last executing test programs:

28.460667608s ago: executing program 2 (id=529):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000200012800b0001006d61637365630000100002800c0004000000000180c280"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x0)
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x9, @pix={0x5, 0x1ec0000, 0x34565348, 0x5, 0x9, 0xddc8, 0x0, 0x4000002, 0x0, 0x6, 0x2, 0x3}})

28.389733649s ago: executing program 2 (id=532):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
ioprio_set$uid(0x3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x4, 0x200000005c831, 0xffffffffffffffff, 0x0)

27.500145317s ago: executing program 2 (id=546):
syz_mount_image$squashfs(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x2, &(0x7f0000000540)=ANY=[], 0x5, 0x1bd, &(0x7f0000000a00)="$eJzsVT9v2kAU/51tMO5Qda6QOpQBhmJj2qpbO1VIXfoJqiJwW1TTPzZDQQx04ntk4YvkO2RIlIVEiiJlIHt00d29uzhRkiEhQpHuJ5nf+3vPvDu/+5H/zX0AZ6tpDx8g4eIpdhmDB+AFU7aPvuLjsuIm6Uee4gbZt4j3iPPx5Gc3TZNMCBWQYCz3EFxVAFm+rhXXKISf1r/ylxtd3L/eFQB37jh1F8YSaKFqNjW4GpNkgdmVW0scflZhm9gdOtHY+CGxwkMLF+r7/w5O5M7vrKY9IXwFwDnnwtZXDyvGiPmyXYh57smHueAmRgw/oXA4CEfDP2E+nrwaDB0k35Nfcdx+G72Oojdx+G2QJpH6ZYUSDp1EwQ0AYqYGBX8JwD4N2CcwGOiPTL8a+Vkxt1wYzvWXuASHeSZXc4V8IpdmO6N06Qtm+rsRjanJt/Yg/1IHDC4pLZUTQEWLxlSko9n7nfbnYBD3CveBaAHPrNFaoqQVkWqUpP1upl97Tlwj7hAviJfE+s7Sd5EnVzggrT4DyvjXHY2yljApydhiY4ufmcoOVT2lNXQrqj4sLCwsLCwsLB4ZzgMAAP//vgZI9Q==")
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
lseek(r0, 0x7ff, 0x0)
getdents64(r0, 0x0, 0x0)

27.441409142s ago: executing program 2 (id=549):
inotify_init1(0x800)
syz_mount_image$fuse(0x0, 0x0, 0x1000009, 0x0, 0x1, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f00000008c0), 0x3, 0x5eb, &(0x7f0000000c00)="$eJzs3ctvFEcaAPCvxw9sjNYDWu0ue1gsrVYg7WJjAysU5QDXCFnkoVxyiYMNIRiwsKPEJBJGIpdIUS5RFCmnHEL+iwSFK6fklEMuOUVIKIk4RspEPdNtPHaPX9jTiP79pGG6q6Zd1djfVHVNVU8AlTWS/lOLOBgRc0nEcLK0nNcbWeZI63WPfnv/fPpIotF4+Zckkiwtf32SPQ9lBw9ExHffJnGgZ22584s3Lk/Nzs5cz/bHFq7Mjc0v3jh66crUxZmLM1cn/j9x6uSJk6fGj23rvG4WpJ29/dY7wx9Ovvbl578n41/9OJnE6Xghe+HK89gpIzHS/D9J1mYNndrpwkrSk/2dNBqNRp6W9JZbJzYv//31RcTfYzh64vEvbzg+eLHUygG7qpG03ruBKkrEP1RU3g/Ir+1XXwfXSumVAN3w8ExrAGBt/Pe2xgZjoDk2sPdREiuHdZKI2N7IXLt9EXH/3uTtC/cmb8cujcMBxZZuRcQ/iuI/acZ/PQai3oz/Wlv8p/2Cc9lzmv7SNstfPVQs/qF7WvE/sG78R4f4fz19vtmK4Te2WX798eabg23xP7jdUwIAAAAAAIDKunsmIv5X9Pl/bXn+TxTM/xmKiNM7UP7Iqv21n//XHuxAMUCBh2cini+c/1vLZ//We1YsYa1HX3Lh0uzMsYj4S0Qcib496f74OmUc/ejAZ53yRrL5f/kjLf9+Nhcwq8eD3j3tx0xPLUw9wSkDmYe3Iv5ZOP83WW7/k4L2P31nmNtkGQf+c+dcp7yN4x/YLY0vIg4Xtv+P71qRrH9/jrFmf2As7xWs9a/3Pv66U/nbjX+3mIAnl7b/e9eP/3qy8n4981sv4/hib6NT3nb7//3JK827CvVnae9OLSxcH4/oT872pKlt6RNbrzM8i/J4yOMljf8j/15//K+o/z8YEUurfnbya/ua4tzf/hj6qVN99P+hPGn8T2+p/d/6xsSd+jedyt9c+3+i2dYfyVKM/0HLp3mY9renF4Rjb1FWt+sLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM+CWkTsi6Q2urxdq42ORgxFxF9jb2322vzCfy9ce/vqdJrX/P7/Wv5Nv8Ot/ST//v/6iv2JVfvHI2J/RHzSM9jcHz1/bXa67JMHAAAAAAAAAAAAAAAAAACAp8RQh/X/qZ97yq4dsOt6y64AUJqC+P++jHoA3af9h+oS/1Bd4h+qS/xDdYl/qC7xD9Ul/qG6xD8AAAAAADxT9h+6+0MSEUvPDTYfqf4sr6/UmgG7rVZ2BYDSuMUPVJepP1BdrvGBZIP8gY4HbXTkeubOP8HBAAAAAAAAAAAAAFA5hw9a/w9VZf0/VJf1/1Bd+fr/QyXXA+g+1/hAbLCSv3D9/4ZHAQAAAAAAAAAAAAA7aX7xxuWp2dmZ6zZefTqq0c2NRqNxM/0reFrqs/MbSTZDvSuF5lPhu3+m/Zs5wXyt3+Z+cnnvSQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQLs/AwAA//+JjCTl")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x1000000, 0x0, 0x0, 0x0, 0x0)
lsetxattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@known='trusted.overlay.impure\x00', &(0x7f0000000200)='\xa2-\x00', 0x3, 0x1)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]})
llistxattr(0x0, 0x0, 0x0)

27.28177598s ago: executing program 2 (id=552):
r0 = gettid()
setpgid(r0, 0x0)

26.960171649s ago: executing program 2 (id=553):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000bdb000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xb)
syz_clone(0x8009080, 0x0, 0x0, 0x0, 0x0, 0x0)

26.766960783s ago: executing program 32 (id=553):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000bdb000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xb)
syz_clone(0x8009080, 0x0, 0x0, 0x0, 0x0, 0x0)

1.748925718s ago: executing program 0 (id=857):
r0 = socket$inet6(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000c80)={'batadv_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x70bd2c, 0x25dfdbfd, {0x2, 0x20, 0x0, 0xcb, r2}, [@IFA_BROADCAST={0x8, 0x4, @rand_addr=0x64010101}, @IFA_LOCAL={0x8, 0x2, @local}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x1}, @IFA_ADDRESS={0x8, 0x1, @loopback}, @IFA_RT_PRIORITY={0x8, 0x9, 0x31}, @IFA_RT_PRIORITY={0x8, 0x9, 0x103}]}, 0x48}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

1.659879939s ago: executing program 0 (id=858):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x60)
ftruncate(r0, 0x7)

1.659734747s ago: executing program 0 (id=859):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x200000001c931, 0xffffffffffffffff, 0x0)

1.658569379s ago: executing program 0 (id=860):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x80002, 0x0)
r5 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0xd)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r7, &(0x7f0000001480)={0xfc, {"a483885aed0d09f91b5e070987f70e06d038e7ff7fc6e5539b0d3e0e8b089b3f07306d030890e0879b0af8c6e70a9b334a959b669a240d0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801118c20b8f16bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a64002bebc2407aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827475e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b94025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b03512629f46366e7205dd8d6f37525c1a0e94210dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9154f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d603994732d6b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed608000000a006e39336d07c2b80817a28ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030f81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xffffffffffffffb2}}, 0x1039)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x154)
io_uring_enter(0xffffffffffffffff, 0x77dd, 0x317a, 0x4, 0x0, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
futex_waitv(&(0x7f0000001a80)=[{0x0, 0x0, 0x80002}], 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
r8 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x2711, @local}, 0x10, 0x800)
ioctl$F2FS_IOC_GET_PIN_FILE(r8, 0x8004f50e, &(0x7f0000000100))
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c)

773.300883ms ago: executing program 3 (id=874):
syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x4, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e21, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x2, 0xffff, 0x0, 0x0, {[@eol, @mptcp=@synack={0x1e, 0x10, 0x1, 0x2, 0x0, 0x800, 0x7fffffff}]}}}}}}}, 0x0)

773.050505ms ago: executing program 3 (id=876):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="6400000002060507000000000000000000000000120003006269746d61703a69702c6d616300000005000400000000000900020073797a310000000018000780050003001f0000000c000100010000000000000205000500020000000500010006"], 0x64}, 0x1, 0x0, 0x0, 0x80}, 0x0)

755.276071ms ago: executing program 0 (id=877):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0x2, 0x8089, 0x1}, 0x50)

691.465053ms ago: executing program 0 (id=879):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
r1 = syz_open_dev$sg(&(0x7f00000006c0), 0x738b, 0x101880)
ioctl$SG_GET_SG_TABLESIZE(r1, 0x227f, &(0x7f0000000700))
pipe2(&(0x7f0000001040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
write$P9_RGETLOCK(r3, &(0x7f00000000c0)=ANY=[], 0xffffff6a)
pipe2(&(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
tee(r2, r5, 0xfffffffffffffc01, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x44, 0x10, 0x439, 0x70bd26, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x20}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_UDP_CSUM={0x5, 0x8, 0x1}, @IFLA_GENEVE_UDP_ZERO_CSUM6_RX={0x5, 0xa, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4c880}, 0x0)
tee(r2, r5, 0x60000000000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r3, 0x1e, &(0x7f0000000500)={r2}, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000880)=ANY=[@ANYBLOB="200000002d00010026bd7000fcdbdf25040000000c000c000100000001000000e3209ee11a777a4efe00fdb72feefc070a2ef871c1e5092b1aca5981e9451cc104d0a45b09b794c0aa46f7bee0831d3a0f87a9e1acabf8abc5e3479dae9624d80fd2188719cd4f5f971a23b471f2c79d7448a5378675499a1870c187dee7bd5948fec37e7e1fb7d35ef228384daf967bb605d3275877f842bf403a8f1bcb73241b130571c7ea8c22b0bd9677"], 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x4000804)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x3, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x5}}]}, {0x0, [0x30]}}, &(0x7f0000000580)=""/250, 0x33, 0xfa, 0x1, 0x200}, 0x28)

641.724939ms ago: executing program 3 (id=880):
r0 = socket(0x15, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x2716, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002)

582.718301ms ago: executing program 1 (id=882):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={[{@usrquota}, {@noblock_validity}, {@bh}, {@max_batch_time={'max_batch_time', 0x3d, 0x8c9}}, {@debug}, {@inlinecrypt}]}, 0x6, 0x5fc, &(0x7f0000000c00)="$eJzs3c9rHGUfAPDvzCZ5kzavaUXEFsWAhxakaVKLVS+29WAPBQv2IOKhoUlq6PYHTQq2FkzBg4KCiFeRXvwHvEvv3kRQb56FKlJRUOnK7M62m2Q3XdPsTpr5fGCzz/PM7D7PdydP5pmZPDsBlNZ49iON2BVx51QSMdaybDQaC8fz9W7/du109kiiVnv91ySSvKy5fpI/b88zwxHx7dGIRyur6124cvXsdLXW8F7E/sVzF/cvXLm6b/7c9JnZM7Pnpw68cPDQ5ItTB6c2JM7t+fOx4689+fH7bz8/9111XxKH4+TguzOxIo6NMh7jcScPsbV8ICIOZYk2n8vDZguEUGqV/PdxMCIej7Go1HMNYzH/UaGNA3qqVomoASWV6P9QUs1xQPPYvrvj4JM9HpX0z60jjQOg1fEPNM6NxHD92Gjb7aTlyKhxbmPHBtSf1fHPtd2fZ49Ydh7iz7tbZ2AD6ulk6XpEPNEu/qTeth31SLP402XtSCJiMiKG8va98gBtSFrSvTgPs5b1xp9GxOH8OSs/us76x1fk+x0/AOV080i+I1/Kcvf2f9nYozn+iTbjn9E2+671KHr/13n819zfD9fPkacrxmHZmOVE+7ccXFnw04fHPu1Uf+v4L3tk9TfHgv1w63rE7hXxf5AFm49/sviTNts/W+XU4e7qePX7X451WlZ0/LUbEXvaHv/cG5VmqTWuT+6fm6/OTjZ+tq3j62/e+rJT/UXHn23/bR3ib9n+6crXZZ/JxS7r+OrEjXOdlo3eN/7056Gkcbw5lJe8M724eGkqYig5nq/SUn5g7bY012m+Rxb/3mfa9/9lv//Xl7/PSPNPZhcuvnH2dqdl69n+LReT79S6bEMnWfwz99/+q/p/VvZJl3X88eblpzotWyv+kQcJDAAAAAAAAEoorV+DTdKJu+k0nZhozJd9LLal1QsLi8/OXbh8fiZib/3/IQfT5pXusUY+yfJT+f/DNvMHVuSfi4idEfFZZaSenzh9oTpTdPAAAAAAAAAAAAAAAAAAAACwSWzP5/8371P9e6Ux/x8oiV7eYA7Y3PR/KK96/191iyegDOz/obz0fygv/R/KS/+H8tL/obz0fygv/R/KS/8HAAAAgC1p59M3f0wiYumlkfojM5QvMyMItrbBohsAFKZSdAOAwty99G+wD6XT1fj/r/zLAXvfHKAASbvC+uCgtnbnv9n2lQAAAAAAAAAAAABAD+zZ1Xn+v7nBsLWZ9gfl9QDz/311ADzkfPU/lJdjfOB+s/iHOy0w/x8AAAAAAAAAAAAA+ma0/kjSiXwu8Gik6cRExP8jYkcMJnPz1dnJiHgkIn6oDP4vy08V3WgAAAAAAAAAAAAAAAAAAADYYhauXD07Xa3OXmpN/L2qZGsnmndB7UNdL8d/fFUk/f9YRiKi8I3Ss8RAS0kSsZRt+U3RsEsLsTmaUU8U/IcJAAAAAAAAAAAAAAAAAABKqGXucXu7v+hziwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg/+7d/793iaJjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTv8GAAD//7V5QCw=")
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1aca421, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000))
quotactl$Q_GETQUOTA(0xffffffff80000700, &(0x7f0000000040)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)

582.608339ms ago: executing program 3 (id=883):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg$unix(r1, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)

578.101955ms ago: executing program 1 (id=884):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800300000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x12, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r2, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r0}, 0x20)
dup3(r1, r0, 0x80000)

339.696104ms ago: executing program 3 (id=885):
r0 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r0, 0x1, 0x25, &(0x7f00000002c0), 0x8)

267.661116ms ago: executing program 1 (id=886):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802, 0x0, 0x0, 0x7}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000005200010003000000000000000a0000000c00", @ANYRES32=r0], 0x20}}, 0x0)

190.424278ms ago: executing program 3 (id=887):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_ALLOW_SUSPEND(r3, 0x5522)
ioctl$USBDEVFS_CONTROL(r3, 0xc0105500, &(0x7f0000000040)={0x0, 0xe, 0x1, 0x7, 0x0, 0x7, 0x0})
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x140}}, 0x0)
r4 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, 0x0)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c)

140.277871ms ago: executing program 1 (id=888):
r0 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
close(r0)

69.520073ms ago: executing program 1 (id=889):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', <r2=>0x0})
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000180)={r2, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}}, 0x10)
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f00000000c0)={r2, 0x1, 0x6, @remote}, 0x10)
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000300)={r2, 0x1, 0x6}, 0x10)

0s ago: executing program 1 (id=890):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000e00)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f62617272696572000000006976655f6c6f67733d342c757365725f786174747200000000653d6c66732c616c6c6f63df6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a9e835ab286bb5980836f23dbf8ad3dd5931c08b46ea5952a332ad207000c98a2affa2dad4d623f9ff3ffa81e450d5548ab6200f069d0f63d20fd71d3043b0dd5b6cf9785f3f531abc19bc1678f5e0b33206bd1049ca45fd8500d67a5aa6e1c23d9bb55bb77bcadfdf75143289938f8d282688c10f0ffcefa57ff30c893414af5266072d92b4513d8d2a3d941", @ANYRES64], 0x1, 0x54fe, &(0x7f0000006000)="$eJzs3MtrY1UcB/CTPqbzciziwt1cGIQWJqHpY9Bd1Rl8YIfiY+FK0yQNmUlyS5OmtSsXLsWF/4kouHLp3+DCtTtxobgTlNxzKlN1QGkmmc58PnD7vffk5pffCaXl3IQbgKfWYvbbL6VwLVwKIcyGEK6GUOyX0lbYjPFCCOF6CGHmga2Uxv8auBBCuBxCuDYqHmuW0kNf3Bze2Pj5rV+//X5h7sqX3/wwvVkD0/ZiCKG7F/cPuzHzVsx7abw2bBfZXR+mjA9076fjPOZhc6eocFg7Oa9W5Fornp/vHfRHudup1UfZau8W43u9+IL9YeukTvGEe7X94rjR3Cmy3c+LbB3Hvo6O49+24/4g1mmkeh8X5cNgcJJxvHnUjPPZu19kvTdI47Fu3mgejXKYMr1cqOedRtHHzlne6cfb2+3ewVE2bO7323kv26hUX6pUb5Wr+3mjOWiul2vdxq31bKnVGZ1WHjRr3c1Wnrc6zUo97y5nS616vVytZku3mzvtWi+rVitrlZXyxnLau5m9fvf9rNPIlkb5art3MGh3+tluvp/FZyxnq5W1l5ezG9Xs3a3tbPudO3e2tt/78PYHd1/ZevO1dNI/2sqWVldWV8vVlfJqdfn8zn/0v/5/zf/T1PQY5w8ATJb1PzAN5339H6z/x8L6/+meP5xJadoNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLT/Of/VGsbMYj6+k8WfS0HPpuBRCmAkh/PEvZsOFUzVnU535h5w//7ceviuFosLoNRbSdjmEsJm235991O8CAAAAPLm+/uT653G1Hn8sTrshJiletJm5+tGY6pVCCPOLP42hSkgXm8LzZ+8qGv1+z4WjMVUrLmBdHFOxeMltblzV/pPZU3HxgSjFmJloOwAAwEScXglMdhUCAADAJH027QaYjuKT1vRd/PQF/oUY6QPBS6eOAAAAgHOoNO0GAAAAgEeuWP8/5P5/i+7/BwAAAE+GeP8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JOd+8lJHYriAHxa6Hu8P0ZinLsVZ7AMl+DQoWEBboIl4BbcAGvAmUswYGhLtAYTk962kXxf0l5uQ36cEibnXlIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBLz8Vq/nh/9dA2Z7trJ83dAAAAAMdsitW8fDGt5v/q62f1pYt6nkVEHhHHevdR/Gpkjuqc4ov3F59qeIooE/af8bs+/kbEdX28nnf9LQAAAMDpWi+Ws6pbr07ToQuiT9WiTf7/JlFeFhHF9CVRWr4/XSYKK3/f47hLlFYuYE0ShVVLbuNUad8yagyTD0NWDXmv5QAAAL1odgL9diEAAAD06XboAhhGFoetzMNecPnP+/cNwT+NGQAAAPADZUMXAAAAAHSu7P89/w8AAABOW/X8PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALq0KVbz9WI5a5uz3bWT5m4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCN/XlHgRAIgzDYu74zmfsfVho0NTWpAuHjbwwGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3vzuL/8npsaZZO61sfQ8kqydGlunxt65cfSH8fVrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC725yUFQiAIomDO+N9J3/+wkqBnECECGh5V1KIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAv+t0v/yemxplk7rSxdDySrF01tq4aew8aRw/G278BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC527t9FjioOAPibnZ2NiYrrKVuciIKFNmaziYlpLZTDwj9BOC6beLrxR3KFCUG8xk62TiNaigjK2d3/kDqBNLFLsUUEQbCIzK+7lzXgmpCZTe7zgTfvO8Mw7/vmjuO+82YXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNrsnf04zTf9Mu5Ux67fubKR9zfm+tzuNAu705ur4a+7pUYzX3ovxzvJoL1EAAAAODjSur4PIdzKdtbyvtMv6v+sPiev+b9/toyT6th83V/3ed1ft99+vf3i3kD9cpz8omc3J+Nj/06l++hmudye+88zusWdL569pMUPpPP+9guzrLifybfXrr3bK8JDTWQLADyIo3VfBfX/Q3k/ajMxAA6MblR41/V/2m83JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAm9LbD03WchBBWu/tx7sadKxtFP7e/O725WrdTV69O42vml8hCCGc3J+NjTU3kMXDx0uVP1ieT8YXmg1dCCO2NXgUfLnBOCG1mKHjYoFP9ri9LPo9H0PIfJgAAnjhZ1fK6/la2s5YfS1ZCuPvDvfX/61Ec4vp/ro/r/9sfnboejxXX/6PGZrj8hlvnPx9evHT5zc3z6+fG58afvnV89PboxOmTJ08Pi2clQ09MAAAAeDi9qsX1/9crIczm1v+PRHFYsP7/4rvRV/FYqfr/vvYX/drOBAAA4GB7/tU//0juczzp9cKX61tbF0bldm//eLltIdX/7VDV4vo/XWk7KwAAAKAJs+3knvX/M1EcFlz/f+bHl36Or5mGEA5X6/9HNz6bnGluOi35e6Gzmvg48SOfKgAAAEvtcNWK9f/6S7qK9/87e6885IffeK2Mq68BXKj+T9/75qd4rPj9/xMNzW9ZdQbl/Sj6QQjdQdsZAQAA8CR7qmp5sf97trP28S9HPuh5/x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgaf8EAAD//6E7RNw=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x10)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f00000001c0)={0x9, 0x2, 0x3, 0xd9})

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:4269' (ED25519) to the list of known hosts.
syzkaller login: [   50.172331][ T5831] cgroup: Unknown subsys name 'net'
[   50.282207][ T5831] cgroup: Unknown subsys name 'cpuset'
[   50.287846][ T5831] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   52.173575][ T5831] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   57.175433][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   57.179144][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   57.181983][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   57.186503][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   57.191340][ T5233] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   57.204001][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   57.206802][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   57.209854][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   57.213498][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   57.217044][ T5853] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   57.223898][ T5853] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   57.226510][ T5853] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   57.251690][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   57.256466][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   57.260928][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   57.565722][ T5847] chnl_net:caif_netlink_parms(): no params data found
[   57.624285][ T5842] chnl_net:caif_netlink_parms(): no params data found
[   57.657842][ T5846] chnl_net:caif_netlink_parms(): no params data found
[   57.693858][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.696880][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.700144][ T5847] bridge_slave_0: entered allmulticast mode
[   57.703160][ T5847] bridge_slave_0: entered promiscuous mode
[   57.732694][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.735371][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.738110][ T5847] bridge_slave_1: entered allmulticast mode
[   57.741123][ T5847] bridge_slave_1: entered promiscuous mode
[   57.786973][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.813210][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.816977][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.820211][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.823326][ T5842] bridge_slave_0: entered allmulticast mode
[   57.827268][ T5842] bridge_slave_0: entered promiscuous mode
[   57.860251][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.863244][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.866188][ T5842] bridge_slave_1: entered allmulticast mode
[   57.870281][ T5842] bridge_slave_1: entered promiscuous mode
[   57.913964][ T5847] team0: Port device team_slave_0 added
[   57.916149][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.919448][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.922418][ T5846] bridge_slave_0: entered allmulticast mode
[   57.926281][ T5846] bridge_slave_0: entered promiscuous mode
[   57.941495][ T5847] team0: Port device team_slave_1 added
[   57.946234][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.950438][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.953463][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.956441][ T5846] bridge_slave_1: entered allmulticast mode
[   57.961011][ T5846] bridge_slave_1: entered promiscuous mode
[   57.979010][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.983257][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.986119][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.996950][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.036248][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.039602][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.050008][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.070124][ T5842] team0: Port device team_slave_0 added
[   58.081362][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.086436][ T5842] team0: Port device team_slave_1 added
[   58.101856][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.153646][ T5847] hsr_slave_0: entered promiscuous mode
[   58.156953][ T5847] hsr_slave_1: entered promiscuous mode
[   58.160655][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.163256][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.173372][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.192643][ T5846] team0: Port device team_slave_0 added
[   58.197377][ T5846] team0: Port device team_slave_1 added
[   58.201353][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.203987][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.213774][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.264618][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.267440][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.278690][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.304628][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.307526][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.318980][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.374349][ T5842] hsr_slave_0: entered promiscuous mode
[   58.377632][ T5842] hsr_slave_1: entered promiscuous mode
[   58.380705][ T5842] debugfs: 'hsr0' already exists in 'hsr'
[   58.382932][ T5842] Cannot create hsr debugfs directory
[   58.452179][ T5846] hsr_slave_0: entered promiscuous mode
[   58.455262][ T5846] hsr_slave_1: entered promiscuous mode
[   58.458648][ T5846] debugfs: 'hsr0' already exists in 'hsr'
[   58.461047][ T5846] Cannot create hsr debugfs directory
[   58.711408][ T5847] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   58.719800][ T5847] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   58.726242][ T5847] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   58.741235][ T5847] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   58.782822][ T5842] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   58.792202][ T5842] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   58.798978][ T5842] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   58.817297][ T5842] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   58.859348][ T5846] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   58.865965][ T5846] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   58.877283][ T5846] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   58.885354][ T5846] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   58.997332][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.005637][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.040774][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[   59.049470][ T5847] 8021q: adding VLAN 0 to HW filter on device team0
[   59.059280][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.062414][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.078479][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.081593][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.086099][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.090035][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.121326][   T29] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.124359][   T29] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.151920][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.207003][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[   59.222877][   T29] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.225827][   T29] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.241026][   T29] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.243952][   T29] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.259289][ T5845] Bluetooth: hci2: command tx timeout
[   59.260243][ T5848] Bluetooth: hci0: command tx timeout
[   59.328666][ T5848] Bluetooth: hci1: command tx timeout
[   59.394141][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.430756][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.462173][ T5842] veth0_vlan: entered promiscuous mode
[   59.487672][ T5842] veth1_vlan: entered promiscuous mode
[   59.515520][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.529758][ T5847] veth0_vlan: entered promiscuous mode
[   59.537574][ T5842] veth0_macvtap: entered promiscuous mode
[   59.545158][ T5842] veth1_macvtap: entered promiscuous mode
[   59.551795][ T5847] veth1_vlan: entered promiscuous mode
[   59.589781][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.597525][ T5846] veth0_vlan: entered promiscuous mode
[   59.606103][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.619406][ T5874] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.625375][ T5846] veth1_vlan: entered promiscuous mode
[   59.633676][ T5847] veth0_macvtap: entered promiscuous mode
[   59.636985][ T5874] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.640983][ T5874] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.644230][ T5874] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.657347][ T5847] veth1_macvtap: entered promiscuous mode
[   59.704083][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.714583][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.715346][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.717510][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.732789][ T5846] veth0_macvtap: entered promiscuous mode
[   59.753215][ T5846] veth1_macvtap: entered promiscuous mode
[   59.758449][ T5873] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.762172][ T5873] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.765147][ T5873] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.769545][ T5873] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.777461][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.781417][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.783409][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.795422][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.803769][ T5874] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.806975][ T5874] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.819349][ T5874] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.822537][ T5874] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.835829][ T5842] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   59.902549][   T29] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.905242][   T29] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.941027][ T3589] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.944916][ T3589] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.947333][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.947345][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.983747][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.987032][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.084460][ T5915] syzkaller0: entered promiscuous mode
[   60.086567][ T5915] syzkaller0: entered allmulticast mode
[   60.164250][ T5924] loop2: detected capacity change from 0 to 512
[   60.180375][ T5924] =======================================================
[   60.180375][ T5924] WARNING: The mand mount option has been deprecated and
[   60.180375][ T5924]          and is ignored by this kernel. Remove the mand
[   60.180375][ T5924]          option from the mount to silence this warning.
[   60.180375][ T5924] =======================================================
[   60.209807][ T5924] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.3: iget: bad extended attribute block 1
[   60.216366][ T5924] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.3: couldn't read orphan inode 15 (err -117)
[   60.230707][ T5924] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   60.284075][ T5846] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   60.388501][ T5881] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   60.568007][ T5881] usb 2-1: Using ep0 maxpacket: 32
[   60.580519][ T5881] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[   60.583926][ T5881] usb 2-1: config 0 has no interface number 0
[   60.595581][ T5881] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[   60.600421][ T5881] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   60.603397][ T5881] usb 2-1: Product: syz
[   60.604874][ T5881] usb 2-1: Manufacturer: syz
[   60.606588][ T5881] usb 2-1: SerialNumber: syz
[   60.624668][ T5881] usb 2-1: config 0 descriptor??
[   60.629952][ T5881] smsc95xx v2.0.0
[   61.019244][ T5852] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   61.042331][ T5881] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[   61.046297][ T5881] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[   61.199277][ T5852] usb 3-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[   61.203092][ T5852] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   61.206987][ T5852] usb 3-1: Product: syz
[   61.214469][ T5852] usb 3-1: Manufacturer: syz
[   61.216518][ T5852] usb 3-1: SerialNumber: syz
[   61.221436][ T5852] usb 3-1: config 0 descriptor??
[   61.226646][ T5852] gspca_main: sunplus-2.14.0 probing 04fc:504a
[   61.327981][ T5848] Bluetooth: hci0: command tx timeout
[   61.328019][ T5845] Bluetooth: hci2: command tx timeout
[   61.409109][ T5845] Bluetooth: hci1: command tx timeout
[   61.438277][ T5852] gspca_sunplus: reg_r err -71
[   61.458018][ T5852] usb 3-1: USB disconnect, device number 2
[   62.462354][ T5881] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000038: -71
[   62.472226][ T5881] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71
[   62.477494][ T5881] usb 2-1: USB disconnect, device number 2
[   63.407868][ T5845] Bluetooth: hci0: command tx timeout
[   63.418344][ T5845] Bluetooth: hci2: command tx timeout
[   63.451110][ T5968] loop0: detected capacity change from 0 to 262144
[   63.457336][ T5968] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.26 (5968)
[   63.469895][ T5968] BTRFS info (device loop0): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[   63.473967][ T5968] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[   63.478654][ T5968] BTRFS info (device loop0): using free-space-tree
[   63.488444][ T5845] Bluetooth: hci1: command tx timeout
[   63.760181][ T3589] BTRFS warning (device loop0): checksum verify failed on logical 22036480 mirror 1 wanted 0x23e101be1e001a29 found 0x09049c5cc74d15fb level 0
[   63.769786][ T5968] BTRFS info (device loop0): read error corrected: ino 0 off 22036480 (dev /dev/loop0 sector 43040)
[   63.775858][ T5968] BTRFS info (device loop0): read error corrected: ino 0 off 22040576 (dev /dev/loop0 sector 43048)
[   63.831184][ T6016] binder: 6003:6016 ioctl c018620c 200000000380 returned -1
[   63.908461][ T5968] BTRFS info (device loop0): read error corrected: ino 0 off 22044672 (dev /dev/loop0 sector 43056)
[   63.916963][ T5968] BTRFS info (device loop0): read error corrected: ino 0 off 22048768 (dev /dev/loop0 sector 43064)
[   64.542292][ T5968] BTRFS error (device loop0): balance: invalid convert metadata profile single
[   64.645860][ T5847] BTRFS info (device loop0): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[   64.778337][ T5936] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   64.954295][ T5936] usb 2-1: config 0 interface 0 altsetting 60 endpoint 0xE has invalid maxpacket 1023, setting to 64
[   64.959345][ T5936] usb 2-1: config 0 interface 0 altsetting 60 endpoint 0xD has invalid maxpacket 14254, setting to 1024
[   64.963793][ T5936] usb 2-1: config 0 interface 0 altsetting 60 bulk endpoint 0xD has invalid maxpacket 1024
[   64.968323][ T5936] usb 2-1: config 0 interface 0 has no altsetting 0
[   64.973635][ T5936] usb 2-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=ae.ad
[   64.977360][ T5936] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   65.000273][ T5936] usb 2-1: config 0 descriptor??
[   65.009368][ T6021] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   65.255197][ T5936] usb 2-1: string descriptor 0 read error: -71
[   65.257488][ T5936] usb 2-1: ucan: probing device on interface #0
[   65.265768][ T5936] usb 2-1: ucan: invalid endpoint configuration
[   65.270865][ T5936] usb 2-1: ucan: probe failed; try to update the device firmware
[   65.279370][ T5936] usb 2-1: USB disconnect, device number 3
[   65.488345][ T5845] Bluetooth: hci2: command tx timeout
[   65.488497][ T5848] Bluetooth: hci0: command tx timeout
[   65.559268][ T6027] loop2: detected capacity change from 0 to 32768
[   65.568375][ T5848] Bluetooth: hci1: command tx timeout
[   65.597756][ T6027] JBD2: Ignoring recovery information on journal
[   65.621535][ T6027] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[   65.685144][ T5846] ocfs2: Unmounting device (7,2) on (node local)
[   66.002902][ T6058] overlayfs: upper fs does not support file handles, falling back to index=off.
[   66.009785][ T6058] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[   66.451500][ T1771] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   66.461078][ T6070] loop0: detected capacity change from 0 to 32768
[   66.550882][ T6070] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[   66.550902][ T6070]   allowing incompatible features above 0.0: (unknown version)
[   66.550907][ T6070]   features: 
[   66.570372][ T6070] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[   66.573610][ T6070] bcachefs (loop0): initializing new filesystem
[   66.589842][ T6070] bcachefs (loop0): going read-write
[   66.598399][ T1771] usb 2-1: Using ep0 maxpacket: 16
[   66.603056][ T6070] bcachefs (loop0): marking superblocks
[   66.610443][ T1771] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   66.614664][ T1771] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[   66.631962][ T1771] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   66.635697][ T1771] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   66.650896][ T6070] bcachefs (loop0): initializing freespace
[   66.651055][ T6097] Zero length message leads to an empty skb
[   66.656221][ T1771] usb 2-1: Product: syz
[   66.658630][ T1771] usb 2-1: Manufacturer: syz
[   66.660939][ T1771] usb 2-1: SerialNumber: syz
[   66.670359][ T6070] bcachefs (loop0): done initializing freespace
[   66.682214][ T6070] bcachefs (loop0): reading snapshots table
[   66.684483][ T6070] bcachefs (loop0): reading snapshots done
[   66.729754][ T6070] bcachefs (loop0): done starting filesystem
[   66.789841][ T6070] syz.0.62 (6070) used greatest stack depth: 16296 bytes left
[   66.795238][ T5847] bcachefs (loop0): shutting down
[   66.797056][ T5847] bcachefs (loop0): going read-only
[   66.800302][ T5847] bcachefs (loop0): finished waiting for writes to stop
[   66.804619][ T5847] bcachefs (loop0): flushing journal and stopping allocators, journal seq 3
[   66.831769][ T5847] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 4
[   66.836184][ T5847] bcachefs (loop0): clean shutdown complete, journal seq 5
[   66.839439][ T5847] bcachefs (loop0): marking filesystem clean
[   66.863267][ T5847] bcachefs (loop0): shutdown complete
[   66.882861][ T1771] usb 2-1: 0:2 : does not exist
[   66.908289][ T1771] usb 2-1: USB disconnect, device number 4
[   66.925026][ T5854] udevd[5854]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   66.938338][ T6100] loop2: detected capacity change from 0 to 32768
[   66.961035][ T6100] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   66.984277][ T6100] XFS (loop2): Ending clean mount
[   66.989605][ T6100] XFS (loop2): Quotacheck needed: Please wait.
[   67.007064][ T6100] XFS (loop2): Quotacheck: Done.
[   67.023784][ T5846] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   67.642619][ T6120] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   68.207814][ T5936] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   68.231942][ T6130] loop0: detected capacity change from 0 to 128
[   68.236872][ T6130] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[   68.244012][ T6130] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   68.357781][ T5936] usb 2-1: Using ep0 maxpacket: 16
[   68.364705][ T5936] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   68.374400][ T5936] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   68.379589][ T5936] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   68.385464][ T5936] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   68.391244][ T5936] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.396587][ T5936] usb 2-1: config 0 descriptor??
[   68.431405][ T6137] capability: warning: `syz.0.83' uses 32-bit capabilities (legacy support in use)
[   68.815150][ T5936] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   68.824050][ T5936] microsoft 0003:045E:07DA.0001: ignoring exceeding usage max
[   68.839997][ T5936] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   68.842881][ T5936] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   68.845700][ T5936] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   68.857793][ T5936] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   68.867926][ T5936] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   68.870673][ T5936] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   68.876989][ T5936] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   68.880248][ T5936] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   68.883009][ T5936] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   68.885824][ T5936] microsoft 0003:045E:07DA.0001: unsupported Resolution Multiplier 0
[   69.021124][ T5936] microsoft 0003:045E:07DA.0001: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[   69.025616][ T5936] microsoft 0003:045E:07DA.0001: no inputs found
[   69.037867][ T5936] microsoft 0003:045E:07DA.0001: could not initialize ff, continuing anyway
[   69.054469][ T5936] usb 2-1: USB disconnect, device number 5
[   69.092722][ T6167] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   69.100622][ T6167] netlink: 'syz.0.95': attribute type 12 has an invalid length.
[   69.103706][ T6167] netlink: 'syz.0.95': attribute type 29 has an invalid length.
[   69.106657][ T6167] netlink: 148 bytes leftover after parsing attributes in process `syz.0.95'.
[   69.112023][ T6167] netlink: 'syz.0.95': attribute type 2 has an invalid length.
[   69.117546][ T6167] netlink: 'syz.0.95': attribute type 3 has an invalid length.
[   69.198626][ T6159] loop2: detected capacity change from 0 to 32768
[   69.229050][ T6159] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   69.273319][ T6159] XFS (loop2): Ending clean mount
[   69.273365][ T6183] loop0: detected capacity change from 0 to 8
[   69.278736][ T6159] XFS (loop2): Quotacheck needed: Please wait.
[   69.289133][ T6183] SQUASHFS error: lzo decompression failed, data probably corrupt
[   69.294727][ T6183] SQUASHFS error: Failed to read block 0x28d: -5
[   69.302677][ T6183] SQUASHFS error: Unable to read metadata cache entry [28b]
[   69.306848][ T6159] XFS (loop2): Quotacheck: Done.
[   69.311583][ T6183] SQUASHFS error: Unable to read inode 0x11f
[   69.360061][ T5846] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   69.395883][ T6185] netfs: Couldn't get user pages (rc=-14)
[   69.712035][ T6202] netlink: 12 bytes leftover after parsing attributes in process `syz.0.107'.
[   69.856675][ T6208] loop1: detected capacity change from 0 to 128
[   69.861919][ T6208] affs: No valid root block on device loop1
[   69.902697][ T6210] nftables ruleset with unbound chain
[   70.025103][ T6201] loop2: detected capacity change from 0 to 32768
[   70.067263][ T6201] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[   70.122543][ T6201] (syz.2.108,6201,1):ocfs2_verify_group_and_input:428 ERROR: add a group which is in the current volume.
[   70.126986][ T6201] (syz.2.108,6201,1):ocfs2_group_add:511 ERROR: status = -22
[   70.181624][ T5846] ocfs2: Unmounting device (7,2) on (node local)
[   70.323602][ T6229] binder: 6228:6229 ioctl 40046210 0 returned -14
[   70.374703][ T6231] loop2: detected capacity change from 0 to 128
[   70.421702][ T6231] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   70.424117][ T6224] loop0: detected capacity change from 0 to 32768
[   70.427313][ T6231] ext4 filesystem being mounted at /49/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   70.529157][ T5846] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   70.964279][ T6247] loop2: detected capacity change from 0 to 32768
[   70.970494][ T6247] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.128 (6247)
[   70.982976][ T6247] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   70.986988][ T6247] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[   70.990820][ T6247] BTRFS info (device loop2): using free-space-tree
[   71.031848][ T6247] BTRFS info (device loop2): rebuilding free space tree
[   71.093186][ T1360] ieee802154 phy0 wpan0: encryption failed: -22
[   71.095266][ T1360] ieee802154 phy1 wpan1: encryption failed: -22
[   71.170494][ T6265] loop1: detected capacity change from 0 to 2048
[   71.204764][ T6266] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   71.223956][ T6265] NILFS error (device loop1): nilfs_lookup: deleted inode referenced: 12
[   71.229981][ T6265] Remounting filesystem read-only
[   71.497719][ T6265] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer
[   71.560880][ T5873] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared)
[   71.637058][ T5846] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   71.672373][ T6277] netlink: 1 bytes leftover after parsing attributes in process `syz.0.135'.
[   71.683207][ T6277] xt_policy: neither incoming nor outgoing policy selected
[   71.769260][ T6279] warning: `syz.0.136' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   72.122150][ T6285] loop2: detected capacity change from 0 to 4096
[   72.478535][ T6301] loop2: detected capacity change from 0 to 32768
[   72.481678][ T6301] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.144 (6301)
[   72.488104][ T6301] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   72.492660][ T6301] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[   72.495426][ T6301] BTRFS info (device loop2): disk space caching is enabled
[   72.498098][ T6301] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   72.516854][ T6301] BTRFS info (device loop2): rebuilding free space tree
[   72.524086][ T6301] BTRFS info (device loop2): disabling free space tree
[   72.526492][ T6301] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   72.531156][ T6301] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   72.560900][ T5846] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   72.740069][ T6329] capability: warning: `syz.0.149' uses deprecated v2 capabilities in a way that may be insecure
[   73.631492][ T6332] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[   73.667850][ T5848] Bluetooth: hci0: command tx timeout
[   73.682240][ T6359] netlink: 64138 bytes leftover after parsing attributes in process `syz.0.162'.
[   73.784280][ T6363] loop0: detected capacity change from 0 to 2048
[   73.799570][ T6363] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[   73.834890][ T6368] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   73.839855][ T6363] syz.0.164: attempt to access beyond end of device
[   73.839855][ T6363] loop0: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[   73.846371][ T6367] netlink: 28 bytes leftover after parsing attributes in process `syz.2.166'.
[   73.850805][ T6367] netlink: 28 bytes leftover after parsing attributes in process `syz.2.166'.
[   73.960260][ T6369] syz.0.164: attempt to access beyond end of device
[   73.960260][ T6369] loop0: rw=0, sector=33554430, nr_sectors = 2 limit=2048
[   73.982653][ T6369] NILFS (loop0): I/O error reading meta-data file (ino=6, block-offset=3)
[   73.986075][ T6369] NILFS (loop0): error -5 reading inode: ino=12
[   74.238346][ T5881] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   74.417761][ T5881] usb 3-1: Using ep0 maxpacket: 8
[   74.437060][ T5881] usb 3-1: unable to get BOS descriptor or descriptor too short
[   74.451013][ T5881] usb 3-1: config 1 interface 0 has no altsetting 0
[   74.479363][ T6378] fuse: Bad value for 'fd'
[   74.480517][ T5881] usb 3-1: New USB device found, idVendor=056a, idProduct=0027, bcdDevice= 0.40
[   74.484719][ T5881] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.491599][ T5881] usb 3-1: Product: syz
[   74.493584][ T5881] usb 3-1: Manufacturer: syz
[   74.496125][ T5881] usb 3-1: SerialNumber: syz
[   74.762300][ T5881] usbhid 3-1:1.0: can't add hid device: -71
[   74.764832][ T5881] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[   74.789269][ T5881] usb 3-1: USB disconnect, device number 3
[   74.815596][ T6386] netlink: 'syz.1.173': attribute type 9 has an invalid length.
[   75.252561][ T6390] loop0: detected capacity change from 0 to 512
[   75.270579][ T6390] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   75.274133][ T6390] EXT4-fs (loop0): blocks per group (34) and clusters per group (32768) inconsistent
[   75.336874][ T6392] loop2: detected capacity change from 0 to 128
[   75.362272][   T33] audit: type=1800 audit(1755488295.047:2): pid=6392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.176" name="file1" dev="loop2" ino=1048592 res=0 errno=0
[   75.391471][ T6392] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 52)
[   75.401778][ T6392] FAT-fs (loop2): Filesystem has been set read-only
[   75.538626][ T6398] netlink: 104 bytes leftover after parsing attributes in process `syz.2.178'.
[   75.548423][   T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   75.700022][   T24] usb 1-1: config 0 has an invalid interface number: 111 but max is 0
[   75.702999][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   75.706541][   T24] usb 1-1: config 0 has no interface number 0
[   75.709343][   T24] usb 1-1: too many endpoints for config 0 interface 111 altsetting 99: 44, using maximum allowed: 30
[   75.713912][   T24] usb 1-1: config 0 interface 111 altsetting 99 has 0 endpoint descriptors, different from the interface descriptor's value: 44
[   75.719643][   T24] usb 1-1: config 0 interface 111 has no altsetting 0
[   75.722466][   T24] usb 1-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53
[   75.726218][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   75.731943][   T24] usb 1-1: config 0 descriptor??
[   75.740006][   T24] usb 1-1: selecting invalid altsetting 0
[   75.939976][   T24] usb 1-1: USB disconnect, device number 2
[   76.230669][ T6413] IPVS: Error connecting to the multicast addr
[   76.353586][ T6419] vcan0: tx drop: invalid sa for name 0x0000000000000001
[   76.505305][ T6428] netlink: 27 bytes leftover after parsing attributes in process `syz.0.193'.
[   76.651966][ T6438] netlink: 28 bytes leftover after parsing attributes in process `syz.0.196'.
[   76.929043][ T6457] netlink: 28 bytes leftover after parsing attributes in process `syz.0.207'.
[   77.085973][ T6473] netlink: 20 bytes leftover after parsing attributes in process `syz.1.215'.
[   77.188202][   T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   77.263984][ T6485] syz.1.221 uses obsolete (PF_INET,SOCK_PACKET)
[   77.355457][ T6479] loop0: detected capacity change from 0 to 32768
[   77.362396][ T6479] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.218 (6479)
[   77.478036][   T24] usb 3-1: Using ep0 maxpacket: 16
[   77.486768][   T24] usb 3-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[   77.493008][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   77.496437][   T24] usb 3-1: Product: syz
[   77.498152][   T24] usb 3-1: Manufacturer: syz
[   77.499820][   T24] usb 3-1: SerialNumber: syz
[   77.505074][   T24] usb 3-1: config 0 descriptor??
[   77.514069][   T24] ums-onetouch 3-1:0.0: USB Mass Storage device detected
[   77.520895][ T6479] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   77.530172][ T6479] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[   77.534490][ T6479] BTRFS info (device loop0): disk space caching is enabled
[   77.537527][ T6479] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   77.804083][   T24] usb 3-1: USB disconnect, device number 4
[   77.851817][ T6479] BTRFS info (device loop0): rebuilding free space tree
[   77.866426][ T6479] BTRFS info (device loop0): disabling free space tree
[   77.872170][ T6479] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   77.879336][ T6479] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   78.197912][ T5847] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   78.812592][ T6547] loop2: detected capacity change from 0 to 2048
[   78.845336][ T6547] NILFS (loop2): ifile inode (checkpoint number=2) corrupted
[   78.852043][ T6547] NILFS (loop2): error -5 while loading last checkpoint (checkpoint number=2)
[   79.026002][ T6535] loop0: detected capacity change from 0 to 131072
[   79.030841][ T6535] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0)
[   79.033910][ T6535] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   79.039322][ T6535] F2FS-fs (loop0): invalid crc value
[   79.081788][ T6535] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   79.096645][ T6535] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   79.099520][ T6535] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[   79.115312][ T6535] F2FS-fs (loop0): Stopped filesystem due to reason: 0
[   79.233387][ T6569] loop2: detected capacity change from 0 to 512
[   79.255406][ T6569] EXT4-fs (loop2): invalid first ino: 0
[   79.562152][ T6577] comedi comedi3: 8255: I/O port conflict (0x5,4)
[   79.564316][ T6577] comedi comedi3: 8255: I/O port conflict (0x2,4)
[   79.574769][ T6577] comedi comedi3: 8255: I/O port conflict (0x1,4)
[   79.579002][ T6577] comedi comedi3: 8255: I/O port conflict (0x7fffffff,4)
[   79.581573][ T6577] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[   79.586297][ T6577] comedi comedi3: 8255: I/O port conflict (0x5,4)
[   79.590729][ T6577] comedi comedi3: 8255: I/O port conflict (0x3ff,4)
[   79.593244][ T6577] comedi comedi3: 8255: I/O port conflict (0x2,4)
[   79.595927][ T6577] comedi comedi3: 8255: I/O port conflict (0x1,4)
[   79.600267][ T6565] process 'syz.1.244' launched './file0' with NULL argv: empty string added
[   79.604806][ T6577] comedi comedi3: 8255: I/O port conflict (0x1,4)
[   79.607285][ T6577] comedi comedi3: 8255: I/O port conflict (0x9,4)
[   79.815168][ T6586] vlan0: entered promiscuous mode
[   80.600064][ T6602] netlink: 'syz.1.259': attribute type 6 has an invalid length.
[   80.747475][ T6604] can: request_module (can-proto-0) failed.
[   81.018966][ T5848] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[   81.021663][ T5848] Bluetooth: hci0: Injecting HCI hardware error event
[   81.025003][ T5848] Bluetooth: hci0: hardware error 0x00
[   81.068616][ T6615] netlink: 8 bytes leftover after parsing attributes in process `syz.0.265'.
[   81.072274][ T6615] netlink: 1360 bytes leftover after parsing attributes in process `syz.0.265'.
[   81.543683][  T123] cfg80211: failed to load regulatory.db
[   81.666553][ T6636] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.139962][   T33] audit: type=1326 audit(1755488301.817:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6658 comm="syz.0.284" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[   82.162498][   T33] audit: type=1326 audit(1755488301.827:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6658 comm="syz.0.284" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[   82.171718][   T33] audit: type=1326 audit(1755488301.827:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6658 comm="syz.0.284" exe="/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[   82.186092][   T33] audit: type=1326 audit(1755488301.827:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6658 comm="syz.0.284" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[   82.202517][   T33] audit: type=1326 audit(1755488301.827:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6658 comm="syz.0.284" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[   82.847306][ T6668] loop0: detected capacity change from 0 to 32768
[   82.854549][ T6668] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.288 (6668)
[   82.873807][ T6668] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   82.881323][ T6668] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[   82.882882][ T6674] netdevsim0: mtu less than device minimum
[   82.931400][ T6668] BTRFS info (device loop0): rebuilding free space tree
[   82.944142][ T6668] BTRFS info (device loop0): disabling free space tree
[   82.952534][ T6668] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   82.958738][ T6668] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   82.987910][ T5847] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   83.088037][ T5848] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[   83.417870][ T1771] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   83.520319][ T6702] tipc: Started in network mode
[   83.522070][ T6702] tipc: Node identity aec270873d66, cluster identity 4711
[   83.524963][ T6702] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   83.531969][ T6704] IPv6: sit1: Disabled Multicast RS
[   83.552597][ T6702] syzkaller0: entered promiscuous mode
[   83.554369][ T6702] syzkaller0: entered allmulticast mode
[   83.556711][ T6702] tipc: Resetting bearer <eth:syzkaller0>
[   83.571080][ T6701] tipc: Resetting bearer <eth:syzkaller0>
[   83.589574][ T1771] usb 3-1: config 7 descriptor has 1 excess byte, ignoring
[   83.591873][ T1771] usb 3-1: config 7 has 1 interface, different from the descriptor's value: 2
[   83.596654][ T1771] usb 3-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 7.84
[   83.599719][ T1771] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.604031][ T1771] usb 3-1: Product: syz
[   83.605357][ T1771] usb 3-1: Manufacturer: syz
[   83.606964][ T1771] usb 3-1: SerialNumber: syz
[   83.634212][ T1771] rndis_host 3-1:7.0: skipping garbage
[   83.636303][ T1771] usb 3-1: bad CDC descriptors
[   83.651295][ T1771] option 3-1:7.0: GSM modem (1-port) converter detected
[   83.839987][ T5936] usb 3-1: USB disconnect, device number 5
[   83.842780][ T5936] option 3-1:7.0: device disconnected
[   84.518870][ T6701] tipc: Disabling bearer <eth:syzkaller0>
[   85.447154][ T6774] tipc: Started in network mode
[   85.455077][ T6774] tipc: Node identity 4a1e335da518, cluster identity 4711
[   85.462315][ T6774] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   85.470339][ T6774] syzkaller0: entered promiscuous mode
[   85.476132][ T6774] syzkaller0: entered allmulticast mode
[   85.507942][ T6774] tipc: Resetting bearer <eth:syzkaller0>
[   85.513335][ T6773] tipc: Resetting bearer <eth:syzkaller0>
[   85.526134][ T6773] tipc: Disabling bearer <eth:syzkaller0>
[   85.641332][ T6779] netlink: 24 bytes leftover after parsing attributes in process `syz.1.331'.
[   85.653655][ T6779] netlink: 24 bytes leftover after parsing attributes in process `syz.1.331'.
[   86.014838][    T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   86.189116][    T9] usb 3-1: New USB device found, idVendor=093a, idProduct=050f, bcdDevice=c2.b7
[   86.337734][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   86.342948][    T9] usb 3-1: config 0 descriptor??
[   86.347100][    T9] gspca_main: mars-2.14.0 probing 093a:050f
[   86.554532][ T5881] usb 3-1: USB disconnect, device number 6
[   86.899588][ T6822] netlink: 72 bytes leftover after parsing attributes in process `syz.1.351'.
[   86.964275][ T6826] netlink: 'syz.1.353': attribute type 2 has an invalid length.
[   86.972033][ T6826] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   87.435999][ T6865] loop2: detected capacity change from 0 to 16
[   87.459361][ T6865] erofs (device loop2): mounted with root inode @ nid 36.
[   87.491692][ T6865] erofs (device loop2): xattr_isize 12 of nid 46 is not supported yet
[   87.545457][ T6872] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized
[   87.589558][ T6876] loop2: detected capacity change from 0 to 512
[   87.592391][ T6876] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   87.647415][ T6876] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   87.653852][ T6876] ext4 filesystem being mounted at /128/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   87.687146][ T6886] loop0: detected capacity change from 0 to 512
[   87.702010][ T6886] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   87.709359][ T6886] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities
[   87.742165][ T5846] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.792819][ T6890] loop2: detected capacity change from 0 to 1024
[   87.811139][ T6890] hfsplus: request for non-existent node 3 in B*Tree
[   87.815458][ T6894] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.382'.
[   87.816913][ T6890] hfsplus: request for non-existent node 3 in B*Tree
[   87.915937][ T6901] Bluetooth: MGMT ver 1.23
[   87.962358][ T6904] netlink: 8 bytes leftover after parsing attributes in process `syz.1.388'.
[   88.189675][ T5936] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   88.294466][ T6932] loop0: detected capacity change from 0 to 512
[   88.323864][ T6932] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   88.329605][ T6932] ext4 filesystem being mounted at /121/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   88.348162][ T5936] usb 3-1: Using ep0 maxpacket: 32
[   88.352171][ T5936] usb 3-1: unable to get BOS descriptor or descriptor too short
[   88.361005][ T5936] usb 3-1: config 0 has an invalid interface number: 223 but max is 0
[   88.363808][ T5936] usb 3-1: config 0 has no interface number 0
[   88.366205][ T5936] usb 3-1: config 0 interface 223 altsetting 2 endpoint 0xF has invalid maxpacket 1023, setting to 64
[   88.371682][ T5936] usb 3-1: config 0 interface 223 altsetting 2 endpoint 0x4 has invalid maxpacket 1024, setting to 64
[   88.374050][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.375504][ T5936] usb 3-1: config 0 interface 223 has no altsetting 0
[   88.401532][ T5936] usb 3-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=86.21
[   88.404947][ T5936] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   88.417223][ T5936] usb 3-1: Product: syz
[   88.418999][ T5936] usb 3-1: Manufacturer: syz
[   88.420511][ T5936] usb 3-1: SerialNumber: syz
[   88.429860][ T5936] usb 3-1: config 0 descriptor??
[   88.451483][ T5936] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[   88.536402][ T5947] udevd[5947]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.223/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   88.613637][ T6948] netlink: 4 bytes leftover after parsing attributes in process `syz.1.408'.
[   88.654450][ T5936] usb 3-1: USB disconnect, device number 7
[   88.704040][ T6955] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   89.388641][ T6990] loop2: detected capacity change from 0 to 256
[   89.402150][ T6990] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011f41, chksum : 0x31e44978, utbl_chksum : 0xe619d30d)
[   89.497871][ T5936] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   89.565004][ T7000] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[   89.568229][ T7000] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[   89.571160][ T7000] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[   89.574355][ T7000] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[   89.577285][ T7000] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[   89.580329][ T7000] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[   89.583243][ T7000] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[   89.586347][ T7000] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[   89.589236][ T7000] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[   89.667791][ T5936] usb 1-1: Using ep0 maxpacket: 8
[   89.678437][ T5936] usb 1-1: config 0 has an invalid interface number: 124 but max is 0
[   89.681044][ T5936] usb 1-1: config 0 has no interface number 0
[   89.688922][ T5936] usb 1-1: New USB device found, idVendor=0a5c, idProduct=2033, bcdDevice=72.01
[   89.692041][ T5936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.694785][ T5936] usb 1-1: Product: syz
[   89.696142][ T5936] usb 1-1: Manufacturer: syz
[   89.708564][ T7002] loop2: detected capacity change from 0 to 32768
[   89.711464][ T5936] usb 1-1: SerialNumber: syz
[   89.715921][ T7002] bcachefs (/dev/loop2): error validating superblock: Invalid superblock section journal_v2: journal buckets entry with bad nr: 524297+0
[   89.715921][ T7002] journal_v2 (size 40):
[   89.715921][ T7002] Buckets:  524297-524297 24-25
[   89.715921][ T7002] 
[   89.726087][ T7002] bcachefs: bch2_fs_get_tree() error: invalid_sb_journal
[   89.731576][ T5936] usb 1-1: config 0 descriptor??
[   89.943927][ T5881] usb 1-1: USB disconnect, device number 3
[   90.477558][ T7028] loop0: detected capacity change from 0 to 256
[   90.482675][ T7028] exFAT-fs (loop0): Invalid exboot-signature(sector = 2): 0x1119abd0
[   90.485688][ T7028] exFAT-fs (loop0): Invalid exboot-signature(sector = 5): 0x1119abd0
[   90.489161][ T7028] exFAT-fs (loop0): Invalid exboot-signature(sector = 6): 0x00000000
[   90.491877][ T7028] exFAT-fs (loop0): Invalid exboot-signature(sector = 7): 0x00000000
[   90.495158][ T7028] exFAT-fs (loop0): Invalid exboot-signature(sector = 8): 0x00000000
[   90.498804][ T7028] exFAT-fs (loop0): Invalid boot checksum (boot checksum : 0x00000000, checksum : 0x13a8bc6e)
[   90.502048][ T7028] exFAT-fs (loop0): invalid boot region
[   90.503780][ T7028] exFAT-fs (loop0): failed to recognize exfat type
[   90.582670][ T7034] loop0: detected capacity change from 0 to 8
[   90.591915][ T7034] SQUASHFS error: xz decompression failed, data probably corrupt
[   90.594708][ T7034] SQUASHFS error: Failed to read block 0x108: -5
[   90.596853][ T7034] SQUASHFS error: Unable to read metadata cache entry [106]
[   90.599695][ T7034] SQUASHFS error: Unable to read inode 0x11f
[   90.692560][ T7040] loop0: detected capacity change from 0 to 512
[   90.700098][ T7040] EXT4-fs: Ignoring removed orlov option
[   90.716446][ T7040] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   90.724331][ T7040] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[   90.732469][ T7040] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz.0.452: corrupted in-inode xattr: e_value size too large
[   90.740033][ T7040] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.452: couldn't read orphan inode 15 (err -117)
[   90.747495][ T7040] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   90.824993][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   91.039898][ T5936] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[   91.190639][ T5936] usb 3-1: config 1 interface 0 altsetting 165 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   91.197256][ T5936] usb 3-1: config 1 interface 0 has no altsetting 0
[   91.205401][ T5936] usb 3-1: New USB device found, idVendor=18d1, idProduct=503c, bcdDevice= 0.40
[   91.210069][ T5936] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.213359][ T5936] usb 3-1: Product: syz
[   91.215152][ T5936] usb 3-1: Manufacturer: syz
[   91.217146][ T5936] usb 3-1: SerialNumber: syz
[   91.259341][ T7062] netlink: 'syz.1.462': attribute type 10 has an invalid length.
[   91.262240][ T7062] netlink: 40 bytes leftover after parsing attributes in process `syz.1.462'.
[   91.267153][ T7062] batman_adv: batadv0: Adding interface: vlan1
[   91.270063][ T7062] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.281878][ T7062] batman_adv: batadv0: Interface activated: vlan1
[   91.449284][ T5936] usbhid 3-1:1.0: can't add hid device: -71
[   91.452048][ T5936] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[   91.463778][ T5936] usb 3-1: USB disconnect, device number 8
[   91.671984][   T33] audit: type=1326 audit(1755488311.357:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7067 comm="syz.1.465" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43cf8ebe9 code=0x7ffc0000
[   91.680892][   T33] audit: type=1326 audit(1755488311.357:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7067 comm="syz.1.465" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43cf8ebe9 code=0x7ffc0000
[   91.687632][   T33] audit: type=1326 audit(1755488311.367:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7067 comm="syz.1.465" exe="/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7fa43cf8ebe9 code=0x7ffc0000
[   91.695068][   T33] audit: type=1326 audit(1755488311.367:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7067 comm="syz.1.465" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43cf8ebe9 code=0x7ffc0000
[   91.705234][   T33] audit: type=1326 audit(1755488311.367:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7067 comm="syz.1.465" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa43cf8ebe9 code=0x7ffc0000
[   91.871135][ T7084] netlink: 6 bytes leftover after parsing attributes in process `syz.0.473'.
[   91.883610][ T7084] loop0: detected capacity change from 0 to 512
[   91.909403][ T7084] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   91.918718][ T7084] ext4 filesystem being mounted at /151/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   91.949585][ T5847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.025430][ T7089] ip6tnl1: entered promiscuous mode
[   92.136949][ T7098] loop2: detected capacity change from 0 to 128
[   92.142237][ T7098] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[   92.157297][ T7098] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   92.564797][ T7108] netlink: 8 bytes leftover after parsing attributes in process `syz.2.482'.
[   92.573479][ T7108] netlink: 8 bytes leftover after parsing attributes in process `syz.2.482'.
[   92.583480][ T7108] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[   92.591607][ T7108] ip6gretap1: entered allmulticast mode
[   92.877865][ T5881] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[   93.031391][ T5881] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   93.035585][ T5881] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   93.045496][ T5881] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   93.057764][ T5881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.068935][ T5881] usb 3-1: config 0 descriptor??
[   93.108227][ T7142] netlink: 4 bytes leftover after parsing attributes in process `syz.0.499'.
[   93.387249][ T7155] syz.1.505 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   93.404671][ T7146] loop0: detected capacity change from 0 to 40427
[   93.437301][ T7146] F2FS-fs (loop0): invalid crc value
[   93.504347][ T7146] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   93.511164][ T7146] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[   93.553478][ T5847] syz-executor: attempt to access beyond end of device
[   93.553478][ T5847] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   93.562665][ T5847] CPU: 1 UID: 0 PID: 5847 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[   93.562686][ T5847] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   93.562694][ T5847] Call Trace:
[   93.562700][ T5847]  <TASK>
[   93.562736][ T5847]  dump_stack_lvl+0x189/0x250
[   93.562761][ T5847]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.562776][ T5847]  ? __pfx_queue_work_on+0x10/0x10
[   93.562788][ T5847]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   93.562803][ T5847]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   93.562829][ T5847]  f2fs_handle_critical_error+0x37c/0x540
[   93.562853][ T5847]  f2fs_write_end_io+0x886/0xb60
[   93.562880][ T5847]  __submit_merged_bio+0x27a/0x6a0
[   93.562903][ T5847]  __submit_merged_write_cond+0x255/0x530
[   93.562926][ T5847]  f2fs_write_data_pages+0x261d/0x3000
[   93.562974][ T5847]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   93.563054][ T5847]  ? __lock_acquire+0xab9/0xd20
[   93.563079][ T5847]  ? do_raw_spin_lock+0x121/0x290
[   93.563103][ T5847]  ? do_raw_spin_unlock+0x4d/0x240
[   93.563118][ T5847]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   93.563138][ T5847]  do_writepages+0x32e/0x550
[   93.563164][ T5847]  ? do_raw_spin_unlock+0x4d/0x240
[   93.563183][ T5847]  filemap_fdatawrite+0x199/0x240
[   93.563199][ T5847]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   93.563257][ T5847]  ? do_raw_spin_unlock+0x4d/0x240
[   93.563275][ T5847]  f2fs_sync_dirty_inodes+0x31f/0x830
[   93.563301][ T5847]  f2fs_write_checkpoint+0x95a/0x1df0
[   93.563335][ T5847]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   93.563389][ T5847]  ? kill_f2fs_super+0x298/0x6c0
[   93.563406][ T5847]  kill_f2fs_super+0x2c3/0x6c0
[   93.563424][ T5847]  ? __pfx_kill_f2fs_super+0x10/0x10
[   93.563434][ T5847]  ? radix_tree_delete_item+0x2b6/0x400
[   93.563456][ T5847]  ? shrinker_free+0x2ce/0x3e0
[   93.563473][ T5847]  deactivate_locked_super+0xbc/0x130
[   93.563487][ T5847]  cleanup_mnt+0x425/0x4c0
[   93.563501][ T5847]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.563518][ T5847]  task_work_run+0x1d4/0x260
[   93.563535][ T5847]  ? __pfx_task_work_run+0x10/0x10
[   93.563555][ T5847]  ? __x64_sys_umount+0x122/0x160
[   93.563575][ T5847]  ? exit_to_user_mode_loop+0x40/0x110
[   93.563595][ T5847]  exit_to_user_mode_loop+0xec/0x110
[   93.563613][ T5847]  do_syscall_64+0x2bd/0x3b0
[   93.563629][ T5847]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.563643][ T5847]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.563654][ T5847]  ? exc_page_fault+0x9f/0xf0
[   93.563670][ T5847]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.563681][ T5847] RIP: 0033:0x7fd96a78ff17
[   93.563693][ T5847] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   93.563703][ T5847] RSP: 002b:00007ffedd84af98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   93.563745][ T5847] RAX: 0000000000000000 RBX: 00007fd96a811c05 RCX: 00007fd96a78ff17
[   93.563753][ T5847] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffedd84b050
[   93.563760][ T5847] RBP: 00007ffedd84b050 R08: 0000000000000000 R09: 0000000000000000
[   93.563768][ T5847] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffedd84c0e0
[   93.563776][ T5847] R13: 00007fd96a811c05 R14: 0000000000016cda R15: 00007ffedd84c120
[   93.563798][ T5847]  </TASK>
[   93.563804][ T5847] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   94.159022][   T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   94.298148][ T5881] uclogic 0003:256C:006D.0002: failed retrieving string descriptor #100: -71
[   94.301610][ T5881] uclogic 0003:256C:006D.0002: failed retrieving pen parameters: -71
[   94.304647][ T5881] uclogic 0003:256C:006D.0002: failed probing pen v1 parameters: -71
[   94.307615][ T5881] uclogic 0003:256C:006D.0002: failed probing parameters: -71
[   94.310499][ T5881] uclogic 0003:256C:006D.0002: probe with driver uclogic failed with error -71
[   94.316051][ T5881] usb 3-1: USB disconnect, device number 9
[   94.318412][   T10] usb 1-1: Using ep0 maxpacket: 32
[   94.322872][   T10] usb 1-1: config 0 interface 0 altsetting 7 endpoint 0x81 has invalid wMaxPacketSize 0
[   94.326570][   T10] usb 1-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 10
[   94.333435][   T10] usb 1-1: config 0 interface 0 has no altsetting 0
[   94.336459][   T10] usb 1-1: New USB device found, idVendor=20bc, idProduct=5500, bcdDevice= 0.00
[   94.341324][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.346140][   T10] usb 1-1: config 0 descriptor??
[   94.756678][   T10] betop 0003:20BC:5500.0003: unbalanced collection at end of report description
[   94.760808][   T10] betop 0003:20BC:5500.0003: parse failed
[   94.763096][   T10] betop 0003:20BC:5500.0003: probe with driver betop failed with error -22
[   94.844028][ T7177] loop2: detected capacity change from 0 to 2048
[   94.856037][ T7177] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   94.968844][ T5936] usb 1-1: USB disconnect, device number 4
[   95.237132][ T5848] Bluetooth: hci1: unexpected event 0x3e length: 283 > 260
[   95.237150][ T5848] Bluetooth: hci1: unexpected subevent 0x0d length: 282 > 260
[   95.245505][ T5848] Bluetooth: hci1: adv larger than maximum supported
[   95.245536][ T5848] Bluetooth: hci1: adv larger than maximum supported
[   95.464381][ T7206] loop2: detected capacity change from 0 to 2048
[   95.470016][ T7206] EXT4-fs: Ignoring removed nomblk_io_submit option
[   95.490330][ T7206] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   95.552452][ T5846] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.085724][ T7237] netlink: 'syz.1.538': attribute type 7 has an invalid length.
[   96.097992][ T7237] netlink: 'syz.1.538': attribute type 8 has an invalid length.
[   96.399748][ T7245] loop0: detected capacity change from 0 to 128
[   96.410643][ T7245] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535)
[   96.421651][ T7245] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none.
[   96.429239][ T7245] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:375: inode #11: comm syz.0.541: No space for directory leaf checksum. Please run e2fsck -D.
[   96.434982][ T7245] EXT4-fs error (device loop0): __ext4_find_entry:1626: inode #11: comm syz.0.541: checksumming directory block 0
[   96.450706][ T5847] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   96.628703][ T7257] loop2: detected capacity change from 0 to 8
[   96.663898][ T7257] SQUASHFS error: Failed to read block 0x636: -5
[   96.666718][ T7257] SQUASHFS error: Unable to read metadata cache entry [634]
[   96.684823][ T7257] SQUASHFS error: Unable to read metadata cache entry [634]
[   96.689299][ T7257] SQUASHFS error: Unable to read directory block [634:0]
[   96.783008][ T7264] loop2: detected capacity change from 0 to 1024
[   96.807856][ T7264] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.863137][ T5846] EXT4-fs warning (device loop2): empty_inline_dir:1749: bad inline directory (dir #12) - no `..'
[   96.868354][ T5846] EXT4-fs warning (device loop2): empty_inline_dir:1749: bad inline directory (dir #12) - no `..'
[   96.873589][ T5846] EXT4-fs warning (device loop2): empty_inline_dir:1749: bad inline directory (dir #12) - no `..'
[   96.879137][ T5846] EXT4-fs warning (device loop2): empty_inline_dir:1749: bad inline directory (dir #12) - no `..'
[   96.883573][ T5846] EXT4-fs warning (device loop2): empty_inline_dir:1749: bad inline directory (dir #12) - no `..'
[   96.888221][ T5846] EXT4-fs warning (device loop2): empty_inline_dir:1749: bad inline directory (dir #12) - no `..'
[   96.892018][ T5846] EXT4-fs warning (device loop2): empty_inline_dir:1749: bad inline directory (dir #12) - no `..'
[   96.896777][ T5846] EXT4-fs warning (device loop2): empty_inline_dir:1749: bad inline directory (dir #12) - no `..'
[   96.902065][ T5846] EXT4-fs warning (device loop2): empty_inline_dir:1749: bad inline directory (dir #12) - no `..'
[   96.906141][ T5846] EXT4-fs warning (device loop2): empty_inline_dir:1749: bad inline directory (dir #12) - no `..'
[   97.107610][ T5846] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.155092][ T5873] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.269517][ T5873] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.399722][ T5873] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.482176][ T5873] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.713584][ T5873] bridge_slave_1: left allmulticast mode
[   97.716123][ T5873] bridge_slave_1: left promiscuous mode
[   97.725088][ T5873] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.782405][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   97.787330][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   97.792318][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   97.796410][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   97.800414][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   97.805789][ T5873] bridge_slave_0: left allmulticast mode
[   97.822657][ T5873] bridge_slave_0: left promiscuous mode
[   97.825440][ T5873] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.733142][ T7291] loop0: detected capacity change from 0 to 32768
[   98.746742][ T7291] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.560 (7291)
[   98.753947][ T7291] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   98.759787][ T7291] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[   98.762936][ T7291] BTRFS info (device loop0): using free-space-tree
[   98.924880][ T5847] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   99.080133][ T5873] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   99.109421][ T5873] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   99.115548][ T5873] bond0 (unregistering): Released all slaves
[   99.350580][ T5873] tipc: Left network mode
[   99.573691][   T33] audit: type=1326 audit(1755488319.257:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7336 comm="syz.0.570" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[   99.595518][   T33] audit: type=1326 audit(1755488319.257:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7336 comm="syz.0.570" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[   99.595551][ T7338] mmap: syz.0.570 (7338) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   99.603725][   T33] audit: type=1326 audit(1755488319.257:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7336 comm="syz.0.570" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[   99.618940][   T33] audit: type=1326 audit(1755488319.257:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7336 comm="syz.0.570" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[   99.629335][   T33] audit: type=1326 audit(1755488319.257:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7336 comm="syz.0.570" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[   99.637996][   T33] audit: type=1326 audit(1755488319.277:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7336 comm="syz.0.570" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[   99.638028][   T33] audit: type=1326 audit(1755488319.277:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7336 comm="syz.0.570" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[   99.638057][   T33] audit: type=1326 audit(1755488319.277:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7336 comm="syz.0.570" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[   99.686375][   T33] audit: type=1326 audit(1755488319.277:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7336 comm="syz.0.570" exe="/syz-executor" sig=0 arch=c000003e syscall=216 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[   99.696252][   T33] audit: type=1326 audit(1755488319.327:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7336 comm="syz.0.570" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[   99.822138][ T7280] chnl_net:caif_netlink_parms(): no params data found
[   99.888566][ T5845] Bluetooth: hci1: command tx timeout
[   99.988410][ T7352] netlink: 16 bytes leftover after parsing attributes in process `syz.1.575'.
[  100.006767][ T5873] hsr_slave_0: left promiscuous mode
[  100.009917][ T5873] hsr_slave_1: left promiscuous mode
[  100.014407][ T5873] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  100.018264][ T5873] batman_adv: batadv0: Removing interface: batadv_slave_0
[  100.024694][ T5873] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  100.035398][ T5873] batman_adv: batadv0: Removing interface: batadv_slave_1
[  100.081034][ T5873] veth1_macvtap: left promiscuous mode
[  100.083366][ T5873] veth0_macvtap: left promiscuous mode
[  100.085582][ T5873] veth1_vlan: left promiscuous mode
[  100.088717][ T5873] veth0_vlan: left promiscuous mode
[  100.537249][ T5873] team0 (unregistering): Port device team_slave_1 removed
[  100.570677][ T5873] team0 (unregistering): Port device team_slave_0 removed
[  100.971872][ T7352] netlink: 16 bytes leftover after parsing attributes in process `syz.1.575'.
[  101.170793][ T7280] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.173575][ T7280] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.176282][ T7280] bridge_slave_0: entered allmulticast mode
[  101.183416][ T7280] bridge_slave_0: entered promiscuous mode
[  101.190588][ T7280] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.193084][ T7280] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.201428][ T7280] bridge_slave_1: entered allmulticast mode
[  101.206603][ T7280] bridge_slave_1: entered promiscuous mode
[  101.278388][ T7280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.292504][ T7280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.370413][ T7280] team0: Port device team_slave_0 added
[  101.375228][ T7280] team0: Port device team_slave_1 added
[  101.455208][ T7280] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.460833][ T7280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.472154][ T7280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.483767][ T7280] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.486917][ T7280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.502127][ T7280] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.633430][ T7280] hsr_slave_0: entered promiscuous mode
[  101.636647][ T7280] hsr_slave_1: entered promiscuous mode
[  101.642998][ T7280] debugfs: 'hsr0' already exists in 'hsr'
[  101.645504][ T7280] Cannot create hsr debugfs directory
[  101.968130][ T5845] Bluetooth: hci1: command tx timeout
[  102.164881][ T7280] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  102.176724][ T7280] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  102.192937][ T7280] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  102.213601][ T7280] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  102.264889][ T7394] loop0: detected capacity change from 0 to 128
[  102.291221][ T7394] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  102.313774][ T7394] ext4 filesystem being mounted at /184/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  102.364112][ T5847] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  102.435305][ T7280] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.464693][ T7280] 8021q: adding VLAN 0 to HW filter on device team0
[  102.471467][   T64] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.474084][   T64] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.503319][   T64] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.505767][   T64] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.541526][ T7280] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  102.765525][ T7280] 8021q: adding VLAN 0 to HW filter on device batadv0
[  102.821963][ T7280] veth0_vlan: entered promiscuous mode
[  102.836353][ T7280] veth1_vlan: entered promiscuous mode
[  102.882585][ T7280] veth0_macvtap: entered promiscuous mode
[  103.099345][ T7280] veth1_macvtap: entered promiscuous mode
[  103.121805][ T7280] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.127069][ T7280] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.133061][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.146479][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.150761][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.153510][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.246639][ T6015] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.255154][ T6015] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.274874][ T3589] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.282941][ T3589] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.396677][ T7447] syz.3.594 (7447): /proc/7446/oom_adj is deprecated, please use /proc/7446/oom_score_adj instead.
[  104.049870][ T5845] Bluetooth: hci1: command tx timeout
[  104.662791][ T7462] loop0: detected capacity change from 0 to 262144
[  104.666539][ T7462] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.596 (7462)
[  104.692129][ T7462] BTRFS info (device loop0): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  104.696309][ T7462] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[  104.700259][ T7462] BTRFS info (device loop0): using free-space-tree
[  104.928120][ T7462] BTRFS info (device loop0): balance: start -d -mprofiles= -sprofiles=
[  104.935868][ T7462] BTRFS info (device loop0): relocating block group 22020096 flags system|dup
[  104.960003][ T7462] BTRFS info (device loop0): relocating block group 13631488 flags data
[  105.000747][ T7462] BTRFS info (device loop0): found 1 extents, stage: move data extents
[  105.020392][ T7462] BTRFS info (device loop0): found 1 extents, stage: update data pointers
[  105.033648][ T7462] BTRFS info (device loop0): balance: ended with status: 0
[  105.131144][ T5847] BTRFS info (device loop0): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  105.640796][ T7515] loop3: detected capacity change from 0 to 32768
[  105.696511][ T7515] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  105.714029][ T7515] XFS (loop3): Ending clean mount
[  105.717078][ T7515] XFS (loop3): Quotacheck needed: Please wait.
[  105.728882][ T7515] XFS (loop3): Quotacheck: Done.
[  105.812891][ T7280] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  106.083255][ T7537] loop0: detected capacity change from 0 to 32768
[  106.102531][ T7537] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  106.127860][ T5845] Bluetooth: hci1: command tx timeout
[  106.134020][ T7537] XFS (loop0): Ending clean mount
[  106.139603][ T7537] XFS (loop0): Quotacheck needed: Please wait.
[  106.152970][ T7537] XFS (loop0): Quotacheck: Done.
[  106.185079][ T7555] loop3: detected capacity change from 0 to 128
[  106.192609][ T5847] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  106.214686][ T7555] FAT-fs (loop3): Directory bread(block 32) failed
[  106.218335][ T7555] FAT-fs (loop3): Directory bread(block 33) failed
[  106.223480][ T7555] FAT-fs (loop3): Directory bread(block 34) failed
[  106.227129][ T7555] FAT-fs (loop3): Directory bread(block 35) failed
[  106.232012][ T7555] FAT-fs (loop3): Directory bread(block 36) failed
[  106.241457][ T7555] FAT-fs (loop3): Directory bread(block 37) failed
[  106.250689][ T7555] FAT-fs (loop3): Directory bread(block 38) failed
[  106.253337][ T7555] FAT-fs (loop3): Directory bread(block 39) failed
[  106.255944][ T7555] FAT-fs (loop3): Directory bread(block 40) failed
[  106.259611][ T7555] FAT-fs (loop3): Directory bread(block 41) failed
[  106.417246][ T7561] loop0: detected capacity change from 0 to 16
[  106.425395][ T7561] erofs (device loop0): mounted with root inode @ nid 36.
[  106.532019][ T7571] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  106.534899][ T7571] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  106.737804][ T5936] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  106.897914][ T5936] usb 4-1: Using ep0 maxpacket: 16
[  106.915611][ T5936] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  106.923997][ T5936] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.933534][ T5936] usb 4-1: Product: syz
[  106.938863][ T5936] usb 4-1: Manufacturer: syz
[  106.945098][ T5936] usb 4-1: SerialNumber: syz
[  107.007373][ T5936] r8152-cfgselector 4-1: Unknown version 0x0000
[  107.016531][ T5936] r8152-cfgselector 4-1: config 0 descriptor??
[  107.241953][ T5936] r8152-cfgselector 4-1: Needed 2 retries to read version
[  107.244811][ T5936] r8152-cfgselector 4-1: Unknown version 0x0000
[  107.249018][ T5936] r8152-cfgselector 4-1: bad CDC descriptors
[  107.446171][   T10] r8152-cfgselector 4-1: USB disconnect, device number 2
[  109.878984][ T7661] input: syz0 as /devices/virtual/input/input4
[  110.014206][ T7674] loop0: detected capacity change from 0 to 1024
[  110.051835][ T7677] overlayfs: failed to clone upperpath
[  110.093160][ T7681] netlink: 40 bytes leftover after parsing attributes in process `syz.1.663'.
[  110.135096][   T40] hfsplus: b-tree write err: -5, ino 8
[  110.137804][ T7599] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  110.141154][ T7599] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  110.274956][ T7692] netlink: 4 bytes leftover after parsing attributes in process `syz.0.667'.
[  110.407311][ T7701] netlink: 296 bytes leftover after parsing attributes in process `syz.0.671'.
[  110.451971][ T7703] overlayfs: failed to clone upperpath
[  110.811265][ T7711] netlink: 24 bytes leftover after parsing attributes in process `syz.0.675'.
[  110.837195][ T7713] netlink: 'syz.0.676': attribute type 9 has an invalid length.
[  110.841003][ T7713] netlink: 'syz.0.676': attribute type 6 has an invalid length.
[  110.938721][ T7720] netlink: 277 bytes leftover after parsing attributes in process `syz.0.679'.
[  111.094304][ T7599] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  111.096813][ T7599] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  112.052356][   T33] kauditd_printk_skb: 4 callbacks suppressed
[  112.052369][   T33] audit: type=1326 audit(1755488331.737:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7728 comm="syz.3.682" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff348b8ebe9 code=0x7fc00000
[  112.361078][ T7767] loop3: detected capacity change from 0 to 32768
[  112.366198][ T7767] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.698 (7767)
[  112.385980][ T7767] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  112.397793][ T7767] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  112.401279][ T7767] BTRFS info (device loop3): using free-space-tree
[  112.557957][ T7280] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  112.567088][ T7792] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  113.016740][ T7812] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  113.033353][   T33] audit: type=1326 audit(1755488332.717:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7813 comm="syz.0.712" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[  113.042904][   T33] audit: type=1326 audit(1755488332.717:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7813 comm="syz.0.712" exe="/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[  113.050833][   T33] audit: type=1326 audit(1755488332.717:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7813 comm="syz.0.712" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[  113.058057][   T33] audit: type=1326 audit(1755488332.717:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7813 comm="syz.0.712" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[  113.067786][   T33] audit: type=1326 audit(1755488332.727:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7813 comm="syz.0.712" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[  113.074808][   T33] audit: type=1326 audit(1755488332.727:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7813 comm="syz.0.712" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[  113.092676][   T33] audit: type=1326 audit(1755488332.727:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7813 comm="syz.0.712" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[  113.108628][   T33] audit: type=1326 audit(1755488332.737:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7813 comm="syz.0.712" exe="/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[  113.117470][   T33] audit: type=1326 audit(1755488332.737:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7813 comm="syz.0.712" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd96a78ebe9 code=0x7ffc0000
[  113.193885][ T7822] loop3: detected capacity change from 0 to 164
[  113.222040][ T7822] isofs_fill_super: bread failed, dev=loop3, iso_blknum=41, block=82
[  113.405110][ T5852] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  113.460811][ T7833] netlink: 'syz.1.721': attribute type 2 has an invalid length.
[  113.568859][ T5852] usb 1-1: Using ep0 maxpacket: 32
[  113.575688][ T5852] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  113.579141][ T5852] usb 1-1: config 0 has no interface number 0
[  113.585783][ T5852] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  113.594641][ T5852] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.598108][ T5852] usb 1-1: Product: syz
[  113.599933][ T5852] usb 1-1: Manufacturer: syz
[  113.604766][ T5852] usb 1-1: SerialNumber: syz
[  113.615316][ T5852] usb 1-1: config 0 descriptor??
[  113.621596][ T5852] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  113.629287][ T7835] loop3: detected capacity change from 0 to 32768
[  113.633199][ T7835] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.722 (7835)
[  113.648874][ T7835] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  113.652234][ T7835] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  113.759071][ T7835] BTRFS info (device loop3): rebuilding free space tree
[  113.765710][ T7835] BTRFS info (device loop3): disabling free space tree
[  113.769371][ T7835] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  113.772542][ T7835] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  113.774867][ T7861] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.727'.
[  113.824625][ T7280] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  113.846877][ T5852] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  113.867526][ T5852] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  113.887280][ T7865] batadv0: entered allmulticast mode
[  114.248668][    C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  114.249092][ T5881] usb 1-1: USB disconnect, device number 5
[  114.264968][ T5881] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  114.279494][ T5881] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  114.286338][ T5881] quatech2 1-1:0.51: device disconnected
[  114.304125][ T7899] netlink: 4 bytes leftover after parsing attributes in process `syz.1.746'.
[  114.923786][ T7921] loop0: detected capacity change from 0 to 32768
[  114.962380][ T7921] bcachefs (/dev/loop0): error validating superblock: Invalid option metadata_replicas_required: too small (min 1)
[  114.966409][ T7921] bcachefs: bch2_fs_get_tree() error: ERANGE_option_too_small
[  114.968654][ T7934] overlayfs: failed to clone upperpath
[  116.323856][ T7995] loop3: detected capacity change from 0 to 128
[  116.354714][ T7995] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  116.373708][ T7995] ext4 filesystem being mounted at /57/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  116.433506][ T7280] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  116.798004][ T8018] loop3: detected capacity change from 0 to 32768
[  116.893981][ T8018] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  116.894001][ T8018]   allowing incompatible features above 0.0: (unknown version)
[  116.894009][ T8018]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  116.911830][ T8018] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  116.915277][ T8018] bcachefs (loop3): recovering from clean shutdown, journal seq 10
[  116.919033][ T8018] bcachefs (loop3): Version upgrade required:
[  116.919033][ T8018] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  116.919033][ T8018] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  116.919033][ T8018]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  116.950355][ T8018] bcachefs (loop3): dropping and reconstructing all alloc info
[  116.967343][ T8018] bcachefs (loop3): accounting_read... done
[  116.979753][ T8018] bcachefs (loop3): alloc_read... done
[  116.982820][ T8018] bcachefs (loop3): snapshots_read... done
[  116.986037][ T8018] bcachefs (loop3): check_allocations... done
[  117.007435][ T8018] bcachefs (loop3): going read-write
[  117.030036][ T8018] bcachefs (loop3): done starting filesystem
[  117.146721][ T7280] bcachefs (loop3): shutting down
[  117.165380][ T7280] bcachefs (loop3): going read-only
[  117.165691][ T8057] tmpfs: Bad value for 'mpol'
[  117.167588][ T7280] bcachefs (loop3): finished waiting for writes to stop
[  117.186166][ T7280] bcachefs (loop3): flushing journal and stopping allocators, journal seq 10
[  117.196268][ T7280] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 10
[  117.227926][ T7280] bcachefs (loop3): unclean shutdown complete, journal seq 11
[  117.242621][ T7280] bcachefs (loop3): done going read-only, filesystem not clean
[  117.296389][ T7280] bcachefs (loop3): shutdown complete
[  117.352508][ T8062] loop0: detected capacity change from 0 to 128
[  118.814622][ T8084] loop0: detected capacity change from 0 to 32768
[  118.824193][ T8084] (syz.0.799,8084,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  118.830115][ T8084] (syz.0.799,8084,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  118.859762][ T8084] JBD2: Ignoring recovery information on journal
[  118.893196][ T8084] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  118.905634][ T8084] syz.0.799: attempt to access beyond end of device
[  118.905634][ T8084] loop0: rw=2051, sector=28680, nr_sectors = 28664 limit=32768
[  118.910709][ T8084] (syz.0.799,8084,0):ocfs2_trim_group:7530 ERROR: status = -5
[  118.913503][ T8084] (syz.0.799,8084,0):ocfs2_trim_mainbm:7641 ERROR: status = -5
[  118.931362][ T5847] ocfs2: Unmounting device (7,0) on (node local)
[  119.199011][ T8117] loop0: detected capacity change from 0 to 128
[  119.205843][ T8117] ufs: ufs_fill_super(): fragment size 3263967611 is not a power of 2
[  119.253030][ T8105] loop3: detected capacity change from 0 to 32768
[  119.278494][ T8105] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  119.316575][ T8133] vim2m vim2m.0: vidioc_s_fmt queue busy
[  119.318841][ T8105] XFS (loop3): Ending clean mount
[  119.362047][ T8135] netlink: 4 bytes leftover after parsing attributes in process `syz.0.818'.
[  119.366141][ T7280] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  119.377056][ T8135] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.483328][ T8135] bridge_slave_1 (unregistering): left allmulticast mode
[  119.488599][ T8135] bridge_slave_1 (unregistering): left promiscuous mode
[  119.491083][ T8135] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.730786][ T8141] loop3: detected capacity change from 0 to 40427
[  119.739064][ T8141] F2FS-fs (loop3): build fault injection rate: 14
[  119.741646][ T8141] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  119.756524][ T8141] F2FS-fs (loop3): invalid crc value
[  119.761270][    C0] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  119.771769][    C0] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  119.814587][ T8141] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  119.818352][ T8141] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  119.823644][ T8141] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  119.833317][ T8141] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  119.840578][ T8141] F2FS-fs (loop3): inject dquot initialize in f2fs_dquot_initialize of f2fs_new_inode+0x509/0x1050
[  119.845869][ T8141] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_new_node_folio+0x131/0xa40
[  119.866725][ T7280] syz-executor: attempt to access beyond end of device
[  119.866725][ T7280] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  119.873492][ T7280] CPU: 1 UID: 0 PID: 7280 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  119.873513][ T7280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  119.873518][ T7280] Call Trace:
[  119.873523][ T7280]  <TASK>
[  119.873527][ T7280]  dump_stack_lvl+0x189/0x250
[  119.873546][ T7280]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.873558][ T7280]  ? __pfx_queue_work_on+0x10/0x10
[  119.873568][ T7280]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  119.873581][ T7280]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  119.873601][ T7280]  f2fs_handle_critical_error+0x37c/0x540
[  119.873620][ T7280]  f2fs_write_end_io+0x886/0xb60
[  119.873641][ T7280]  __submit_merged_bio+0x27a/0x6a0
[  119.873659][ T7280]  __submit_merged_write_cond+0x255/0x530
[  119.873677][ T7280]  f2fs_write_data_pages+0x261d/0x3000
[  119.873713][ T7280]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  119.873755][ T7280]  ? ktime_get+0x3e/0x1f0
[  119.873766][ T7280]  ? ktime_get+0x3e/0x1f0
[  119.873778][ T7280]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  119.873790][ T7280]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[  119.873810][ T7280]  ? __lock_acquire+0xab9/0xd20
[  119.873830][ T7280]  ? do_raw_spin_lock+0x121/0x290
[  119.873849][ T7280]  ? do_raw_spin_unlock+0x4d/0x240
[  119.873861][ T7280]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  119.873877][ T7280]  do_writepages+0x32e/0x550
[  119.873898][ T7280]  ? do_raw_spin_unlock+0x4d/0x240
[  119.873912][ T7280]  filemap_fdatawrite+0x199/0x240
[  119.873927][ T7280]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  119.873969][ T7280]  ? do_raw_spin_unlock+0x4d/0x240
[  119.873984][ T7280]  f2fs_sync_dirty_inodes+0x31f/0x830
[  119.874004][ T7280]  f2fs_write_checkpoint+0x95a/0x1df0
[  119.874029][ T7280]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  119.874069][ T7280]  ? kill_f2fs_super+0x298/0x6c0
[  119.874082][ T7280]  kill_f2fs_super+0x2c3/0x6c0
[  119.874096][ T7280]  ? __pfx_kill_f2fs_super+0x10/0x10
[  119.874104][ T7280]  ? radix_tree_delete_item+0x2b6/0x400
[  119.874122][ T7280]  ? shrinker_free+0x2ce/0x3e0
[  119.874135][ T7280]  deactivate_locked_super+0xbc/0x130
[  119.874148][ T7280]  cleanup_mnt+0x425/0x4c0
[  119.874160][ T7280]  ? lockdep_hardirqs_on+0x9c/0x150
[  119.874175][ T7280]  task_work_run+0x1d4/0x260
[  119.874190][ T7280]  ? __pfx_task_work_run+0x10/0x10
[  119.874201][ T7280]  ? __x64_sys_umount+0x122/0x160
[  119.874218][ T7280]  ? exit_to_user_mode_loop+0x40/0x110
[  119.874235][ T7280]  exit_to_user_mode_loop+0xec/0x110
[  119.874249][ T7280]  do_syscall_64+0x2bd/0x3b0
[  119.874262][ T7280]  ? lockdep_hardirqs_on+0x9c/0x150
[  119.874275][ T7280]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.874285][ T7280]  ? exc_page_fault+0x9f/0xf0
[  119.874299][ T7280]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.874309][ T7280] RIP: 0033:0x7ff348b8ff17
[  119.874318][ T7280] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  119.874327][ T7280] RSP: 002b:00007ffe14fd5ac8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  119.874338][ T7280] RAX: 0000000000000000 RBX: 00007ff348c11c05 RCX: 00007ff348b8ff17
[  119.874345][ T7280] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe14fd5b80
[  119.874351][ T7280] RBP: 00007ffe14fd5b80 R08: 0000000000000000 R09: 0000000000000000
[  119.874357][ T7280] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe14fd6c10
[  119.874364][ T7280] R13: 00007ff348c11c05 R14: 000000000001d3a6 R15: 00007ffe14fd6c50
[  119.874382][ T7280]  </TASK>
[  119.874386][ T7280] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  120.234104][ T5852] IPVS: starting estimator thread 0...
[  120.319195][ T8160] IPVS: using max 79 ests per chain, 189600 per kthread
[  120.485386][ T8175] bond0: entered promiscuous mode
[  120.487557][ T8175] bond_slave_0: entered promiscuous mode
[  120.492189][ T8175] bond_slave_1: entered promiscuous mode
[  121.750790][ T8190] netlink: 48 bytes leftover after parsing attributes in process `syz.1.840'.
[  121.963743][ T8192] loop0: detected capacity change from 0 to 32768
[  121.971128][ T8192] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.841 (8192)
[  121.992520][ T8192] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  121.996876][ T8192] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  122.014316][ T8192] BTRFS info (device loop0): using free-space-tree
[  122.119233][ T8192] BTRFS info (device loop0): rebuilding free space tree
[  122.195595][ T5847] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  122.414911][ T8244] netlink: 51 bytes leftover after parsing attributes in process `syz.0.857'.
[  123.608107][ T8304] netlink: 'syz.0.879': attribute type 12 has an invalid length.
[  124.068572][ T8317] batadv_slave_1: entered promiscuous mode
[  124.073817][ T8316] batadv_slave_1: left promiscuous mode
[  125.057911][ T8325] 
[  125.059635][ T8325] =============================
[  125.061778][ T8325] WARNING: suspicious RCU usage
[  125.063937][ T8325] 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 Not tainted
[  125.068387][ T8325] -----------------------------
[  125.071184][ T8325] kernel/events/callchain.c:163 suspicious rcu_dereference_check() usage!
[  125.074832][ T8325] 
[  125.074832][ T8325] other info that might help us debug this:
[  125.074832][ T8325] 
[  125.078492][ T8325] 
[  125.078492][ T8325] rcu_scheduler_active = 2, debug_locks = 1
[  125.081534][ T8325] 1 lock held by syz.0.891/8325:
[  125.083359][ T8325]  #0: ffffffff8e13a0c0 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x38/0x80
[  125.088865][ T8325] 
[  125.088865][ T8325] stack backtrace:
[  125.091730][ T8325] CPU: 1 UID: 0 PID: 8325 Comm: syz.0.891 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  125.091749][ T8325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  125.091757][ T8325] Call Trace:
[  125.091763][ T8325]  <TASK>
[  125.091768][ T8325]  dump_stack_lvl+0x189/0x250
[  125.091790][ T8325]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.091805][ T8325]  ? __pfx__printk+0x10/0x10
[  125.091833][ T8325]  lockdep_rcu_suspicious+0x140/0x1d0
[  125.091848][ T8325]  get_callchain_entry+0x2b6/0x3c0
[  125.091870][ T8325]  get_perf_callchain+0xa1/0x6b0
[  125.091892][ T8325]  ? __pfx_get_perf_callchain+0x10/0x10
[  125.091910][ T8325]  ? futex_unqueue+0x22/0x240
[  125.091926][ T8325]  ? futex_unqueue+0x211/0x240
[  125.091939][ T8325]  ? __futex_wait+0x1d1/0x3e0
[  125.091958][ T8325]  ? __futex_wait+0x34f/0x3e0
[  125.091978][ T8325]  __bpf_get_stack+0x3fc/0xa60
[  125.092004][ T8325]  ? __pfx___bpf_get_stack+0x10/0x10
[  125.092023][ T8325]  ? __lock_acquire+0xab9/0xd20
[  125.092047][ T8325]  bpf_get_stack+0x33/0x50
[  125.092064][ T8325]  ? bpf_prog_d43750871481577d+0x46/0x4e
[  125.092077][ T8325]  bpf_get_stack_raw_tp+0x1a9/0x220
[  125.092096][ T8325]  bpf_prog_d43750871481577d+0x46/0x4e
[  125.092108][ T8325]  bpf_prog_run_pin_on_cpu+0x6a/0x150
[  125.092130][ T8325]  bpf_prog_test_run_syscall+0x312/0x4b0
[  125.092151][ T8325]  ? __pfx_bpf_prog_test_run_syscall+0x10/0x10
[  125.092169][ T8325]  ? __fget_files+0x2a/0x420
[  125.092184][ T8325]  ? __pfx_bpf_prog_test_run_syscall+0x10/0x10
[  125.092204][ T8325]  bpf_prog_test_run+0x2c7/0x340
[  125.092232][ T8325]  __sys_bpf+0x581/0x870
[  125.092271][ T8325]  ? __pfx___sys_bpf+0x10/0x10
[  125.092304][ T8325]  ? rcu_is_watching+0x15/0xb0
[  125.092322][ T8325]  __x64_sys_bpf+0x7c/0x90
[  125.092338][ T8325]  do_syscall_64+0xfa/0x3b0
[  125.092355][ T8325]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.092373][ T8325]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.092384][ T8325]  ? exc_page_fault+0x9f/0xf0
[  125.092429][ T8325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.092441][ T8325] RIP: 0033:0x7fd96a78ebe9
[  125.092453][ T8325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  125.092463][ T8325] RSP: 002b:00007fd96b55a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  125.092476][ T8325] RAX: ffffffffffffffda RBX: 00007fd96a9b5fa0 RCX: 00007fd96a78ebe9
[  125.092485][ T8325] RDX: 0000000000000010 RSI: 0000200000000740 RDI: 000000000000000a
[  125.092492][ T8325] RBP: 00007fd96a811e19 R08: 0000000000000000 R09: 0000000000000000
[  125.092500][ T8325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  125.092506][ T8325] R13: 00007fd96a9b6038 R14: 00007fd96a9b5fa0 R15: 00007ffedd84bd08
[  125.092526][ T8325]  </TASK>
[  132.540686][ T1360] ieee802154 phy0 wpan0: encryption failed: -22
[  132.543358][ T1360] ieee802154 phy1 wpan1: encryption failed: -22

VM DIAGNOSIS:
03:39:04  Registers:
info registers vcpu 0

CPU#0
RAX=2770c5d7715d6a00 RBX=ffff888026e08000 RCX=2770c5d7715d6a00 RDX=0000000000000000
RSI=ffffffff8dba6054 RDI=ffffffff8be33400 RBP=ffffc9000471f8b0 RSP=ffffc9000471f7a8
R8 =ffffffff8fa37e37 R9 =1ffffffff1f46fc6 R10=dffffc0000000000 R11=fffffbfff1f46fc7
R12=dffffc0000000000 R13=dffffc0000000000 R14=ffff88804b025900 R15=1ffff920008e3f04
RIP=ffffffff8b796167 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007ff3499ec6c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000007000 CR3=000000010e3c0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007ff348c12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000030 RBX=0000000000000030 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000c70 RDI=0000000000000c71 RBP=00000000000003f8 RSP=ffffc90004f072b0
R8 =ffff88801f298237 R9 =1ffff11003e53046 R10=dffffc0000000000 R11=ffffffff854f0270
R12=dffffc0000000000 R13=ffffffff99af98fd R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854f02ec RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fd96b55a6c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c3a582a CR3=000000010f2e8000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fd96a987498 00007fd96a987470 XMM03=00007fd96a9874a8 00007fd96a9874a0
XMM04=00007fd96b4ed100 00007fd96a987460 XMM05=00007fd96a987478 00007fd96a9874c0
XMM06=00007fd96a9874b8 00007fd96a9874b0 XMM07=00007fd96a9874a8 00007fd96a9874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fd96a812fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
