last executing test programs:

2.72866076s ago: executing program 2 (id=344):
r0 = socket$kcm(0x2d, 0x2, 0x0)
connect$qrtr(r0, 0x0, 0x0)

2.656872925s ago: executing program 2 (id=345):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000300))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x703, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc0}}, 0x0)

1.734321681s ago: executing program 2 (id=354):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
socket$unix(0x1, 0x2, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x18b400, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000300)={0x48, 0x1, 0x0, 0x0, 0x30, 0x8000040000000101})

554.223204ms ago: executing program 2 (id=365):
chdir(0x0)

484.053789ms ago: executing program 2 (id=368):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x200)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
lseek(r0, 0x100, 0x0)
getdents64(r0, 0x0, 0x3b)

483.965485ms ago: executing program 0 (id=369):
mount$tmpfs(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040), 0x1000040, &(0x7f0000000100)={[{@mpol={'mpol', 0x3d, {'bind', '=static', @val={0x3a, [0x31]}}}}]})

483.897746ms ago: executing program 1 (id=370):
syz_init_net_socket$llc(0x1a, 0x0, 0x0)

403.987391ms ago: executing program 1 (id=371):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0xffffffffffffffb0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000002b0009ef"], 0x14}}, 0x84)
recvmmsg(r0, &(0x7f0000003bc0)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x10000, 0x0)

403.807505ms ago: executing program 2 (id=372):
r0 = semget$private(0x0, 0x6, 0x0)
semtimedop(r0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)
socket(0x29, 0x80805, 0x5)
openat$autofs(0xffffffffffffff9c, 0x0, 0x140, 0x0)
epoll_create1(0x80000)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x7fffff, 0x8)
prlimit64(0x0, 0xf, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
semop(r0, &(0x7f00000000c0)=[{0x4}, {0x2}], 0x2)
semctl$IPC_RMID(r0, 0x0, 0x0)
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)

403.723359ms ago: executing program 0 (id=373):
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x441, 0x20)
listxattr(&(0x7f0000000000)='./file1\x00', &(0x7f00000000c0)=""/22, 0xfffffffffffffca5)

403.603848ms ago: executing program 1 (id=374):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$fou(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x20, r1, 0x221, 0x0, 0x0, {}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_LOCAL_V4={0x8}]}, 0x20}}, 0x0)

344.331291ms ago: executing program 0 (id=375):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000ac0), r0)
sendmsg$NLBL_CALIPSO_C_ADD(r0, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000000)={0x14, r1, 0x1, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0xc840}, 0x20020000)

343.998285ms ago: executing program 1 (id=376):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000380)=r2, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x24, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xc3}, {}, {0xe, 0xd}}}, 0x24}}, 0x0)

208.544547ms ago: executing program 1 (id=377):
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0413"], 0xc)

208.426317ms ago: executing program 0 (id=378):
r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
connect$802154_dgram(r0, &(0x7f0000000180)={0x27}, 0x14)

120.199731ms ago: executing program 1 (id=379):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x4000, &(0x7f00000000c0)=ANY=[], 0xff, 0x5fc4, &(0x7f0000006400)="$eJzs3U9vHGcdB/Df/vHacds0qlAVIg5uyp+W0vxPoPxryoEDHEBCPZPIdauUFFASEK0i4soHxAV4CXDphUPfAi+grwHxAoiU9NQDZdDYz+OMN+usTeKZXT+fj7SZ+c2z430m3x3PrGdmJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA+NEPf3a2FxFXfpsmHIt4OgYR/Ygjdb0S9cjl/PxhRByPzeZ4PiIGixH1/Jv/PBtxISI+ORpx7/7t1XryuT324+KZWzc+//EP/vmHP28cf/etn3803v7TL5z/+I93Io795LWPP7/zZJYdAAAASlFVVdVLH/NPpM/3/a47BQC0Im//qyRPV6vVavUTrf/U38/zn36q6/6qD2ndVE12p1lExHpznnqfweF4AJgz6/FZ112gQ/Iv2jAinuq6E8BM63XdAQ7Evfu3V3sp315ze7Cy1Z7/Trkj//Xe9vUduw2nGT/HpK3310YM4rld+nOkpT7Mkpx/fzz/K1vto/S8g86/LbvlP9q69Kk4Of/BeP5jduT/l4iY2/z7E/MvVc5/uJ/81wdzvP7LHwAAAACAwy///f9Yx8d/Fx9/UfbkUcd/V1rqAwAAAAAAAAA8aY97/79t7v8HAAAAM6v+rF7769EH03b7LrZ6+pu9iGfGng8UZqXx5YAAAAAAAAAAAAAAQDuGEcvpvP6FiHhmebmqqvrRNF7v1+POP+9KX34oWde/5AEAYMsnR8eu5e9FLEXEm+m7/haWl5eraiEilqsji3l/drS4VB1pfK7Nw3ra4mgPO8TDUVX/sKXGfE3TPi9Pax//efVrjarBHjrWjg4DB4CI2Noa3bNFOmSq6tnoei+H+WD9P3ys/+xF1+9TAAAA4OBVVVX10td5n0jH/PtddwoAaEXe/o8fF1Cr1epi6k+3Js5Mf9TqA6ybqsnuNIuIWG/OU+8zuB0/AMyZ9fis6y7QIfkXbRgRx7vuBDDTel13gANx7/7t1V7Kt9fcHqxstedzQXbkv97bnC/PP2k4zfg5Jm29vzZiEM/t0p/nW+rDLMn598fzv7LVnm/xv53P0sHk35bd8q+X81gH/elazn8wnv+Yg17/27IR/Yn5lyrnP9xX/gP5AwAAAADADMt//z/m+G9eZAAAAAAAAACYO/fu317N173m4/9fmvC8XnPM9Z+HRs6/t+f8Xf97mOT8++P5j52QM2iM333jQf6f3r+9+tGtf38xD2c+/4XBqH7thV5/MEzn/FQLb8e1uB5rceah5w93tJ99qH1hR/u5Ke3nH2of1e1HcvupWI1fxfV4a7t9ccqJUUtT2qsp7Tn/gfW/SDn/YeNR57+c2ntjw9rdD/sPrffN4aTXufz3/3z14bWrDcMd1UYMtpet4Wj9z8nW+vTA5v/JU6P4zc21G6d+d/XWrRtnIw12TD0XafCE5fwX0iPn/9KLW+35935zfb374Wjf+c+KjRhOyn/z/f1iY7xe3pdb7lsXcv6j9Mj55y3Q5PV/nvOfuP5vLt8rHfQHAAAAAAAAAAAAAAAAHqWqqs1LRC9HxKV0/U9X12YCAO3K2/8qydPVarVarVYfvrqpmuz1ZhER/2jOU+8z/H7SDwMAZtl/I+JfXXeCzsi/YPn7/urhl7vuDNCqm+9/8Iur16+v3bjZdU8AAAAAAAAAgP9Xvv/nSuP+z5vnAY3dN3rH/V/fiJW5vf9nfzTYvNd5WqAX4tH3/z4Zj77/93DK6y1MaR9NaV+c0r40pX3ihR4NOf8XUsY5/xNpwUq6/+tLHfSnazn/k+lezzn/r409r5l/9bd5zr+/I//Tt9779emb73/w6rX3rr6z9s7aL8+euXTh/MUL5y9ePP32tetrZ7b+7bDHByvnn+997TzQsuT8c+byL0vO/yupln9ZUv7bu6HyL0te//P+nvzLkvPPn33kX5ac/8upln9Zcv5fT7X8y5LzfyXV8i9Lzv8bqZZ/WXL+r6Za/mXJ+Z9KtfzLkvM/nWr5lyXnn49wyb8sOf98ZoP8y5LzP5dq+Zcl538+1fIvS87/QqrlX5ac/8VUy78sOf9LqZZ/WXL+30y1/MuS8/9WquVflpz/a6mWf1ly/t9OtfzLkvP/TqrlX5ac/3dT/aj8322xX7Qj5/+9VFv/y5Lz/36q5V+WnP/rqZZ/WR58/7+RfY8sz0Y3jBh58iNd/2YCAAAAAAAAAAAAAMa1cTpx18sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwP3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhb17jZGrvO8HfvZmrw0B/8OdOGCbm4GF3fUNHGIwScifkl4oCWnTkhrHXhsnvtW7TgChsim0JQpSkdoX9EXTJEqiSG0FqiI1lWiE1Ejtm6p51QhVilopUl0JKgcllVIFtjpznufZmdnZmbW9a5855/OJ8M/eOWfmmTNnZve70XcGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg2cYPT/3RQJZl+X+NP9Zl2cX539dku/N/zu640CsEAAAAztU7jT//6tL0hd1L2Klpm3+87l++Mzc3N5d95u1T7/7J3Fy6YEOWDa3OssZl0T/9/GdzzdsEz2WjA4NN/x7scfNDPS4f7nH5SI/LV/W4fHWPy0d7XL7gACywpvh9TOPKbmz8dV1xSLPLs5HGZTd22Ou5gdWDg/F3OQ0DjX3mRg5kh7LD2VQ2sWCfgcb/suy1jfltPZjF2xpsuq31WZad/skz++IaBsIxvjFrubGG5sfurfuzDW//5Jl935p585pOs+dhWLDSLNu8KV/n81k2/+uqbCBbnY5JXOdg0zrXd1jnUMs6Bxr75X9vX+fpJa4z3u/RsM4fdFnn+vC1J2/Ismw2W3Sbds9lg9natltNx3u0OCPy68gfyvdmw2d0nmxcwnmS7/PjG1rPk/ZzMh7/jeGYDC+yhuaH460vrlpw3M/2PMnvdRnO1fy6H85vdHS0+VerLedqvs0zNy1+DnR87DqcA+lcbjoHNvU6BwZXDTXOgcH5NW9qOQcmF+wzmA00buvUTd3PgfGZI8fHp596+o5DR/YenDo4dXRyYse2rdu3bd2+ffzAocNTE8WfZ3ZI+8jabDCdg5vCa008B29p27b5lJz72vI9D0ZL8jzI7/snbs4XdPFgtsg5nm/z/OZzfx6k7/tNz4PhpudBx9fUDs+D4SU8D/JtTm9e2vfM4ab/Oq1hpV4L1zWdAxfy+2F+m4/duvhr4fqwrhduO9Pvh0MLzoF4twbCcy//Svp5b/TucFwWnhfX5hdctCo7OT114s4n987MnJjMwjgvLmt6rNrPl7VN9ylbcL4MnvH5svsvf3HztR2+vi4cq9Hb5x+rVR0eh3ybbWPdH6vGq3vn49ny1S1ZGMvsfB/PTt/N8uOZskSXcz/f5vk7zv1nwZRLml7/Rnq9/g2NDBevf0PpaIy0vP4tfGiGGivLstN3LO31byT8d75f/y4vyetffqweu7P7OZBv88L4mZ4Dw11f/24IcyCs59aQGEabcv+7jctni9O06bHsed4MD4+E82Y43mLrebN1wT75teW3vXni7M6bzTe0PlYtP7dU8LzJj9WfTnQ/b/JtXp8899eONfGvTa8dq3qdAyNDq/L1jqSToHi9m1sTz4E7s33Zsexwtj/tkz/K+W2NbVnaObAq/He+XzuuLsk5kB+rl7d0Pwfybb6/dXl/dtocvpK2afrZqf33C4tl/muH56+v/bAtd+bP1/mRbd1/N5Rv8+a2M80Z3Y/T7eErF3U4Tu3Pn8XO6f3Z+TlOV4d1Ht7e/XdT+TaX71ji+bQ7y7I3Jt9o/L4r/H73b07+63dafu/b6XfKb0y+8dD4Iz88k/UDAHD23m38Obuq+Fmz6f+xXsr//w8AAAD0hZj7B8NM5H8AAACojJj7h8JM5H8AAACojJj7h8NMapL/n7h75yvvPJuldwOcC+Ll8TA8fG+xXex4z4Z/b5ibl3/9Q98YeeVLzy7ttgezLPvFQ+/ruP0T98Z1FY7HdX6g9esLXH39km7/8Ufnt2t+/4TTO4vrj/dnqadB7Cq/Nr6lcb0bnppszNcfyhrzkdkXniuuv/h33P7U1mL7Pw9vWrL7wEDL/pvDem4Mc0N4T5mHd88fh3zG/V5Zf90/XPbJ+duL+w1suqRxN1/+veJ643tEvXRZsX2834ut/++//O1X8u2fvKnz+p8d7Lz+U+F6fxzmz3cV2zcf8y81rf8Pwvrj7cX97vz69zqu/9Wriu1fDefFV8NsX//9f/z+dzo9XvF2dt9T7Bdvf+J/tjX2i9cXr799/aPPTrYcj/brf/3t4np2ff6nQ83bx6/H24kev6f1/B4Ij29LjzzLsm//YdZynLMPFvv9Xdv64/Udv6fz+m9vW+fxgesb+8/fn3Ut9+sr39zS8f7G9ez+63Ut9+elB8Lxe3v8+/n1nnoknI/h8v/9QXF97e9l+uoDra83cfuvriuet/H6xtvW/1Lb+mevz49d7/U/+Hax/lfvW92y/t0fDefTg8Xstf6Df3Fpy/5f+1bxeJz4wtjRY9MnD+0Pd2Zd2/N49eiatRdd/J5LLg2vpe3/3nNs5ompExsmNkxk2YY+fMvAlV7/18P872LMLv8tFH740+K8e/FjxfetW35W/Pul8PXHw+MZvz9+5c9GWs7X9sd99r5inuv6bwvrWKqrvvwf13f48n8ueM/fU59+7eTf/v6b7T8XxPtz/IrRxv17eeOVjcsGXi8ub3+96uXfr2h9Xv9oeKIxvxuO61x4Z+ZNVxa313798b1JXvx48fyNP8nF/bO29xNZN9R6P851/T8KP8d87+rW1794fnz32bZ3c16XDeRLmA2vD9lscXncKh7vF09f2fH24vvwZLPXnMkyFzX91PT44UNHTz45PjM1PTM+/dTTe44cO3l0Zk/jvUv3fLbX/vPP77WN5/f+qR3bssaz/VgxVtiFXv/xR/ftv2vi5v1TB/aePDDz6PGpEwf3TU/vm9o/ffPeAwemvtBr/0P7d01u2bn1ri1jBw/t33X3zp1bd44dOnosX0axqB52THxu7OiJPY1dpndt2zm5ffu2ibEjx/ZP7bprYmLsZK/9G9+bxvK9Pz92Yurw3plDR6bGpg89PbVrcueOHVt6vvvjkeMHpjeMnzh5dPzk9NSJ8eK+bJhpfDn/3tdrf+ph+lh4vWszEH46/9TtO9L74+a+8cVFr6rYpPXH0+yt8F5Q8ftbr3/H3D8SZlKT/A8AAAB1EHN/eOP/+QvkfwAAAKiMmPtXh5nI/wAAAFAZMfePhpnUJP/r/+v/6//r/+v/n8f+f6b/v9z0/5el/7+Q/v+S6P/r/+v/6//TXdn6/zH3r8myWuZ/AAAAqIOY+9eGmcj/AAAAUBkx918UZiL/AwAAQGXE3H9xmEk98v9I+1/1//X/9f+b+/9xW/3/TP9f//8s6f/r/3ej/6//38/rL2H/f43+P2VTtv5/zP3vCTOpR/4HAACAWoi5/5IwE/kfAAAAKiPm/kvDTOR/AAAAqIyY+9eFmdQk//v8f/1//X+f/6//r/+/kvT/9f+70f/X/+/n9Zew/+/z/ymdsvX/Y+7/f2EmNcn/AAAAUAcx9783zET+BwAAgMqIuf+yMBP5HwAAACoj5v7Lw0xqkv/1//X/9f/1//X/9f9Xkv6//n83+v/6//28fv1//X96K1v/P+b+K8JMapL/AQAAoA5i7r8yzET+BwAAgMqIuf+qMBP5HwAAACoj5v6rw0xqkv/1//X/9f/1//X/9f9Xkv6//n83+v/6//28fv1//X96K1v/P+b+a8JMapL/AQAAoA5i7r82zET+BwAAgMqIuf99YSbyPwAAAFRGzP3rw0xqkv/1//X/S9//H9T/1/8v6P/r/3eyvP3/wUUv0f8v6P+30v/X/9f/1/+nu7L1/2Puf3+YSU3yPwAAANRBzP3XhZnI/wAAAFAZMfdfH2Yi/wMAAEBlxNy/IcykJvlf/1//v/T9f5//r/8fZu36/zMD+v9L4PP/9f8z/f+zdqH78/2+fv1//X96K1v/P+b+jWEmNcn/AAAAUAcx928KM5H/AQAAoDJi7r8hzET+BwAAgMqIuf/GMJOa5H/9/7Ps/69p/af+f+f16//r/+v/+/x//X/9/270//X/+3n9+v9L6/+v6nVFVFrZ+v8x998UZlKT/A8AAAB1EHP/zWEm8j8AAABURsz9t4SZyP8AAABQGTH3bw4zqUn+1//3+f/6//r/+v/6/ytJ/3/J/f81Z7Mu/f+C/v/ZudD9+X5ffz/1/0c77O/z/zkfytb/j7n/1jCTmuR/AAAAqIOY+28LM5H/AQAAoDJi7r89zET+BwAAgMqIuX8szKQm+V//X/9f/1//X/9f/38lVbX/n15Hff6//r/+v/7/Cvf/v7nI/v3y+f/UW9n6/zH33xFmUpP8DwAAAHUQc/+dYSbyPwAAAFRGzP3jYSbyPwAAAFRGzP0TYSY1yf/6//r/+v/6//r/+v8rqar9//bP/8+yTP9f/z/R/9f/L9vn/3ei/8/5ULb+f8z9k2EmNcn/AAAAUAcx928JM5H/AQAAoDJi7t8aZiL/AwAAQGXE3L8tzKQm+V//X/9f/1//X/9f/38l1aX/7/P/i8v1/wv6//r/+v/6/3U02OFrZev/x9y/PcykJvkfAAAA6iDm/h1hJvI/AAAAVEbM/XeFmcj/AAAAUBkx998dZlKT/K//r/+v/6//X97+f+vtr1z//7/0/1eQ/r/+fzf6//r//bx+/X/9f3pb3v7/pefc/4+5f2eYSU3yPwAAANRBzP0fCDOR/wEAAKAyYu6/J8xE/gcAAIC+0ulzCKOY+z8YZlKT/K//X/X+/9xq/X/9//7t/7ceT5//r//fSXj51P9fonr1/9csuD39/1YXuj/f7+vX/9f/p7fl7f8v+PH0jPv/MffvCjOpSf4HAACAOoi5/94wE/kfAAAAKiPm/vvCTOR/AAAAqIyY+3eHmdQk/+v/V73/X77P/x/I9P/1/wv6//r/y8Hn/+v/Zz7//6ydbX8+vu+G/n95+v/5OaT/TxmVrf8fc//9YSY1yf8AAABQBzH3fyjMRP4HAACAyoi5/8NhJvI/AAAAVEbM/R8JM6lJ/tf/1//3+f/6//r/+v8rSf9f/78b/f/+7P9H+v/l6f/7/H/Kqmz9/5j7HwgzqUn+BwAAgDqIuf+jYSbyPwAAAFRGzP3/P8xE/gcAAIDKiLn/wTCTmuR//X/9f/1//X/9f/3/laT/r//fjf6//n8/r1//X/+f3srW/4+5/5fCTGqS/wEAAKAOYu5/KMxE/gcAAIDKiLn/Y2Em8j8AAABURsz9vxxmUpP8r/9/fvr/g+n69f/1//X/9f/1/5dTn/b/R/X/C/r/+v/9vH79f/1/eitb/z/m/l8JM6lJ/gcAAIA6iLn/V8NM5H8AAACojJj7fy3MRP4HAACAyoi5/+Ewk5rkf/1/n/+v/6//X9r+/3Dr8dT/1//vpE/7/z7/P9D/1//v5/Xr/+v/01vZ+v8x9/96mElN8j8AAADUQcz9j4SZyP8AAABQGTH3fzzMRP4HAACAyoi5/xNhJjXJ//r/+v/6//r/pe3/tx1P/f+y9v//reul+v/6/93o/+v/9/P69f/1/+mtbP3/mPsfDTOpSf4HAACAOoi5/5NhJvI/AAAAVEbM/b8RZiL/AwAAQGXE3P+bYSb9mf8Hz3QH/X/9f/1//X/9f/3/laT/v7D/n7+GXcj+/6qlbKj/vyT6//r/+v/6/3RXtv5/zP2fCjPpz/wPAAAAdBBz/2+Fmcj/AAAAUBkx9/92mIn8DwAAAJURc/9jYSY1yf/6//r/+v/6//r/+v8rSf/f5/93o/+v/9/P69f/1/+nt7L1/2Pu/3SYSU3yPwAAANRBzP2/E2Yi/wMAAEBlxNy/J8xE/gcAAIDKiLn/8TCTmuR//X/9f/1//f/l6f/P6f/r/3ek/6//343+v/5/P69f/1//n97K1v+PuX9vmElN8j8AAADUQcz9nwkzkf8BAACgMmLu3xdmIv8DAABAZcTcvz/MpCb5X/9f/1//X//f5//r/68k/X/9/270//X/+3n9+v/6//RWtv5/zP1TYSY1yf8AAABQBzH3Hwgzkf8BAACgMmLuPxhmIv8DAABAZcTc/0SYSU3yv/6//r/+v/6//r/+/0rS/9f/70b/X/+/n9ev/6//T2/L1///52Xp/8fcfyjMpCb5HwAAAOog5v7PhpnI/wAAAFAZMfd/LsxE/gcAAIDKiLn/cJhJTfK//r/+v/5/Bfv/w/r/mf5/aej/6/93o/+v/9/P69f/1/+nt+Xr/2fL0v+Puf9ImElN8j8AAADUQcz9R8NM5H8AAACojJj7j4WZyP8AAABQGTH3Hw8zqUn+1//X/9f/r2D/3+f/N+j/l4P+v/5/N/r/+v/9vH79f/1/eitb/z/m/t8NM6lJ/gcAAIA6iLn/RJiJ/A8AAACVEXP/dJiJ/A8AAACVEXP/TJhJTfK//r/+v/6//r/+v/7/StL/1//vRv+/f/r/Ix321//X//8/9u6jyY676uP41WPLksr1FCv2vAV27OAd+DWwYUuxIOeMAZNzzjnnaHLOOZick0FkMFSZsu45x5Y16h6N5+p2/8/ns/DxyGOpramS61dT32r9P3OW1v/n7r9v3NJk/wMAAEAHufvvF7fY/wAAADCM3P33j1vsfwAAABhG7v4HxC1N9r/+X/+v/19M/7/t/PT/+n/9/yXR/+v/N/vu/8/EB4P3/wfR/+v/9f/MWVr/n7v/gXFLk/0PAAAAHeTuf1DcYv8DAADAMHL3Pzhusf8BAABgGLn7HxK3NNn/+n/9/7j9/6m19f/e/59f1xH7/xO3/rL6/+Ol/9f/b/bd/zd5//9B9P/6f/0/c5bW/+fuf2jc0mT/AwAAQAe5+x8Wt9j/AAAAMIzc/Q+PW+x/AAAAGEbu/kfELU32v/5f/z9u/7+69//r//PrOkT/f6Z+Hu//1//r/y9O/6//X/Pz6//1/8xbWv+fu/+RcUuT/Q8AAAAd5O5/VNxi/wMAAMAwcvc/Om6x/wEAAGAYufsfE7c02f/6f/2//l//r/+/DO//1//r//X/B9L/6//X/Pz6f/0/85bW/+fuf2zc0mT/AwAAQAe5+x8Xt9j/AAAAMIzc/Y+PW+x/AAAAGEbu/ifELU32v/5f/6//1//r//X/u6T/1/9P0f/r/9f8/Pp//T/zdt7/X3PtuXvY/j93/7VxS5P9DwAAAB3k7n9i3GL/AwAAwDBy9z8pbrH/AQAAYBi5+58ctzTZ/wf0/1ds9P9N+/+bT+j/9f/L7P9vij9l9P/6/wutu/8/rf/X/5/74eX1/4f7ndD/6//1/8zZef8/0/vf/uPc/dfFLU32PwAAAHSQu/8pcYv9DwAAAMPI3f/UuMX+BwAAgGHk7n9a3NJk/3v/v/7/ON//nz+v/n9L/+/9//p//b/3/0/bYf9/r/zN1P9f3L77+bU//1T/f/dDPL/+nw6W1v/n7n963NJk/wMAAEAHufufEbfY/wAAADCM3P3PjFvsfwAAABhG7v5nxS0N9v+V+v96jqT/9/7/Q/X/Z7b/vv7//OfR/+v/D6L/1/9P8f5//f+an9/7/+f7/6vnfhKGt7T+P3f/s+OWBvsfAAAAusjd/5y4xf4HAACAYeTuf27cYv8DAADAMHL3Py9uabL/9f/6f/2/9//fof7/Cv2//n+a/l//P0X/r/9f8/Pr/73/n3lL6/9z9z8/bqnhd+UR/isBAACAJcnd/4K4pcn3/wEAAKCD3P0vjFvsfwAAABhG7v4XxS1N9r/+X/+v/9f/e/+//n+X9P/D9f8n9P+30v/r//X/+n+mLa3/z93/4rilyf4HAACADnL3vyRusf8BAABgGLn7Xxq32P8AAAAwjNz9L4tbmux//b/+X/+v/9f/6/93Sf8/XP/v/f+3of/X/+v/9f9MW1r/n7v/5XFLk/0PAAAAHeTuf0XcYv8DAADAMHL3vzJusf8BAABgGLn7XxW3NNn/+n/9v/5f/6//1//v0vL7/5OH+iz9/5b+/3y76v9PX+TX0/8v6/mPp//Pr77+nzEtoP+/x20/zt3/6rilyf4HAACADnL3vyZusf8BAABgGLn7Xxu32P8AAAAwjNz9r4tbmuz/i/X/Z6/e/vOZ/j9/w/T/cfX/+v+N/r/o//X/m1X0/4ej/9/S/5/P+//1/97/r/9n2gL6//M+zt3/+rilyf4HAACADnL3vyFusf8BAABgGLn73xi32P8AAAAwjNz9b4pbmux/7//X/+v/9f/6f/3/Lun/9f9TVtT/nzroB/X/+n/9v/6faUvr/3P3vzluabL/AQAAoIPc/W+JW+x/AAAAGEbu/rfGLfY/AAAADCN3/9vilib7X/+v/997//9/+v+k/4+vq/5f/38J9P/6/433/x/Zvvv5tT+//l//z7yl9f+5+98etzTZ/wAAANBB7v53xC32PwAAAAwjd/874xb7HwAAAIaRu/9dcUuT/a//1//vvf/3/v+i/4+vq/5f/38J9P/6/43+/8j23c+v/fn1//p/5i2t/8/d/+64pcn+BwAAgA5y978nbrH/AQAAYBi5+98bt9j/AAAAMIzc/e+LW5rsf/2//l//r//X/+v/d0n/r/+fcnn7/+vO6v/Pt+9+fu3Pr//X/zNvaf1/7v73xy1N9j8AAAB0kLv/A3GL/Q8AAADDyN3/wbjF/gcAAIBh5O7/UNzSZP/r/9fe/9/zxniCpfX/+Sn6f/2//l//r//X/1/Uct//f/s/KQ6m/9f/6//1/0y7bP3/va+5z91u+ZuZ/j93/4fjlib7HwAAADrI3X993GL/AwAAwDBy938kbrH/AQAAYBi5+z8atzTZ/z36/5MXfNo4/b/3/+v/F93/5x+q+n/9v/5f/3+g5fb/h6P/1//r//X/TFva+/9z938sbmmy/wEAAKCD3P0fj1vsfwAAABhG7v5PxC32PwAAAAwjd/8n45Ym+79H/38h/f/Wsff/N99J/6//L97/r//f6P/1/zP0//r/NT//0P3/iY3+n2OxtP4/d/+n4pYm+x8AAAA6yN3/6bjF/gcAAIBh5O7/TNxi/wMAAMAwcvd/Nm646//v75EuK/2//t/7//X/+n/9/y7p/4/Q/5+48tDPpf/f0v8fzb77+bU//9D9v/f/c0yW1v/n7v9c3OL7/wAAADCM3P2fj1vsfwAAABhG7v4vxC32PwAAAAxg27vn7v9i3NJk/+v/9f/6f/2//l//v0v6f+//n6L/1/+v+fn1//p/5i2t/8/d/6W4pcn+BwAAgA5y9385brH/AQAAYBi5+78St9j/AAAAMIzc/V+NW5rsf/2//l//r//X/+v/d0n/r/+fov/X/6/5+fX/+n/mLa3/z93/tbilyf4HAACADnL3fz1usf8BAABgGLn7vxG32P8AAAAwjNz934xbmux//b/+X/+v/9f/773/P7nR/x+Z/l//v9H/H9m++/m1P7/+X//PvKX1/7n7vxW3NNn/AAAA0EHu/m/HLfY/AAAADCN3/3fiFvsfAAAAhpG7/7txS5P9P3L/P/Vp+v8t/b/+f6P/X0L/7/3/d4D+X/+/0f8f2b77+bU/v/5f/8+8pfX/ufu/F7c02f8AAADQQe7+78ct9j8AAAAMI3f/DZvN9fY/AAAAjOmGc389vflB3NJk/4/c/0/R/2/p//X/G/2//n/H9P/6/yn6f/3/mp9f/6//Z97S+v/c/T+MW5rsfwAAAOggd/+P4hb7HwAAAIaRu//HcYv9DwAAAMPI3f+TuKXJ/tf/6//1//p//b/+f5f0//r/Kfp//f+an1//r/9n3tL6/9z9P41bmux/AAAA6CB3/8/iFvsfAAAAhpG7/+dxi/0PAAAAw8jd/4u4pcn+1//r//X/+n/9v/5/l/T/+v8p+n/9/5qfX/+v/2fe0vr/3P2/jFua7H8AAADoIHf/r+IW+x8AAACGkbv/13GL/Q8AAADDyN3/m7ilyf7X/+v/9f/6f/2//n+X2vb/t/xvVf8/S/+v/1/z8+v/9f/MW1r/n7v/t3FLk/0PAAAAHeTu/13cYv8DAADAMHL3/z5usf8BAABgGLn7/xC3NNn/+n/9v/5f/7+O/v8q/b/+/0CL7f+9//9Q9P/6/zU/v/5f/8+8pfX/uftvjFua7H8AAADoIHf/H+MW+x8AAACGkbv/T3GL/Q8AAADDyN1/Nm5psv/1//r/Ifv/U/r/8fp/7/9fZf9/F/2//n+a/l//v+bn1//r/5m3tP4/d/+f45Ym+x8AAAA6yN3/l7jF/gcAAIBh5O7/a9xi/wMAAMAwcvf/LW5psv/1//r/Ift/7//X/+v/F0P/r/+fov/X/6/5+fX/+n/mLa3/z93/97ilyf4HAACADnL3/yNusf8BAABgGLn7/xm32P8AAAAwjNz9/4pbmux//b/+X/+v/9f/6/93Sf+/3v7/qo3+f47+X/+v/9f/M21p/X/u/n/HLU32PwAAAHSQu/+muOXA/X/ny/RUAAAAwHHK3f+fuMX3/wEAAGAYufv/G7c02f/6f/2//l//r//X/++S/n+9/b/3/8/T/+v/9f/6f6Ytrf/P3f+/AAAA///XHBWv")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4242, 0x5c)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
sendfile(r0, r1, 0x0, 0x20fffe82)
mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2200020, 0x0)

119.998797ms ago: executing program 0 (id=380):
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x189802)
r1 = syz_io_uring_setup(0xeec, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f00000001c0)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xffffffffffffffff, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2})
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c080}, 0x20000040)
io_uring_enter(r1, 0x567, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 0 (id=381):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x404e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x42000773)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
kcmp(r1, r1, 0x3, r0, r2)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
syz_clone(0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0)
poll(0x0, 0x0, 0x1d)
r6 = socket(0x10, 0x2, 0x0)
dup(0xffffffffffffffff)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000080)={0x8, 0x2, 0x2}, 0x10)
recvmmsg(r6, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:11296' (ED25519) to the list of known hosts.
syzkaller login: [   48.503607][ T5822] cgroup: Unknown subsys name 'net'
[   48.604444][ T5822] cgroup: Unknown subsys name 'cpuset'
[   48.610231][ T5822] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.195999][ T5822] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   54.315355][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.318429][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.321819][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.325234][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.328119][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   54.359574][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   54.362857][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   54.365548][ T5847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   54.368430][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   54.371206][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   54.377715][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   54.381009][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   54.383644][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   54.386330][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   54.388797][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   54.554848][ T5841] chnl_net:caif_netlink_parms(): no params data found
[   54.674713][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.677718][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.680248][ T5841] bridge_slave_0: entered allmulticast mode
[   54.684152][ T5841] bridge_slave_0: entered promiscuous mode
[   54.695587][ T5845] chnl_net:caif_netlink_parms(): no params data found
[   54.703950][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.706601][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.709326][ T5841] bridge_slave_1: entered allmulticast mode
[   54.713385][ T5841] bridge_slave_1: entered promiscuous mode
[   54.749876][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.764526][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.773300][ T5849] chnl_net:caif_netlink_parms(): no params data found
[   54.821600][ T5841] team0: Port device team_slave_0 added
[   54.836322][ T5841] team0: Port device team_slave_1 added
[   54.865739][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.868951][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.873064][ T5845] bridge_slave_0: entered allmulticast mode
[   54.875813][ T5845] bridge_slave_0: entered promiscuous mode
[   54.883085][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.885410][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.894430][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.898615][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.902584][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.905051][ T5845] bridge_slave_1: entered allmulticast mode
[   54.907956][ T5845] bridge_slave_1: entered promiscuous mode
[   54.919214][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.922518][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.931020][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.966144][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.968555][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.971094][ T5849] bridge_slave_0: entered allmulticast mode
[   54.973841][ T5849] bridge_slave_0: entered promiscuous mode
[   54.978844][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.983179][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.986243][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.988631][ T5849] bridge_slave_1: entered allmulticast mode
[   54.991720][ T5849] bridge_slave_1: entered promiscuous mode
[   55.003125][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.033255][ T5841] hsr_slave_0: entered promiscuous mode
[   55.035685][ T5841] hsr_slave_1: entered promiscuous mode
[   55.056261][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.061341][ T5845] team0: Port device team_slave_0 added
[   55.065692][ T5845] team0: Port device team_slave_1 added
[   55.069142][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.113756][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.116489][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.126808][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.132308][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.134626][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.144051][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.148894][ T5849] team0: Port device team_slave_0 added
[   55.153517][ T5849] team0: Port device team_slave_1 added
[   55.209145][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.212158][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.220430][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.235993][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.238374][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.246772][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.267663][ T5845] hsr_slave_0: entered promiscuous mode
[   55.269956][ T5845] hsr_slave_1: entered promiscuous mode
[   55.273215][ T5845] debugfs: 'hsr0' already exists in 'hsr'
[   55.275177][ T5845] Cannot create hsr debugfs directory
[   55.297388][ T5849] hsr_slave_0: entered promiscuous mode
[   55.299684][ T5849] hsr_slave_1: entered promiscuous mode
[   55.302103][ T5849] debugfs: 'hsr0' already exists in 'hsr'
[   55.304040][ T5849] Cannot create hsr debugfs directory
[   55.424516][ T5841] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   55.444244][ T5841] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   55.451581][ T5841] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   55.463837][ T5841] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   55.490219][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.493124][ T5841] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.495917][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.498337][ T5841] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.526501][ T5849] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   55.538210][ T5849] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   55.542943][ T5849] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   55.553731][ T5849] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   55.566171][ T4968] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.569254][ T4968] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.601475][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.606208][ T5845] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   55.617113][ T5845] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   55.623973][ T5845] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   55.628919][ T5845] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   55.648866][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[   55.665294][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.667585][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.673083][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.676109][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.734426][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.759453][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.763667][ T5849] 8021q: adding VLAN 0 to HW filter on device team0
[   55.773050][ T5845] 8021q: adding VLAN 0 to HW filter on device team0
[   55.782399][ T4968] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.784813][ T4968] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.788292][ T4968] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.790699][ T4968] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.823792][ T4968] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.826449][ T4968] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.829716][ T4968] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.832121][ T4968] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.852287][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.899789][ T5841] veth0_vlan: entered promiscuous mode
[   55.917722][ T5841] veth1_vlan: entered promiscuous mode
[   55.944248][ T5841] veth0_macvtap: entered promiscuous mode
[   55.959033][ T5841] veth1_macvtap: entered promiscuous mode
[   55.977596][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.988305][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.995061][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.000013][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.015075][ T5871] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.019677][ T5871] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.026167][ T5871] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.036905][ T5871] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.080243][ T5849] veth0_vlan: entered promiscuous mode
[   56.100188][ T5845] veth0_vlan: entered promiscuous mode
[   56.111521][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.115357][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.119472][ T5849] veth1_vlan: entered promiscuous mode
[   56.129903][ T5845] veth1_vlan: entered promiscuous mode
[   56.141346][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.145858][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.160113][ T5845] veth0_macvtap: entered promiscuous mode
[   56.168385][ T5845] veth1_macvtap: entered promiscuous mode
[   56.175169][ T5849] veth0_macvtap: entered promiscuous mode
[   56.182316][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.187830][ T5849] veth1_macvtap: entered promiscuous mode
[   56.194240][ T5841] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   56.203341][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.227054][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.234159][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.237170][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.241703][ T5907] warning: `syz.0.1' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   56.245334][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.248481][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.255325][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.277004][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.279925][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.293529][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.306969][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.360899][   T55] Bluetooth: hci0: command tx timeout
[   56.364716][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.373050][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.418375][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.422657][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.435320][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.437907][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.440588][   T55] Bluetooth: hci2: command tx timeout
[   56.450594][   T55] Bluetooth: hci1: command tx timeout
[   56.460573][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.464392][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.871798][ T5922] binder: 5918:5922 ioctl 4018620d 0 returned -22
[   57.267370][ T5925] loop0: detected capacity change from 0 to 256
[   57.624890][ T5929] netlink: 'syz.2.9': attribute type 10 has an invalid length.
[   57.652903][ T5929] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   57.663693][ T5927] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   58.169423][ T5929] syz.2.9 (5929) used greatest stack depth: 19976 bytes left
[   58.276639][ T5937] cgroup: fork rejected by pids controller in /syz0
[   58.440638][   T55] Bluetooth: hci0: command tx timeout
[   58.520446][   T55] Bluetooth: hci1: command tx timeout
[   58.520526][ T5844] Bluetooth: hci2: command tx timeout
[   58.637767][ T5873] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   58.773864][ T5992] loop1: detected capacity change from 0 to 256
[   58.788625][ T5992] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[   58.810488][ T5873] usb 3-1: Using ep0 maxpacket: 8
[   58.825974][ T5873] usb 3-1: config 6 has an invalid interface number: 51 but max is 1
[   58.828703][ T5873] usb 3-1: config 6 has no interface number 1
[   58.835045][ T5873] usb 3-1: config 6 interface 0 has no altsetting 0
[   58.837250][ T5873] usb 3-1: config 6 interface 51 has no altsetting 0
[   58.849206][ T5873] usb 3-1: New USB device found, idVendor=04e2, idProduct=1420, bcdDevice=30.ad
[   58.854290][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   58.857337][ T5873] usb 3-1: Product: syz
[   58.858920][ T5873] usb 3-1: Manufacturer: syz
[   58.861276][ T5873] usb 3-1: SerialNumber: syz
[   58.926928][ T5998] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   59.086424][ T5873] xr_serial 3-1:6.51: xr_serial converter detected
[   59.090061][ T5873] xr_serial ttyUSB0: Failed to set reg 0x60: -71
[   59.092636][ T5873] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[   59.097687][ T5873] usb 3-1: USB disconnect, device number 2
[   59.102379][ T5873] xr_serial 3-1:6.0: device disconnected
[   59.210436][   T47] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   59.364457][   T47] usb 2-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[   59.367613][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   59.371426][   T47] usb 2-1: Product: syz
[   59.373136][   T47] usb 2-1: Manufacturer: syz
[   59.374987][   T47] usb 2-1: SerialNumber: syz
[   59.378683][   T47] usb 2-1: config 0 descriptor??
[   59.388600][ T5844] Bluetooth: hci3: urb ffff8880318da300 submission failed (2)
[   59.500492][ T6001] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   59.588739][  T792] usb 2-1: USB disconnect, device number 2
[   59.651717][ T6001] usb 1-1: Using ep0 maxpacket: 8
[   59.663733][ T6001] usb 1-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[   59.667471][ T6001] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   59.678647][ T6001] usb 1-1: Product: syz
[   59.680257][ T6001] usb 1-1: Manufacturer: syz
[   59.682332][ T6001] usb 1-1: SerialNumber: syz
[   59.689353][ T6001] usb 1-1: config 0 descriptor??
[   59.697620][ T6001] radio-usb-si4713 1-1:0.0: Si4713 development board discovered: (10C4:8244)
[   60.176161][ T6027] loop1: detected capacity change from 0 to 1024
[   60.179944][ T6027] =======================================================
[   60.179944][ T6027] WARNING: The mand mount option has been deprecated and
[   60.179944][ T6027]          and is ignored by this kernel. Remove the mand
[   60.179944][ T6027]          option from the mount to silence this warning.
[   60.179944][ T6027] =======================================================
[   60.268514][  T144] hfsplus: b-tree write err: -5, ino 4
[   60.363686][ T6001] radio-usb-si4713 1-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[   60.367584][ T6001] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[   60.379908][ T6001] usb 1-1: USB disconnect, device number 2
[   60.421992][ T6031] x_tables: ip_tables: DSCP target: only valid in mangle table, not syz0
[   60.533358][ T5844] Bluetooth: hci0: command tx timeout
[   60.625703][ T5844] Bluetooth: hci1: command tx timeout
[   60.626301][   T55] Bluetooth: hci2: command tx timeout
[   61.654525][ T6068] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.659308][ T6068] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.689050][ T6068] netlink: 'syz.1.52': attribute type 16 has an invalid length.
[   61.692107][ T6068] netlink: 'syz.1.52': attribute type 17 has an invalid length.
[   61.704763][ T6068] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   62.371669][ T6108] Zero length message leads to an empty skb
[   62.383757][ T6110] loop2: detected capacity change from 0 to 22
[   62.398743][ T6110] MTD: Attempt to mount non-MTD device "/dev/loop2"
[   62.410219][ T6110] romfs: Mounting image 'rom 637cf1fa' through the block layer
[   62.468970][ T6116] 9pnet_fd: p9_fd_create_unix (6116): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[   62.549085][ T6122] loop0: detected capacity change from 0 to 4096
[   62.578038][    C0] vkms_vblank_simulate: vblank timer overrun
[   62.586647][ T6122] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[   62.599351][ T6122] ntfs3(loop0): ino=19, mi_enum_attr
[   62.610561][   T55] Bluetooth: hci0: command tx timeout
[   62.610906][ T6122] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[   62.690855][ T5844] Bluetooth: hci1: command tx timeout
[   62.694274][   T55] Bluetooth: hci2: command tx timeout
[   63.099296][    C0] vkms_vblank_simulate: vblank timer overrun
[   63.161773][    C0] vkms_vblank_simulate: vblank timer overrun
[   63.550477][    C0] vkms_vblank_simulate: vblank timer overrun
[   63.600491][    C0] vkms_vblank_simulate: vblank timer overrun
[   63.670441][    C0] vkms_vblank_simulate: vblank timer overrun
[   63.713668][    C0] vkms_vblank_simulate: vblank timer overrun
[   63.776388][    C0] vkms_vblank_simulate: vblank timer overrun
[   63.816103][    C0] vkms_vblank_simulate: vblank timer overrun
[   63.890401][    C0] vkms_vblank_simulate: vblank timer overrun
[   63.918463][    C0] vkms_vblank_simulate: vblank timer overrun
[   63.994472][    C0] vkms_vblank_simulate: vblank timer overrun
[   64.020881][    C0] vkms_vblank_simulate: vblank timer overrun
[   64.123341][    C0] vkms_vblank_simulate: vblank timer overrun
[   64.225660][    C0] vkms_vblank_simulate: vblank timer overrun
[   64.486745][ T6150] netlink: 508 bytes leftover after parsing attributes in process `syz.2.90'.
[   64.490425][ T6146] netlink: 8 bytes leftover after parsing attributes in process `syz.0.87'.
[   64.786417][ T6171] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   65.400487][ T6159] Bluetooth: hci0: Opcode 0x080f failed: -4
[   65.676762][ T6179] loop2: detected capacity change from 0 to 40427
[   65.685534][ T6179] F2FS-fs (loop2): Small segment_count (9 < 1 * 24)
[   65.687818][ T6179] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   65.748475][ T6179] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   65.759208][ T6179] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   65.763347][ T6179] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   65.786709][ T6187] netlink: 12 bytes leftover after parsing attributes in process `syz.0.105'.
[   65.792936][ T5849] syz-executor: attempt to access beyond end of device
[   65.792936][ T5849] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   65.800199][ T6187] netlink: 28 bytes leftover after parsing attributes in process `syz.0.105'.
[   65.806035][ T5849] CPU: 1 UID: 0 PID: 5849 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[   65.806052][ T5849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   65.806059][ T5849] Call Trace:
[   65.806065][ T5849]  <TASK>
[   65.806070][ T5849]  dump_stack_lvl+0x189/0x250
[   65.806092][ T5849]  ? __pfx_dump_stack_lvl+0x10/0x10
[   65.806107][ T5849]  ? __pfx_queue_work_on+0x10/0x10
[   65.806119][ T5849]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   65.806166][ T5849]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   65.806190][ T5849]  f2fs_handle_critical_error+0x37c/0x540
[   65.806211][ T5849]  f2fs_write_end_io+0x886/0xb60
[   65.806234][ T5849]  __submit_merged_bio+0x27a/0x6a0
[   65.806255][ T5849]  __submit_merged_write_cond+0x255/0x530
[   65.806275][ T5849]  f2fs_write_data_pages+0x261d/0x3000
[   65.806327][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   65.806393][ T5849]  ? __lock_acquire+0xab9/0xd20
[   65.806417][ T5849]  ? do_raw_spin_lock+0x121/0x290
[   65.806438][ T5849]  ? do_raw_spin_unlock+0x4d/0x240
[   65.806451][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   65.806469][ T5849]  do_writepages+0x32e/0x550
[   65.806492][ T5849]  ? do_raw_spin_unlock+0x4d/0x240
[   65.806509][ T5849]  filemap_fdatawrite+0x199/0x240
[   65.806526][ T5849]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   65.806573][ T5849]  ? do_raw_spin_unlock+0x4d/0x240
[   65.806590][ T5849]  f2fs_sync_dirty_inodes+0x31f/0x830
[   65.806612][ T5849]  f2fs_write_checkpoint+0x95a/0x1df0
[   65.806640][ T5849]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   65.806681][ T5849]  ? call_rcu+0x6ff/0x9c0
[   65.806692][ T5849]  ? lockdep_hardirqs_on+0x9c/0x150
[   65.806706][ T5849]  ? kill_f2fs_super+0x298/0x6c0
[   65.806720][ T5849]  kill_f2fs_super+0x2c3/0x6c0
[   65.806735][ T5849]  ? __pfx_kill_f2fs_super+0x10/0x10
[   65.806744][ T5849]  ? radix_tree_delete_item+0x2b6/0x400
[   65.806761][ T5849]  ? shrinker_free+0x2ce/0x3e0
[   65.806775][ T5849]  deactivate_locked_super+0xbc/0x130
[   65.806788][ T5849]  cleanup_mnt+0x425/0x4c0
[   65.806802][ T5849]  ? lockdep_hardirqs_on+0x9c/0x150
[   65.806816][ T5849]  task_work_run+0x1d4/0x260
[   65.806832][ T5849]  ? __pfx_task_work_run+0x10/0x10
[   65.806844][ T5849]  ? __x64_sys_umount+0x122/0x160
[   65.806861][ T5849]  ? exit_to_user_mode_loop+0x40/0x110
[   65.806880][ T5849]  exit_to_user_mode_loop+0xec/0x110
[   65.806896][ T5849]  do_syscall_64+0x2bd/0x3b0
[   65.806911][ T5849]  ? lockdep_hardirqs_on+0x9c/0x150
[   65.806926][ T5849]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.806937][ T5849]  ? exc_page_fault+0x9f/0xf0
[   65.806952][ T5849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.806962][ T5849] RIP: 0033:0x7fa24e18ff17
[   65.806973][ T5849] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   65.806981][ T5849] RSP: 002b:00007ffc4b05f058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   65.806994][ T5849] RAX: 0000000000000000 RBX: 00007fa24e211c05 RCX: 00007fa24e18ff17
[   65.807001][ T5849] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc4b05f110
[   65.807007][ T5849] RBP: 00007ffc4b05f110 R08: 0000000000000000 R09: 0000000000000000
[   65.807014][ T5849] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc4b0601a0
[   65.807020][ T5849] R13: 00007fa24e211c05 R14: 0000000000010071 R15: 00007ffc4b0601e0
[   65.807040][ T5849]  </TASK>
[   65.807045][ T5849] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   65.840863][ T6187] netlink: 12 bytes leftover after parsing attributes in process `syz.0.105'.
[   65.910391][ T2251] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   65.917013][ T6187] netlink: 28 bytes leftover after parsing attributes in process `syz.0.105'.
[   65.945493][ T6187] netlink: 'syz.0.105': attribute type 6 has an invalid length.
[   66.070882][ T2251] usb 2-1: Using ep0 maxpacket: 8
[   66.074433][ T2251] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[   66.077148][ T2251] usb 2-1: config 179 has no interface number 0
[   66.079206][ T2251] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   66.084467][ T2251] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   66.088310][ T2251] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[   66.099226][ T2251] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   66.113223][ T2251] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   66.117099][ T2251] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   66.120709][ T6193] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   66.131940][ T6183] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   66.346881][    C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[   66.346887][  T792] usb 2-1: USB disconnect, device number 3
[   66.537497][ T6202] loop0: detected capacity change from 0 to 32768
[   66.571112][ T6202] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   66.600512][   T55] Bluetooth: hci0: command 0x080f tx timeout
[   66.622754][ T5841] ocfs2: Unmounting device (7,0) on (node local)
[   66.726842][ T6206] Bluetooth: MGMT ver 1.23
[   66.798944][ T6210] loop0: detected capacity change from 0 to 512
[   66.818559][ T6210] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   66.831943][ T6210] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   66.878067][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.968472][ T6217] loop1: detected capacity change from 0 to 2048
[   66.988685][ T6217] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.004011][ T6217] EXT4-fs error (device loop1): ext4_find_inline_data_nolock:169: inode #12: comm syz.1.118: inline data xattr refers to an external xattr inode
[   67.013718][ T6217] EXT4-fs (loop1): Remounting filesystem read-only
[   67.035821][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.173340][ T6219] loop0: detected capacity change from 0 to 32768
[   67.178871][ T6219] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.116 (6219)
[   67.226968][ T6219] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   67.245334][ T6219] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[   67.248956][ T6219] BTRFS info (device loop0): using free-space-tree
[   67.319218][ T5841] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   67.566077][ T6252] binder: 6251:6252 ioctl c00c620f 200000000140 returned -22
[   67.664386][ T6258] loop1: detected capacity change from 0 to 256
[   67.670776][ T6258] exfat: Deprecated parameter 'namecase'
[   67.678410][ T6258] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[   67.773959][ T6260] loop1: detected capacity change from 0 to 4096
[   67.788228][ T6260] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[   67.792502][ T6260] ntfs3(loop1): ino=3, mi_enum_attr
[   67.842698][ T6254] loop0: detected capacity change from 0 to 32768
[   67.858218][ T6262] netlink: 16 bytes leftover after parsing attributes in process `syz.1.130'.
[   67.864020][ T6254] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   67.920868][ T5841] ocfs2: Unmounting device (7,0) on (node local)
[   68.402054][   T47] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   68.570439][   T47] usb 2-1: Using ep0 maxpacket: 8
[   68.575553][   T47] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[   68.578887][   T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.585055][   T47] usb 2-1: config 0 descriptor??
[   69.209732][   T33] audit: type=1326 audit(1755403610.881:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6286 comm="syz.0.141" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0743f8ebe9 code=0x7fc00000
[   69.365967][ T6294] loop2: detected capacity change from 0 to 4096
[   69.369994][ T6294] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[   69.427616][ T6294] ntfs3(loop2): ino=1a, mi_enum_attr
[   69.429697][ T6294] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[   70.170409][  T792] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   70.244916][   T47] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   70.248644][   T47] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[   70.252677][   T47] asix 2-1:0.0: probe with driver asix failed with error -71
[   70.257682][   T47] usb 2-1: USB disconnect, device number 4
[   70.324708][  T792] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[   70.328862][  T792] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   70.336008][  T792] usb 3-1: Product: syz
[   70.337844][  T792] usb 3-1: Manufacturer: syz
[   70.346599][  T792] usb 3-1: SerialNumber: syz
[   70.357120][  T792] usb 3-1: config 0 descriptor??
[   70.371310][  T792] ch341 3-1:0.0: ch341-uart converter detected
[   70.381447][ T6320] loop0: detected capacity change from 0 to 512
[   70.384946][ T6320] EXT4-fs (loop0): Unsupported encryption level 255
[   70.595993][ T6322] loop0: detected capacity change from 0 to 32768
[   70.609662][   T33] audit: type=1800 audit(1755403612.281:3): pid=6322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.157" name="file1" dev="loop0" ino=4 res=0 errno=0
[   70.622173][ T6322] syz.0.157: attempt to access beyond end of device
[   70.622173][ T6322] loop0: rw=34817, sector=4680064, nr_sectors = 120 limit=32768
[   70.631431][  T115] blkno = 8ed30, nblocks = f
[   70.633203][  T115] ERROR: (device loop0): dbFree: block to be freed is outside the map
[   70.633203][  T115] 
[   70.637230][  T115] ERROR: (device loop0): remounting filesystem as read-only
[   70.976709][ T6335] Illegal XDP return value 4294967274 on prog  (id 15) dev N/A, expect packet loss!
[   71.087962][ T6341] loop1: detected capacity change from 0 to 64
[   71.166661][  T792] usb 3-1: failed to send control message: -71
[   71.168938][  T792] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[   71.176705][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[   71.176775][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   71.196627][  T792] usb 3-1: USB disconnect, device number 3
[   71.199922][  T792] ch341 3-1:0.0: device disconnected
[   71.295936][   T33] audit: type=1326 audit(1755403612.971:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6347 comm="syz.1.169" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2a418ebe9 code=0x7ffc0000
[   71.304948][   T33] audit: type=1326 audit(1755403612.991:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6347 comm="syz.1.169" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2a418ebe9 code=0x7ffc0000
[   71.321946][   T33] audit: type=1326 audit(1755403612.991:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6347 comm="syz.1.169" exe="/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa2a418ebe9 code=0x7ffc0000
[   71.329344][   T33] audit: type=1326 audit(1755403612.991:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6347 comm="syz.1.169" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2a418ebe9 code=0x7ffc0000
[   71.341138][   T33] audit: type=1326 audit(1755403612.991:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6347 comm="syz.1.169" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2a418ebe9 code=0x7ffc0000
[   71.742412][ T6360] macvtap0: entered promiscuous mode
[   71.745874][ T6360] macvtap0: left promiscuous mode
[   71.801192][   T47] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   71.950443][   T47] usb 2-1: Using ep0 maxpacket: 8
[   71.958523][   T47] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[   71.963368][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   71.966754][   T47] usb 2-1: Product: syz
[   71.968547][   T47] usb 2-1: Manufacturer: syz
[   71.972479][   T47] usb 2-1: SerialNumber: syz
[   71.979868][   T47] usb 2-1: config 0 descriptor??
[   72.157862][  T792] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   72.192205][   T47] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[   72.380751][  T792] usb 1-1: config 0 has an invalid interface number: 95 but max is 0
[   72.383446][  T792] usb 1-1: config 0 has no interface number 0
[   72.385569][  T792] usb 1-1: config 0 interface 95 altsetting 0 endpoint 0x1 has invalid maxpacket 58888, setting to 1024
[   72.389321][  T792] usb 1-1: config 0 interface 95 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[   72.455336][  T792] usb 1-1: New USB device found, idVendor=7725, idProduct=b0a8, bcdDevice= 7.46
[   72.458342][  T792] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   72.461192][  T792] usb 1-1: Product: syz
[   72.462584][  T792] usb 1-1: Manufacturer: syz
[   72.464118][  T792] usb 1-1: SerialNumber: syz
[   72.471498][  T792] usb 1-1: config 0 descriptor??
[   72.476956][ T6366] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[   72.691477][  T792] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[   72.694233][  T792] usb 1-1: MIDIStreaming interface descriptor not found
[   72.722603][  T792] usb 1-1: USB disconnect, device number 3
[   72.795886][ T6368] udevd[6368]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.95/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   72.804128][   T47] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[   72.815757][   T47] usb 2-1: USB disconnect, device number 5
[   73.431099][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881053c0000: rx timeout, send abort
[   73.435622][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881053c3800: rx timeout, send abort
[   73.439555][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8881053c0000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   73.445223][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8881053c3800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   73.473351][ T6383] loop1: detected capacity change from 0 to 2048
[   73.512855][ T6384] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   73.539423][ T6383] syz.1.185 (6383) used greatest stack depth: 19528 bytes left
[   73.634115][ T6379] loop0: detected capacity change from 0 to 32768
[   73.665115][ T6379] ERROR: (device loop0): dbAlloc: the hint is outside the map
[   73.665115][ T6379] 
[   73.683559][ T6379] ERROR: (device loop0): remounting filesystem as read-only
[   73.968982][ T6400] fuse: Bad value for 'fd'
[   73.984952][ T6400] loop2: detected capacity change from 0 to 16
[   74.003501][ T6400] erofs (device loop2): mounted with root inode @ nid 36.
[   74.037279][ T6400] erofs (device loop2): readahead error at folio 87 @ nid 36
[   74.040818][ T6400] erofs (device loop2): readahead error at folio 86 @ nid 36
[   74.044672][ T6400] erofs (device loop2): bogus lookback distance 363 @ lcn 82 of nid 36
[   74.048065][ T6400] erofs (device loop2): readahead error at folio 83 @ nid 36
[   74.051170][ T6400] erofs (device loop2): bogus lookback distance 363 @ lcn 82 of nid 36
[   74.054701][ T6400] erofs (device loop2): readahead error at folio 82 @ nid 36
[   74.059112][ T6400] erofs (device loop2): readahead error at folio 79 @ nid 36
[   74.062382][ T6400] erofs (device loop2): readahead error at folio 78 @ nid 36
[   74.065636][ T6400] erofs (device loop2): bogus lookback distance 1485 @ lcn 75 of nid 36
[   74.069223][ T6400] erofs (device loop2): readahead error at folio 76 @ nid 36
[   74.072442][ T6400] erofs (device loop2): bogus lookback distance 1485 @ lcn 75 of nid 36
[   74.076351][ T6400] erofs (device loop2): readahead error at folio 75 @ nid 36
[   74.079425][ T6400] erofs (device loop2): readahead error at folio 74 @ nid 36
[   74.082557][ T6400] erofs (device loop2): readahead error at folio 72 @ nid 36
[   74.085689][ T6400] erofs (device loop2): readahead error at folio 71 @ nid 36
[   74.088766][ T6400] erofs (device loop2): readahead error at folio 70 @ nid 36
[   74.092209][ T6400] erofs (device loop2): readahead error at folio 63 @ nid 36
[   74.095468][ T6400] erofs (device loop2): readahead error at folio 61 @ nid 36
[   74.098624][ T6400] erofs (device loop2): bogus lookback distance 1024 @ lcn 58 of nid 36
[   74.102249][ T6400] erofs (device loop2): readahead error at folio 59 @ nid 36
[   74.105322][ T6400] erofs (device loop2): bogus lookback distance 1024 @ lcn 58 of nid 36
[   74.108778][ T6400] erofs (device loop2): readahead error at folio 58 @ nid 36
[   74.111999][ T6400] erofs (device loop2): readahead error at folio 56 @ nid 36
[   74.115211][ T6400] erofs (device loop2): bogus lookback distance 1586 @ lcn 46 of nid 36
[   74.118742][ T6400] erofs (device loop2): readahead error at folio 47 @ nid 36
[   74.122230][ T6400] erofs (device loop2): bogus lookback distance 1586 @ lcn 46 of nid 36
[   74.125760][ T6400] erofs (device loop2): readahead error at folio 46 @ nid 36
[   74.128940][ T6400] erofs (device loop2): readahead error at folio 45 @ nid 36
[   74.132284][ T6400] erofs (device loop2): bogus lookback distance 1388 @ lcn 42 of nid 36
[   74.135823][ T6400] erofs (device loop2): readahead error at folio 43 @ nid 36
[   74.138977][ T6400] erofs (device loop2): bogus lookback distance 1388 @ lcn 42 of nid 36
[   74.142518][ T6400] erofs (device loop2): readahead error at folio 42 @ nid 36
[   74.145581][ T6400] erofs (device loop2): bogus lookback distance 774 @ lcn 40 of nid 36
[   74.149142][ T6400] erofs (device loop2): readahead error at folio 41 @ nid 36
[   74.152395][ T6400] erofs (device loop2): bogus lookback distance 774 @ lcn 40 of nid 36
[   74.155914][ T6400] erofs (device loop2): readahead error at folio 40 @ nid 36
[   74.159501][ T6400] erofs (device loop2): readahead error at folio 39 @ nid 36
[   74.162656][ T6400] erofs (device loop2): readahead error at folio 38 @ nid 36
[   74.165771][ T6400] erofs (device loop2): readahead error at folio 36 @ nid 36
[   74.168919][ T6400] erofs (device loop2): bogus lookback distance 1468 @ lcn 31 of nid 36
[   74.172495][ T6400] erofs (device loop2): readahead error at folio 31 @ nid 36
[   74.175817][ T6400] erofs (device loop2): readahead error at folio 25 @ nid 36
[   74.178749][ T6400] erofs (device loop2): readahead error at folio 24 @ nid 36
[   74.182622][ T6400] erofs (device loop2): readahead error at folio 19 @ nid 36
[   74.186772][ T6400] syz.2.189: attempt to access beyond end of device
[   74.186772][ T6400] loop2: rw=524288, sector=784, nr_sectors = 64 limit=16
[   74.192802][ T6400] syz.2.189: attempt to access beyond end of device
[   74.192802][ T6400] loop2: rw=524288, sector=13478624080, nr_sectors = 24 limit=16
[   74.198837][ T6400] syz.2.189: attempt to access beyond end of device
[   74.198837][ T6400] loop2: rw=524288, sector=13478624032, nr_sectors = 48 limit=16
[   74.204803][ T6400] syz.2.189: attempt to access beyond end of device
[   74.204803][ T6400] loop2: rw=524288, sector=32, nr_sectors = 64 limit=16
[   74.210374][ T6400] syz.2.189: attempt to access beyond end of device
[   74.210374][ T6400] loop2: rw=524288, sector=8, nr_sectors = 24 limit=16
[   74.216473][ T6400] syz.2.189: attempt to access beyond end of device
[   74.216473][ T6400] loop2: rw=524288, sector=14425508768, nr_sectors = 8 limit=16
[   74.439255][ T6399] loop0: detected capacity change from 0 to 32768
[   74.474241][ T6408] loop1: detected capacity change from 0 to 256
[   74.501080][ T6399] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[   74.835489][ T6414] loop1: detected capacity change from 0 to 256
[   74.843839][ T6414] FAT-fs (loop1): Directory bread(block 64) failed
[   74.846113][ T6414] FAT-fs (loop1): Directory bread(block 65) failed
[   74.848803][ T6414] FAT-fs (loop1): Directory bread(block 66) failed
[   74.851869][ T6414] FAT-fs (loop1): Directory bread(block 67) failed
[   74.854057][ T6414] FAT-fs (loop1): Directory bread(block 68) failed
[   74.856221][ T6414] FAT-fs (loop1): Directory bread(block 69) failed
[   74.858669][ T6414] FAT-fs (loop1): Directory bread(block 70) failed
[   74.861242][ T6414] FAT-fs (loop1): Directory bread(block 71) failed
[   74.863558][ T6414] FAT-fs (loop1): Directory bread(block 72) failed
[   74.865854][ T6414] FAT-fs (loop1): Directory bread(block 73) failed
[   74.866073][ T6399] OCFS2: ERROR (device loop0): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #65: signature = 
[   74.874619][ T6399] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[   74.879240][ T6399] OCFS2: File system is now read-only.
[   74.882344][ T6399] (syz.0.192,6399,1):ocfs2_find_entry_id:407 ERROR: status = -30
[   74.885777][ T6399] OCFS2: ERROR (device loop0): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #65: signature = 
[   74.891289][ T6399] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[   74.895832][ T6399] (syz.0.192,6399,1):ocfs2_assign_bh:2417 ERROR: status = -30
[   74.898724][ T6399] (syz.0.192,6399,1):ocfs2_inode_lock_full_nested:2512 ERROR: status = -30
[   74.902527][ T6399] (syz.0.192,6399,1):ocfs2_mknod:275 ERROR: status = -30
[   74.904991][ T6399] (syz.0.192,6399,1):ocfs2_create:678 ERROR: status = -30
[   74.921901][ T5841] ocfs2: Unmounting device (7,0) on (node local)
[   74.996775][ T6418] vcan0: entered allmulticast mode
[   74.999589][ T6418] vcan0: left allmulticast mode
[   75.037759][ T6420] loop0: detected capacity change from 0 to 512
[   75.045080][ T6420] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   75.051489][ T6420] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   75.063625][ T6420] EXT4-fs error (device loop0): xattr_find_entry:333: inode #15: comm syz.0.200: corrupted xattr entries
[   75.069978][ T6420] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   75.076899][ T6420] EXT4-fs (loop0): 1 truncate cleaned up
[   75.082857][ T6420] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.091651][ T6420] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz.0.200: corrupted in-inode xattr: e_name out of bounds
[   75.119539][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.152297][ T6424] netlink: 48 bytes leftover after parsing attributes in process `syz.0.201'.
[   75.183466][  T792] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   75.360449][  T792] usb 2-1: Using ep0 maxpacket: 32
[   75.378236][  T792] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   75.408143][  T792] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   75.428001][  T792] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   75.450133][  T792] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   75.479846][  T792] usb 2-1: config 0 descriptor??
[   75.522653][  T792] hub 2-1:0.0: USB hub found
[   75.552746][ T6435] kAFS: Can only specify source 'none' with -o dyn
[   75.567460][ T6435] fuse: Unknown parameter 'V~Hȗ'
[   75.738744][  T792] hub 2-1:0.0: 1 port detected
[   76.100463][ T6001] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   76.290411][ T6001] usb 3-1: Using ep0 maxpacket: 32
[   76.293723][ T6001] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   76.297399][ T6001] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   76.304719][ T6001] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   76.308345][ T6001] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[   76.312546][ T6001] usb 3-1: Product: syz
[   76.314409][ T6001] usb 3-1: Manufacturer: syz
[   76.325098][ T6001] hub 3-1:4.0: USB hub found
[   76.341491][  T792] hub 2-1:0.0: activate --> -90
[   76.345812][ T6445] sch_fq: defrate 4294967295 ignored.
[   76.744615][ T6001] hub 3-1:4.0: 2 ports detected
[   77.036199][   T47] usb 2-1: USB disconnect, device number 6
[   77.766064][ T6470] loop0: detected capacity change from 0 to 4096
[   77.791368][ T6470] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[   77.843944][ T6470] ntfs3(loop0): ino=1a, mi_enum_attr
[   77.847896][ T6470] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[   78.080949][   T10] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[   78.265747][   T10] usb 2-1: Using ep0 maxpacket: 8
[   78.328315][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[   78.360434][   T10] usb 2-1: unable to read config index 0 descriptor/start: -71
[   78.368466][ T6001] hub 3-1:4.0: hub_hub_status failed (err = -32)
[   78.371417][ T6001] hub 3-1:4.0: config failed, can't get hub status (err -32)
[   78.377382][   T10] usb 2-1: can't read configurations, error -71
[   79.183176][ T6484] loop0: detected capacity change from 0 to 64
[   79.188809][ T6484] BFS-fs: bfs_fill_super(): Superblock is corrupted on loop0
[   79.275207][ T6490] loop0: detected capacity change from 0 to 256
[   79.282428][ T6490] exFAT-fs (loop0): error, The cluster chain has a loop
[   79.284844][ T6490] exFAT-fs (loop0): Filesystem has been set read-only
[   79.287343][ T6490] exFAT-fs (loop0): failed to count the number of clusters in root
[   79.289908][ T6490] exFAT-fs (loop0): failed to recognize exfat type
[   79.383852][ T6494] loop0: detected capacity change from 0 to 2048
[   79.397149][ T6494] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   79.440067][   T10] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[   79.547482][ T6502] loop0: detected capacity change from 0 to 512
[   79.550588][  T792] usb 3-1: USB disconnect, device number 4
[   79.591618][ T6506] loop2: detected capacity change from 0 to 128
[   79.598098][ T6502] Quota error (device loop0): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[   79.609418][ T6502] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[   79.617356][ T6502] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.236: Failed to acquire dquot type 1
[   79.624244][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   79.632902][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   79.636893][   T10] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[   79.641930][ T6502] EXT4-fs (loop0): 1 truncate cleaned up
[   79.645443][ T6502] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.651249][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   79.655142][ T6502] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   79.663420][   T10] usb 2-1: config 0 descriptor??
[   79.715949][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.747687][ T6511] Device name cannot be null; rc = [-22]
[   79.781502][ T6513] loop0: detected capacity change from 0 to 256
[   79.793370][ T6513] exfat: Deprecated parameter 'utf8'
[   79.795378][ T6513] exfat: Deprecated parameter 'namecase'
[   79.800427][ T6513] exfat: Deprecated parameter 'utf8'
[   79.808612][ T6513] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[   79.824851][ T6515] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[   79.829570][ T6513] Invalid source name
[   79.953066][ T6527] loop2: detected capacity change from 0 to 512
[   79.956058][ T6527] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   79.965590][ T6527] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[   79.982049][ T6527] EXT4-fs (loop2): 1 truncate cleaned up
[   79.985897][ T6527] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.999982][ T6530] netlink: 8 bytes leftover after parsing attributes in process `syz.0.248'.
[   80.005766][ T6530] netlink: 16 bytes leftover after parsing attributes in process `syz.0.248'.
[   80.023323][ T5849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.072004][   T10] hid-thrustmaster 0003:044F:B65D.0001: unknown main item tag 0x0
[   80.089545][   T10] hid-thrustmaster 0003:044F:B65D.0001: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.1-1/input0
[   80.103145][   T10] hid-thrustmaster 0003:044F:B65D.0001: Wrong number of endpoints?
[   80.180030][ T6538] netdevsim0: mtu less than device minimum
[   80.270783][    C0] hid-thrustmaster 0003:044F:B65D.0001: URB to get model id failed with error -71
[   80.272480][   T47] usb 2-1: USB disconnect, device number 8
[   80.287333][ T6542] loop0: detected capacity change from 0 to 1764
[   80.312719][ T2251] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[   80.465478][ T2251] usb 3-1: config 8 has an invalid interface number: 196 but max is 0
[   80.468735][ T2251] usb 3-1: config 8 has no interface number 0
[   80.476533][ T2251] usb 3-1: config 8 interface 196 has no altsetting 0
[   80.481839][ T2251] usb 3-1: New USB device found, idVendor=061d, idProduct=c170, bcdDevice=e5.59
[   80.486537][ T2251] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   80.703913][ T2251] usb 3-1: string descriptor 0 read error: -71
[   80.707611][ T2251] quatech2 3-1:8.196: Quatech 2nd gen USB to Serial Driver converter detected
[   80.714402][ T2251] usb 3-1: qt2_attach - failed to power on unit: -71
[   80.721411][ T2251] quatech2 3-1:8.196: probe with driver quatech2 failed with error -71
[   80.734368][ T2251] usb 3-1: USB disconnect, device number 5
[   80.926011][ T6566] overlayfs: failed to create directory ./bus/work (errno: 1); mounting read-only
[   80.932823][ T6566] overlayfs: NFS export requires an index dir, falling back to nfs_export=off.
[   81.407379][   T24] cfg80211: failed to load regulatory.db
[   82.107746][ T6593] loop1: detected capacity change from 0 to 512
[   82.145294][ T6593] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   82.163193][ T6593] EXT4-fs (loop1): 1 truncate cleaned up
[   82.168666][ T6593] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.228109][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.259197][ T6596] loop0: detected capacity change from 0 to 128
[   82.295516][   T33] audit: type=1800 audit(1755403623.971:9): pid=6596 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.276" name="file2" dev="loop0" ino=1048619 res=0 errno=0
[   82.708988][ T6616] loop0: detected capacity change from 0 to 40427
[   82.715003][ T6616] F2FS-fs (loop0): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[   82.718418][ T6616] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   82.723727][ T6616] F2FS-fs (loop0): invalid crc value
[   82.764251][ T6616] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   82.768904][ T6616] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   82.771419][ T6616] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   82.850483][ T2251] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[   83.015728][ T2251] usb 2-1: config 5 has an invalid interface number: 42 but max is 0
[   83.019027][ T2251] usb 2-1: config 5 has no interface number 0
[   83.021338][ T2251] usb 2-1: config 5 interface 42 has no altsetting 0
[   83.027117][ T2251] usb 2-1: New USB device found, idVendor=2304, idProduct=021f, bcdDevice= 0.15
[   83.030481][ T2251] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.033609][ T2251] usb 2-1: Product: syz
[   83.035564][ T2251] usb 2-1: Manufacturer: syz
[   83.037670][ T2251] usb 2-1: SerialNumber: syz
[   83.266965][ T2251] dvb-usb: found a 'PCTV HDTV USB' in warm state.
[   83.269744][ T2251] pctv452e: pctv452e_power_ctrl: 1
[   83.269744][ T2251] 
[   83.273513][ T2251] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[   83.273513][ T2251] 
[   83.279515][ T2251] dvb-usb: bulk message failed: -22 (5/0)
[   83.302569][ T2251] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[   83.326495][ T2251] dvb-usb: PCTV HDTV USB error while loading driver (-19)
[   83.336369][ T2251] usb 2-1: USB disconnect, device number 9
[   83.480525][   T55] Bluetooth: hci3: Opcode 0x1003 failed: -110
[   83.571870][ T6623] netlink: 'syz.2.287': attribute type 10 has an invalid length.
[   83.583989][ T6623] team0: Port device dummy0 added
[   83.596727][ T6623] netlink: 'syz.2.287': attribute type 10 has an invalid length.
[   83.605827][ T6623] team0: Port device dummy0 removed
[   83.613164][ T6623] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   84.014180][ T6637] loop1: detected capacity change from 0 to 512
[   84.065250][ T6637] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   84.071935][ T6637] ext4 filesystem being mounted at /102/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   84.083296][ T6637] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #2: block 18: comm syz.1.294: lblock 23 mapped to illegal pblock 18 (length 1)
[   84.104014][ T6637] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 12: comm syz.1.294: path /102/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[   84.115891][ T6637] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 13: comm syz.1.294: path /102/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[   84.125408][ T6637] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 14: comm syz.1.294: path /102/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[   84.132897][ T6637] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 15: comm syz.1.294: path /102/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[   84.139880][ T6637] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 16: comm syz.1.294: path /102/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[   84.147599][ T6637] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 17: comm syz.1.294: path /102/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[   84.156940][ T6637] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #2: block 18: comm syz.1.294: lblock 23 mapped to illegal pblock 18 (length 1)
[   84.164224][ T6637] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 19: comm syz.1.294: path /102/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[   84.173079][ T6637] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 20: comm syz.1.294: path /102/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0
[   84.210386][ T6003] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[   84.403049][ T6003] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   84.410777][ T6003] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   84.420377][ T6003] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[   84.430395][ T6003] usb 1-1: New USB device found, idVendor=056a, idProduct=005d, bcdDevice= 0.00
[   84.436999][ T6003] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.450571][ T6003] usb 1-1: config 0 descriptor??
[   84.861214][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.923430][ T6643] loop1: detected capacity change from 0 to 2048
[   84.944000][ T6643] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   84.958193][   T33] audit: type=1800 audit(1755403626.631:10): pid=6643 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.295" name="bus" dev="loop1" ino=1436 res=0 errno=0
[   85.051018][ T6645] loop2: detected capacity change from 0 to 32768
[   85.065945][   T10] usb 1-1: USB disconnect, device number 4
[   85.211301][ T6647] loop1: detected capacity change from 0 to 32768
[   85.256730][ T6649] loop2: detected capacity change from 0 to 40427
[   85.264918][ T6649] F2FS-fs (loop2): invalid crc value
[   85.310457][ T6649] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   85.314817][ T6649] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   85.315186][ T6647] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=/dev/loop1,noinodes_use_key_cache,fsck,fix_errors=yes,norecovery,nojournal_transaction_names,read_only
[   85.332866][ T6647]   allowing incompatible features above 0.0: (unknown version)
[   85.336450][ T6647]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   85.343052][ T6647] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[   85.346719][ T6647] bcachefs (loop1): recovering from clean shutdown, journal seq 13
[   85.350210][ T6647] bcachefs (loop1): Version upgrade required:
[   85.350210][ T6647] Version upgrade from 0.32: (unknown version) to 1.7: mi_btree_bitmap incomplete
[   85.350210][ T6647] Doing incompatible version upgrade from 0.32: (unknown version) to 1.28: inode_has_case_insensitive
[   85.350210][ T6647]   running recovery passes: check_allocations,check_extents_to_backpointers,check_snapshots,check_subvols,check_inodes,check_dirents,set_fs_needs_rebalance
[   85.368350][ T5849] syz-executor: attempt to access beyond end of device
[   85.368350][ T5849] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   85.376148][ T5849] CPU: 1 UID: 0 PID: 5849 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[   85.376164][ T5849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   85.376171][ T5849] Call Trace:
[   85.376176][ T5849]  <TASK>
[   85.376181][ T5849]  dump_stack_lvl+0x189/0x250
[   85.376203][ T5849]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.376217][ T5849]  ? __pfx_queue_work_on+0x10/0x10
[   85.376228][ T5849]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   85.376243][ T5849]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   85.376266][ T5849]  f2fs_handle_critical_error+0x37c/0x540
[   85.376293][ T5849]  f2fs_write_end_io+0x886/0xb60
[   85.376315][ T5849]  __submit_merged_bio+0x27a/0x6a0
[   85.376335][ T5849]  __submit_merged_write_cond+0x255/0x530
[   85.376354][ T5849]  f2fs_write_data_pages+0x261d/0x3000
[   85.376395][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   85.376441][ T5849]  ? __mod_zone_page_state+0xd7/0x140
[   85.376464][ T5849]  ? folios_put_refs+0x560/0x640
[   85.376485][ T5849]  ? __pfx_folios_put_refs+0x10/0x10
[   85.376496][ T5849]  ? rcu_is_watching+0x15/0xb0
[   85.376513][ T5849]  ? __lock_acquire+0xab9/0xd20
[   85.376542][ T5849]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   85.376559][ T5849]  do_writepages+0x32e/0x550
[   85.376581][ T5849]  ? do_raw_spin_unlock+0x4d/0x240
[   85.376598][ T5849]  filemap_fdatawrite+0x199/0x240
[   85.376613][ T5849]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   85.376662][ T5849]  ? do_raw_spin_unlock+0x4d/0x240
[   85.376678][ T5849]  f2fs_sync_dirty_inodes+0x31f/0x830
[   85.376701][ T5849]  f2fs_write_checkpoint+0x95a/0x1df0
[   85.376728][ T5849]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   85.376773][ T5849]  ? kill_f2fs_super+0x298/0x6c0
[   85.376788][ T5849]  kill_f2fs_super+0x2c3/0x6c0
[   85.376804][ T5849]  ? __pfx_kill_f2fs_super+0x10/0x10
[   85.376813][ T5849]  ? radix_tree_delete_item+0x2b6/0x400
[   85.376833][ T5849]  ? shrinker_free+0x2ce/0x3e0
[   85.376847][ T5849]  deactivate_locked_super+0xbc/0x130
[   85.376862][ T5849]  cleanup_mnt+0x425/0x4c0
[   85.376875][ T5849]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.376916][ T5849]  task_work_run+0x1d4/0x260
[   85.376935][ T5849]  ? __pfx_task_work_run+0x10/0x10
[   85.376949][ T5849]  ? __x64_sys_umount+0x122/0x160
[   85.376966][ T5849]  ? exit_to_user_mode_loop+0x40/0x110
[   85.376984][ T5849]  exit_to_user_mode_loop+0xec/0x110
[   85.377000][ T5849]  do_syscall_64+0x2bd/0x3b0
[   85.377015][ T5849]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.377029][ T5849]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.377039][ T5849]  ? exc_page_fault+0x9f/0xf0
[   85.377055][ T5849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.377066][ T5849] RIP: 0033:0x7fa24e18ff17
[   85.377077][ T5849] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   85.377086][ T5849] RSP: 002b:00007ffc4b05f058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   85.377101][ T5849] RAX: 0000000000000000 RBX: 00007fa24e211c05 RCX: 00007fa24e18ff17
[   85.377108][ T5849] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc4b05f110
[   85.377114][ T5849] RBP: 00007ffc4b05f110 R08: 0000000000000000 R09: 0000000000000000
[   85.377121][ T5849] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc4b0601a0
[   85.377128][ T5849] R13: 00007fa24e211c05 R14: 0000000000014ce6 R15: 00007ffc4b0601e0
[   85.377148][ T5849]  </TASK>
[   85.377152][ T5849] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   85.378600][ T6647] bcachefs (loop1): btree node read error at btree dirents level 0/0
[   85.525409][ T6647]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 267fcf747c875937 written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0
[   85.533242][ T6647]   loop1 node offset 16/24 bset u64s 36: checksum error, type chacha20_poly1305_128: got b32aa0584d17e8f2becd9e348b4fbd82 should be 9c0f2415a667f93682c3af0cd44ed5f4
[   85.543489][ T6647]   node offset 16/24 bset u64s 36 bset byte offset 200: key extends past end of bset
[   85.547477][ T6647]   loop1 btree validate error
[   85.549529][ T6647]   repair success (rewriting node)
[   85.555808][ T6647] bcachefs (loop1): invalid bkey in btree_node btree=alloc level=0: u64s 12 type alloc_v4 0:40:0 len 0 ver 0: 
[   85.555844][ T6647]     gen 0 oldest_gen 0 data_type btree
[   85.555850][ T6647]     journal_seq_nonempty 11
[   85.555855][ T6647]     journal_seq_empty    0
[   85.555859][ T6647]     need_discard         1
[   85.555864][ T6647]     need_inc_gen         1
[   85.555870][ T6647]     dirty_sectors        256
[   85.555876][ T6647]     stripe_sectors       1769485
[   85.555882][ T6647]     cached_sectors       0
[   85.555912][ T6647]     stripe               0
[   85.555920][ T6647]     stripe_redundancy    0
[   85.555925][ T6647]     io_time[READ]        10510035205488641
[   85.555930][ T6647]     io_time[WRITE]       1280
[   85.555935][ T6647]     fragmentation     0
[   85.555939][ T6647]     bp_start          7
[   85.555943][ T6647]   
[   85.555947][ T6647]   invalid io_time[read]: 10510035205488641, max 281474976710655, deleting
[   85.638609][ T6647] bcachefs (loop1): btree node read error at btree alloc level 0/0
[   85.638659][ T6647]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1818ce08861e3527 written 40 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[   85.638668][ T6647]   loop1 node offset 32/40 bset u64s 20: checksum error, type chacha20_poly1305_128: got 9412e918030eff88fa48c0a94e3225ca should be b01a58e49cdb3f2f3524eab9af93cbd5
[   85.638678][ T6647]   loop1 btree validate error
[   85.638683][ T6647]   repair success (rewriting node)
[   85.672484][ T6647] bcachefs (loop1): accounting_read... done
[   85.676824][ T6647] bcachefs (loop1): alloc_read... done
[   85.679342][ T6647] bcachefs (loop1): snapshots_read... done
[   85.682773][ T6647] bcachefs (loop1): Fixed errors, running fsck a second time to verify fs is clean
[   85.687076][ T6647] bcachefs (loop1): done starting filesystem
[   85.760089][ T5845] bcachefs (loop1): shutting down
[   85.765543][ T6666] loop2: detected capacity change from 0 to 256
[   85.775278][ T6666] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   85.788413][ T6666] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d)
[   85.836875][ T5845] bcachefs (loop1): shutdown complete
[   85.987947][ T6670] loop2: detected capacity change from 0 to 2048
[   86.009374][ T6670] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   86.014218][ T6664] loop0: detected capacity change from 0 to 32768
[   86.030916][ T6664] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.302 (6664)
[   86.093166][ T6664] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   86.097590][ T6664] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[   86.106953][ T6664] BTRFS info (device loop0): using free-space-tree
[   86.131071][ T6673] program syz.2.306 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   86.206868][ T6664] BTRFS info (device loop0): rebuilding free space tree
[   86.318091][ T5841] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   86.518569][ T6704] loop0: detected capacity change from 0 to 256
[   86.575845][ T6700] loop2: detected capacity change from 0 to 32768
[   86.581539][ T6700] 
[   86.581539][ T6700]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   86.581539][ T6700] 
[   86.611680][ T6700] 
[   86.611680][ T6700]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   86.611680][ T6700] 
[   86.615325][ T6700] 
[   86.615325][ T6700]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   86.615325][ T6700] 
[   86.618738][ T6700] 
[   86.618738][ T6700]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   86.618738][ T6700] 
[   86.622795][ T6700] 
[   86.622795][ T6700]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   86.622795][ T6700] 
[   86.636215][  T114] 
[   86.636215][  T114]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   86.636215][  T114] 
[   86.644584][ T5849] 
[   86.644584][ T5849]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   86.644584][ T5849] 
[   86.658067][ T5849] 
[   86.658067][ T5849]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   86.658067][ T5849] 
[   87.114942][ T6740] sp0: Synchronizing with TNC
[   87.165964][ T6740] Falling back ldisc for ttyS3.
[   87.320446][ T6003] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   87.485673][ T6003] usb 1-1: Using ep0 maxpacket: 8
[   87.491562][ T6003] usb 1-1: unable to get BOS descriptor or descriptor too short
[   87.497626][ T6003] usb 1-1: config 6 has an invalid interface number: 70 but max is 0
[   87.501026][ T6003] usb 1-1: config 6 has no interface number 0
[   87.503318][ T6003] usb 1-1: config 6 interface 70 altsetting 118 has an endpoint descriptor with address 0x29, changing to 0x9
[   87.508269][ T6003] usb 1-1: config 6 interface 70 altsetting 118 endpoint 0x9 has invalid wMaxPacketSize 0
[   87.511938][ T6003] usb 1-1: config 6 interface 70 has no altsetting 0
[   87.517935][ T6003] usb 1-1: New USB device found, idVendor=1ae7, idProduct=0525, bcdDevice=63.7b
[   87.518916][ T6737] loop1: detected capacity change from 0 to 40427
[   87.521092][ T6003] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.527589][ T6003] usb 1-1: Product: syz
[   87.529445][ T6003] usb 1-1: Manufacturer: syz
[   87.531253][ T6003] usb 1-1: SerialNumber: syz
[   87.532515][ T6737] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   87.544162][ T6737] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   87.553498][ T6737] F2FS-fs (loop1): invalid crc value
[   87.609112][ T6737] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   87.616173][ T6737] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   87.619040][ T6737] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   87.778268][ T6003] HFC-S_USB 1-1:6.70: probe with driver HFC-S_USB failed with error -5
[   87.791104][ T6003] usb 1-1: USB disconnect, device number 5
[   88.584405][ T6762] netlink: 40 bytes leftover after parsing attributes in process `syz.0.331'.
[   88.646421][   T33] audit: type=1326 audit(1755404143.286:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6766 comm="syz.2.333" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa24e18ebe9 code=0x7ffc0000
[   88.661760][  T792] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[   88.673454][   T33] audit: type=1326 audit(1755404143.286:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6766 comm="syz.2.333" exe="/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7fa24e18ebe9 code=0x7ffc0000
[   88.696221][   T33] audit: type=1326 audit(1755404143.286:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6766 comm="syz.2.333" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa24e18ebe9 code=0x7ffc0000
[   88.713649][   T33] audit: type=1326 audit(1755404143.286:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6766 comm="syz.2.333" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa24e18ebe9 code=0x7ffc0000
[   88.774226][ T6774] loop2: detected capacity change from 0 to 512
[   88.783002][ T6774] EXT4-fs: Ignoring removed bh option
[   88.799918][ T6774] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[   88.816806][ T6774] EXT4-fs (loop2): 1 truncate cleaned up
[   88.820563][ T6774] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   88.829435][ T6777] netlink: 16 bytes leftover after parsing attributes in process `syz.0.338'.
[   88.830543][  T792] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[   88.833375][ T6777] netlink: 16 bytes leftover after parsing attributes in process `syz.0.338'.
[   88.843026][  T792] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   88.846435][  T792] usb 2-1: Product: syz
[   88.849930][  T792] usb 2-1: Manufacturer: syz
[   88.851907][  T792] usb 2-1: SerialNumber: syz
[   88.859872][  T792] usb 2-1: config 0 descriptor??
[   88.890631][ T5849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.080054][  T792] hso 2-1:0.0: Failed to find BULK IN ep
[   89.087255][  T792] usb-storage 2-1:0.0: USB Mass Storage device detected
[   89.222122][ T6787] loop2: detected capacity change from 0 to 32768
[   89.303595][  T792] usb 2-1: USB disconnect, device number 10
[   89.347396][ T6003] IPVS: starting estimator thread 0...
[   89.434898][ T6792] IPVS: using max 48 ests per chain, 115200 per kthread
[   89.934662][ T6804] geneve2: entered promiscuous mode
[   90.062702][ T6810] loop0: detected capacity change from 0 to 512
[   90.085977][ T6810] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.350: iget: bad i_size value: 38620345925642
[   90.106750][ T6810] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.350: couldn't read orphan inode 15 (err -117)
[   90.118558][ T6810] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   90.136470][ T6810] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.350: bg 0: block 5: invalid block bitmap
[   90.142547][ T6810] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 5 with error 28
[   90.148802][ T6810] EXT4-fs (loop0): This should not happen!! Data will be lost
[   90.148802][ T6810] 
[   90.152367][ T6810] EXT4-fs (loop0): Total free blocks count 0
[   90.154714][ T6810] EXT4-fs (loop0): Free/Dirty block details
[   90.156796][ T6810] EXT4-fs (loop0): free_blocks=0
[   90.158857][ T6810] EXT4-fs (loop0): dirty_blocks=5
[   90.160977][ T6810] EXT4-fs (loop0): Block reservation details
[   90.170403][ T6810] EXT4-fs (loop0): i_reserved_data_blocks=5
[   90.199906][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.203777][ T6816] loop1: detected capacity change from 0 to 64
[   90.559583][  T792] usb 1-1: new low-speed USB device number 6 using dummy_hcd
[   90.716701][ T6830] loop1: detected capacity change from 0 to 256
[   90.722640][ T6830] exfat: Deprecated parameter 'utf8'
[   90.729451][  T792] usb 1-1: config 0 has an invalid interface number: 168 but max is 0
[   90.735400][  T792] usb 1-1: config 0 has no interface number 0
[   90.742575][ T6830] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[   90.742791][  T792] usb 1-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=dd.b8
[   90.754691][  T792] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.762365][  T792] usb 1-1: config 0 descriptor??
[   90.777398][  T792] lan78xx 1-1:0.168 (unnamed net_device) (uninitialized): USB bus speed not supported
[   90.786482][  T792] lan78xx 1-1:0.168: probe with driver lan78xx failed with error -5
[   91.004415][  T792] usb 1-1: USB disconnect, device number 6
[   91.801455][ T6867] netlink: 4 bytes leftover after parsing attributes in process `syz.1.376'.
[   92.399616][ T6883] binder: 6880:6883 ioctl c0306201 0 returned -14
[   92.701842][ T6876] loop1: detected capacity change from 0 to 32768
[   92.723759][   T33] audit: type=1800 audit(1755404147.249:15): pid=6876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.379" name="file1" dev="loop1" ino=4 res=0 errno=0
[   93.021874][  T115] ==================================================================
[   93.024502][  T115] BUG: KASAN: slab-use-after-free in jfs_lazycommit+0x74b/0xa90
[   93.027012][  T115] Read of size 4 at addr ffff88812048ca94 by task jfsCommit/115
[   93.030678][  T115] 
[   93.031540][  T115] CPU: 0 UID: 0 PID: 115 Comm: jfsCommit Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[   93.031553][  T115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   93.031558][  T115] Call Trace:
[   93.031562][  T115]  <TASK>
[   93.031565][  T115]  dump_stack_lvl+0x189/0x250
[   93.031578][  T115]  ? __kasan_check_byte+0x12/0x40
[   93.031592][  T115]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.031603][  T115]  ? lock_release+0x4b/0x3e0
[   93.031619][  T115]  ? __virt_addr_valid+0x4a5/0x5c0
[   93.031632][  T115]  print_report+0xca/0x240
[   93.031642][  T115]  ? jfs_lazycommit+0x74b/0xa90
[   93.031654][  T115]  kasan_report+0x118/0x150
[   93.031666][  T115]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[   93.031679][  T115]  ? jfs_lazycommit+0x74b/0xa90
[   93.031690][  T115]  jfs_lazycommit+0x74b/0xa90
[   93.031702][  T115]  ? __pfx_jfs_lazycommit+0x10/0x10
[   93.031712][  T115]  ? __pfx_default_wake_function+0x10/0x10
[   93.031727][  T115]  ? __kthread_parkme+0x7b/0x200
[   93.031738][  T115]  ? __kthread_parkme+0x1a1/0x200
[   93.031749][  T115]  kthread+0x711/0x8a0
[   93.031762][  T115]  ? __pfx_jfs_lazycommit+0x10/0x10
[   93.031772][  T115]  ? __pfx_kthread+0x10/0x10
[   93.031784][  T115]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.031821][  T115]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.031834][  T115]  ? __pfx_kthread+0x10/0x10
[   93.031845][  T115]  ret_from_fork+0x3fc/0x770
[   93.031852][  T115]  ? __pfx_ret_from_fork+0x10/0x10
[   93.031859][  T115]  ? __switch_to_asm+0x39/0x70
[   93.031867][  T115]  ? __switch_to_asm+0x33/0x70
[   93.031879][  T115]  ? __pfx_kthread+0x10/0x10
[   93.031890][  T115]  ret_from_fork_asm+0x1a/0x30
[   93.031906][  T115]  </TASK>
[   93.031909][  T115] 
[   93.089131][  T115] Allocated by task 6876:
[   93.090568][  T115]  kasan_save_track+0x3e/0x80
[   93.092231][  T115]  __kasan_kmalloc+0x93/0xb0
[   93.094242][  T115]  __kmalloc_cache_noprof+0x230/0x3d0
[   93.096430][  T115]  jfs_fill_super+0xc2/0xd80
[   93.098031][  T115]  get_tree_bdev_flags+0x40e/0x4d0
[   93.099743][  T115]  vfs_get_tree+0x92/0x2b0
[   93.101265][  T115]  do_new_mount+0x2a2/0x9e0
[   93.102846][  T115]  __se_sys_mount+0x317/0x410
[   93.104852][  T115]  do_syscall_64+0xfa/0x3b0
[   93.106772][  T115]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.109202][  T115] 
[   93.110234][  T115] Freed by task 5845:
[   93.111923][  T115]  kasan_save_track+0x3e/0x80
[   93.113879][  T115]  kasan_save_free_info+0x46/0x50
[   93.115574][  T115]  __kasan_slab_free+0x5b/0x80
[   93.117191][  T115]  kfree+0x18e/0x440
[   93.118513][  T115]  generic_shutdown_super+0x135/0x2c0
[   93.120316][  T115]  kill_block_super+0x44/0x90
[   93.121908][  T115]  deactivate_locked_super+0xbc/0x130
[   93.123706][  T115]  cleanup_mnt+0x425/0x4c0
[   93.125215][  T115]  task_work_run+0x1d4/0x260
[   93.126770][  T115]  exit_to_user_mode_loop+0xec/0x110
[   93.128538][  T115]  do_syscall_64+0x2bd/0x3b0
[   93.130106][  T115]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.132075][  T115] 
[   93.132902][  T115] The buggy address belongs to the object at ffff88812048ca00
[   93.132902][  T115]  which belongs to the cache kmalloc-256 of size 256
[   93.137477][  T115] The buggy address is located 148 bytes inside of
[   93.137477][  T115]  freed 256-byte region [ffff88812048ca00, ffff88812048cb00)
[   93.142592][  T115] 
[   93.143423][  T115] The buggy address belongs to the physical page:
[   93.145588][  T115] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12048c
[   93.148598][  T115] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   93.151572][  T115] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[   93.154407][  T115] page_type: f5(slab)
[   93.155816][  T115] raw: 057ff00000000040 ffff88801a441b40 ffffea0004309780 dead000000000004
[   93.158708][  T115] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   93.161538][  T115] head: 057ff00000000040 ffff88801a441b40 ffffea0004309780 dead000000000004
[   93.164358][  T115] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   93.167642][  T115] head: 057ff00000000001 ffffea0004812301 00000000ffffffff 00000000ffffffff
[   93.170636][  T115] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   93.173457][  T115] page dumped because: kasan: bad access detected
[   93.175510][  T115] page_owner tracks the page as allocated
[   93.177371][  T115] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5937, tgid 5936 (syz.0.12), ts 58219125676, free_ts 56103394749
[   93.184116][  T115]  post_alloc_hook+0x240/0x2a0
[   93.185734][  T115]  get_page_from_freelist+0x21e4/0x22c0
[   93.187584][  T115]  __alloc_frozen_pages_noprof+0x181/0x370
[   93.189558][  T115]  alloc_pages_mpol+0x232/0x4a0
[   93.191220][  T115]  allocate_slab+0x8a/0x370
[   93.192746][  T115]  ___slab_alloc+0xbeb/0x1410
[   93.194361][  T115]  __kmalloc_noprof+0x305/0x4f0
[   93.196006][  T115]  io_cache_alloc_new+0x40/0x100
[   93.197663][  T115]  __io_prep_rw+0x23f/0xe20
[   93.199191][  T115]  io_prep_rwv+0x8c/0x3d0
[   93.200666][  T115]  io_submit_sqes+0x8f6/0x1d10
[   93.202541][  T115]  __se_sys_io_uring_enter+0x2df/0x2b20
[   93.204814][  T115]  do_syscall_64+0xfa/0x3b0
[   93.206540][  T115]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.208688][  T115] page last free pid 5845 tgid 5845 stack trace:
[   93.210835][  T115]  __free_frozen_pages+0xbc4/0xd30
[   93.212561][  T115]  __put_partials+0x156/0x1a0
[   93.214183][  T115]  put_cpu_partial+0x17c/0x250
[   93.215819][  T115]  __slab_free+0x2d5/0x3c0
[   93.217320][  T115]  qlist_free_all+0x97/0x140
[   93.218924][  T115]  kasan_quarantine_reduce+0x148/0x160
[   93.220738][  T115]  __kasan_slab_alloc+0x22/0x80
[   93.222399][  T115]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[   93.224555][  T115]  __alloc_skb+0x112/0x2d0
[   93.226300][  T115]  rtmsg_ifinfo_build_skb+0x84/0x260
[   93.228088][  T115]  rtnetlink_event+0x1b7/0x270
[   93.229704][  T115]  notifier_call_chain+0x1b6/0x3e0
[   93.231488][  T115]  netif_set_mac_address+0x37c/0x4c0
[   93.233277][  T115]  do_setlink+0x88c/0x41c0
[   93.234812][  T115]  rtnl_newlink+0x160b/0x1c70
[   93.236509][  T115]  rtnetlink_rcv_msg+0x7cf/0xb70
[   93.238480][  T115] 
[   93.239415][  T115] Memory state around the buggy address:
[   93.241357][  T115]  ffff88812048c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   93.244665][  T115]  ffff88812048ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   93.247826][  T115] >ffff88812048ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   93.250538][  T115]                          ^
[   93.252106][  T115]  ffff88812048cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   93.254770][  T115]  ffff88812048cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   93.257441][  T115] ==================================================================
[   93.260219][  T115] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   93.263154][  T115] CPU: 0 UID: 0 PID: 115 Comm: jfsCommit Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[   93.268070][  T115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   93.272205][  T115] Call Trace:
[   93.273508][  T115]  <TASK>
[   93.274526][  T115]  dump_stack_lvl+0x99/0x250
[   93.276086][  T115]  ? __asan_memcpy+0x40/0x70
[   93.277633][  T115]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.279377][  T115]  ? __pfx__printk+0x10/0x10
[   93.280954][  T115]  vpanic+0x281/0x750
[   93.282303][  T115]  ? __pfx_print_hex_dump+0x10/0x10
[   93.284061][  T115]  ? __pfx_vpanic+0x10/0x10
[   93.285753][  T115]  panic+0xb9/0xc0
[   93.287122][  T115]  ? __pfx_panic+0x10/0x10
[   93.288601][  T115]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   93.290575][  T115]  ? jfs_lazycommit+0x74b/0xa90
[   93.292208][  T115]  check_panic_on_warn+0x89/0xb0
[   93.293858][  T115]  ? jfs_lazycommit+0x74b/0xa90
[   93.295483][  T115]  end_report+0x78/0x160
[   93.296918][  T115]  kasan_report+0x129/0x150
[   93.298530][  T115]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[   93.300587][  T115]  ? jfs_lazycommit+0x74b/0xa90
[   93.302614][  T115]  jfs_lazycommit+0x74b/0xa90
[   93.304577][  T115]  ? __pfx_jfs_lazycommit+0x10/0x10
[   93.306716][  T115]  ? __pfx_default_wake_function+0x10/0x10
[   93.309033][  T115]  ? __kthread_parkme+0x7b/0x200
[   93.310670][  T115]  ? __kthread_parkme+0x1a1/0x200
[   93.312344][  T115]  kthread+0x711/0x8a0
[   93.313843][  T115]  ? __pfx_jfs_lazycommit+0x10/0x10
[   93.315785][  T115]  ? __pfx_kthread+0x10/0x10
[   93.317561][  T115]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.319406][  T115]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.321423][  T115]  ? __pfx_kthread+0x10/0x10
[   93.323194][  T115]  ret_from_fork+0x3fc/0x770
[   93.324875][  T115]  ? __pfx_ret_from_fork+0x10/0x10
[   93.326817][  T115]  ? __switch_to_asm+0x39/0x70
[   93.328465][  T115]  ? __switch_to_asm+0x33/0x70
[   93.330264][  T115]  ? __pfx_kthread+0x10/0x10
[   93.331970][  T115]  ret_from_fork_asm+0x1a/0x30
[   93.333682][  T115]  </TASK>
[   94.447583][  T115] Shutting down cpus with NMI
[   94.450298][  T115] Kernel Offset: disabled
[   94.451810][  T115] Rebooting in 86400 seconds..

VM DIAGNOSIS:
04:07:14  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000038 RBX=0000000000000038 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000243f590
R8 =ffff8881077d0237 R9 =1ffff11020efa046 R10=dffffc0000000000 R11=ffffffff854efeb0
R12=dffffc0000000000 R13=ffffffff99af98f4 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854eff2c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555593826608 CR3=000000002399e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000000ff XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fa2a4212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=1ffff92000ecae7d RBX=ffffea0004754b40 RCX=ce71da898722bc00 RDX=0000000000000000
RSI=0000000000000008 RDI=ffffea0004754b40 RBP=ffffea0004754b48 RSP=ffffc90007657058
R8 =0000000000000000 R9 =ffffffff822bc959 R10=dffffc0000000000 R11=fffff940008ea961
R12=000000000000000c R13=ffffc90007657100 R14=1ffffd40008ea969 R15=dffffc0000000000
RIP=ffffffff822b733a RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f0744e6bfc8 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f0744187498 00007f0744187470 XMM03=00007f07441874a8 00007f07441874a0
XMM04=00007f0744ced100 00007f0744187460 XMM05=00007f0744187478 00007f07441874c0
XMM06=00007f07441874b8 00007f07441874b0 XMM07=00007f07441874a8 00007f07441874a0
XMM08=0000000000000000 00007f0744012ee7 XMM09=0000000000000000 00007f0744012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
