last executing test programs: 14.471087474s ago: executing program 0 (id=81): r0 = userfaultfd(0x80801) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) 13.548233582s ago: executing program 0 (id=83): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) write$uinput_user_dev(r0, &(0x7f0000000ec0)={'syz0\x00', {}, 0x26, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000b, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x17, 0xffffffff, 0x0, 0x0, 0x7, 0xfe], [0x0, 0x0, 0x2, 0xb56, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x9, 0xfffffffc, 0x0, 0x80, 0x40, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0xe, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xff], [0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x3, 0x0, 0xfffffffe, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x80, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x5]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000a40)={'syz0\x00', {0x2f00}, 0x4d, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x1ff, 0x0, 0x0, 0x0, 0xfffffffe, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0xffffffff, 0x3, 0x3, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0xa2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd5], [0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xffffffff, 0x0, 0x3, 0x1, 0x0, 0x0, 0x6, 0x0, 0x3, 0x101, 0x80, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4], [0x85, 0x0, 0x5d30, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0xc7, 0xfffffff1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x40000000, 0x1, 0x0, 0xb, 0x8, 0x0, 0x2, 0x0, 0x98, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe58b, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1ff]}, 0x45c) 13.190036668s ago: executing program 0 (id=86): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000003c0)=0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12.808274349s ago: executing program 0 (id=91): syz_mount_image$minix(&(0x7f00000000c0), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0032006c00ae1ecebf96fccb8a69f4a8ea113bda4a1e87a726a9dcf01d4bf4543b835eb2b9e6066dc6b060d90b6ca4385a4244aa53e0a0acaebd0c1dd5d380385e85b29008b29f2fb4a93ebe5ace1c105e684d1fd61659e8decea319f675e039904905a8130e2f3c8d5c7a22b4487a331c727612ff1ddd6aabd0e4ab29212632a15e835fac77a7c827"], 0x1, 0x174, &(0x7f0000000240)="$eJzs281uElEYgOFvAH/iysSdcWfV+lMGCpou9VKadmwap2qsmzYu9Aq8Bq/M3oALb0BMR8BEGCaRyAnyPKsvvEzmsDjM2UwAm6vzPLLIYutyvnP95udbWeoVASsySnz/HyMgnfZF6hUAaXx7EXEREV+/fziI9tbM8/myf5z01r3Z/inidmfcs/vx4I8++hLVZ7/69tzrb0z7w7l9++7k/o/icTyJnehGHr3oj/vh9PrhkqcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZVFt2mvvALrXh5XBa92n6l6v3afrXquw19UNuvVb178KY8XLRMYI7Wkvu/3bD/Ow37H0jn9Oz81X5ZFu8MBoNhOqT+ZwL+tfz9ydv89Ox85/hk/6g4Kl4P+8Nne4PB3tNeXp3s88Xne2B9/X7op14JAAAAAAAAAPC3dqP+3RoAAOD/sorXiVL/RgAAAAAAAAAAAAAAWHc/AwAA//8c7qwa") creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) unlink(&(0x7f0000000080)='./file1\x00') 11.420855169s ago: executing program 0 (id=98): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18020000801004800000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3) 10.798228015s ago: executing program 0 (id=102): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r2, 0x401, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="410302020402060612e2ce2ba893279f5b401f98e6cd6db21a505401"], 0x1c) 10.241520407s ago: executing program 32 (id=102): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r2, 0x401, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="410302020402060612e2ce2ba893279f5b401f98e6cd6db21a505401"], 0x1c) 9.923990512s ago: executing program 3 (id=106): r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r1 = dup(r0) r2 = syz_io_uring_setup(0x6e1, &(0x7f0000000380)={0x0, 0x33f8, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x100a}, 0x1}) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) 9.659374293s ago: executing program 3 (id=108): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x9}, @local=@item_012={0x2, 0x2, 0x4, "c1a1"}, @main=@item_4={0x3, 0x0, 0x9, "5aa8257f"}, @main=@item_012={0x0, 0x0, 0x9}, @main=@item_4={0x3, 0x0, 0xb, "af45cee1"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000140), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x400c4808, &(0x7f0000000080)={0x2, 0x100, 0x20a6}) ioctl$HIDIOCGCOLLECTIONINDEX(r1, 0x40184810, 0x0) 8.870992636s ago: executing program 4 (id=111): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000300)=ANY=[@ANYBLOB="0b000000000000000a00000000000005ff02000000000000000000000000000102000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x110) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x7d) syz_emit_ethernet(0x3e, &(0x7f0000000900)={@link_local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x8, 0x11, 0x0, @empty, @mcast2, {[], {0x0, 0xe22, 0x8}}}}}}, 0x0) 8.560623532s ago: executing program 4 (id=113): r0 = syz_clone(0x80000011, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) setpgid(r0, r0) setpgid(0x0, r0) wait4(r0, 0x0, 0x2, 0x0) getpriority(0x0, r0) 6.766283295s ago: executing program 4 (id=119): setfsgid(0xee00) r0 = syz_clone(0x80080100, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) syz_open_procfs$namespace(r0, &(0x7f0000000100)='ns/pid_for_children\x00') 6.364830594s ago: executing program 3 (id=121): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x800, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0xd}, {0xe, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_TSC_KHZ_cpu(r2, 0xaea2, 0xf15) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000000000001000000000000000f0ffffffffffffff10"]) 6.291358673s ago: executing program 4 (id=122): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0xdb6, 0x9, 0x8, 0x0, 0x1, 0x0, 0x2, 0x0, 0x2, 0x62b, 0x0, 0x0, 0x5, 0x1, 0xfffffffffffffffd, 0x5], 0x5000, 0x8340}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.973560416s ago: executing program 3 (id=125): syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x18, &(0x7f0000000180)=ANY=[@ANYBLOB="00631dda01aef2456795dd9b2620df1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d2e660c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e900000100000149e6d308cbe315789f4baffe39bbced9b1d421d2e290e9fc561a62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac102"], 0x4, 0x26d, &(0x7f00000005c0)="$eJzs281OE18Yx/EfL/8/CMJUURSM8YludDOBegUNgcTYRIPU+JKYDDLVpkNLOg2mxgg7t14HcenOxHgDbLwCF+7YuGRhHMNMLS2UqAuZaL+fzXnI4deck+dMcxadnXuvV8vF0C16dfX3mQalTe1KGfVrQIm+5tgf1/+r3aauTeQ/Xbxz/8HNXD4/v2i2kFu6njWz8Uvvn714c/lDffTu2/F3Q9rOPNr5kv28Pbk9tfNt6WkptFJolWrdPFuuVuvecuDbSiksu2a3A98LfStVQr/WMV8MqmtrDfMqK2MjazU/DM2rNKzsN6xetXqtYd4Tr1Qx13VtbET4mcLW4qKXS3sV+LNqtZw3J2n60ExhK5UFAQCAVHH/72Xc/3vB3v3/YfP57cT9HwAAAAAAAAAAAAAAAAAAAACAv8FuFDlRFDk/xv+k+A2fqPn3CUkjkkYlnZQ0JmlckiMpI+mUpNOSJiSdkXRW0qSkc5LOS5pq+6y094rDjur/AP3vCTz/vY3+97a2F3eHpdVX64X1QjIm87miSgrka0aOvsa9bErqhRv5+RmLZXRhdaOZ31gvDHTmZ+XsHZhu+dkkb535ofjctfJZOXsHrFs+2zU/rKtX2vKuHH18rKoCrcRncj//ctZs7lb+QH46/r9/nWstXfvnukfNJ/lfOB/RTNf+DGp6MN29Qwobz8teEPg1CgoKilaR9jcTjsN+09NeCQAAAAAAAAAAAAAAAADgdxzHzwnT3iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd9DwAA//+TC2AL") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) syz_clone(0x1144280, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) r1 = creat(&(0x7f0000000040)='./file7\x00', 0x1a2) fallocate(r1, 0x0, 0x9, 0x2000406) 5.678016174s ago: executing program 4 (id=127): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000400)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000005c0)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000001380)=[{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000740)="17f2b2de5c6b0db5d25446463f74d3740a70f6e0249ca79ea3579bc57df5837189a49908837dae500632174cac1efc0e61b9cbcde67b0070040000003d478881c92de1d95dcc82811ba3e4d049aa70572e323a9b0080fe56fc785245e3dd4eb6fd1d435e39d84c964a20acf7d7ef519aea75b91aa77cac6acc28cafff73c92dc58cdc172494f050a1678bcfcc26a1ef64ec814ead5ca32517f28211601a4cbaf0c28ef055c0be316c81a5a87e4c019b2e1b2d2110bf8ad6436a4c5504867c9f22553508a636e4c75132091fe69df861f695475", 0xd3}], 0x1, 0x0, 0x0, 0x11}], 0x1, 0xc48d4) recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)=""/114, 0x72}, {&(0x7f0000000100)=""/96, 0x60}], 0x2}, 0x0) 5.460249759s ago: executing program 4 (id=128): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) r2 = pidfd_getfd(r1, r1, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) setns(r2, 0x66020000) syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0) 4.419734683s ago: executing program 3 (id=131): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001880)="3ea74815ea3f577ea6449f8b353de500ec8ec15af1c38ff3ccf324880db5d15e223463e7f26e969a35115fa034729d226e85fc54921082ce33db43afb1edec8604d1aab6bd4b19b3bc83f14954723cb8175af1cfc307533bc1d4ab373b029fb427029fe4f7d49897f2ad28a7b5afad64b03976e01d8266a43670ea51817b240180d8bafca9b200a0a6a018c0d6b954f18d5cddf41e4f6237baef652fe4bc7f6a7014887e20c854922be36abf1c53700c5ad92bc04944f9d69d9b0f3bf9a8ac38f3522ddfbab454f292a2a053207c2263ee8311398f7ee9ceaac5f1d7ea287002d151a389dfe8bf8bde731402e4115280f66526d865f90ada6a2ded26261c38c87de2f5d60ecc6dc8d12f63a8375bf55526c754f74cdea9459c78245d9f6185b9947308551624d67f3688a4fe936dc91de837a258ae6468f2f5cd968757dd28f278a2424a9a8fe87027bb4776c5904824b68b16361df1adb992f4a0ecf88799fe96def7ce00c479942a8c4dd225e61cea30b3e483d9e764301dd1d569a2d2fcc91dcc54c8ac6e052ba85d8a8e7744bbd965f799579dd395c49aea7a3ab5df2fe33ceb1a706683a398d166e4e5ef0aee222c8d6e71f61cf9a212b7f1abf05ede37b863d298bee7e28a1917dc06a85dc82dca299d45a1cce10fdf0d7715555e99a9e7d064024aa4004684008421f619538942880b7b9b881431509aebdb47211a79da86c80487423d0eae90916648ebeb47a864b8fffd9c452e3c18036bf286680298e5d20c4e011d47ca47a5e0895d98055eeeb0d1adce72e26a1bb572043b49faae886274b9dea35dcd796ac286b55b6c99179c26ec47f8ed0d16832771047886cbffa10075756f53fd3180d629de87868c5739e89290b845884e155b88f7453e1e949bd7f2708199417c7209db40f46a4f1921e6d82f3d3907eb0c3c7c64cbc0aa0fae57a3b68651488b33ceacf198473e2dbade77babf656d7c9d20e88ebf1625cc7266468fb4ec4f3b5ea65b9dc38f712f44ef1b248b19fb03695d82cd5e4905852647f7a26d88aff7ce4ecfa94f2705c4c58352acdbba36e92f69dd7583c49ecb062b44ef1a3f15bb5a082eb82e7452054612498019dba9becb8b0ff423df99d64472b3528ed8d1dd6b24e714ea5786aa1f618a38cfc70cbb1f8f09fa5f6a56017790ba6d5950557e1d9a8457bc3f5fd461c86ec4b90e8abb9f90debf7dd84f8fedabf25a10c91c70bebb8266599e4e20f6eddf1fba0bcc228e2038ae971bf995ad4f0d680fefce2c4da8c851142d76c1ec4a3b5a627766d803c9e603326d0c9164bb76c19f65f44e62d2ccc488824bc046cc4850701846e9772c5545f02f2536fbbba2f14ee9f2ba4fc2060478f0c90a504b4daabfd1bd24a400785767e05cc5f7f15d205033768592e0a23da6c3419fdcc31a8d6607722932842eff8d8b1220352c06f645ad201acf1e73cc98b0", 0x410}], 0x1, &(0x7f0000000280)=[@assoc={0x18, 0x117, 0x4, 0x400}], 0x18, 0x200040d0}], 0x1, 0x840) recvmsg(r1, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000003a00)=""/4109, 0x100d}], 0x1}, 0x40010021) 4.394257824s ago: executing program 1 (id=133): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000005880)={[{@jqfmt_vfsv1}, {@heap}, {@alloc_mode_def}, {@six_active_logs}, {@flush_merge}, {@fault_injection={'fault_injection', 0x3d, 0x17}}, {@discard}, {@noacl}, {@fsync_mode_posix}, {@alloc_mode_def}, {@noextent_cache}, {@jqfmt_vfsold}, {@fault_type={'fault_type', 0x3d, 0xfffffe}}]}, 0x1, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x58) truncate(&(0x7f0000000100)='./file1\x00', 0x20fdfffffe) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143441, 0x98) write(r0, &(0x7f00000002c0)='G', 0x1) pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0) 2.842902599s ago: executing program 1 (id=140): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="0f20e035000004000f22e066b8a4000f00d08f8860cc423000b993030000b858000000ba000000000f3066ba4100b0cbee0f01cf0f01c966baf80cb81f625386ef66bafc0cb000ee66b8d5008ec0c4c26dacaf9f14ce75", 0x57}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.972103521s ago: executing program 2 (id=141): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f0000000340)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x1, 0x38, 0xda18, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x9, 0x40, 0xfffc, 0x0, 0x1002, {[@sack={0x5, 0x2}, @timestamp={0x8, 0xa, 0x0, 0x20000006}, @mss={0x2, 0x4, 0xfffa}]}}}}}}}, 0x0) 1.603072298s ago: executing program 2 (id=142): r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) r1 = syz_io_uring_setup(0xa1, &(0x7f0000000640)={0x0, 0xe8ce, 0x0, 0x20, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000020c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6007, @fd=r0, 0x0, 0x0}) io_uring_enter(r1, 0x6f85, 0x0, 0x69, 0x0, 0x0) 1.349776189s ago: executing program 2 (id=143): r0 = socket$inet6(0xa, 0x2, 0x3a) r1 = dup(r0) r2 = syz_io_uring_setup(0x835, &(0x7f00000000c0)={0x0, 0x679a, 0x400, 0x2000006, 0x3ce}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r1, 0x0, &(0x7f0000000240)="144024aeae8b2b5d63f7", 0xa, 0x2400c0c7, 0x1}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) 1.294439051s ago: executing program 1 (id=144): r0 = creat(&(0x7f0000000540)='./file0\x00', 0x0) close(r0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000640), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 990.037104ms ago: executing program 1 (id=145): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_setup(0x6, &(0x7f0000001380)=0x0) io_submit(r1, 0x2000000000000055, &(0x7f0000000180)=[&(0x7f0000000600)={0x1000000, 0x0, 0x0, 0x5, 0x4001, r0, 0x0, 0x0, 0x0, 0x0, 0x2}]) 895.016201ms ago: executing program 2 (id=146): openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080), 0x4) sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="000426bd7000fcdbdf250c00000034000980080002000010000008000100fbffffff08000100ffffff7f08000200d63c0000080001000400000008000100090000002c0101800d0001007564703a73797a3200000000380004001400010002004e23ac1e00010000000000000000200002000a004e227ffffffffc00000000000000000000000000000001000080080003000400000038000400200001000a004e2000000009ff020000000000000000000000000001040000001400020002004e240000000000000000000000004c00028008000300ff0100000800040001040000080003000900000008000200f6000000080001001c0000000800020001000000080001001a0000000800030009000000080001001700000054000280080001001c00000008"], 0x2d0}, 0x1, 0x0, 0x0, 0x40408c1}, 0x40) socket(0xa, 0x5, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x8a2b81) write$char_usb(r0, &(0x7f0000000040)="e2", 0x12d8) 705.519023ms ago: executing program 1 (id=147): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000004c0), &(0x7f00000004c0), 0x1000, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 560.504445ms ago: executing program 2 (id=148): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2, &(0x7f0000000cc0)={[{@jqfmt_vfsold}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8}}, {@noblock_validity}, {@noload}, {@delalloc}, {@max_batch_time={'max_batch_time', 0x3d, 0x1}}, {@discard}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000000}}, {@nomblk_io_submit}, {@init_itable_val={'init_itable', 0x3d, 0xfff}}]}, 0xfa, 0x477, &(0x7f0000001380)="$eJzs3M9vFFUcAPDvTH/w21bEHyBIFY3EHy0tP+TgRaMJB01M9IDxVNtCKgs1tCZCiFYPeDQk3o3/hfGkF6NeNPGqd0NCDBdQL2tmZwaWZbfd0m0X2M8nme57M6/73ndm3u6bebsbQM8ayf4kEVsj4o+IGMqztxYYyR+uX70w9c/VC1NJVKtv/53Uyl27emGqLFr+35Y8U60W+Q1N6r34XsRkpTJztsiPLZz+cGz+3PkXZ09Pnpw5OXNm4ujRQwf3DB6ZONyROLO4ru36ZG73zmPvXnpz6vil939O0sjjjoY4OmUk37tNPdPpyrpsW1066a/fsvfXm+lmZwLd1BcR2eEaqPX/oeiLTTe2DcXrn3e1ccCaqlar1SVelRerwH0siW63AOiO8o0+u/4tl3UaetwVrrySXwBlcV8vlnxLf6R5Yu9Aw/Xt1g7WPxIRxxf//TpbYo3uQwAA1Ps+G/+80Gz8l8YjeWIw+/NAMYcyHBEPRsT2iHgoInZExMMRtbKPRsRjK6y/cYbk9vFPevmOg2tDNv57uZjbunX8l5ZFhvuK3LZa/APJidnKzIFin+yPgQ0nZpOZ8SXq+OG1379sta1+/JctWf3lWLBox+X+hht005MLk6uJud6VzyJ29TeLP4lyGieJiJ0RsesO65h9rr/ltuXjX0Lrp21b9ZuIZ/PjvxgN8ZeSlvOT4y8dmTg8tjEqMwfGyrPidr/8dvGtVvWvKv4OyI7/5qbn/434h5ONEfPnzp+qzdfOr+jps64TF//8ouU1TRF/1r3aOf+PbSvO/8HkndqKwWLDx5MLC2fHIwaTN25fP3Hz2cp8WT6Lf/++5v1/e9zcE49HxO6I2BMRT2QXhUXbn4yIpyJi3xI74adXn/5gmfibHP/1mSvN4p9e7vhH/fFfeaLv1I/fLR//xohodfwP1VL7izXtvP6128DV7DsAAAC4V+SfgU/S0RvpNB0dzT/DvyM2p5W5+YXnT8x9dGY6n/cejoG0vNM1VHc/dLy4N1zmJxryB4v7xl/1barlR6fmKtPdDh563JYW/T/zV1+3WwesuQ7MowH3KP0fepf+D70p0f+hp+n/0Lua9f9PW5Ye/XZNGwOsK+//0Lva6P+L+UPrUQFwb/L+D71L/4ee1PK78emqvvK/7on/it8zvFvac/8nIr0rmnH/J/rb/jGLFSSqQ3n/z9ZsaFqm269MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnfF/AAAA//8Qi+Nc") creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x9) symlink(&(0x7f0000000440)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa1) rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000001900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10, 0x1) 502.468313ms ago: executing program 1 (id=149): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000000)=0x81, 0x4) recvfrom(r0, &(0x7f0000000480)=""/110, 0x168f6f3d, 0x734, 0x0, 0xfffffffffffffecb) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000ffd000/0x1000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeae, 0x0, 0x0}, &(0x7f0000000740)=0x40) 114.974082ms ago: executing program 2 (id=150): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d40)=@newqdisc={0x3a8, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x378, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0x0, 0x2}}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x64, 0x2, 0x3, 0x17, 0xd, 0x8, 0x1}}, @TCA_CHOKE_MAX_P={0x8, 0x3, 0x2}, @TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_STAB={0x104, 0x2, "dc542b4e237011fb38ddb228806571a8633206e26df63a43bbc516382325dedd79c1cf0a26379dfaf72cb5ab9ab7efe16f312ee9ab598d1ac0d7903ac69c51f1b6842ebecf00dec5deff737b59f0c1f0b57cc6c2b7b8c5b2c527aafa57222f4bd2355ccab39fa20d4033b6b687491532080101805feb9c6fa8a56a77186efcb394ce1a1cd7f2130835e3bf9e3ac25d0a102a808be13beb51f37da6d10046f131834545ee5013f43e41e91eb18a12c28540ab4106286e0f7568f6a9cd0c0da51df08e42848096b25d455ebec9adfd6e493d8c9725bc2d49bbbae0a5375b359f91d9dad20ed109ffbc52469cffd2cf5df7773f7a4c72ae167485315c326281efc4"}, @TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_STAB={0x104, 0x2, "a2a88faa7ec665a571a9ad3d1f9512e3c591df4a4554c6c2e2cc6cb4d9aee4579684743ad4888f1522a47ddaff3d4f9450d288e8559bc4f795aa0d1bc74d926038adb808cba6e90535b2eb8ba3e8ff927207d17a86b10d604e77a459df67e7f0c842d463ca5977b7e2eb55fbb9881d15633717817c735da52a1da7d64bb22e58550d8ee20883e41ec2f119a6a6364d68900c1cce4a3b3225a9ce9e1e00b444e9e7bcd10e1dec202ce7786aa7cf10d4dd6bbcee586d7903a6239ff90b49cd7fddb0c67ddab326cdb2d0fa48a783f691be9ebaa1243b21afd04a372650aa7eb46a2675cc67ae12d3b99c9acb4d9fb7c78081d269b443affd86eededd4867311221"}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x1ffff}}, @TCA_CHOKE_STAB={0x104, 0x2, "554b956aa3fcfbc4a187baf0437163b5d33108db016465f92a93480d2c246d90f03741da6ee916f7c9917dbd81da67d6150151679559af8402b932745d19fbfbd679c133c4714565f91cd05790d990818bac85598b6a844cb2c2d277aaca9a88ee0e6a834ba02b4e549f11fb13e9fe33730c55997f2d3b7e6469210db81587fc522295f49a78f4e08ddfb01172b12a19b303a0c47fa3500cdc3e6725a79dcd3731c37083c3bbe73c43e7e2ea82c72986a1499c677c565ea1cfc874e7e978e4ebe8d338f0b37807d40333ee570133982998623ec809826f1009856a9d9d8e839c65d3ead78c6b3cb8f7beee8e59f19de93d06628a2cdfa4333d96882b96c36cc3"}]}}]}, 0x3a8}}, 0x0) 0s ago: executing program 3 (id=151): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000280)=@base={0xe, 0x4, 0x8, 0x6, 0x0, 0x1, 0x14}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0xffffffbc, 0x10}, [@ldst={0x7, 0xff05, 0x0, 0x0, 0xa}]}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) close(0x3) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r2}, &(0x7f0000000080), &(0x7f0000000380)=r1}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r0, &(0x7f0000000140), 0x0}, 0x20) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.243' (ED25519) to the list of known hosts. [ 79.823664][ T5811] cgroup: Unknown subsys name 'net' [ 79.948687][ T5811] cgroup: Unknown subsys name 'cpuset' [ 79.958240][ T5811] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 81.690293][ T5811] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 83.850819][ T5825] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.859515][ T5828] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 83.859548][ T5825] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.875583][ T5829] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 83.876621][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.895138][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 83.905217][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 83.914068][ T5829] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 83.922033][ T5829] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 83.925555][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 83.930255][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.944080][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 83.952859][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.962480][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 83.977325][ T52] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 83.986255][ T52] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 83.989705][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 83.994127][ T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.003470][ T5828] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 84.017714][ T5828] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 84.022045][ T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.033189][ T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.034770][ T5828] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 84.049488][ T5829] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 84.065303][ T5828] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 84.623962][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 84.894878][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 84.969770][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.977124][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.984519][ T5822] bridge_slave_0: entered allmulticast mode [ 84.992542][ T5822] bridge_slave_0: entered promiscuous mode [ 85.013424][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 85.070012][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.077452][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.085187][ T5822] bridge_slave_1: entered allmulticast mode [ 85.092564][ T5822] bridge_slave_1: entered promiscuous mode [ 85.100471][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 85.247378][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.287328][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.301994][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 85.428006][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.435578][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.442757][ T5836] bridge_slave_0: entered allmulticast mode [ 85.450714][ T5836] bridge_slave_0: entered promiscuous mode [ 85.458309][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.465784][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.473003][ T5830] bridge_slave_0: entered allmulticast mode [ 85.480984][ T5830] bridge_slave_0: entered promiscuous mode [ 85.504543][ T5822] team0: Port device team_slave_0 added [ 85.524015][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.531318][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.539053][ T5836] bridge_slave_1: entered allmulticast mode [ 85.546621][ T5836] bridge_slave_1: entered promiscuous mode [ 85.553699][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.561660][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.568956][ T5830] bridge_slave_1: entered allmulticast mode [ 85.576576][ T5830] bridge_slave_1: entered promiscuous mode [ 85.583663][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.590884][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.598934][ T5821] bridge_slave_0: entered allmulticast mode [ 85.606180][ T5821] bridge_slave_0: entered promiscuous mode [ 85.617049][ T5822] team0: Port device team_slave_1 added [ 85.659191][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.666501][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.673725][ T5821] bridge_slave_1: entered allmulticast mode [ 85.681397][ T5821] bridge_slave_1: entered promiscuous mode [ 85.780092][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.792851][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.806689][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.828588][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.835673][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.861903][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.891658][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.917412][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.928365][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.935526][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.962094][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.974014][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.981566][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.988986][ T5823] bridge_slave_0: entered allmulticast mode [ 85.996224][ T5823] bridge_slave_0: entered promiscuous mode [ 86.031680][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.045571][ T5828] Bluetooth: hci1: command tx timeout [ 86.051541][ T5832] Bluetooth: hci2: command tx timeout [ 86.067861][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.075552][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.082786][ T5823] bridge_slave_1: entered allmulticast mode [ 86.090340][ T5823] bridge_slave_1: entered promiscuous mode [ 86.112441][ T5830] team0: Port device team_slave_0 added [ 86.125173][ T5828] Bluetooth: hci0: command tx timeout [ 86.131147][ T5832] Bluetooth: hci4: command tx timeout [ 86.137270][ T5828] Bluetooth: hci3: command tx timeout [ 86.162287][ T5836] team0: Port device team_slave_0 added [ 86.170779][ T5830] team0: Port device team_slave_1 added [ 86.179251][ T5821] team0: Port device team_slave_0 added [ 86.188825][ T5821] team0: Port device team_slave_1 added [ 86.222370][ T5836] team0: Port device team_slave_1 added [ 86.272549][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.327728][ T5822] hsr_slave_0: entered promiscuous mode [ 86.334522][ T5822] hsr_slave_1: entered promiscuous mode [ 86.344561][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.367389][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.375482][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.402260][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.415870][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.422857][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.449201][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.462676][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.470155][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.496435][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.519862][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.527066][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.554230][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.566833][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.573818][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.599980][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.639246][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.646292][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.672764][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.723132][ T5823] team0: Port device team_slave_0 added [ 86.785226][ T5823] team0: Port device team_slave_1 added [ 86.829050][ T5830] hsr_slave_0: entered promiscuous mode [ 86.835659][ T5830] hsr_slave_1: entered promiscuous mode [ 86.842049][ T5830] debugfs: 'hsr0' already exists in 'hsr' [ 86.847989][ T5830] Cannot create hsr debugfs directory [ 86.895186][ T5821] hsr_slave_0: entered promiscuous mode [ 86.901797][ T5821] hsr_slave_1: entered promiscuous mode [ 86.908480][ T5821] debugfs: 'hsr0' already exists in 'hsr' [ 86.915033][ T5821] Cannot create hsr debugfs directory [ 86.942083][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.950198][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.976632][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.035434][ T5836] hsr_slave_0: entered promiscuous mode [ 87.042623][ T5836] hsr_slave_1: entered promiscuous mode [ 87.049455][ T5836] debugfs: 'hsr0' already exists in 'hsr' [ 87.055835][ T5836] Cannot create hsr debugfs directory [ 87.093664][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.101487][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.127684][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.489116][ T5823] hsr_slave_0: entered promiscuous mode [ 87.496721][ T5823] hsr_slave_1: entered promiscuous mode [ 87.502973][ T5823] debugfs: 'hsr0' already exists in 'hsr' [ 87.508866][ T5823] Cannot create hsr debugfs directory [ 87.879231][ T5822] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 87.893784][ T5822] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 87.912195][ T5822] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 87.923737][ T5822] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 87.995772][ T5830] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.010801][ T5830] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.023919][ T5830] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.039604][ T5830] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.125641][ T5828] Bluetooth: hci2: command tx timeout [ 88.125689][ T5832] Bluetooth: hci1: command tx timeout [ 88.165105][ T5821] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 88.177998][ T5821] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 88.190691][ T5821] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 88.204934][ T5832] Bluetooth: hci3: command tx timeout [ 88.215146][ T5832] Bluetooth: hci4: command tx timeout [ 88.215175][ T5828] Bluetooth: hci0: command tx timeout [ 88.225018][ T5821] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 88.372541][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.379584][ T5836] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.391997][ T5836] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.415429][ T5836] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.433290][ T5836] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.449910][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.500030][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.524675][ T4905] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.532006][ T4905] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.575046][ T4905] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.582242][ T4905] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.628044][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.644519][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.651799][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.680043][ T5823] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.692959][ T5823] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.705473][ T5823] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.723546][ T5823] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.753864][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.761161][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.966080][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.070501][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.092849][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.121081][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.160284][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.167565][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.212421][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.250591][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.257913][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.290757][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.319023][ T4905] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.326324][ T4905] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.392515][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.399768][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.412609][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.419804][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.452810][ T1157] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.460137][ T1157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.480243][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.578169][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.764508][ T5830] veth0_vlan: entered promiscuous mode [ 89.823922][ T5822] veth0_vlan: entered promiscuous mode [ 89.833083][ T5830] veth1_vlan: entered promiscuous mode [ 89.887696][ T5822] veth1_vlan: entered promiscuous mode [ 90.036786][ T5830] veth0_macvtap: entered promiscuous mode [ 90.073777][ T5830] veth1_macvtap: entered promiscuous mode [ 90.115973][ T5822] veth0_macvtap: entered promiscuous mode [ 90.163209][ T5822] veth1_macvtap: entered promiscuous mode [ 90.182970][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.206674][ T5828] Bluetooth: hci2: command tx timeout [ 90.208942][ T5832] Bluetooth: hci1: command tx timeout [ 90.219299][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.233345][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.262758][ T1157] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.287837][ T5832] Bluetooth: hci0: command tx timeout [ 90.287871][ T52] Bluetooth: hci3: command tx timeout [ 90.296977][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.299515][ T5828] Bluetooth: hci4: command tx timeout [ 90.320306][ T1157] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.330815][ T1157] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.361642][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.380363][ T66] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.410383][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.451721][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.480993][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.531021][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.557734][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.603867][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.766974][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.784347][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.809528][ T1157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.821369][ T1157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.853731][ T5836] veth0_vlan: entered promiscuous mode [ 90.908001][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.917153][ T4905] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.918040][ T5823] veth0_vlan: entered promiscuous mode [ 90.931166][ T4905] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.940185][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.957378][ T5836] veth1_vlan: entered promiscuous mode [ 90.996541][ T5821] veth0_vlan: entered promiscuous mode [ 91.057222][ T5830] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 91.066983][ T5821] veth1_vlan: entered promiscuous mode [ 91.092617][ T5823] veth1_vlan: entered promiscuous mode [ 91.243963][ T5836] veth0_macvtap: entered promiscuous mode [ 91.280018][ T5823] veth0_macvtap: entered promiscuous mode [ 91.330666][ T5836] veth1_macvtap: entered promiscuous mode [ 91.342042][ T5821] veth0_macvtap: entered promiscuous mode [ 91.378299][ T5821] veth1_macvtap: entered promiscuous mode [ 91.386868][ T5948] syz.2.3 uses obsolete (PF_INET,SOCK_PACKET) [ 91.396990][ T5823] veth1_macvtap: entered promiscuous mode [ 91.416923][ T5947] syzkaller1: entered promiscuous mode [ 91.422741][ T5947] syzkaller1: entered allmulticast mode [ 91.491255][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.540623][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.611106][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.632826][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.648207][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.723065][ T66] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.739163][ T66] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.763940][ T5946] loop1: detected capacity change from 0 to 32768 [ 91.776741][ T5946] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2 (5946) [ 91.778743][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.838405][ T5946] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 91.849368][ T5946] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm [ 91.852178][ T66] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.894555][ T66] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.982826][ T66] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.005204][ T66] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.014066][ T66] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.037912][ T5946] BTRFS info (device loop1): enabling ssd optimizations [ 92.047398][ T5946] BTRFS info (device loop1): turning on async discard [ 92.054233][ T5946] BTRFS info (device loop1): enabling free space tree [ 92.077810][ T66] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.114801][ T66] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.128778][ T794] cfg80211: failed to load regulatory.db [ 92.178690][ T66] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.214748][ T66] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.261228][ T1157] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 92.286016][ T5828] Bluetooth: hci1: command tx timeout [ 92.291491][ T5828] Bluetooth: hci2: command tx timeout [ 92.342670][ T66] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.367741][ T52] Bluetooth: hci4: command tx timeout [ 92.369438][ T5832] Bluetooth: hci3: command tx timeout [ 92.373227][ T5828] Bluetooth: hci0: command tx timeout [ 92.547112][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.583410][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.638243][ T5958] loop2: detected capacity change from 0 to 32768 [ 92.708550][ T5958] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 92.744374][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.771771][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.780473][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.820016][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.853185][ T5958] XFS (loop2): Ending clean mount [ 92.878047][ T5822] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 92.930111][ T5958] XFS (loop2): Quotacheck needed: Please wait. [ 92.960058][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.007212][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.039019][ T5958] XFS (loop2): Quotacheck: Done. [ 93.226572][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.237533][ T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.251812][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.298683][ T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.311280][ T5830] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 94.173238][ T5996] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 94.821210][ T6012] loop0: detected capacity change from 0 to 4096 [ 94.853423][ T6012] ======================================================= [ 94.853423][ T6012] WARNING: The mand mount option has been deprecated and [ 94.853423][ T6012] and is ignored by this kernel. Remove the mand [ 94.853423][ T6012] option from the mount to silence this warning. [ 94.853423][ T6012] ======================================================= [ 95.194691][ T6027] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 95.345434][ T30] audit: type=1804 audit(1762520905.029:2): pid=6012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.16" name="/newroot/1/file0/bus" dev="loop0" ino=18 res=1 errno=0 [ 95.810205][ T30] audit: type=1800 audit(1762520905.489:3): pid=6034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.23" name="bus" dev="tmpfs" ino=2 res=0 errno=0 [ 96.380545][ T6017] loop4: detected capacity change from 0 to 40427 [ 96.468740][ T6049] loop2: detected capacity change from 0 to 1024 [ 96.506414][ T6017] F2FS-fs (loop4): invalid crc value [ 96.549776][ T6046] kvm: emulating exchange as write [ 96.711487][ T6049] hfsplus: xattr searching failed [ 96.760347][ T6049] process 'syz.2.29' launched './file0' with NULL argv: empty string added [ 96.821052][ T6049] hfsplus: xattr searching failed [ 96.865478][ T6049] hfsplus: xattr searching failed [ 96.935340][ T43] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 96.976624][ T6017] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 97.041231][ T6017] F2FS-fs (loop4): Start checkpoint disabled! [ 97.161380][ T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 97.203772][ T43] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 97.215123][ T6017] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0 [ 97.276956][ T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 97.295471][ T6017] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 97.314966][ T43] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 97.390858][ T43] usb 4-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 97.429307][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.444452][ T43] usb 4-1: Product: syz [ 97.481740][ T43] usb 4-1: Manufacturer: syz [ 97.501031][ T43] usb 4-1: SerialNumber: syz [ 97.545708][ T6011] syz.4.17: attempt to access beyond end of device [ 97.545708][ T6011] loop4: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 97.600669][ T43] usb 4-1: config 0 descriptor?? [ 97.623683][ T43] ums-isd200 4-1:0.0: USB Mass Storage device detected [ 97.633145][ T6069] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 97.644550][ T6069] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 97.723894][ T6069] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 97.806551][ T6069] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 97.829881][ T6069] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 97.882612][ T6069] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 97.916701][ T43] scsi host1: usb-storage 4-1:0.0 [ 97.953725][ T6069] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 97.998241][ T6069] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 98.040416][ T6069] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 98.072719][ T6069] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 98.106596][ T6069] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 98.135448][ T43] usb 4-1: USB disconnect, device number 2 [ 98.161381][ T6069] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 98.222232][ T6069] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 98.230610][ T6069] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 98.271851][ T6069] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 98.324411][ T6085] loop1: detected capacity change from 0 to 512 [ 98.332045][ T6085] EXT4-fs: Ignoring removed i_version option [ 98.353724][ T6085] EXT4-fs: Ignoring removed bh option [ 98.400813][ T50] kworker/u8:3: attempt to access beyond end of device [ 98.400813][ T50] loop4: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 98.438532][ T50] kworker/u8:3: attempt to access beyond end of device [ 98.438532][ T50] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 98.479593][ T50] CPU: 1 UID: 0 PID: 50 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) [ 98.479625][ T50] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 98.479638][ T50] Workqueue: writeback wb_workfn (flush-7:4) [ 98.479666][ T50] Call Trace: [ 98.479674][ T50] [ 98.479681][ T50] dump_stack_lvl+0x189/0x250 [ 98.479716][ T50] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.479742][ T50] ? __pfx_queue_work_on+0x10/0x10 [ 98.479766][ T50] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 98.479790][ T50] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 98.479826][ T50] f2fs_handle_critical_error+0x37c/0x540 [ 98.479863][ T50] f2fs_write_end_io+0x886/0xb60 [ 98.479905][ T50] __submit_merged_bio+0x27a/0x6a0 [ 98.479941][ T50] __submit_merged_write_cond+0x255/0x530 [ 98.479976][ T50] f2fs_write_data_pages+0x261d/0x3000 [ 98.480035][ T50] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 98.480071][ T50] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 98.480133][ T50] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 98.480212][ T50] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 98.480242][ T50] do_writepages+0x32e/0x550 [ 98.480274][ T50] ? reacquire_held_locks+0x127/0x1d0 [ 98.480300][ T50] ? writeback_sb_inodes+0x3bc/0x1950 [ 98.480333][ T50] __writeback_single_inode+0x143/0x12d0 [ 98.480359][ T50] ? do_raw_spin_unlock+0x122/0x240 [ 98.480382][ T50] writeback_sb_inodes+0x984/0x1950 [ 98.480406][ T50] ? lockdep_hardirqs_on+0x9c/0x150 [ 98.480466][ T50] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 98.480540][ T50] ? rcu_is_watching+0x15/0xb0 [ 98.480580][ T50] wb_writeback+0x43b/0xaf0 [ 98.480615][ T50] ? queue_io+0x301/0x590 [ 98.480643][ T50] ? __pfx_wb_writeback+0x10/0x10 [ 98.480678][ T50] ? _raw_spin_unlock_irq+0x23/0x50 [ 98.480709][ T50] wb_workfn+0x409/0xef0 [ 98.480749][ T50] ? __pfx_wb_workfn+0x10/0x10 [ 98.480776][ T50] ? __lock_acquire+0xab9/0xd20 [ 98.480814][ T50] ? process_one_work+0x868/0x15d0 [ 98.480846][ T50] ? _raw_spin_unlock_irq+0x23/0x50 [ 98.480874][ T50] ? process_one_work+0x868/0x15d0 [ 98.480896][ T50] process_one_work+0x94a/0x15d0 [ 98.480919][ T50] ? __lock_acquire+0xab9/0xd20 [ 98.480968][ T50] ? __pfx_process_one_work+0x10/0x10 [ 98.481003][ T50] ? assign_work+0x3a1/0x410 [ 98.481034][ T50] worker_thread+0x9b0/0xee0 [ 98.481092][ T50] kthread+0x711/0x8a0 [ 98.481115][ T50] ? __pfx_worker_thread+0x10/0x10 [ 98.481140][ T50] ? __pfx_kthread+0x10/0x10 [ 98.481161][ T50] ? _raw_spin_unlock_irq+0x23/0x50 [ 98.481184][ T50] ? lockdep_hardirqs_on+0x9c/0x150 [ 98.481206][ T50] ? __pfx_kthread+0x10/0x10 [ 98.481234][ T50] ret_from_fork+0x599/0xb30 [ 98.481263][ T50] ? __pfx_ret_from_fork+0x10/0x10 [ 98.481301][ T50] ? __switch_to_asm+0x39/0x70 [ 98.481318][ T50] ? __switch_to_asm+0x33/0x70 [ 98.481335][ T50] ? __pfx_kthread+0x10/0x10 [ 98.481355][ T50] ret_from_fork_asm+0x1a/0x30 [ 98.481397][ T50] [ 98.481406][ T50] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 98.748966][ T6085] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.830292][ T6085] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 99.060583][ T6102] sctp: [Deprecated]: syz.0.44 (pid 6102) Use of struct sctp_assoc_value in delayed_ack socket option. [ 99.060583][ T6102] Use struct sctp_sack_info instead [ 99.230974][ T5822] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.642654][ T6112] loop4: detected capacity change from 0 to 128 [ 99.650033][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout [ 99.668714][ T6112] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 99.693518][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880586cdc00: rx timeout, send abort [ 99.723359][ T6112] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 99.884849][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout [ 99.900779][ T66] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 99.966666][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout [ 99.974737][ T5887] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 100.124934][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 100.193738][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880586cd400: rx timeout, send abort [ 100.202885][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880586cdc00: abort rx timeout. Force session deactivation [ 100.285446][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout [ 100.360408][ T5887] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 100.396328][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.415712][ T5887] usb 3-1: Product: syz [ 100.419944][ T5887] usb 3-1: Manufacturer: syz [ 100.434710][ T5887] usb 3-1: SerialNumber: syz [ 100.523749][ T6126] overlayfs: upper fs does not support file handles, falling back to index=off. [ 100.702188][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880586cd400: abort rx timeout. Force session deactivation [ 100.885363][ T5887] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 100.914708][ T5887] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 101.141937][ T6139] syzkaller1: entered promiscuous mode [ 101.165101][ T6139] syzkaller1: entered allmulticast mode [ 101.509418][ T6133] loop4: detected capacity change from 0 to 32768 [ 101.637477][ T5887] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 101.687184][ T5887] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 101.738027][ T5887] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 101.741022][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout [ 101.752905][ T30] audit: type=1800 audit(1762520911.429:4): pid=6133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.58" name="file1" dev="loop4" ino=4 res=0 errno=0 [ 101.824084][ T5887] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 101.853688][ T5887] usb 3-1: USB disconnect, device number 2 [ 101.945281][ T6137] loop3: detected capacity change from 0 to 32768 [ 101.964853][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout [ 101.973172][ T6137] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.60 (6137) [ 102.029030][ T6137] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 102.040494][ T6137] BTRFS info (device loop3): using blake2b (blake2b-256-lib) checksum algorithm [ 102.050079][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout [ 102.205431][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 102.247498][ T6137] BTRFS info (device loop3): enabling ssd optimizations [ 102.330832][ T6137] BTRFS info (device loop3): turning on async discard [ 102.392300][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout [ 102.394975][ T6137] BTRFS info (device loop3): enabling free space tree [ 102.615119][ T6167] loop1: detected capacity change from 0 to 2048 [ 102.642301][ T30] audit: type=1800 audit(1762520912.329:5): pid=6137 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.60" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 102.716661][ T6167] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 102.774776][ T6167] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 102.932692][ T30] audit: type=1800 audit(1762520912.619:6): pid=6167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.67" name="file1" dev="loop1" ino=1346 res=0 errno=0 [ 103.154477][ T5836] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 103.296296][ T6176] loop1: detected capacity change from 0 to 512 [ 103.429973][ T6176] FAT-fs (loop1): unable to read block(708132732928) for building NFS inode [ 103.744296][ T43] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 103.780832][ T6182] loop2: detected capacity change from 0 to 256 [ 103.804771][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout [ 103.850285][ T6182] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 103.879827][ T6149] loop0: detected capacity change from 0 to 32768 [ 103.949634][ T43] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 103.969017][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 103.989934][ T43] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 103.992339][ T6149] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 104.004652][ T43] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 104.045116][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout [ 104.045383][ T43] usb 5-1: Manufacturer: syz [ 104.126919][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout [ 104.149602][ T43] usb 5-1: config 0 descriptor?? [ 104.237879][ T6149] XFS (loop0): Ending clean mount [ 104.287780][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 104.296574][ T43] rc_core: IR keymap rc-hauppauge not found [ 104.311069][ T43] Registered IR keymap rc-empty [ 104.336445][ T6149] XFS (loop0): Quotacheck needed: Please wait. [ 104.356689][ T43] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 104.384977][ T43] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input5 [ 104.442891][ T6149] XFS (loop0): Quotacheck: Done. [ 104.454853][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout [ 104.462201][ C1] igorplugusb 5-1:0.0: Error: urb status = -32 [ 104.525088][ T43] usb 5-1: USB disconnect, device number 2 [ 104.903388][ T5823] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 105.060676][ T6206] wg1 speed is unknown, defaulting to 1000 [ 105.111323][ T6206] wg1 speed is unknown, defaulting to 1000 [ 105.137903][ T6206] wg1 speed is unknown, defaulting to 1000 [ 105.169396][ T6206] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 105.194012][ T6206] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 105.257205][ T6206] wg1 speed is unknown, defaulting to 1000 [ 105.272670][ T6206] wg1 speed is unknown, defaulting to 1000 [ 105.316275][ T6206] wg1 speed is unknown, defaulting to 1000 [ 105.345473][ T6206] wg1 speed is unknown, defaulting to 1000 [ 105.407245][ T6206] wg1 speed is unknown, defaulting to 1000 [ 105.687020][ T6196] loop3: detected capacity change from 0 to 40427 [ 105.695281][ T6196] F2FS-fs: heap/no_heap options were deprecated [ 105.709050][ T6196] F2FS-fs (loop3): build fault injection rate: 19 [ 105.721543][ T6196] F2FS-fs (loop3): build fault injection type: 0x3bfe8c [ 105.795180][ T6196] F2FS-fs (loop3): invalid crc value [ 105.853435][ T6196] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970 [ 105.884338][ T6218] input: syz0 as /devices/virtual/input/input6 [ 106.141012][ T6196] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0 [ 106.193360][ T6196] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 106.216340][ T6196] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 106.342525][ T6196] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40 [ 106.397816][ T6226] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_new_node_folio+0x131/0xa40 [ 106.476667][ T5836] F2FS-fs (loop3): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0xab4/0x1cf0 [ 106.519149][ T5836] F2FS-fs (loop3): inconsistent node block, node_type:3, nid:11, node_footer[nid:11,ino:3,ofs:2041,cpver:0,blkaddr:0] [ 106.589501][ T5836] syz-executor: attempt to access beyond end of device [ 106.589501][ T5836] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 106.626011][ T6234] loop0: detected capacity change from 0 to 128 [ 106.658819][ T5836] CPU: 0 UID: 0 PID: 5836 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 106.658849][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 106.658860][ T5836] Call Trace: [ 106.658868][ T5836] [ 106.658877][ T5836] dump_stack_lvl+0x189/0x250 [ 106.658919][ T5836] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.658948][ T5836] ? __pfx_queue_work_on+0x10/0x10 [ 106.658971][ T5836] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 106.658996][ T5836] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 106.659039][ T5836] f2fs_handle_critical_error+0x37c/0x540 [ 106.659079][ T5836] f2fs_write_end_io+0x886/0xb60 [ 106.659127][ T5836] __submit_merged_bio+0x27a/0x6a0 [ 106.659154][ T5836] ? up_write+0x1c4/0x420 [ 106.659179][ T5836] __submit_merged_write_cond+0x44c/0x530 [ 106.659232][ T5836] f2fs_sync_node_pages+0x1479/0x15e0 [ 106.659290][ T5836] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 106.659361][ T5836] ? f2fs_write_checkpoint+0xdad/0x2440 [ 106.659391][ T5836] ? up_write+0x1c4/0x420 [ 106.659405][ T5836] ? do_raw_spin_unlock+0x122/0x240 [ 106.659441][ T5836] f2fs_write_checkpoint+0xdde/0x2440 [ 106.659462][ T5836] ? __lock_acquire+0xab9/0xd20 [ 106.659528][ T5836] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 106.659633][ T5836] kill_f2fs_super+0x2cc/0x6d0 [ 106.659665][ T5836] ? __pfx_kill_f2fs_super+0x10/0x10 [ 106.659713][ T5836] ? shrinker_free+0x2ce/0x3e0 [ 106.659742][ T5836] deactivate_locked_super+0xbc/0x130 [ 106.659768][ T5836] cleanup_mnt+0x425/0x4c0 [ 106.659789][ T5836] ? lockdep_hardirqs_on+0x9c/0x150 [ 106.659820][ T5836] task_work_run+0x1d4/0x260 [ 106.659848][ T5836] ? __pfx_task_work_run+0x10/0x10 [ 106.659876][ T5836] ? exit_to_user_mode_loop+0x55/0x4f0 [ 106.659907][ T5836] exit_to_user_mode_loop+0xff/0x4f0 [ 106.659930][ T5836] ? rcu_is_watching+0x15/0xb0 [ 106.659966][ T5836] do_syscall_64+0x2e9/0xfa0 [ 106.659994][ T5836] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.660020][ T5836] ? clear_bhb_loop+0x60/0xb0 [ 106.660046][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.660065][ T5836] RIP: 0033:0x7f96f15909f7 [ 106.660084][ T5836] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 106.660100][ T5836] RSP: 002b:00007ffe6bcb21e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 106.660122][ T5836] RAX: 0000000000000000 RBX: 00007f96f1611d7d RCX: 00007f96f15909f7 [ 106.660135][ T5836] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe6bcb22a0 [ 106.660146][ T5836] RBP: 00007ffe6bcb22a0 R08: 0000000000000000 R09: 0000000000000000 [ 106.660158][ T5836] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe6bcb3330 [ 106.660170][ T5836] R13: 00007f96f1611d7d R14: 0000000000019f90 R15: 00007ffe6bcb3370 [ 106.660211][ T5836] [ 106.660219][ T5836] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 106.980859][ T5836] CPU: 0 UID: 0 PID: 5836 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 106.980889][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 106.980900][ T5836] Call Trace: [ 106.980909][ T5836] [ 106.980918][ T5836] dump_stack_lvl+0x189/0x250 [ 106.980959][ T5836] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.980989][ T5836] ? __pfx_queue_work_on+0x10/0x10 [ 106.981012][ T5836] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 106.981038][ T5836] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 106.981080][ T5836] f2fs_handle_critical_error+0x37c/0x540 [ 106.981120][ T5836] f2fs_write_end_io+0x886/0xb60 [ 106.981165][ T5836] __submit_merged_bio+0x27a/0x6a0 [ 106.981191][ T5836] ? up_write+0x1c4/0x420 [ 106.981217][ T5836] __submit_merged_write_cond+0x44c/0x530 [ 106.981257][ T5836] f2fs_sync_node_pages+0x1479/0x15e0 [ 106.981315][ T5836] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 106.981386][ T5836] ? f2fs_write_checkpoint+0xdad/0x2440 [ 106.981425][ T5836] ? up_write+0x1c4/0x420 [ 106.981441][ T5836] ? do_raw_spin_unlock+0x122/0x240 [ 106.981469][ T5836] f2fs_write_checkpoint+0xdde/0x2440 [ 106.981490][ T5836] ? __lock_acquire+0xab9/0xd20 [ 106.981559][ T5836] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 106.981663][ T5836] kill_f2fs_super+0x2cc/0x6d0 [ 106.981696][ T5836] ? __pfx_kill_f2fs_super+0x10/0x10 [ 106.981746][ T5836] ? shrinker_free+0x2ce/0x3e0 [ 106.981775][ T5836] deactivate_locked_super+0xbc/0x130 [ 106.981802][ T5836] cleanup_mnt+0x425/0x4c0 [ 106.981824][ T5836] ? lockdep_hardirqs_on+0x9c/0x150 [ 106.981856][ T5836] task_work_run+0x1d4/0x260 [ 106.981883][ T5836] ? __pfx_task_work_run+0x10/0x10 [ 106.981913][ T5836] ? exit_to_user_mode_loop+0x55/0x4f0 [ 106.981944][ T5836] exit_to_user_mode_loop+0xff/0x4f0 [ 106.981967][ T5836] ? rcu_is_watching+0x15/0xb0 [ 106.982002][ T5836] do_syscall_64+0x2e9/0xfa0 [ 106.982031][ T5836] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.982050][ T5836] ? clear_bhb_loop+0x60/0xb0 [ 106.982077][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.982095][ T5836] RIP: 0033:0x7f96f15909f7 [ 106.982114][ T5836] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 106.982130][ T5836] RSP: 002b:00007ffe6bcb21e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 106.982152][ T5836] RAX: 0000000000000000 RBX: 00007f96f1611d7d RCX: 00007f96f15909f7 [ 106.982165][ T5836] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe6bcb22a0 [ 106.982176][ T5836] RBP: 00007ffe6bcb22a0 R08: 0000000000000000 R09: 0000000000000000 [ 106.982188][ T5836] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe6bcb3330 [ 106.982200][ T5836] R13: 00007f96f1611d7d R14: 0000000000019f90 R15: 00007ffe6bcb3370 [ 106.982241][ T5836] [ 106.982250][ T5836] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 107.114124][ T6240] netlink: 20 bytes leftover after parsing attributes in process `syz.1.93'. [ 107.288706][ T6234] loop0: detected capacity change from 128 to 64 [ 107.295327][ T5836] CPU: 1 UID: 0 PID: 5836 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 107.295356][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 107.295368][ T5836] Call Trace: [ 107.295377][ T5836] [ 107.295385][ T5836] dump_stack_lvl+0x189/0x250 [ 107.295425][ T5836] ? __pfx_dump_stack_lvl+0x10/0x10 [ 107.295454][ T5836] ? __pfx_queue_work_on+0x10/0x10 [ 107.295478][ T5836] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 107.295503][ T5836] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 107.295541][ T5836] f2fs_handle_critical_error+0x37c/0x540 [ 107.295575][ T5836] f2fs_write_end_io+0x886/0xb60 [ 107.295613][ T5836] __submit_merged_bio+0x27a/0x6a0 [ 107.295639][ T5836] ? up_write+0x1c4/0x420 [ 107.295664][ T5836] __submit_merged_write_cond+0x44c/0x530 [ 107.295697][ T6244] loop2: detected capacity change from 0 to 512 [ 107.295702][ T5836] f2fs_sync_node_pages+0x1479/0x15e0 [ 107.295750][ T5836] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 107.295807][ T5836] ? f2fs_write_checkpoint+0xdad/0x2440 [ 107.295832][ T5836] ? up_write+0x1c4/0x420 [ 107.295846][ T5836] ? do_raw_spin_unlock+0x122/0x240 [ 107.295868][ T5836] f2fs_write_checkpoint+0xdde/0x2440 [ 107.295887][ T5836] ? __lock_acquire+0xab9/0xd20 [ 107.295939][ T5836] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 107.296020][ T5836] kill_f2fs_super+0x2cc/0x6d0 [ 107.296047][ T5836] ? __pfx_kill_f2fs_super+0x10/0x10 [ 107.296086][ T5836] ? shrinker_free+0x2ce/0x3e0 [ 107.296111][ T5836] deactivate_locked_super+0xbc/0x130 [ 107.296134][ T5836] cleanup_mnt+0x425/0x4c0 [ 107.296153][ T5836] ? lockdep_hardirqs_on+0x9c/0x150 [ 107.296181][ T5836] task_work_run+0x1d4/0x260 [ 107.296212][ T5836] ? __pfx_task_work_run+0x10/0x10 [ 107.296236][ T5836] ? exit_to_user_mode_loop+0x55/0x4f0 [ 107.296263][ T5836] exit_to_user_mode_loop+0xff/0x4f0 [ 107.296283][ T5836] ? rcu_is_watching+0x15/0xb0 [ 107.296314][ T5836] do_syscall_64+0x2e9/0xfa0 [ 107.296339][ T5836] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.296357][ T5836] ? clear_bhb_loop+0x60/0xb0 [ 107.296379][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.296396][ T5836] RIP: 0033:0x7f96f15909f7 [ 107.296414][ T5836] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 107.296429][ T5836] RSP: 002b:00007ffe6bcb21e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 107.296450][ T5836] RAX: 0000000000000000 RBX: 00007f96f1611d7d RCX: 00007f96f15909f7 [ 107.296462][ T5836] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe6bcb22a0 [ 107.296472][ T5836] RBP: 00007ffe6bcb22a0 R08: 0000000000000000 R09: 0000000000000000 [ 107.296483][ T5836] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe6bcb3330 [ 107.296495][ T5836] R13: 00007f96f1611d7d R14: 0000000000019f90 R15: 00007ffe6bcb3370 [ 107.296528][ T5836] [ 107.296536][ T5836] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 107.500628][ T6244] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.94: inode has both inline data and extents flags [ 107.504401][ T6244] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.94: couldn't read orphan inode 15 (err -117) [ 107.598004][ T6234] Dev loop0: unable to read RDB block 8 [ 107.624921][ T6240] nbd: socks must be embedded in a SOCK_ITEM attr [ 107.667414][ T6234] loop0: unable to read partition table [ 107.710814][ T6055] block nbd64: NBD_DISCONNECT [ 107.716474][ T6234] loop_reread_partitions: partition scan of loop0 (ï5ŸA;¹8R÷Ö¤®mÝûÑÎ])Âî^\©) failed (rc=-5) [ 107.848282][ T6244] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.879451][ T5823] syz-executor: attempt to access beyond end of device [ 107.879451][ T5823] loop0: rw=0, sector=74, nr_sectors = 2 limit=64 [ 107.945899][ T5823] Buffer I/O error on dev loop0, logical block 37, async page read [ 107.960082][ T5823] syz-executor: attempt to access beyond end of device [ 107.960082][ T5823] loop0: rw=0, sector=74, nr_sectors = 2 limit=64 [ 107.994697][ T5823] Buffer I/O error on dev loop0, logical block 37, async page read [ 108.028101][ T5823] syz-executor: attempt to access beyond end of device [ 108.028101][ T5823] loop0: rw=2049, sector=72, nr_sectors = 2 limit=64 [ 108.077571][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.097543][ T5872] udevd[5872]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 108.125836][ T5887] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 108.223791][ T30] audit: type=1326 audit(1762520917.909:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6255 comm="syz.1.99" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51cb78f6c9 code=0x7fc00000 [ 108.325572][ T5887] usb 5-1: Using ep0 maxpacket: 32 [ 108.334199][ T5887] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 108.349229][ T5887] usb 5-1: config 0 has no interface number 0 [ 108.372170][ T5887] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 108.387924][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.411569][ T5887] usb 5-1: Product: syz [ 108.422916][ T5887] usb 5-1: Manufacturer: syz [ 108.436204][ T5887] usb 5-1: SerialNumber: syz [ 108.481203][ T5887] usb 5-1: config 0 descriptor?? [ 108.522752][ T5887] smsc95xx v2.0.0 [ 108.546348][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.713482][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.844537][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.905261][ T30] audit: type=1326 audit(1762520918.599:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6255 comm="syz.1.99" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f51cb78f6c9 code=0x7fc00000 [ 109.013648][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.185972][ T6268] loop2: detected capacity change from 0 to 128 [ 109.231100][ T6272] netlink: 8 bytes leftover after parsing attributes in process `syz.1.104'. [ 109.260990][ T6268] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 109.277339][ T6268] ext4 filesystem being mounted at /26/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 109.547494][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 109.559861][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 109.571688][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 109.584322][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 109.592588][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 109.766507][ T5830] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 109.770012][ T5887] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71 [ 109.807755][ T5887] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 109.848012][ T12] bridge_slave_1: left allmulticast mode [ 109.853885][ T12] bridge_slave_1: left promiscuous mode [ 109.864240][ T5887] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 109.883735][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.889059][ T5887] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71 [ 109.928027][ T12] bridge_slave_0: left allmulticast mode [ 109.933746][ T12] bridge_slave_0: left promiscuous mode [ 109.940021][ T5887] usb 5-1: USB disconnect, device number 3 [ 109.993771][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.043084][ T5940] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 110.229192][ T5940] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 110.268219][ T5940] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 110.310019][ T5940] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 110.360768][ T5940] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 110.407290][ T5940] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.467601][ T6294] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 110.481408][ T5940] usb 4-1: config 0 descriptor?? [ 110.548343][ T6278] loop1: detected capacity change from 0 to 32768 [ 110.588593][ T6278] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.107 (6278) [ 110.634075][ T6278] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 110.649973][ T6278] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm [ 110.673910][ T6278] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 110.981491][ T6278] BTRFS info (device loop1): rebuilding free space tree [ 110.997424][ T5940] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 111.116132][ T6278] BTRFS info (device loop1): disabling free space tree [ 111.143560][ T6278] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 111.205594][ T6278] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 111.256550][ T6278] BTRFS info (device loop1): setting nodatasum [ 111.262793][ T6278] BTRFS info (device loop1): setting nodatacow [ 111.284868][ T6278] BTRFS info (device loop1): enabling ssd optimizations [ 111.293216][ T6278] BTRFS info (device loop1): using spread ssd allocation scheme [ 111.342423][ T6278] BTRFS info (device loop1): turning off barriers [ 111.355842][ T6327] loop2: detected capacity change from 0 to 1024 [ 111.364945][ T6278] BTRFS info (device loop1): enabling disk space caching [ 111.372133][ T6278] BTRFS info (device loop1): force clearing of disk cache [ 111.388035][ T6327] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 111.453227][ T6327] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 111.540812][ T6327] EXT4-fs (loop2): orphan cleanup on readonly fs [ 111.608706][ T6327] EXT4-fs error (device loop2): ext4_free_blocks:6706: comm syz.2.114: Freeing blocks not in datazone - block = 0, count = 4096 [ 111.659974][ T5828] Bluetooth: hci2: command tx timeout [ 111.669768][ T6327] EXT4-fs (loop2): 1 orphan inode deleted [ 111.698091][ T30] audit: type=1800 audit(1762520921.369:9): pid=6278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.107" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 111.708398][ T6327] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 111.788480][ T6327] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 111.829142][ T5822] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 111.896655][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.080354][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 112.176291][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 112.238570][ T12] bond0 (unregistering): Released all slaves [ 112.437996][ T6277] wg1 speed is unknown, defaulting to 1000 [ 113.064164][ T6350] kvm: user requested TSC rate below hardware speed [ 113.178079][ T5898] usb 4-1: USB disconnect, device number 3 [ 113.501573][ T6365] loop3: detected capacity change from 0 to 128 [ 113.739151][ T5828] Bluetooth: hci2: command tx timeout [ 114.311271][ T6378] use of bytesused == 0 is deprecated and will be removed in the future, [ 114.332520][ T6378] use the actual size instead. [ 114.746657][ T12] hsr_slave_0: left promiscuous mode [ 114.789138][ T12] hsr_slave_1: left promiscuous mode [ 114.802901][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 114.811165][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 114.825029][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 114.832560][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 114.933500][ T12] veth1_macvtap: left promiscuous mode [ 114.941118][ T12] veth0_macvtap: left promiscuous mode [ 114.951296][ T12] veth1_vlan: left promiscuous mode [ 114.963735][ T12] veth0_vlan: left promiscuous mode [ 115.312636][ T6392] netlink: 8 bytes leftover after parsing attributes in process `syz.2.134'. [ 115.355066][ T6392] netlink: 8 bytes leftover after parsing attributes in process `syz.2.134'. [ 115.647595][ T6394] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input7 [ 115.822644][ T5828] Bluetooth: hci2: command tx timeout [ 115.846116][ T6388] loop1: detected capacity change from 0 to 40427 [ 115.856091][ T6388] F2FS-fs: heap/no_heap options were deprecated [ 115.864450][ T6388] F2FS-fs (loop1): build fault injection rate: 19 [ 115.878599][ T6388] F2FS-fs (loop1): build fault injection type: 0x3bfe8c [ 115.925588][ T6388] F2FS-fs (loop1): invalid crc value [ 115.938346][ T6399] capability: warning: `syz.2.136' uses deprecated v2 capabilities in a way that may be insecure [ 116.000253][ T6388] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970 [ 116.184109][ T6388] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0 [ 116.224106][ T6388] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 116.260137][ T6388] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 116.331937][ T6388] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40 [ 116.361956][ T6388] F2FS-fs (loop1): inject inconsistent footer in sanity_check_node_footer of f2fs_convert_inline_inode+0x722/0x880 [ 116.376116][ T6388] F2FS-fs (loop1): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:10241045589465957861,blkaddr:4615] [ 116.459285][ T5822] syz-executor: attempt to access beyond end of device [ 116.459285][ T5822] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 116.489937][ T5822] CPU: 1 UID: 0 PID: 5822 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 116.489969][ T5822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 116.489981][ T5822] Call Trace: [ 116.489990][ T5822] [ 116.489999][ T5822] dump_stack_lvl+0x189/0x250 [ 116.490040][ T5822] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.490069][ T5822] ? __pfx_queue_work_on+0x10/0x10 [ 116.490093][ T5822] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 116.490119][ T5822] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 116.490162][ T5822] f2fs_handle_critical_error+0x37c/0x540 [ 116.490203][ T5822] f2fs_write_end_io+0x886/0xb60 [ 116.490253][ T5822] __submit_merged_bio+0x27a/0x6a0 [ 116.490293][ T5822] __submit_merged_write_cond+0x255/0x530 [ 116.490344][ T5822] f2fs_write_data_pages+0x261d/0x3000 [ 116.490417][ T5822] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 116.490557][ T5822] ? __lock_acquire+0xab9/0xd20 [ 116.490608][ T5822] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 116.490631][ T5822] do_writepages+0x32e/0x550 [ 116.490677][ T5822] ? do_raw_spin_unlock+0x122/0x240 [ 116.490705][ T5822] filemap_fdatawrite+0x199/0x240 [ 116.490736][ T5822] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 116.490834][ T5822] ? do_raw_spin_unlock+0x122/0x240 [ 116.490862][ T5822] f2fs_sync_dirty_inodes+0x31f/0x830 [ 116.490907][ T5822] f2fs_write_checkpoint+0x93e/0x2440 [ 116.490930][ T5822] ? __lock_acquire+0xab9/0xd20 [ 116.490995][ T5822] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 116.491098][ T5822] kill_f2fs_super+0x2cc/0x6d0 [ 116.491132][ T5822] ? __pfx_kill_f2fs_super+0x10/0x10 [ 116.491182][ T5822] ? shrinker_free+0x2ce/0x3e0 [ 116.491212][ T5822] deactivate_locked_super+0xbc/0x130 [ 116.491240][ T5822] cleanup_mnt+0x425/0x4c0 [ 116.491262][ T5822] ? lockdep_hardirqs_on+0x9c/0x150 [ 116.491294][ T5822] task_work_run+0x1d4/0x260 [ 116.491328][ T5822] ? __pfx_task_work_run+0x10/0x10 [ 116.491358][ T5822] ? exit_to_user_mode_loop+0x55/0x4f0 [ 116.491389][ T5822] exit_to_user_mode_loop+0xff/0x4f0 [ 116.491413][ T5822] ? rcu_is_watching+0x15/0xb0 [ 116.491449][ T5822] do_syscall_64+0x2e9/0xfa0 [ 116.491485][ T5822] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.491505][ T5822] ? clear_bhb_loop+0x60/0xb0 [ 116.491532][ T5822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.491551][ T5822] RIP: 0033:0x7f51cb7909f7 [ 116.491570][ T5822] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 116.491587][ T5822] RSP: 002b:00007ffeb8598158 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 116.491610][ T5822] RAX: 0000000000000000 RBX: 00007f51cb811d7d RCX: 00007f51cb7909f7 [ 116.491623][ T5822] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeb8598210 [ 116.491635][ T5822] RBP: 00007ffeb8598210 R08: 0000000000000000 R09: 0000000000000000 [ 116.491647][ T5822] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeb85992a0 [ 116.491660][ T5822] R13: 00007f51cb811d7d R14: 000000000001c689 R15: 00007ffeb85992e0 [ 116.491703][ T5822] [ 116.796595][ T6408] loop2: detected capacity change from 0 to 32768 [ 116.809826][ T6408] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.139 (6408) [ 116.812492][ T5822] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 116.853074][ T6408] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 116.865353][ T6408] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 117.044228][ T12] team0 (unregistering): Port device team_slave_1 removed [ 117.151002][ T12] team0 (unregistering): Port device team_slave_0 removed [ 117.184015][ T6408] BTRFS info (device loop2): enabling ssd optimizations [ 117.191742][ T6408] BTRFS info (device loop2): turning on async discard [ 117.198699][ T6408] BTRFS info (device loop2): enabling free space tree [ 117.401240][ T5830] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 117.886027][ T5828] Bluetooth: hci2: command tx timeout [ 118.903694][ T6445] loop2: detected capacity change from 0 to 512 [ 118.934015][ T6445] EXT4-fs: Ignoring removed nomblk_io_submit option [ 118.978311][ T6445] EXT4-fs error (device loop2): ext4_iget_extra_inode:5079: inode #15: comm syz.2.148: corrupted in-inode xattr: e_value size too large [ 119.002118][ T6445] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.148: couldn't read orphan inode 15 (err -117) [ 119.048429][ T6445] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 119.091568][ T6445] EXT4-fs error (device loop2): ext4_append:79: inode #2: comm syz.2.148: Logical block already allocated [ 119.094302][ T6277] chnl_net:caif_netlink_parms(): no params data found [ 119.212182][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.491401][ C0] ------------[ cut here ]------------ [ 119.497228][ C0] WARNING: ./include/linux/ns_common.h:255 at put_cred_rcu+0x2c5/0x340, CPU#0: ksoftirqd/0/15 [ 119.507587][ C0] Modules linked in: [ 119.511730][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) [ 119.521040][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 119.531170][ C0] RIP: 0010:put_cred_rcu+0x2c5/0x340 [ 119.536547][ C0] Code: 5c 41 5d 41 5e 41 5f 5d e9 b8 25 8e 00 e8 13 a7 32 00 4c 89 e7 be 03 00 00 00 e8 a6 02 02 03 e9 b8 fe ff ff e8 fc a6 32 00 90 <0f> 0b 90 eb 9f e8 f1 a6 32 00 4c 89 ff be 03 00 00 00 e8 84 02 02 [ 119.556317][ C0] RSP: 0018:ffffc90000147888 EFLAGS: 00010246 [ 119.562448][ C0] RAX: ffffffff818ed934 RBX: ffff8880268aa8a0 RCX: ffff88801d28bd00 [ 119.570526][ C0] RDX: 0000000000000100 RSI: 0000000000000004 RDI: 0000000000000000 [ 119.578766][ C0] RBP: 0000000000000004 R08: ffff888029074193 R09: 1ffff1100520e832 [ 119.586830][ C0] R10: dffffc0000000000 R11: ffffed100520e833 R12: dffffc0000000000 [ 119.594879][ C0] R13: ffff8880268aa800 R14: ffff888029074000 R15: ffff888029074190 [ 119.602895][ C0] FS: 0000000000000000(0000) GS:ffff888125ec2000(0000) knlGS:0000000000000000 [ 119.612116][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.618953][ C0] CR2: 000000110c284519 CR3: 00000000326ee000 CR4: 00000000003526f0 [ 119.627214][ C0] Call Trace: [ 119.630542][ C0] [ 119.633507][ C0] ? __pfx_put_cred_rcu+0x10/0x10 [ 119.638634][ C0] ? rcu_core+0xc37/0x1770 [ 119.643100][ C0] rcu_core+0xcab/0x1770 [ 119.647467][ C0] ? __pfx_rcu_core+0x10/0x10 [ 119.652289][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 119.657597][ C0] ? sched_clock_cpu+0x74/0x430 [ 119.662503][ C0] ? rcu_is_watching+0x15/0xb0 [ 119.667369][ C0] ? __schedule+0x185e/0x4ec0 [ 119.672173][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 119.677569][ C0] ? __local_bh_disable_ip+0xf1/0x190 [ 119.682987][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 119.688999][ C0] handle_softirqs+0x286/0x870 [ 119.693834][ C0] ? run_ksoftirqd+0x9b/0x100 [ 119.698612][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 119.703965][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 119.709116][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 119.714196][ C0] run_ksoftirqd+0x9b/0x100 [ 119.718839][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 119.724288][ C0] smpboot_thread_fn+0x542/0xa60 [ 119.729345][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 119.734442][ C0] kthread+0x711/0x8a0 [ 119.738621][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 119.744305][ C0] ? __pfx_kthread+0x10/0x10 [ 119.749003][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 119.754345][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 119.759664][ C0] ? __pfx_kthread+0x10/0x10 [ 119.764300][ C0] ret_from_fork+0x599/0xb30 [ 119.769347][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 119.774521][ C0] ? __switch_to_asm+0x39/0x70 [ 119.779482][ C0] ? __switch_to_asm+0x33/0x70 [ 119.784283][ C0] ? __pfx_kthread+0x10/0x10 [ 119.788976][ C0] ret_from_fork_asm+0x1a/0x30 [ 119.793891][ C0] [ 119.796990][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 119.804474][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) [ 119.813707][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 119.823897][ C0] Call Trace: [ 119.827212][ C0] [ 119.830170][ C0] dump_stack_lvl+0x99/0x250 [ 119.834896][ C0] ? __asan_memcpy+0x40/0x70 [ 119.839526][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 119.844763][ C0] ? __pfx__printk+0x10/0x10 [ 119.849409][ C0] vpanic+0x237/0x6d0 [ 119.853430][ C0] ? __pfx_vpanic+0x10/0x10 [ 119.858052][ C0] ? is_bpf_text_address+0x292/0x2b0 [ 119.863384][ C0] ? is_bpf_text_address+0x26/0x2b0 [ 119.868628][ C0] panic+0xb9/0xc0 [ 119.872652][ C0] ? __pfx_panic+0x10/0x10 [ 119.877149][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 119.882134][ C0] __warn+0x334/0x4c0 [ 119.886159][ C0] ? put_cred_rcu+0x2c5/0x340 [ 119.890885][ C0] ? put_cred_rcu+0x2c5/0x340 [ 119.895602][ C0] report_bug+0x2be/0x4f0 [ 119.899985][ C0] ? put_cred_rcu+0x2c5/0x340 [ 119.904695][ C0] ? put_cred_rcu+0x2c5/0x340 [ 119.909397][ C0] ? put_cred_rcu+0x2c7/0x340 [ 119.914535][ C0] handle_bug+0x84/0x160 [ 119.918964][ C0] exc_invalid_op+0x1a/0x50 [ 119.923512][ C0] asm_exc_invalid_op+0x1a/0x20 [ 119.928379][ C0] RIP: 0010:put_cred_rcu+0x2c5/0x340 [ 119.933677][ C0] Code: 5c 41 5d 41 5e 41 5f 5d e9 b8 25 8e 00 e8 13 a7 32 00 4c 89 e7 be 03 00 00 00 e8 a6 02 02 03 e9 b8 fe ff ff e8 fc a6 32 00 90 <0f> 0b 90 eb 9f e8 f1 a6 32 00 4c 89 ff be 03 00 00 00 e8 84 02 02 [ 119.953567][ C0] RSP: 0018:ffffc90000147888 EFLAGS: 00010246 [ 119.959768][ C0] RAX: ffffffff818ed934 RBX: ffff8880268aa8a0 RCX: ffff88801d28bd00 [ 119.967753][ C0] RDX: 0000000000000100 RSI: 0000000000000004 RDI: 0000000000000000 [ 119.975906][ C0] RBP: 0000000000000004 R08: ffff888029074193 R09: 1ffff1100520e832 [ 119.983918][ C0] R10: dffffc0000000000 R11: ffffed100520e833 R12: dffffc0000000000 [ 119.992091][ C0] R13: ffff8880268aa800 R14: ffff888029074000 R15: ffff888029074190 [ 120.000081][ C0] ? put_cred_rcu+0x2c4/0x340 [ 120.004786][ C0] ? put_cred_rcu+0x2c4/0x340 [ 120.009516][ C0] ? __pfx_put_cred_rcu+0x10/0x10 [ 120.014658][ C0] ? rcu_core+0xc37/0x1770 [ 120.019196][ C0] rcu_core+0xcab/0x1770 [ 120.023640][ C0] ? __pfx_rcu_core+0x10/0x10 [ 120.028451][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 120.033835][ C0] ? sched_clock_cpu+0x74/0x430 [ 120.038695][ C0] ? rcu_is_watching+0x15/0xb0 [ 120.043476][ C0] ? __schedule+0x185e/0x4ec0 [ 120.048262][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 120.053644][ C0] ? __local_bh_disable_ip+0xf1/0x190 [ 120.059119][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 120.065108][ C0] handle_softirqs+0x286/0x870 [ 120.069885][ C0] ? run_ksoftirqd+0x9b/0x100 [ 120.074599][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 120.080075][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 120.085206][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 120.090412][ C0] run_ksoftirqd+0x9b/0x100 [ 120.095016][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 120.100167][ C0] smpboot_thread_fn+0x542/0xa60 [ 120.105127][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 120.110196][ C0] kthread+0x711/0x8a0 [ 120.114277][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 120.119750][ C0] ? __pfx_kthread+0x10/0x10 [ 120.124359][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 120.129653][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 120.134959][ C0] ? __pfx_kthread+0x10/0x10 [ 120.139924][ C0] ret_from_fork+0x599/0xb30 [ 120.144523][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 120.149650][ C0] ? __switch_to_asm+0x39/0x70 [ 120.154508][ C0] ? __switch_to_asm+0x33/0x70 [ 120.159296][ C0] ? __pfx_kthread+0x10/0x10 [ 120.163899][ C0] ret_from_fork_asm+0x1a/0x30 [ 120.168682][ C0] [ 120.172078][ C0] Kernel Offset: disabled [ 120.176445][ C0] Rebooting in 86400 seconds..