave_1: left promiscuous mode [ 160.397789][ T1168] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.408474][ T1168] bridge_slave_0: left allmulticast mode [ 160.417953][ T1168] bridge_slave_0: left promiscuous mode [ 160.424423][ T1168] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.516117][ T1168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 160.527382][ T1168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 160.537095][ T1168] bond0 (unregistering): Released all slaves [ 160.763528][ T1168] hsr_slave_0: left promiscuous mode [ 160.769501][ T1168] hsr_slave_1: left promiscuous mode [ 160.777554][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 160.789122][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 160.798830][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 160.808177][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 160.822670][ T1168] veth1_macvtap: left promiscuous mode [ 160.828256][ T1168] veth0_macvtap: left promiscuous mode [ 160.834247][ T1168] veth1_vlan: left promiscuous mode [ 160.839575][ T1168] veth0_vlan: left promiscuous mode [ 161.038895][ T1168] team0 (unregistering): Port device team_slave_1 removed [ 161.073059][ T1168] team0 (unregistering): Port device team_slave_0 removed [ 161.444386][ T1168] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.497203][ T1168] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.539405][ T1168] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.597674][ T1168] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.704544][ T1168] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.772091][ T1168] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.817289][ T1168] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.876590][ T1168] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.998976][ T1168] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.063463][ T1168] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.123720][ T1168] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.179597][ T1168] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.299887][ T1168] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.349713][ T1168] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.394144][ T1168] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.442616][ T1168] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.562914][ T1168] bridge_slave_1: left allmulticast mode [ 162.568636][ T1168] bridge_slave_1: left promiscuous mode [ 162.574960][ T1168] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.586319][ T1168] bridge_slave_0: left allmulticast mode [ 162.594003][ T1168] bridge_slave_0: left promiscuous mode [ 162.599751][ T1168] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.612113][ T1168] bridge_slave_1: left allmulticast mode [ 162.617901][ T1168] bridge_slave_1: left promiscuous mode [ 162.625318][ T1168] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.636670][ T1168] bridge_slave_0: left allmulticast mode [ 162.647064][ T1168] bridge_slave_0: left promiscuous mode [ 162.653149][ T1168] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.664577][ T1168] vlan2: left promiscuous mode [ 162.669638][ T1168] bridge0: port 3(vlan2) entered disabled state [ 162.677953][ T1168] bridge_slave_1: left allmulticast mode [ 162.685004][ T1168] bridge_slave_1: left promiscuous mode [ 162.692264][ T1168] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.703105][ T1168] bridge_slave_0: left promiscuous mode [ 162.708847][ T1168] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.718900][ T1168] bridge_slave_1: left allmulticast mode [ 162.726031][ T1168] bridge_slave_1: left promiscuous mode [ 162.732245][ T1168] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.744195][ T1168] bridge_slave_0: left allmulticast mode [ 162.749895][ T1168] bridge_slave_0: left promiscuous mode [ 162.757327][ T1168] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.947787][ T1168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 162.957936][ T1168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 162.968478][ T1168] bond0 (unregistering): Released all slaves [ 163.033631][ T1168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 163.045512][ T1168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 163.055255][ T1168] bond0 (unregistering): Released all slaves [ 163.166263][ T1168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 163.177412][ T1168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 163.187982][ T1168] bond0 (unregistering): Released all slaves [ 163.257407][ T1168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 163.267396][ T1168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 163.277532][ T1168] bond0 (unregistering): Released all slaves [ 163.287338][ T1168] bond1 (unregistering): Released all slaves [ 163.918587][ T1168] hsr_slave_0: left promiscuous mode [ 163.925271][ T1168] hsr_slave_1: left promiscuous mode [ 163.934651][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.942218][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.950123][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.957575][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.968408][ T1168] hsr_slave_0: left promiscuous mode [ 163.974569][ T1168] hsr_slave_1: left promiscuous mode [ 163.985344][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.992888][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 164.005789][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 164.013760][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 164.026368][ T1168] hsr_slave_0: left promiscuous mode [ 164.032603][ T1168] hsr_slave_1: left promiscuous mode [ 164.038312][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 164.048892][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 164.056466][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 164.068635][ T1168] hsr_slave_0: left promiscuous mode [ 164.075005][ T1168] hsr_slave_1: left promiscuous mode [ 164.080879][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 164.088293][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 164.097323][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 164.105154][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 164.122045][ T1168] veth1_macvtap: left promiscuous mode [ 164.127565][ T1168] veth0_macvtap: left promiscuous mode [ 164.133569][ T1168] veth1_vlan: left promiscuous mode [ 164.138844][ T1168] veth0_vlan: left promiscuous mode [ 164.145761][ T1168] veth1_macvtap: left promiscuous mode [ 164.152626][ T1168] veth0_macvtap: left promiscuous mode [ 164.158186][ T1168] veth1_vlan: left promiscuous mode [ 164.163543][ T1168] veth0_vlan: left promiscuous mode [ 164.169540][ T1168] veth1_macvtap: left promiscuous mode [ 164.176083][ T1168] veth0_macvtap: left promiscuous mode [ 164.181785][ T1168] veth1_vlan: left promiscuous mode [ 164.187039][ T1168] veth0_vlan: left promiscuous mode [ 164.194196][ T1168] veth1_macvtap: left promiscuous mode [ 164.199704][ T1168] veth0_macvtap: left promiscuous mode [ 164.205529][ T1168] veth1_vlan: left promiscuous mode [ 164.210876][ T1168] veth0_vlan: left promiscuous mode [ 164.512466][ T1168] team0 (unregistering): Port device team_slave_1 removed [ 164.538335][ T1168] team0 (unregistering): Port device team_slave_0 removed [ 164.742061][ T1168] team0 (unregistering): Port device team_slave_1 removed [ 164.755056][ T1168] team0 (unregistering): Port device team_slave_0 removed [ 165.007833][ T1168] team0 (unregistering): Port device team_slave_1 removed [ 165.032723][ T1168] team0 (unregistering): Port device team_slave_0 removed [ 165.223637][ T1168] team0 (unregistering): Port device team_slave_1 removed [ 165.257985][ T1168] team0 (unregistering): Port device team_slave_0 removed