last executing test programs:

2.540700667s ago: executing program 0 (id=479):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000d00)=ANY=[@ANYBLOB="6800000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000480012800b000100697036746e6c00003800028014000200fe8000000000000000000000000000aa08000100", @ANYRES32=r0, @ANYBLOB="040013001400030017"], 0x68}}, 0x0)

2.452198501s ago: executing program 0 (id=480):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000005c0)=ANY=[@ANYBLOB="68000000080601030000000000000000000000020900020073797a30000000000900020073797a3200000000090002007b797a3200000000050001000700000005000100070000000500018007"], 0x68}, 0x1, 0x0, 0x0, 0x40001}, 0x48000)

2.398949316s ago: executing program 0 (id=481):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socket$can_raw(0x1d, 0x3, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x18)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)=@newlink={0x48, 0x10, 0xc3b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8304}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0x101}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e23}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x81}, 0x0)

1.530258367s ago: executing program 0 (id=492):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8)

1.219547898s ago: executing program 0 (id=494):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000005140)='./file0\x00', 0x0, &(0x7f0000000040), 0x11, 0x5109, &(0x7f0000005180)="$eJzs3U+IVVUcB/Dz5o8zKcw8QcighS3chhQtVIYeYZCL9KUQtDAnF0EIMtguwWxEEIwaCaSsQAuG3MgDIUGYEBe1CTRJEFqY4KaVQrtaFO/de968d67vvueojennEzP3nvu759zzHncx35fnvgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhhDVv194vq09tvHJh4eyWg7MHGsdvzh89EkKldbyS13e/8tqOd3fufn08dph+I9tWq72GzLr+njVWdB1s9uv+eSeEMJoMMJxvXx0ujNq5u784YKlrx/adnj25fdPCmvVTl3bNnyu+dJrGl3sCyyW/r24t3ku11u+h5Ix2u+PWq3Tdoln/9Ib7T14EAHBPNtRbm/afo/mfuO32obSetGtJey5px78Q5jobS5GNu6LXPNel9WWaZy2LCmM955nU8/e/3a6n/ZN2EjXuYZ7dp+aRZrzXPGeS+nLNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBRcqb2wday+tTGKxcWzm45OHugcfzm/NEjIVRbxytZufL07RMjY9e3/fDRja9PvrT66t/Deb+4Hek4OVyPOxsnQ9jTUbkVh/1jIoR6d6HVDF8UC++1drbGAgAAAI+TZ1q/h9rtLA6OdrUrrTRZaf0XZWHx2rF9p2dPbt+0sGb91KVd8+eWPl69x3i1u47XblcXfyodwTjG33S8xXo8dX9hnHLpiGmeP//Ltq/K+hfyf7U8/8d3Tv4HAADgfsj/6Tjl+uX/PZufnSnrX8j/67ouWcj/ccYx/w+FpeV/AAAAeJQ97PxfK4xTrl/+f/Hwm9+X9S/k/w2D5f+RzmnHgz/HCe+dDGFDv6kDAAAAPcT/77740ULM69knB2lev/rNU7+WjVfI/7XB8v/oA31VAAAAwP3YXr3xfFm9kP/rg+X/sYc6awAAAOBefF75ZLasXsj/04Pl/5X5Nl/5kHX6Mf4rhM8mQxhv7sxkhZ/C3MvtAgAAAPCAxJz+6cffXi47r5D/Z8qf/x+fdBDX/3c9/6+w/r+jkD31b7MHAwAAAPAkKq7nj4/Hz765oNf37w+6/n/i5u3vyq5fyP+HBsv/w53bB/n9fwAAALAE/7fv/3urME65fs///2von4tl/Qv5f26w/B+3qzpf3sX4/hyeDGFtcyd/muCZeLm9SaEx2lFoqSc9dsYeeaEx1lFomUl6vDAZwnPNnUNJYXUszCWFOxN54VRSuBwL+f3QLpxNChfjnXZiIp9uWjgfC/kCi0ZcQbGqvSQi6fFnrx7Nwl17/Na+OAAAwBMlhuc8y452N0MaZRuVfies7HfCUL8ThvudMJKckJ7Y63iY7i7E4x/uOP1lKFHI/6cGy//xrViRbXqt/w9x/X/+vYbt9f/TsVBNCo1YqKdPDKjHa2Rh91i8RrWe97iztl0AAACAx1r8XGB4mecBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7J3rzFyXfUBwM8+Z3e93l0TpASKYAElIZW8Xm+wpZAgbKAEgQSbynyoUISNvUk33iTGDwmHh9YOQaAUNSkpCShQuxUUf0lWVIhHgVioGFVN1SiVkNOURwgUIUFNSJSKOpGrmXvP7J1zdx6Odx1v+vtJ3jkz//O8c2c85947ZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP8fjt3xhotaxd981SPf/u4Db//44Y8s3P3EVz51RwjTtce7snDXxac+11s5+Z7vHfrpF7+wad2jp/vzcnk8rKn+6c7vfCLW+ou1IXyjK4TeNLB+OAv05feHY32vGg5hXVgM1EvMDGUl0obDDwZDOBIWA/WqvjUYwnAhsO3R7z/0mWrinsEQLg0hVNI2flzJ2hhMA5f1Z4GhNHBrbxb4nzOZeuCb3VkAzll8MdR3+oXpxgxjS5drsv/1LVvHXlzp8HpiYqx5vt9uXeFOFfSnD0yf09NWqo4VUXp5HPdqWwWvttJ2vsvTVvwglX9CObMYqoTuXTM37Dgwtz8+0h0mJnqa1bRCz/NjT31059mkV81+GDswtiz74b2f//nHvvTktfff98l3XP/gM78fP9dunixs0mJ6pVVCvs+tmucx2uL9ZBW8/EqfksbbPm21Ii/xD12f/tnf/kmreGn+P9Z6/h9353jb3ZA71np6JJubx0eGY+LUSDY3BwAAgFVjNRw1nf/K1VOt6ivN/8c7O/8fT/nnk/lstMdD2FJL3D4awiW1x7PAsdjcB0dDeG0tNd0Y2JoEjofwilriinpVSYmBWGI8CfxqJA9sSQInYmA6CXw5Bu5KAp+IgYUksDMGjieBt8ZAmG0cxx+P5OPoODAYA9uzjbgQr0J4eiS2lmyrx+tVAQAALJN8dtjXeLdwrcO5ZojTy4XBdhniFdhNM1SSGtIZbH1a1bSG3nY1dLeroT7u+dbDL9Xc1a7m0mUYXY0Z9n70d38WWijN/ydbz/8rS3Skq3T+P4Tran9j7u48MlePb59uyAAAAACcgzVbb9nWKl6a/2/p7Pr/eEykp5A5PBwPQ+weDWGyMZBVe3U5kJ31XpMHAAAAYDWon4+vnwufzW+zS7TT+XQ5//RZ5o8n/rcsmf/X73zTTa36W5r/T3d2/f9Q423WiROxF58dDWGgEPhh7GU1UDMeAz97S2MgH/+JuAHujFXlFybUq7ozltgeA5NJ4EizEo/US1zSGMifrHrjt9fHMZuXKAQAAADgvIuHA+J5+Xj9/2MHTr6tVbnS/H/72V3/X5sHly7vn1sTwobeEHrSLwY8PJQtDBgDw1154rtDWV09aVWHhkK4pjqwtKon8vX/e9M1Bh8dzKqKgUte99WnLqsm/m4whA3FwI/ef3RTNbE/CdQbf99gCK+pjjZt/OsDWeN9aeP3DoTw6kKgXtUHB0KoNtafVvX9Sv47BmlVD1ZCuKgQqFe1uRLCwQDAKhX/K91VfHDfwdt275ibm9m7gol4DH8w3DA7NzOx89a5XZUmfdqV9LlhGaND5TE1XQ4p8Xi+RNGx564a6SRd/57gZLEv+XH80oWD+f34WaivNs6pvoa7V6ZDfsPry02EwiepF2vIQ8VKFp/EUv0xf39YEwYO7JvZO/HhHfv3792Y/e00+1T2Nw4q21Yb0201tFTfLoDd4/JiJRv237xnw76Dt62fvXnHjTM3ztwyNfnGTZs3TU1u3ryhOqrJ7G+boV6+VNXJUM8cPf9DfWVvoZLz8a4hISGx2hLztx9d0+rtpzT/39N6/h/fdeI7f74+Q7Pz/2PxNH/2+OJp/u0xcKTT8/9jzc7m1y8MGE8C8zEw7zQ/AAAALw3xcGQ87BiPWvcfvfI3rcqV5v/znX3/f5nW/68vXf+uZsv8XxFLTDZb/z9d5r++/v98s/X/02X+6+v/H3kR1v8/UA8km+Rp6/8DAAAvBedv/f+2y/unPxBQytB2ef/0BwJKGdou49/pDwSc9fr/Uzf99BehhdL8/67O5v8W7gcAAIALx93/9NRrWsVL8/8jnc3/z//6f6HZ9f/jzQLTzRYGtP4fAAAAq1Sz9f/OjP7F+1qVK83/Fzqb/8fLLrobcsdaT49ka9qFdE27UyP1rwwAAADA6tAdJib6OszbsDLq1hfe5mP5UqCt0kU/vPq/bmxVX2n+f7yz+X/D9zLu/fzPP/alJ6+9//R9n3zH9Q8+8/vxxfP/AAAAwMrp9LgEAAAAAAAAAAAAAADw4jvwgX891Spe+v5/uK72eLPv/8ff/YvfL3h5Q+5Ya/v1//L72979wMHakoUPj4Tw+mJg9+Hd60L+2/yXFwMPXX/FxdXE4bTEd37y1l9WEx9IA+9c/7Jnq4lrksD2uEjiK9JA/FXFZ9cmgbi84r+ngbg9FtJAfx749NpsHF3ptvr1cLatutJt9R/DIYwWAvVt9Y3hrI2udID3JIH6AD+UBuIA35MHutNePbAm61UMDMeif7Mm6xUAABes+CmwL9wwOzczGT/Cx9tX9jbeRg1Llh0qV9vTYfOP50uTHXvuqpFO0j3pZ9HF3xrvC5XqEDaWPq4Ws3TVRrk8tbTZdC9vMuR2q72t1Kbrbz6iwWxEEztvndvV13bgV7bPMtXbNsvG0mSnmKW7tkk7qKWDvnQwog63TQddjve7w8RET5LrTTE4Fhq02yM6/b5+cZ2/ZntBMc+hub7nW9VXmv+PdTb/rxTH9Wz+YwDz8Zf1/nLUMv8AAACwsj699Q/3xX/fGX3vf7bKW5r/j3c2/48HxvJTwdnRjuPx9/9vHw2h9tP6Y1ngWGzug6MhvLaWmo4lsh/Uf1csMZkFjsUDJlfEEtunG6saiIGFJPCrkTxwPAmciIH8KMVXQ34o5+6REDbVUtc1ltgTS4wlgffGwHgSmIiBySSwNga2JIHfrM0D00ngX2IgzDZuq39Ym28rAACAs5HPs/oa74Z0nrfQ2y5DV7sMQ+0ydLfLUGmXodko4v2vxQx9xfPxeYb4UF9a62BSSylD/DH8s+5XKUN4pDFnWrDUdP1KkrHGnDHDtoXDa0MLpfn/ZGfz/6HG26z1E3H+v/j7f1ngh7F7n42Xjo/HwM/e0hjIDwyciJPdO+tVTecl8kn7nbHElhgYTwJ7YmBLEth+XR44cnFjIJ9p1xu/vd74bF6iEAAAAIDzLh4giIdp4vz/vwee/+tW5Urz/y2dzf9je2uKjX0i1vqLtSF8o2uxN/XA+uEsEI9jDMevx79qOIR1hQMc9RIzQ1mJ/qTh8IPB7Bvq/WlV3xrMvnwQ72979PsPfaaauGcwhEsLR1/qbfy4krUxmAYu688CQ2ng1t4sEI/81APf7M4CcM7qRwXjDpVf6lI3tnS5JvvfS+U3QdPhlY6BLpFvqe9crZRK+kB+TLXu7J62UnWsjHT7H/dqWw2vtufz/4Pr/fJqK36QOpNsnuoQu3fN3LDjwNz++Ejxm6wlK/Q8F7+l2kl6GfbD+Rfe26i7aaSSdmAyefuYXLrc0vthV6zu3s///GNfevLa++/75Duuf/CZ34+362C7/Td+UfiWm/535GRh8660Ssj3uQv+/SR9YNr7yWr4byB9YNzTFkK4Y+GSp1vFS/P/6c7m/73Jbc0f4sbcNxrCGwob9+G4+d82mr0PFgLZu+RF5UB2yv3JkabvnAAAALDc6oc76scLZvPb7ILwdJ5czj99lvnj8YotS+bvtN8fufTSf2wVL83/t7ee/w8k3XT+3/l/Vojz/0u60A9FD6QPzJ/ToehSdayI0svD+f+wCl5tpTM1zv8H5/+X7N8ynP9vzvn/lpz/X90u9Ket9Clpjw9dIYTBr1/9SKt4af6/p7P5v/X/ll60r77+3/Zm6//tabb+37z1/wAAgBXVZKG5dJ5XWr2vlCFdva+Uoe0CgW2XGLT+31mv/zf0V+//XWihNP+f72z+H3eHNcXWV8v6f+PXNanqrhjYY2FAAAAALkTNDhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw4vrVyaG3t4q/+apHvv3dB97+8cMfWbj7ia986o4QZmuPd2XhrotPfa63cvI93zv00y9+YdO6R09X8nJ9+e0fNeSOtZ4eCeFI4ZHhmDg1Ur2zGNj27gcO9lYTD4+E8PpiYPfh3euqiS+PhHB5MfDQ9VdcXE0cTkt85ydv/WU18YE08M71L3u2mrgmD3Sl3b1/bdbdrrS7n1kbwmghUO/uTWsbq6q3cW0e6E7b+PvhrI0YGI5F7xvO2oiBuVhidiCEDb0h9KRV/XMlq6onrerblayqnrSqj1dCuCaE0JtW9ZP+rKredOT/1p9VFQOXvO6rT11WTRzpD2FDMfCj9x/dVE18KAnUG//T/hBeU91l0sa/1pc13pc2fk9fCK8OIfSnJZ7pzUr0pyWe6A3hokKg3vif94ZwMPCSEN98dhUf3Hfwtt075uZm9q5goj9vazDcMDs3M7Hz1rldlaRPzXQV0mcOlePdHY798ac+urN6e+y5q0Y6Sffm5fpqXZ7qa7h75XL1vmuFeh/7NVSsZPH5KNUf8/eHNWHgwL6ZvRMf3rF//96N2d9Os09lf3vyaLatNi7XturUC91Wlxcr2bD/5j0b9h28bf3szTtunLlx5papyTdu2rxpanLz5g3VUU1mf5djqEfL8Z4VHuorewuVnI83AAkJidWW6G54d5u80P/LLn3QX+xoX6jU3qBL04pilq7aKJdj0Ftbx89y0NUeNf+c0nZEG0sTh1KWqfZZrixNJhazDGZZap/rSpPDYk3dtU0a73eHiYmm/9ONNd4tbr7fLrF5O/VYvuk6TQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwf+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA///jqU04")
ioprio_set$pid(0x1, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
sendfile(r0, r0, 0x0, 0x1000000201005)

540.44051ms ago: executing program 1 (id=498):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0)
r0 = syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0x0, 0x10100, 0x0, 0x200000}, &(0x7f0000000480), &(0x7f0000000000)=<r1=>0x0)
syz_io_uring_setup(0xa94, &(0x7f0000000280)={0x0, 0x95b0, 0x400}, &(0x7f0000000340)=<r2=>0x0, &(0x7f00000005c0))
syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r0, 0x48e9, 0x0, 0x0, 0x0, 0x0)

405.277859ms ago: executing program 1 (id=499):
r0 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r1, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000440)={r2})
ioctl$DRM_IOCTL_MODE_GETFB(r0, 0xc01c64ad, &(0x7f0000000080)={r2})

388.958242ms ago: executing program 2 (id=500):
syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x12004c0, &(0x7f00000005c0)=ANY=[@ANYBLOB="73686f77657865632c747a3d5554432c7379735f696d6d757461626c652c6e6f646f74732c6e6f646f74732c646f74732c6572726f72733d636f6e74696e75652c646f74732c6e6f646f74732c636865636b3d7374726963742c7379735f696d6d757461626c652c646f74732c646f74732c6e6f636173652c7379735f696d6d757461626c652c646f74732c636865636b3d7374726963742c646f74732c6e6f646f74732c757365667265652c6e6f646f74732c6e6f646f74732c00ee9713032a77c86d5c3a5edb0950783b197cf6e509361265937d84cb86a9f59491ade6978711bafdc6e4fd59dedbf4a3afcc5accf742bdd669730d726f201b2721f84eb4fd91e55f81825ac2d4c11007cdbad5f870a7436e1002f40cc70d882b1d62616004185a89e51db441e7da"], 0xfd, 0x1e4, &(0x7f00000000c0)="$eJzs3UFr02AYB/Cn3Ww7T7sJohDYxdNQP8FEJogFQelBTwrVyyqCu1Qv28EP4ecTP4DsVA8jEpMtLvPQDJPU+vtd9mT/PMmblzbNpW9f3Xp3MH1/+PbbjS8xGvWivxd7sejFdvTjzHEAAOtkkabxPc3V6dv52tyYAIBmLfH5f9rykACAhj1/8fLJg/F4/1mSjCJOjueT+ST/m+ePHo/37ya/bJddJ/P5ZOM8v5dUnx2y/FpcL/L7eX9yMR/EnZ08z7KHT8dZvlHmw5jGj+ypZNj8LAAAAAAAAAAAAAAAAAAAAAAAQLtuR3Lmj+v77O5W860iz7d+Wx+osr7PZtzcLDbL5YHSozYuCgAAAAAAAAAAAAAAAAAAAP4xhx8/Hbyezd58KIthRFz8T52iVxz4iu1tF/3o5OyDYpb+0gE/r8ZkrkyRrMYwZld8F2Svjtpd/eV2XqRputQBy3vEsIsbEwAAAAAAAAAAAAAAAAAA/IfKL/1ezkZdDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOlD+/n+N4rQojiKius/gctf5ybYiYtrp5QIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALCmfgYAAP//81o3sg==")
memfd_create(&(0x7f0000000000)='-&:{-\xaa]{\x00', 0x2)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x42, 0x0)

300.922905ms ago: executing program 0 (id=501):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0xb}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x9}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='highspeed\x00', 0xa)
sendto$inet6(r0, &(0x7f00000000c0)="04", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x6}, 0x1c)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r1, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0x0, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x121342, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='rcu_utilization\x00', r3}, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
shutdown(r0, 0x1)

300.626081ms ago: executing program 1 (id=502):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x1, 0x8, 0x105, 0x0, 0x0, {0x0, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x4)

226.42077ms ago: executing program 2 (id=503):
r0 = socket(0x1d, 0x2, 0x6)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x6a, 0x10, 0x0, &(0x7f0000000080))

226.173155ms ago: executing program 1 (id=504):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000380)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf670000000000001507"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1313f, 0xffffffffffffffff, 0x0, 0x0, &(0x7f00000003c0), 0x10, 0xfffffffe}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r0, 0x4010744d, &(0x7f0000000180))

132.381793ms ago: executing program 2 (id=505):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000003800)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x0, 0x5c, 0x160, 0xd0, 0x3e0, 0x1e0, 0x228, 0x25a, 0x1e0, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [0x0, 0x1fe], 'veth0_to_batadv\x00', 'batadv_slave_0\x00', {}, {0xff}}, 0x5002, 0xa8, 0xd0, 0x52020000, {0x0, 0x6802000000000000}}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@dev, @mcast1, [], [], 'virt_wifi0\x00', 'lo\x00', {}, {}, 0x89}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x7, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0)
recvmmsg(r1, &(0x7f0000001140), 0x700, 0x2, 0x0)

77.25647ms ago: executing program 2 (id=506):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)

76.19812ms ago: executing program 1 (id=507):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_PUBL_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x24, r1, 0xf13, 0x0, 0x0, {}, [@TIPC_NLA_SOCK={0x10, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x24}}, 0x0)

511.301µs ago: executing program 2 (id=508):
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3})
r0 = socket$netlink(0x10, 0x3, 0xb)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000600)=0x1c, 0x4)

202.962µs ago: executing program 1 (id=509):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x8000)
write$dsp(r0, &(0x7f0000002200)='D', 0x1)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x0)

0s ago: executing program 2 (id=510):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000200)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000c0007000200060018c00364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c95300000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:48986' (ED25519) to the list of known hosts.
syzkaller login: [   57.916753][ T5831] cgroup: Unknown subsys name 'net'
[   58.026316][ T5831] cgroup: Unknown subsys name 'cpuset'
[   58.031601][ T5831] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   60.095896][ T5831] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   65.166003][ T5847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   65.172800][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   65.176524][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   65.180211][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   65.184013][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   65.304396][ T5847] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   65.308084][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   65.311474][ T5847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   65.316399][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   65.320184][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   65.330953][ T5235] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   65.343617][ T5235] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   65.346975][ T5235] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   65.353645][ T5235] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   65.363696][ T5235] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   65.432670][ T5845] chnl_net:caif_netlink_parms(): no params data found
[   65.596172][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.599753][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.603566][ T5845] bridge_slave_0: entered allmulticast mode
[   65.607563][ T5845] bridge_slave_0: entered promiscuous mode
[   65.618394][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.621410][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.624837][ T5845] bridge_slave_1: entered allmulticast mode
[   65.628621][ T5845] bridge_slave_1: entered promiscuous mode
[   65.678749][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.693091][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.789231][ T5845] team0: Port device team_slave_0 added
[   65.794744][ T5845] team0: Port device team_slave_1 added
[   65.850688][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.854001][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.865066][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.889788][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.893404][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.904240][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.909016][ T5852] chnl_net:caif_netlink_parms(): no params data found
[   65.997748][ T5845] hsr_slave_0: entered promiscuous mode
[   66.000897][ T5845] hsr_slave_1: entered promiscuous mode
[   66.017822][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   66.075269][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.078458][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.081614][ T5852] bridge_slave_0: entered allmulticast mode
[   66.085933][ T5852] bridge_slave_0: entered promiscuous mode
[   66.122594][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.125705][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.128763][ T5852] bridge_slave_1: entered allmulticast mode
[   66.133706][ T5852] bridge_slave_1: entered promiscuous mode
[   66.179181][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.211807][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.224941][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.228065][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.231212][ T5850] bridge_slave_0: entered allmulticast mode
[   66.235776][ T5850] bridge_slave_0: entered promiscuous mode
[   66.269298][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.272174][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.275627][ T5850] bridge_slave_1: entered allmulticast mode
[   66.279714][ T5850] bridge_slave_1: entered promiscuous mode
[   66.284178][ T5852] team0: Port device team_slave_0 added
[   66.311671][ T5852] team0: Port device team_slave_1 added
[   66.328868][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.368610][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.378441][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.380798][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.390368][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.396032][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.398914][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.408585][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.456822][ T5850] team0: Port device team_slave_0 added
[   66.474961][ T5850] team0: Port device team_slave_1 added
[   66.496562][ T5852] hsr_slave_0: entered promiscuous mode
[   66.498905][ T5852] hsr_slave_1: entered promiscuous mode
[   66.501009][ T5852] debugfs: 'hsr0' already exists in 'hsr'
[   66.503036][ T5852] Cannot create hsr debugfs directory
[   66.514982][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.517793][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.529975][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.551686][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.556139][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.567126][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.658312][ T5850] hsr_slave_0: entered promiscuous mode
[   66.661121][ T5850] hsr_slave_1: entered promiscuous mode
[   66.664039][ T5850] debugfs: 'hsr0' already exists in 'hsr'
[   66.665995][ T5850] Cannot create hsr debugfs directory
[   66.685677][ T5845] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   66.692162][ T5845] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   66.736532][ T5845] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   66.741776][ T5845] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   66.868652][ T5852] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   66.880804][ T5852] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   66.902843][ T5852] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   66.911082][ T5852] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   66.993806][ T5850] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   67.000128][ T5850] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   67.007673][ T5850] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   67.015025][ T5850] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   67.066170][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.116301][ T5845] 8021q: adding VLAN 0 to HW filter on device team0
[   67.134377][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.137915][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.150054][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.153166][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.183677][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.209455][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.213781][   T54] Bluetooth: hci0: command tx timeout
[   67.234321][ T5852] 8021q: adding VLAN 0 to HW filter on device team0
[   67.257240][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.260234][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.275124][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   67.278437][ T5845] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   67.287777][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.290237][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.309806][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.312987][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.354624][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.357706][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.406202][ T5852] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   67.452781][   T54] Bluetooth: hci1: command tx timeout
[   67.455189][   T54] Bluetooth: hci2: command tx timeout
[   67.466492][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.518509][ T5845] veth0_vlan: entered promiscuous mode
[   67.534146][ T5845] veth1_vlan: entered promiscuous mode
[   67.589778][ T5845] veth0_macvtap: entered promiscuous mode
[   67.608897][ T5845] veth1_macvtap: entered promiscuous mode
[   67.620069][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.668007][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.676067][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.690311][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.709665][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.715541][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.724147][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.734633][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.746102][ T5852] veth0_vlan: entered promiscuous mode
[   67.791104][ T5852] veth1_vlan: entered promiscuous mode
[   67.809993][ T5850] veth0_vlan: entered promiscuous mode
[   67.842144][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.845753][ T5850] veth1_vlan: entered promiscuous mode
[   67.859652][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.890893][ T5852] veth0_macvtap: entered promiscuous mode
[   67.896282][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.900305][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.905726][ T5852] veth1_macvtap: entered promiscuous mode
[   67.919917][ T5850] veth0_macvtap: entered promiscuous mode
[   67.933873][ T5850] veth1_macvtap: entered promiscuous mode
[   67.944093][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.963982][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.973970][ T5845] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   67.988630][ T5874] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.008107][ T5874] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.011922][ T5874] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.034523][ T5874] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.049239][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.059238][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.121074][ T5874] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.147629][ T5874] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.151980][ T5874] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.175946][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.183738][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.202017][ T5874] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.265658][ T1128] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.268562][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.273827][ T1128] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.282660][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.319681][ T1128] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.329140][ T1128] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.418822][ T5920] loop0: detected capacity change from 0 to 1024
[   68.426342][ T5920] EXT4-fs: Ignoring removed orlov option
[   68.428375][ T5920] EXT4-fs: Ignoring removed nomblk_io_submit option
[   68.466354][ T5920] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   68.578146][ T5850] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.651302][ T5932] loop0: detected capacity change from 0 to 512
[   68.656359][ T5881] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   68.670670][ T5934] loop1: detected capacity change from 0 to 256
[   68.675802][ T5934] =======================================================
[   68.675802][ T5934] WARNING: The mand mount option has been deprecated and
[   68.675802][ T5934]          and is ignored by this kernel. Remove the mand
[   68.675802][ T5934]          option from the mount to silence this warning.
[   68.675802][ T5934] =======================================================
[   68.703330][ T5934] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011d5f, chksum : 0x09863542, utbl_chksum : 0x000cd30d)
[   68.715775][ T5932] FAT-fs (loop0): error, corrupted directory (invalid entries)
[   68.723851][   T33] audit: type=1800 audit(1755255392.007:2): pid=5934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.11" name="file2" dev="loop1" ino=1048594 res=0 errno=0
[   68.839430][ T5881] usb 3-1: config 0 has an invalid interface number: 170 but max is 0
[   68.855426][ T5881] usb 3-1: config 0 has no interface number 0
[   68.858217][ T5881] usb 3-1: config 0 interface 170 altsetting 0 endpoint 0x3 has an invalid bInterval 31, changing to 7
[   68.874083][ T5881] usb 3-1: New USB device found, idVendor=07b0, idProduct=0007, bcdDevice=17.c6
[   68.881509][ T5881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.905295][ T5881] usb 3-1: config 0 descriptor??
[   68.928090][ T5881] HFC-S_USB 3-1:0.170: probe with driver HFC-S_USB failed with error -5
[   68.986909][ T5939] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   69.129311][ T5881] usb 3-1: USB disconnect, device number 2
[   69.268195][ T5956] loop1: detected capacity change from 0 to 1024
[   69.270853][ T5956] EXT4-fs: Ignoring removed orlov option
[   69.291825][ T5956] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.297908][ T5235] Bluetooth: hci0: command tx timeout
[   69.313153][ T5956] EXT4-fs (loop1): resizing filesystem from 512 to 0 blocks
[   69.316228][ T5956] EXT4-fs warning (device loop1): ext4_resize_fs:2042: can't shrink FS - resize aborted
[   69.339099][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.533624][ T5235] Bluetooth: hci2: command tx timeout
[   69.535552][ T5235] Bluetooth: hci1: command tx timeout
[   69.600903][ T5976] loop0: detected capacity change from 0 to 2048
[   69.654601][ T5848] GPT:first_usable_lbas don't match.
[   69.657024][ T5848] GPT:34 != 290
[   69.658553][ T5848] GPT: Use GNU Parted to correct GPT errors.
[   69.688391][ T5848]  loop0: p1 p2 p3
[   69.726987][ T5976] GPT:first_usable_lbas don't match.
[   69.729205][ T5976] GPT:34 != 290
[   69.730695][ T5976] GPT: Use GNU Parted to correct GPT errors.
[   69.734694][ T5976]  loop0: p1 p2 p3
[   69.758490][ T5295] GPT:first_usable_lbas don't match.
[   69.760702][ T5295] GPT:34 != 290
[   69.762178][ T5295] GPT: Use GNU Parted to correct GPT errors.
[   69.767856][ T5295]  loop0: p1 p2 p3
[   69.954161][ T5985] netlink: 209832 bytes leftover after parsing attributes in process `syz.1.35'.
[   69.984703][ T5989] netlink: 56 bytes leftover after parsing attributes in process `syz.2.36'.
[   70.015884][ T5858] udevd[5858]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[   70.016831][ T5848] udevd[5848]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[   70.029842][ T5990] udevd[5990]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[   70.079282][ T5994] program syz.2.38 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   70.086409][ T5998] netlink: 4 bytes leftover after parsing attributes in process `syz.1.40'.
[   70.089889][ T5996] loop0: detected capacity change from 0 to 512
[   70.094398][ T5998] team_slave_0: entered promiscuous mode
[   70.096874][ T5998] team_slave_1: entered promiscuous mode
[   70.100465][ T5998] team0: Device macsec1 is already an upper device of the team interface
[   70.104889][ T5998] team_slave_0: left promiscuous mode
[   70.106605][ T5998] team_slave_1: left promiscuous mode
[   70.109554][ T5848] udevd[5848]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[   70.120011][ T5996] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[   70.125751][ T5996] UDF-fs: Scanning with blocksize 512 failed
[   70.152136][ T5996] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[   70.166738][ T5996] UDF-fs: Scanning with blocksize 1024 failed
[   70.170884][ T5996] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[   70.176413][ T5996] UDF-fs: Scanning with blocksize 2048 failed
[   70.180068][ T5996] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[   70.189996][ T5996] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   70.225914][ T6002] loop1: detected capacity change from 0 to 164
[   70.234331][ T6002] rock: directory entry would overflow storage
[   70.237166][ T6002] rock: sig=0x66, size=4, remaining=3
[   70.403628][ T6013] loop1: detected capacity change from 0 to 512
[   70.447427][ T6013] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.453130][ T6013] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   70.491590][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.655956][ T6015] loop0: detected capacity change from 0 to 32768
[   70.666317][ T6015] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.47 (6015)
[   70.686332][ T6015] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   70.690158][ T6015] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[   70.696020][ T6015] BTRFS info (device loop0): disk space caching is enabled
[   70.698392][ T6015] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   70.768523][ T6015] BTRFS info (device loop0): rebuilding free space tree
[   70.791458][ T6015] BTRFS info (device loop0): disabling free space tree
[   70.794659][ T6015] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   70.800368][ T6015] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   70.880415][ T5850] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   70.916027][ T6041] loop1: detected capacity change from 0 to 128
[   70.958149][ T6041] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   70.968084][ T6041] ext4 filesystem being mounted at /32/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   71.056186][ T5845] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   71.115839][ T6048] loop1: detected capacity change from 0 to 256
[   71.139739][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.143151][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   71.373978][   T54] Bluetooth: hci0: command tx timeout
[   71.613757][   T54] Bluetooth: hci1: command tx timeout
[   71.616220][   T54] Bluetooth: hci2: command tx timeout
[   72.491705][ T6062] loop2: detected capacity change from 0 to 4096
[   72.540047][ T6062] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[   72.586838][ T6062] ntfs3(loop2): ino=19, mi_enum_attr
[   72.592605][ T6062] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[   72.624626][ T6062] ntfs3(loop2): failed to convert "c46c" to iso8859-2
[   72.635532][ T6062] ntfs3(loop2): ino=20, mi_enum_attr
[   72.715087][ T6060] loop1: detected capacity change from 0 to 32768
[   72.733129][ T6060] bcachefs: bch2_fs_parse_param() Error parsing option gc_reserve_bytes: option_value
[   72.918391][ T6070] loop2: detected capacity change from 0 to 2364
[   73.049416][ T6074] loop0: detected capacity change from 0 to 1764
[   73.141651][ T6079] iso9660: Corrupted directory entry in block 2 of inode 1920
[   73.453249][ T5235] Bluetooth: hci0: command tx timeout
[   73.697631][   T54] Bluetooth: hci1: command tx timeout
[   73.697795][ T5235] Bluetooth: hci2: command tx timeout
[   73.843844][ T6092] loop1: detected capacity change from 0 to 32768
[   73.867368][ T6092] JBD2: Ignoring recovery information on journal
[   73.907596][ T6092] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[   73.952106][ T5845] ocfs2: Unmounting device (7,1) on (node local)
[   73.992780][   T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   74.127882][ T6100] loop2: detected capacity change from 0 to 4096
[   74.145736][ T6100] NILFS (loop2): invalid segment: Checksum error in segment payload
[   74.149735][ T6100] NILFS (loop2): trying rollback from an earlier position
[   74.157597][   T10] usb 1-1: Using ep0 maxpacket: 8
[   74.166160][   T10] usb 1-1: config index 0 descriptor too short (expected 6427, got 27)
[   74.169631][   T10] usb 1-1: config 0 has an invalid interface number: 21 but max is 0
[   74.187105][   T10] usb 1-1: config 0 has no interface number 0
[   74.197101][   T10] usb 1-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   74.204148][ T6100] NILFS (loop2): recovery complete
[   74.208883][   T10] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[   74.221766][ T6105] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   74.228199][   T10] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[   74.248743][   T10] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[   74.252812][   T10] usb 1-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[   74.256356][   T10] usb 1-1: Product: syz
[   74.262058][   T10] usb 1-1: config 0 descriptor??
[   74.266937][ T6096] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   74.391286][ T6113] netlink: 36 bytes leftover after parsing attributes in process `syz.2.79'.
[   74.403850][ T6111] bridge1: the hash_elasticity option has been deprecated and is always 16
[   74.548385][ T6119] netlink: 12 bytes leftover after parsing attributes in process `syz.1.82'.
[   74.552189][ T6119] openvswitch: netlink: Unknown VXLAN extension attribute 0
[   74.664711][ T6125] process 'syz.2.85' launched '/dev/fd/3' with NULL argv: empty string added
[   74.690739][   T10] usb 1-1: USB disconnect, device number 2
[   74.748428][ T6127] netlink: 28 bytes leftover after parsing attributes in process `syz.2.86'.
[   74.851943][ T6131] loop2: detected capacity change from 0 to 1024
[   74.864014][ T6131] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[   74.868117][ T6131] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   74.880735][ T6131] EXT4-fs error (device loop2): ext4_get_journal_inode:5796: inode #32: comm syz.2.88: iget: special inode unallocated
[   74.889104][ T6131] EXT4-fs (loop2): Remounting filesystem read-only
[   74.891918][ T6131] EXT4-fs (loop2): no journal found
[   74.896404][ T6131] EXT4-fs (loop2): can't get journal size
[   74.899882][ T6131] EXT4-fs (loop2): filesystem is read-only
[   74.905674][ T6131] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   74.906036][ T6123] loop1: detected capacity change from 0 to 32768
[   74.918760][ T6123] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.84 (6123)
[   74.946233][ T6123] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[   74.946623][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.950399][ T6123] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[   74.993901][ T6123] BTRFS info (device loop1): using free-space-tree
[   75.007671][ T6135] loop2: detected capacity change from 0 to 256
[   75.058338][ T6135] FAT-fs (loop2): Directory bread(block 64) failed
[   75.061162][ T6135] FAT-fs (loop2): Directory bread(block 65) failed
[   75.064714][ T6135] FAT-fs (loop2): Directory bread(block 66) failed
[   75.067454][ T6135] FAT-fs (loop2): Directory bread(block 67) failed
[   75.070152][ T6135] FAT-fs (loop2): Directory bread(block 68) failed
[   75.074067][ T6135] FAT-fs (loop2): Directory bread(block 69) failed
[   75.076893][ T6135] FAT-fs (loop2): Directory bread(block 70) failed
[   75.079772][ T6135] FAT-fs (loop2): Directory bread(block 71) failed
[   75.082079][ T6123] BTRFS info (device loop1): rebuilding free space tree
[   75.083312][ T6135] FAT-fs (loop2): Directory bread(block 72) failed
[   75.089078][ T6135] FAT-fs (loop2): Directory bread(block 73) failed
[   75.173083][ T5845] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[   75.535527][ T6167] loop2: detected capacity change from 0 to 512
[   75.540391][ T6167] EXT4-fs error (device loop2): ext4_get_journal_inode:5796: comm syz.2.97: inode #16777216: comm syz.2.97: iget: illegal inode #
[   75.547343][ T6167] EXT4-fs (loop2): Remounting filesystem read-only
[   75.549826][ T6167] EXT4-fs (loop2): no journal found
[   75.551658][ T6167] EXT4-fs (loop2): can't get journal size
[   75.558342][ T6167] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[   75.561916][ T6167] EXT4-fs (loop2): failed to initialize system zone (-22)
[   75.565231][ T6167] EXT4-fs (loop2): mount failed
[   75.581522][ T6169] syz.1.98 uses obsolete (PF_INET,SOCK_PACKET)
[   75.678070][ T6174] loop0: detected capacity change from 0 to 512
[   75.678567][ T6172] tipc: Failed to remove unknown binding: 66,1,1/0:1007943773/1007943775
[   75.685797][ T6174] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   75.701670][ T6174] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   75.713248][ T6174] EXT4-fs (loop0): 1 truncate cleaned up
[   75.716124][ T6174] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.809114][ T5850] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.212695][ T5881] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   76.401670][ T5881] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[   76.410512][ T5881] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[   76.416404][ T5881] usb 1-1: config 220 has an invalid descriptor of length 13, skipping remainder of the config
[   76.421352][ T5881] usb 1-1: config 220 has no interface number 2
[   76.429347][ T5881] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[   76.437020][ T5881] usb 1-1: config 220 interface 0 has no altsetting 0
[   76.439452][ T5881] usb 1-1: config 220 interface 76 has no altsetting 0
[   76.448712][ T5881] usb 1-1: config 220 interface 1 has no altsetting 0
[   76.461959][ T5881] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[   76.466514][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.470987][ T5881] usb 1-1: Product: syz
[   76.474859][ T5881] usb 1-1: Manufacturer: syz
[   76.480410][ T5881] usb 1-1: SerialNumber: syz
[   76.710230][ T5881] usb 1-1: selecting invalid altsetting 0
[   76.717042][ T5881] usb 1-1: Found UVC 7.01 device syz (8086:0b07)
[   76.719739][ T5881] usb 1-1: No valid video chain found.
[   76.728027][ T5881] usb 1-1: selecting invalid altsetting 0
[   76.730276][ T5881] usbtest 1-1:220.1: probe with driver usbtest failed with error -22
[   76.736659][ T5881] usb 1-1: USB disconnect, device number 3
[   77.019557][ T6204] loop1: detected capacity change from 0 to 4096
[   77.024780][ T6204] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[   77.060165][ T6204] ntfs3(loop1): failed to convert "c46c" to macturkish
[   77.070582][ T6204] ntfs3(loop1): ino=20, mi_enum_attr
[   77.080974][ T6204] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[   77.106149][ T6208] loop2: detected capacity change from 0 to 256
[   77.443985][ T5881] IPVS: starting estimator thread 0...
[   77.543848][ T6222] IPVS: using max 80 ests per chain, 192000 per kthread
[   78.093591][ T2306] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   78.246484][ T6254] netlink: 'syz.0.135': attribute type 10 has an invalid length.
[   78.253625][ T2306] usb 2-1: Using ep0 maxpacket: 32
[   78.261946][ T2306] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   78.266976][ T6254] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   78.274130][ T2306] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   78.282709][ T2306] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[   78.286860][ T2306] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.295372][ T2306] usb 2-1: config 0 descriptor??
[   78.992648][ T2306] savu 0003:1E7D:2D5A.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[   78.999745][ T2306] usb 2-1: USB disconnect, device number 2
[   79.569976][ T6268] loop1: detected capacity change from 0 to 1024
[   79.574419][ T6268] EXT4-fs: Ignoring removed orlov option
[   79.588682][ T6268] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   79.601403][   T33] audit: type=1800 audit(1755255402.877:3): pid=6268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.140" name="file1" dev="loop1" ino=15 res=0 errno=0
[   79.633063][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.850428][ T6279] loop1: detected capacity change from 0 to 4096
[   79.855035][ T6279] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[   79.860699][ T6279] ntfs3(loop1): ino=2, mi_enum_attr
[   79.863419][ T6279] ntfs3(loop1): Failed to load $LogFile (-22).
[   79.922188][ T6281] loop1: detected capacity change from 0 to 512
[   79.950842][ T6281] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.956579][ T6281] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   79.998030][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.031226][ T6307] netlink: 44 bytes leftover after parsing attributes in process `syz.1.154'.
[   81.106337][ T6309] capability: warning: `syz.1.155' uses deprecated v2 capabilities in a way that may be insecure
[   81.162976][ T6311] loop1: detected capacity change from 0 to 256
[   81.258938][ T6311] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   81.404446][   T24] cfg80211: failed to load regulatory.db
[   81.711546][ T6335] Bluetooth: MGMT ver 1.23
[   81.850907][ T6347] syz_tun: entered allmulticast mode
[   81.870332][ T6347] dvmrp1: entered allmulticast mode
[   81.880910][ T6346] syz_tun: left allmulticast mode
[   81.921670][ T6352] loop2: detected capacity change from 0 to 128
[   81.940874][ T6352] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   81.967539][ T6352] ext4 filesystem being mounted at /44/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   81.999310][ T5852] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   82.116103][ T6349] loop1: detected capacity change from 0 to 32768
[   82.125777][ T6349] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.175 (6349)
[   82.149350][ T6349] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   82.157745][ T6349] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[   82.167950][ T6349] BTRFS info (device loop1): using free-space-tree
[   82.326304][ T5845] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   83.013568][ T6405] binder: 6391:6405 ioctl 400c620e 200000000240 returned -22
[   83.411674][ T6401] loop2: detected capacity change from 0 to 32768
[   83.436448][ T6401] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   83.482700][ T6401] XFS (loop2): Ending clean mount
[   83.492589][ T6401] XFS (loop2): Quotacheck needed: Please wait.
[   83.528723][ T6401] XFS (loop2): Quotacheck: Done.
[   83.666791][ T5852] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   84.289753][ T5854] IPVS: starting estimator thread 0...
[   84.392354][ T6439] IPVS: using max 44 ests per chain, 105600 per kthread
[   84.568972][ T6451] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   84.592969][ T6438] loop2: detected capacity change from 0 to 32768
[   84.604991][ T6438] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.201 (6438)
[   84.626576][ T6438] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   84.630644][ T6438] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[   84.641720][ T6438] BTRFS info (device loop2): using free-space-tree
[   84.763561][ T6474] loop0: detected capacity change from 0 to 24
[   84.774321][ T5852] BTRFS info (device loop2 state C): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   84.782649][ T6474] MTD: Attempt to mount non-MTD device "/dev/loop0"
[   84.805285][ T6474] romfs: Mounting image 'rom 637cf1fa' through the block layer
[   84.970572][   T33] audit: type=1326 audit(1755255408.247:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.1.210" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f56ef12add9 code=0x7ffc0000
[   84.970597][   T33] audit: type=1326 audit(1755255408.247:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.1.210" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f56ef12add9 code=0x7ffc0000
[   84.970612][   T33] audit: type=1326 audit(1755255408.247:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.1.210" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f56ef12add9 code=0x7ffc0000
[   84.970626][   T33] audit: type=1326 audit(1755255408.247:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.1.210" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f56ef12add9 code=0x7ffc0000
[   84.970640][   T33] audit: type=1326 audit(1755255408.247:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.1.210" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f56ef12add9 code=0x7ffc0000
[   84.970654][   T33] audit: type=1326 audit(1755255408.247:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.1.210" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f56ef12add9 code=0x7ffc0000
[   84.989912][   T33] audit: type=1326 audit(1755255408.267:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.1.210" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f56ef12add9 code=0x7ffc0000
[   84.989939][   T33] audit: type=1326 audit(1755255408.267:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.1.210" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f56ef12add9 code=0x7ffc0000
[   84.989954][   T33] audit: type=1326 audit(1755255408.267:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.1.210" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f56ef12add9 code=0x7ffc0000
[   84.989968][   T33] audit: type=1326 audit(1755255408.267:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.1.210" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f56ef12add9 code=0x7ffc0000
[   85.160967][ T6488] netlink: 27 bytes leftover after parsing attributes in process `syz.1.217'.
[   86.992391][ T6526] loop1: detected capacity change from 0 to 256
[   86.999679][ T6526] exfat: Deprecated parameter 'utf8'
[   87.001943][ T6526] exfat: Deprecated parameter 'namecase'
[   87.088000][ T6526] exfat: Deprecated parameter 'utf8'
[   87.101667][ T6526] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[   87.210148][ T6524] loop2: detected capacity change from 0 to 32768
[   87.701677][ T6563] loop0: detected capacity change from 0 to 2048
[   87.712862][ T6563] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   88.358581][ T6566] loop2: detected capacity change from 0 to 40427
[   88.403332][ T6566] F2FS-fs (loop2): Image doesn't support compression
[   88.418089][ T6566] F2FS-fs (loop2): build fault injection rate: 690
[   88.495365][ T6566] F2FS-fs (loop2): invalid crc value
[   88.852104][ T6566] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   88.860673][ T6566] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   88.996141][ T5852] syz-executor: attempt to access beyond end of device
[   88.996141][ T5852] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   89.006678][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[   89.006697][ T5852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   89.006703][ T5852] Call Trace:
[   89.006707][ T5852]  <TASK>
[   89.006711][ T5852]  dump_stack_lvl+0x189/0x250
[   89.006727][ T5852]  ? preempt_schedule_thunk+0x16/0x30
[   89.006744][ T5852]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.006757][ T5852]  ? __pfx_queue_work_on+0x10/0x10
[   89.006766][ T5852]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   89.006782][ T5852]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   89.006803][ T5852]  f2fs_handle_critical_error+0x37c/0x540
[   89.006825][ T5852]  f2fs_write_end_io+0x886/0xb60
[   89.006849][ T5852]  __submit_merged_bio+0x27a/0x6a0
[   89.006870][ T5852]  __submit_merged_write_cond+0x255/0x530
[   89.006891][ T5852]  f2fs_write_data_pages+0x261d/0x3000
[   89.006932][ T5852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   89.007001][ T5852]  ? __lock_acquire+0xab9/0xd20
[   89.007024][ T5852]  ? do_raw_spin_lock+0x121/0x290
[   89.007045][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[   89.007092][ T5852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   89.007109][ T5852]  do_writepages+0x32e/0x550
[   89.007134][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[   89.007151][ T5852]  filemap_fdatawrite+0x199/0x240
[   89.007166][ T5852]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   89.007214][ T5852]  ? preempt_schedule_thunk+0x16/0x30
[   89.007237][ T5852]  f2fs_sync_dirty_inodes+0x31f/0x830
[   89.007260][ T5852]  f2fs_write_checkpoint+0x95a/0x1df0
[   89.007288][ T5852]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   89.007332][ T5852]  ? kill_f2fs_super+0x298/0x6c0
[   89.007347][ T5852]  kill_f2fs_super+0x2c3/0x6c0
[   89.007363][ T5852]  ? __pfx_kill_f2fs_super+0x10/0x10
[   89.007373][ T5852]  ? radix_tree_delete_item+0x2b6/0x400
[   89.007394][ T5852]  ? shrinker_free+0x2ce/0x3e0
[   89.007408][ T5852]  deactivate_locked_super+0xbc/0x130
[   89.007424][ T5852]  cleanup_mnt+0x425/0x4c0
[   89.007438][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[   89.007455][ T5852]  task_work_run+0x1d4/0x260
[   89.007473][ T5852]  ? __pfx_task_work_run+0x10/0x10
[   89.007486][ T5852]  ? __x64_sys_umount+0x122/0x160
[   89.007505][ T5852]  ? exit_to_user_mode_loop+0x40/0x110
[   89.007524][ T5852]  exit_to_user_mode_loop+0xec/0x110
[   89.007540][ T5852]  do_syscall_64+0x2bd/0x3b0
[   89.007555][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[   89.007569][ T5852]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.007580][ T5852]  ? exc_page_fault+0x9f/0xf0
[   89.007597][ T5852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.007608][ T5852] RIP: 0033:0x7fee3458ff17
[   89.007620][ T5852] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   89.007629][ T5852] RSP: 002b:00007ffd41dfff88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   89.007642][ T5852] RAX: 0000000000000000 RBX: 00007fee34611c05 RCX: 00007fee3458ff17
[   89.007649][ T5852] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd41e00040
[   89.007655][ T5852] RBP: 00007ffd41e00040 R08: 0000000000000000 R09: 0000000000000000
[   89.007663][ T5852] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd41e010d0
[   89.007670][ T5852] R13: 00007fee34611c05 R14: 0000000000015ac3 R15: 00007ffd41e01110
[   89.007691][ T5852]  </TASK>
[   89.008572][ T5852] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   90.077208][ T6588] loop0: detected capacity change from 0 to 32768
[   90.082701][ T6588] bcachefs (/dev/loop0): error validating superblock: Invalid superblock section crypt: bad kdf type 8
[   90.082701][ T6588] crypt (size 152):
[   90.082701][ T6588] KFD:               8
[   90.082701][ T6588] scrypt n:          63098
[   90.082701][ T6588] scrypt r:          11127
[   90.082701][ T6588] scrypt p:          56832
[   90.082701][ T6588] 
[   90.096199][ T6588] bcachefs: bch2_fs_get_tree() error: invalid_sb_crypt
[   90.298970][ T6590] loop1: detected capacity change from 0 to 32768
[   90.302431][ T6590] XFS: ikeep mount option is deprecated.
[   90.381334][ T6590] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   90.454093][ T6590] XFS (loop1): Ending clean mount
[   90.457316][ T6590] XFS (loop1): Quotacheck needed: Please wait.
[   90.483178][ T6590] XFS (loop1): Quotacheck: Done.
[   90.534210][ T5845] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   90.672403][ T5881] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   90.805471][ T6616] loop2: detected capacity change from 0 to 32768
[   90.810319][ T6616] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.271 (6616)
[   90.825992][ T5881] usb 1-1: Using ep0 maxpacket: 8
[   90.829207][ T5881] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   90.842328][ T5881] usb 1-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[   90.856162][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.861349][ T5881] usb 1-1: Product: syz
[   90.863858][ T5881] usb 1-1: Manufacturer: syz
[   90.865750][ T5881] usb 1-1: SerialNumber: syz
[   90.874644][ T6616] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[   90.890534][ T5881] usb 1-1: config 0 descriptor??
[   90.893386][ T6616] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[   90.897357][ T6616] BTRFS info (device loop2): disk space caching is enabled
[   91.273584][ T6616] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   91.281954][ T5881] cdc_phonet 1-1:0.0: probe with driver cdc_phonet failed with error -22
[   91.354387][ T6616] BTRFS info (device loop2): rebuilding free space tree
[   91.370467][ T6616] BTRFS info (device loop2): disabling free space tree
[   91.374719][ T6616] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   91.378858][ T6616] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   91.415157][ T5852] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[   91.488216][ T5881] usb 1-1: USB disconnect, device number 4
[   91.631998][ T6644] netlink: 12 bytes leftover after parsing attributes in process `syz.2.275'.
[   92.980931][ T6661] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.282'.
[   93.364359][ T6666] loop1: detected capacity change from 0 to 16
[   93.389434][ T6666] erofs (device loop1): mounted with root inode @ nid 36.
[   93.404436][ T6666] erofs (device loop1): bogus lookback distance 1388 @ lcn 42 of nid 36
[   93.411123][ T6666] erofs (device loop1): failed to decompress -29 in[58, 4038] out[1851]
[   93.422497][ T6666] erofs (device loop1): read error -117 @ 43 of nid 36
[   93.519055][ T6668] erofs (device loop1): bogus lookback distance 1388 @ lcn 42 of nid 36
[   93.523308][ T6668] erofs (device loop1): bogus lookback distance 1388 @ lcn 42 of nid 36
[   93.530016][ T6668] erofs (device loop1): readahead error at folio 42 @ nid 36
[   93.538530][ T6668] erofs (device loop1): bogus lookback distance 774 @ lcn 40 of nid 36
[   93.544659][ T6668] erofs (device loop1): readahead error at folio 41 @ nid 36
[   93.547764][ T6668] erofs (device loop1): bogus lookback distance 774 @ lcn 40 of nid 36
[   93.551109][ T6668] erofs (device loop1): readahead error at folio 40 @ nid 36
[   93.557219][ T6668] erofs (device loop1): readahead error at folio 39 @ nid 36
[   93.561950][ T6668] erofs (device loop1): readahead error at folio 38 @ nid 36
[   93.568758][ T6668] erofs (device loop1): readahead error at folio 36 @ nid 36
[   93.577371][ T6668] erofs (device loop1): bogus lookback distance 1468 @ lcn 31 of nid 36
[   93.581448][ T6668] erofs (device loop1): readahead error at folio 31 @ nid 36
[   93.587590][ T6668] erofs (device loop1): readahead error at folio 25 @ nid 36
[   93.591413][ T6668] erofs (device loop1): readahead error at folio 24 @ nid 36
[   93.599765][ T6668] erofs (device loop1): readahead error at folio 19 @ nid 36
[   93.605854][ T6668] syz.1.284: attempt to access beyond end of device
[   93.605854][ T6668] loop1: rw=524288, sector=784, nr_sectors = 64 limit=16
[   93.614243][ T6668] syz.1.284: attempt to access beyond end of device
[   93.614243][ T6668] loop1: rw=524288, sector=13478624080, nr_sectors = 24 limit=16
[   93.624440][ T6668] syz.1.284: attempt to access beyond end of device
[   93.624440][ T6668] loop1: rw=524288, sector=13478624032, nr_sectors = 48 limit=16
[   93.634670][ T6668] erofs (device loop1): failed to decompress -29 in[58, 4038] out[2639]
[   93.638933][ T6668] erofs (device loop1): bogus lookback distance 1586 @ lcn 46 of nid 36
[   93.653386][ T6668] erofs (device loop1): readahead error at folio 47 @ nid 36
[   93.657913][ T6668] erofs (device loop1): bogus lookback distance 1586 @ lcn 46 of nid 36
[   93.661588][ T6668] erofs (device loop1): readahead error at folio 46 @ nid 36
[   93.667733][ T6668] erofs (device loop1): readahead error at folio 45 @ nid 36
[   93.673485][ T6668] syz.1.284: attempt to access beyond end of device
[   93.673485][ T6668] loop1: rw=524288, sector=16, nr_sectors = 16 limit=16
[   93.695900][ T6668] erofs (device loop1): failed to decompress -29 in[58, 4038] out[3537]
[   93.959924][ T6672] bridge0: entered allmulticast mode
[   93.968086][ T6672] netlink: 4 bytes leftover after parsing attributes in process `syz.2.287'.
[   93.971910][ T6672] bridge_slave_1: left allmulticast mode
[   93.975881][ T6672] bridge_slave_1: left promiscuous mode
[   93.979558][ T6672] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.982406][ T6261] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   93.996203][ T6672] bridge_slave_0: left allmulticast mode
[   93.998742][ T6672] bridge_slave_0: left promiscuous mode
[   94.001360][ T6672] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.033586][ T6672] bridge0 (unregistering): left allmulticast mode
[   94.272361][ T6261] usb 1-1: Using ep0 maxpacket: 16
[   94.285080][ T6261] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[   94.288611][ T6261] usb 1-1: config 0 descriptor has 1 excess byte, ignoring
[   94.291676][ T6261] usb 1-1: config 0 has no interface number 0
[   94.301184][ T6261] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[   94.305192][ T6261] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.308555][ T6261] usb 1-1: Product: syz
[   94.310270][ T6261] usb 1-1: Manufacturer: syz
[   94.312580][ T6261] usb 1-1: SerialNumber: syz
[   94.318392][ T6261] usb 1-1: config 0 descriptor??
[   94.325386][ T6261] usb 1-1: Found UVC 0.00 device syz (046d:08f3)
[   94.329640][ T6261] usb 1-1: No valid video chain found.
[   94.337964][ T6678] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[   94.540821][ T6261] usb 1-1: USB disconnect, device number 5
[   94.766578][ T6684] loop1: detected capacity change from 0 to 32768
[   94.772004][ T6684] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.292 (6684)
[   94.796589][ T6684] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   94.800663][ T6684] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[   94.815757][ T6684] BTRFS info (device loop1): using free-space-tree
[   95.066399][ T5845] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   95.613117][  T791] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   95.648577][   T33] kauditd_printk_skb: 155 callbacks suppressed
[   95.648591][   T33] audit: type=1107 audit(1755255418.927:169): pid=6738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[   95.762370][  T791] usb 2-1: Using ep0 maxpacket: 32
[   95.794501][    C1] vkms_vblank_simulate: vblank timer overrun
[   95.802548][  T791] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   95.807215][  T791] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   95.810428][  T791] usb 2-1: New USB device found, idVendor=258a, idProduct=0033, bcdDevice= 0.00
[   95.817791][  T791] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.824833][  T791] usb 2-1: config 0 descriptor??
[   95.936015][   T13] nci: nci_add_new_protocol: the target found does not have the desired protocol
[   96.239214][  T791] glorious 0003:258A:0033.0002: unknown main item tag 0x1
[   96.243852][  T791] glorious 0003:258A:0033.0002: item fetching failed at offset 2/3
[   96.247376][  T791] glorious 0003:258A:0033.0002: probe with driver glorious failed with error -22
[   96.447965][ T6261] usb 2-1: USB disconnect, device number 3
[   96.756842][ T6755] loop2: detected capacity change from 0 to 2048
[   96.774368][ T6755] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   96.820196][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.957407][ T6768] loop0: detected capacity change from 0 to 4096
[   96.978186][ T6768] ntfs3(loop0): ino=19, mi_enum_attr
[   96.989379][ T6768] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[   97.962656][   T33] audit: type=1326 audit(1755255421.117:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6777 comm="syz.0.325" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe11f58ebe9 code=0x0
[   98.186243][ T6784] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9)
[   98.188787][ T6784] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   98.253357][ T6790] vhci_hcd: connection closed
[   98.266903][ T6784] vhci_hcd vhci_hcd.0: Device attached
[   98.300560][ T5742] vhci_hcd: stop threads
[   98.311378][ T5742] vhci_hcd: release socket
[   98.322098][ T5742] vhci_hcd: disconnect device
[   99.060240][ T6797] loop0: detected capacity change from 0 to 32768
[   99.070138][ T6799] loop1: detected capacity change from 0 to 256
[   99.190810][ T6803] loop1: detected capacity change from 0 to 512
[   99.215842][ T6803] EXT4-fs: Ignoring removed orlov option
[   99.235523][ T6803] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   99.263337][ T6803] EXT4-fs (loop1): orphan cleanup on readonly fs
[   99.275203][ T6803] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.330: bg 0: block 248: padding at end of block bitmap is not set
[   99.283737][ T6803] Quota error (device loop1): write_blk: dquota write failed
[   99.287121][ T6803] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[   99.290704][ T6803] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.330: Failed to acquire dquot type 1
[   99.299328][ T6803] EXT4-fs (loop1): 1 truncate cleaned up
[   99.310852][ T6803] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   99.334745][ T6803] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[   99.356935][ T6803] EXT4-fs error (device loop1): __ext4_remount:6736: comm syz.1.330: Abort forced by user
[   99.372382][ T6803] EXT4-fs (loop1): Remounting filesystem read-only
[   99.372402][ T6803] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   99.372449][ T6803] ext4 filesystem being remounted at /126/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   99.421384][ T6803] EXT4-fs: Ignoring removed orlov option
[   99.424239][ T6803] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   99.450013][ T6803] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000.
[   99.471847][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.796316][ T6834] loop1: detected capacity change from 0 to 128
[   99.845964][ T6834] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   99.851108][ T6834] ext4 filesystem being mounted at /130/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  100.106799][   T33] audit: type=1800 audit(1755255423.387:171): pid=6834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.343" name="file1" dev="loop1" ino=12 res=0 errno=0
[  100.204673][ T5845] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  100.341595][ T6853] netlink: 8 bytes leftover after parsing attributes in process `syz.1.350'.
[  100.402647][  T791] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  100.439176][ T6857] loop1: detected capacity change from 0 to 128
[  100.459486][ T6857] ERROR: Domain '<kernel> /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /usr/sbin/sshd /usr/sbin/sshd /bin/sh /syz-executor /syz-executor /newroot/137/file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  100.566231][  T791] usb 3-1: Using ep0 maxpacket: 32
[  100.602105][    C1] vkms_vblank_simulate: vblank timer overrun
[  100.615845][ T6861] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun!
[  100.639009][  T791] usb 3-1: unable to get BOS descriptor or descriptor too short
[  100.648805][  T791] usb 3-1: config 3 has an invalid interface number: 192 but max is 0
[  100.659253][  T791] usb 3-1: config 3 has no interface number 0
[  100.662959][  T791] usb 3-1: config 3 interface 192 has no altsetting 0
[  100.668155][  T791] usb 3-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=2b.5b
[  100.672807][  T791] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.677549][  T791] usb 3-1: Product: syz
[  100.679587][  T791] usb 3-1: Manufacturer: syz
[  100.681982][  T791] usb 3-1: SerialNumber: syz
[  100.903763][  T791] usbhid 3-1:3.192: couldn't find an input interrupt endpoint
[  100.909617][  T791] usb 3-1: USB disconnect, device number 3
[  102.115429][ T6916] netlink: 104 bytes leftover after parsing attributes in process `syz.0.372'.
[  102.122621][ T6915] loop1: detected capacity change from 0 to 4096
[  102.139740][ T6915] ntfs3(loop1): ino=19, mi_enum_attr
[  102.141404][ T6915] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  103.024038][ T6927] loop0: detected capacity change from 0 to 32768
[  103.046704][ T6927] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.378 (6927)
[  103.105945][ T6927] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  103.135901][ T6927] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  103.140004][ T6927] BTRFS info (device loop0): using free-space-tree
[  103.365517][ T6261] kernel write not supported for file /input/mouse0 (pid: 6261 comm: kworker/0:4)
[  103.650091][ T5850] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  103.883730][ T6964] loop1: detected capacity change from 0 to 2048
[  103.921529][ T6964] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  103.963414][ T6967] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  104.317631][ T6966] loop0: detected capacity change from 0 to 40427
[  104.323473][ T6966] F2FS-fs (loop0): build fault injection rate: 771
[  104.327951][ T6966] F2FS-fs (loop0): invalid crc value
[  104.424696][ T6966] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  104.434428][ T6983] futex_wake_op: syz.1.393 tries to shift op by 32; fix this program
[  104.449395][ T6966] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  104.520618][ T5850] syz-executor: attempt to access beyond end of device
[  104.520618][ T5850] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  104.528591][ T5850] CPU: 0 UID: 0 PID: 5850 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  104.528604][ T5850] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  104.528609][ T5850] Call Trace:
[  104.528612][ T5850]  <TASK>
[  104.528615][ T5850]  dump_stack_lvl+0x189/0x250
[  104.528629][ T5850]  ? __pfx_dump_stack_lvl+0x10/0x10
[  104.528638][ T5850]  ? __pfx_queue_work_on+0x10/0x10
[  104.528644][ T5850]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  104.528654][ T5850]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  104.528667][ T5850]  f2fs_handle_critical_error+0x37c/0x540
[  104.528680][ T5850]  f2fs_write_end_io+0x886/0xb60
[  104.528695][ T5850]  __submit_merged_bio+0x27a/0x6a0
[  104.528707][ T5850]  __submit_merged_write_cond+0x255/0x530
[  104.528719][ T5850]  f2fs_write_data_pages+0x261d/0x3000
[  104.528744][ T5850]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  104.528790][ T5850]  ? __mod_zone_page_state+0xd7/0x140
[  104.528838][ T5850]  ? folios_put_refs+0x560/0x640
[  104.528863][ T5850]  ? __lock_acquire+0xab9/0xd20
[  104.528885][ T5850]  ? do_raw_spin_lock+0x121/0x290
[  104.528906][ T5850]  ? do_raw_spin_unlock+0x4d/0x240
[  104.528919][ T5850]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  104.528936][ T5850]  do_writepages+0x32e/0x550
[  104.528959][ T5850]  ? do_raw_spin_unlock+0x4d/0x240
[  104.528976][ T5850]  filemap_fdatawrite+0x199/0x240
[  104.528992][ T5850]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  104.529044][ T5850]  ? do_raw_spin_unlock+0x4d/0x240
[  104.529062][ T5850]  f2fs_sync_dirty_inodes+0x31f/0x830
[  104.529085][ T5850]  f2fs_write_checkpoint+0x95a/0x1df0
[  104.529117][ T5850]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  104.529183][ T5850]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  104.529197][ T5850]  ? kfree+0x18e/0x440
[  104.529211][ T5850]  ? kill_f2fs_super+0x298/0x6c0
[  104.529229][ T5850]  kill_f2fs_super+0x2c3/0x6c0
[  104.529245][ T5850]  ? __pfx_kill_f2fs_super+0x10/0x10
[  104.529255][ T5850]  ? radix_tree_delete_item+0x2b6/0x400
[  104.529276][ T5850]  ? shrinker_free+0x2ce/0x3e0
[  104.529290][ T5850]  deactivate_locked_super+0xbc/0x130
[  104.529307][ T5850]  cleanup_mnt+0x425/0x4c0
[  104.529320][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.529335][ T5850]  task_work_run+0x1d4/0x260
[  104.529352][ T5850]  ? __pfx_task_work_run+0x10/0x10
[  104.529363][ T5850]  ? __x64_sys_umount+0x122/0x160
[  104.529381][ T5850]  ? exit_to_user_mode_loop+0x40/0x110
[  104.529399][ T5850]  exit_to_user_mode_loop+0xec/0x110
[  104.529414][ T5850]  do_syscall_64+0x2bd/0x3b0
[  104.529428][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.529442][ T5850]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.529454][ T5850]  ? exc_page_fault+0x9f/0xf0
[  104.529471][ T5850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.529482][ T5850] RIP: 0033:0x7fe11f58ff17
[  104.529494][ T5850] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  104.529503][ T5850] RSP: 002b:00007ffc298d3dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  104.529525][ T5850] RAX: 0000000000000000 RBX: 00007fe11f611c05 RCX: 00007fe11f58ff17
[  104.529532][ T5850] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc298d3e80
[  104.529539][ T5850] RBP: 00007ffc298d3e80 R08: 0000000000000000 R09: 0000000000000000
[  104.529546][ T5850] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc298d4f10
[  104.529553][ T5850] R13: 00007fe11f611c05 R14: 000000000001979e R15: 00007ffc298d4f50
[  104.529576][ T5850]  </TASK>
[  104.676764][ T5850] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  104.679662][ T5850] CPU: 0 UID: 0 PID: 5850 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  104.679680][ T5850] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  104.679687][ T5850] Call Trace:
[  104.679691][ T5850]  <TASK>
[  104.679697][ T5850]  dump_stack_lvl+0x189/0x250
[  104.679718][ T5850]  ? __pfx_dump_stack_lvl+0x10/0x10
[  104.679733][ T5850]  ? __pfx_queue_work_on+0x10/0x10
[  104.679744][ T5850]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  104.679759][ T5850]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  104.679782][ T5850]  f2fs_handle_critical_error+0x37c/0x540
[  104.679803][ T5850]  f2fs_write_end_io+0x886/0xb60
[  104.679852][ T5850]  __submit_merged_bio+0x27a/0x6a0
[  104.679873][ T5850]  __submit_merged_write_cond+0x255/0x530
[  104.679894][ T5850]  f2fs_write_data_pages+0x261d/0x3000
[  104.679935][ T5850]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  104.679984][ T5850]  ? __mod_zone_page_state+0xd7/0x140
[  104.680009][ T5850]  ? folios_put_refs+0x560/0x640
[  104.680032][ T5850]  ? __lock_acquire+0xab9/0xd20
[  104.680056][ T5850]  ? do_raw_spin_lock+0x121/0x290
[  104.680079][ T5850]  ? do_raw_spin_unlock+0x4d/0x240
[  104.680093][ T5850]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  104.680111][ T5850]  do_writepages+0x32e/0x550
[  104.680134][ T5850]  ? do_raw_spin_unlock+0x4d/0x240
[  104.680151][ T5850]  filemap_fdatawrite+0x199/0x240
[  104.680167][ T5850]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  104.680210][ T5850]  ? do_raw_spin_unlock+0x4d/0x240
[  104.680227][ T5850]  f2fs_sync_dirty_inodes+0x31f/0x830
[  104.680247][ T5850]  f2fs_write_checkpoint+0x95a/0x1df0
[  104.680272][ T5850]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  104.680311][ T5850]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  104.680323][ T5850]  ? kfree+0x18e/0x440
[  104.680338][ T5850]  ? kill_f2fs_super+0x298/0x6c0
[  104.680354][ T5850]  kill_f2fs_super+0x2c3/0x6c0
[  104.680371][ T5850]  ? __pfx_kill_f2fs_super+0x10/0x10
[  104.680381][ T5850]  ? radix_tree_delete_item+0x2b6/0x400
[  104.680401][ T5850]  ? shrinker_free+0x2ce/0x3e0
[  104.680416][ T5850]  deactivate_locked_super+0xbc/0x130
[  104.680431][ T5850]  cleanup_mnt+0x425/0x4c0
[  104.680445][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.680463][ T5850]  task_work_run+0x1d4/0x260
[  104.680481][ T5850]  ? __pfx_task_work_run+0x10/0x10
[  104.680495][ T5850]  ? __x64_sys_umount+0x122/0x160
[  104.680514][ T5850]  ? exit_to_user_mode_loop+0x40/0x110
[  104.680540][ T5850]  exit_to_user_mode_loop+0xec/0x110
[  104.680557][ T5850]  do_syscall_64+0x2bd/0x3b0
[  104.680572][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.680587][ T5850]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.680598][ T5850]  ? exc_page_fault+0x9f/0xf0
[  104.680615][ T5850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.680626][ T5850] RIP: 0033:0x7fe11f58ff17
[  104.680638][ T5850] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  104.680647][ T5850] RSP: 002b:00007ffc298d3dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  104.680660][ T5850] RAX: 0000000000000000 RBX: 00007fe11f611c05 RCX: 00007fe11f58ff17
[  104.680668][ T5850] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc298d3e80
[  104.680675][ T5850] RBP: 00007ffc298d3e80 R08: 0000000000000000 R09: 0000000000000000
[  104.680682][ T5850] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc298d4f10
[  104.680689][ T5850] R13: 00007fe11f611c05 R14: 000000000001979e R15: 00007ffc298d4f50
[  104.680710][ T5850]  </TASK>
[  104.680715][ T5850] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  105.082416][   T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  105.219395][ T7006] loop1: detected capacity change from 0 to 2048
[  105.255337][   T24] usb 3-1: Using ep0 maxpacket: 16
[  105.258755][ T5848] Alternate GPT is invalid, using primary GPT.
[  105.264470][ T5848]  loop1: p2 p3 p7
[  105.271929][   T24] usb 3-1: config 0 has an invalid interface number: 49 but max is 0
[  105.280614][   T24] usb 3-1: config 0 has no interface number 0
[  105.283430][   T24] usb 3-1: config 0 interface 49 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 16
[  105.295992][   T24] usb 3-1: config 0 interface 49 altsetting 0 has an endpoint descriptor with address 0x69, changing to 0x9
[  105.311425][   T24] usb 3-1: config 0 interface 49 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7
[  105.328928][   T24] usb 3-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=76.b7
[  105.330925][ T7006] Alternate GPT is invalid, using primary GPT.
[  105.332885][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.335888][ T7006]  loop1: p2 p3 p7
[  105.343980][   T24] usb 3-1: Product: syz
[  105.345831][   T24] usb 3-1: Manufacturer: syz
[  105.347833][   T24] usb 3-1: SerialNumber: syz
[  105.365377][   T24] usb 3-1: config 0 descriptor??
[  105.371319][ T6996] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  105.519162][ T6240] udevd[6240]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  105.525717][ T5990] udevd[5990]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory
[  105.527924][ T5848] udevd[5848]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[  105.559480][ T5848] udevd[5848]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[  105.567981][ T5858] udevd[5858]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory
[  105.568694][ T6240] udevd[6240]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  105.597046][   T24] usb 3-1: USB disconnect, device number 4
[  105.828134][ T7023] loop1: detected capacity change from 0 to 4096
[  105.832867][ T7023] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  105.849867][ T7023] ntfs3(loop1): Failed to load $Extend (-22).
[  105.856213][ T7023] ntfs3(loop1): Failed to initialize $Extend.
[  105.912517][ T6261] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  106.067262][ T6261] usb 1-1: Using ep0 maxpacket: 32
[  106.073704][ T6261] usb 1-1: config 0 has an invalid interface number: 146 but max is 0
[  106.077050][ T6261] usb 1-1: config 0 has no interface number 0
[  106.079687][ T6261] usb 1-1: config 0 interface 146 has no altsetting 0
[  106.100634][ T6261] usb 1-1: New USB device found, idVendor=2c42, idProduct=1636, bcdDevice=8d.92
[  106.104286][ T6261] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.107864][ T6261] usb 1-1: Product: syz
[  106.109695][ T6261] usb 1-1: Manufacturer: syz
[  106.111724][ T6261] usb 1-1: SerialNumber: syz
[  106.116359][ T6261] usb 1-1: config 0 descriptor??
[  106.127338][ T6261] f81232 1-1:0.146: f81534a converter detected
[  106.332948][ T6261] usb 1-1: f81534a converter now attached to ttyUSB0
[  106.548361][ T6261] usb 1-1: USB disconnect, device number 6
[  106.561128][ T7044] mmap: syz.2.420 (7044) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  106.567718][ T6261] f81534a ttyUSB0: f81534a converter now disconnected from ttyUSB0
[  106.584197][ T6261] f81232 1-1:0.146: device disconnected
[  106.748487][ T5235] Bluetooth: hci2: ACL packet too small
[  106.965899][ T7058] loop2: detected capacity change from 0 to 256
[  106.969314][ T7058] exfat: Unknown parameter ''
[  107.549713][ T6261] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  107.691483][ T7069] loop0: detected capacity change from 0 to 4096
[  107.705684][ T6261] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  107.709751][ T6261] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  107.714846][ T6261] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  107.732988][ T6261] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  107.736783][ T6261] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.739845][ T6261] usb 2-1: Product: syz
[  107.749637][ T6261] usb 2-1: Manufacturer: syz
[  107.751667][ T6261] usb 2-1: SerialNumber: syz
[  107.762735][ T6261] hub 2-1:1.0: bad descriptor, ignoring hub
[  107.765346][ T6261] hub 2-1:1.0: probe with driver hub failed with error -5
[  107.908902][ T7071] autofs4:pid:7071:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.2816), cmd(0xc0189375)
[  107.915125][ T7071] autofs4:pid:7071:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189375)
[  107.977117][ T6261] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  108.174053][ T7077] loop2: detected capacity change from 0 to 32768
[  108.185993][ T7077] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.435 (7077)
[  108.196066][ T7077] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  108.200281][ T7077] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  108.204704][ T7077] BTRFS info (device loop2): using free-space-tree
[  108.246943][   T24] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  108.273137][ T2306] usb 2-1: USB disconnect, device number 4
[  108.282078][ T2306] usblp0: removed
[  108.403830][   T24] usb 1-1: config 0 has an invalid interface number: 41 but max is 0
[  108.406718][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  108.410837][   T24] usb 1-1: config 0 has no interface number 0
[  108.418933][   T24] usb 1-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  108.423648][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.427192][   T24] usb 1-1: Product: syz
[  108.429017][   T24] usb 1-1: Manufacturer: syz
[  108.431057][   T24] usb 1-1: SerialNumber: syz
[  108.438623][   T24] usb 1-1: config 0 descriptor??
[  108.448897][   T24] ims_pcu 1-1:0.41: Missing CDC union descriptor
[  108.451689][   T24] ims_pcu 1-1:0.41: probe with driver ims_pcu failed with error -22
[  108.651724][   T24] usb 1-1: USB disconnect, device number 7
[  108.793667][ T7096] netlink: 'syz.1.436': attribute type 8 has an invalid length.
[  108.811306][ T7096] bridge2: entered allmulticast mode
[  108.976770][ T5852] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  109.310420][ T7121] trusted_key: syz.1.448 sent an empty control message without MSG_MORE.
[  109.533518][ T2306] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  109.582398][ T6261] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  109.694479][ T2306] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  109.699178][ T2306] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  109.703753][ T2306] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  109.710919][ T2306] usb 1-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[  109.714890][ T2306] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.718198][ T2306] usb 1-1: Product: syz
[  109.719900][ T2306] usb 1-1: Manufacturer: syz
[  109.721680][ T2306] usb 1-1: SerialNumber: syz
[  109.726150][ T2306] usb 1-1: config 0 descriptor??
[  109.729824][ T7120] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  109.732911][ T6261] usb 2-1: Using ep0 maxpacket: 8
[  109.738079][ T6261] usb 2-1: unable to get BOS descriptor or descriptor too short
[  109.742863][ T6261] usb 2-1: config 2 has an invalid interface number: 65 but max is 0
[  109.746354][ T6261] usb 2-1: config 2 has no interface number 0
[  109.749054][ T6261] usb 2-1: config 2 interface 65 has no altsetting 0
[  109.755063][ T6261] usb 2-1: New USB device found, idVendor=0b48, idProduct=1009, bcdDevice=d8.44
[  109.758889][ T6261] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.762173][ T6261] usb 2-1: Product: syz
[  109.764107][ T6261] usb 2-1: Manufacturer: syz
[  109.766213][ T6261] usb 2-1: SerialNumber: syz
[  109.940152][ T2306] powermate: unknown product id 0240
[  109.942928][ T2306] powermate: Expected payload of 3--6 bytes, found 1024 bytes!
[  109.950900][ T2306] input: Griffin SoundKnob as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5
[  110.001540][ T6261] ttusb_dec_send_command: command bulk message failed: error -22
[  110.006880][ T6261] ttusb-dec 2-1:2.65: probe with driver ttusb-dec failed with error -22
[  110.012826][ T6261] usb 2-1: USB disconnect, device number 5
[  110.145474][    C0] powermate: config urb returned -71
[  110.145916][ T5881] usb 1-1: USB disconnect, device number 8
[  110.147301][    C0] powermate: usb_submit_urb(config) failed
[  110.149586][    C0] powermate 1-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[  110.258540][ T7125] loop2: detected capacity change from 0 to 32768
[  110.265262][ T7125] XFS (loop2): sunit and swidth must be specified together
[  111.059388][ T7150] loop0: detected capacity change from 0 to 40427
[  111.077299][ T7150] F2FS-fs (loop0): invalid crc value
[  111.159437][ T7150] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  111.164529][ T7150] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  111.197583][ T5850] syz-executor: attempt to access beyond end of device
[  111.197583][ T5850] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  111.203670][ T5850] CPU: 0 UID: 0 PID: 5850 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  111.203689][ T5850] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  111.203696][ T5850] Call Trace:
[  111.203702][ T5850]  <TASK>
[  111.203740][ T5850]  dump_stack_lvl+0x189/0x250
[  111.203762][ T5850]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.203776][ T5850]  ? __pfx_queue_work_on+0x10/0x10
[  111.203787][ T5850]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  111.203802][ T5850]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  111.203825][ T5850]  f2fs_handle_critical_error+0x37c/0x540
[  111.203848][ T5850]  f2fs_write_end_io+0x886/0xb60
[  111.203873][ T5850]  __submit_merged_bio+0x27a/0x6a0
[  111.203894][ T5850]  __submit_merged_write_cond+0x255/0x530
[  111.203916][ T5850]  f2fs_write_data_pages+0x261d/0x3000
[  111.203959][ T5850]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  111.204013][ T5850]  ? __mod_zone_page_state+0xd7/0x140
[  111.204037][ T5850]  ? folios_put_refs+0x560/0x640
[  111.204061][ T5850]  ? __lock_acquire+0xab9/0xd20
[  111.204084][ T5850]  ? do_raw_spin_lock+0x121/0x290
[  111.204108][ T5850]  ? do_raw_spin_unlock+0x4d/0x240
[  111.204123][ T5850]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  111.204139][ T5850]  do_writepages+0x32e/0x550
[  111.204163][ T5850]  ? do_raw_spin_unlock+0x4d/0x240
[  111.204180][ T5850]  filemap_fdatawrite+0x199/0x240
[  111.204194][ T5850]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  111.204247][ T5850]  ? do_raw_spin_unlock+0x4d/0x240
[  111.204265][ T5850]  f2fs_sync_dirty_inodes+0x31f/0x830
[  111.204288][ T5850]  f2fs_write_checkpoint+0x95a/0x1df0
[  111.204318][ T5850]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  111.204365][ T5850]  ? kill_f2fs_super+0x298/0x6c0
[  111.204382][ T5850]  kill_f2fs_super+0x2c3/0x6c0
[  111.204399][ T5850]  ? __pfx_kill_f2fs_super+0x10/0x10
[  111.204408][ T5850]  ? radix_tree_delete_item+0x2b6/0x400
[  111.204429][ T5850]  ? shrinker_free+0x2ce/0x3e0
[  111.204443][ T5850]  deactivate_locked_super+0xbc/0x130
[  111.204459][ T5850]  cleanup_mnt+0x425/0x4c0
[  111.204472][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  111.204490][ T5850]  task_work_run+0x1d4/0x260
[  111.204507][ T5850]  ? __pfx_task_work_run+0x10/0x10
[  111.204521][ T5850]  ? __x64_sys_umount+0x122/0x160
[  111.204540][ T5850]  ? exit_to_user_mode_loop+0x40/0x110
[  111.204559][ T5850]  exit_to_user_mode_loop+0xec/0x110
[  111.204575][ T5850]  do_syscall_64+0x2bd/0x3b0
[  111.204590][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  111.204604][ T5850]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.204617][ T5850]  ? exc_page_fault+0x9f/0xf0
[  111.204632][ T5850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.204664][ T5850] RIP: 0033:0x7fe11f58ff17
[  111.204677][ T5850] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  111.204686][ T5850] RSP: 002b:00007ffc298d3dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  111.204701][ T5850] RAX: 0000000000000000 RBX: 00007fe11f611c05 RCX: 00007fe11f58ff17
[  111.204740][ T5850] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc298d3e80
[  111.204747][ T5850] RBP: 00007ffc298d3e80 R08: 0000000000000000 R09: 0000000000000000
[  111.204754][ T5850] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc298d4f10
[  111.204763][ T5850] R13: 00007fe11f611c05 R14: 000000000001b1be R15: 00007ffc298d4f50
[  111.204783][ T5850]  </TASK>
[  111.205678][ T5850] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  111.320005][ T7165] loop2: detected capacity change from 0 to 8192
[  111.363007][ T7165] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  111.378684][ T7165] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 1046)
[  111.381631][ T7165] FAT-fs (loop2): Filesystem has been set read-only
[  111.399110][ T5852] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 1046)
[  111.423776][ T7167] loop1: detected capacity change from 0 to 8
[  111.446872][ T7167] SQUASHFS error: Failed to read block 0x636: -5
[  111.449729][ T7167] SQUASHFS error: Unable to read metadata cache entry [634]
[  111.456937][ T7167] SQUASHFS error: Unable to read metadata cache entry [634]
[  111.461620][ T7167] SQUASHFS error: Unable to read directory block [629:0]
[  111.485243][ T7167] SQUASHFS error: Unable to read metadata cache entry [634]
[  111.495359][ T7167] SQUASHFS error: Unable to read metadata cache entry [634]
[  111.498549][ T7167] SQUASHFS error: Unable to read directory block [629:0]
[  112.106848][ T7202] netlink: 24 bytes leftover after parsing attributes in process `syz.0.480'.
[  112.232182][ T7206] bridge0: entered promiscuous mode
[  112.236460][ T7206] bridge0: left promiscuous mode
[  112.326659][   T33] audit: type=1326 audit(1755255435.607:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7210 comm="syz.1.484" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f56ef18ebe9 code=0x0
[  112.433044][ T7215] loop1: detected capacity change from 0 to 256
[  112.477670][ T7209] loop2: detected capacity change from 0 to 32768
[  112.507139][ T7209] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  112.551845][ T7219] netlink: 24 bytes leftover after parsing attributes in process `syz.1.487'.
[  112.559520][ T7218] delete_channel: no stack
[  112.574331][ T7209] syz.2.483 (7209) used greatest stack depth: 18784 bytes left
[  112.589658][ T5852] ocfs2: Unmounting device (7,2) on (node local)
[  112.720267][ T7224] loop2: detected capacity change from 0 to 4096
[  112.732632][ T7224] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  112.909990][   T33] audit: type=1800 audit(1755255436.187:173): pid=7230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.488" name="file1" dev="loop2" ino=33 res=0 errno=0
[  113.092470][ T7233] loop0: detected capacity change from 0 to 1024
[  113.095913][ T7233] EXT4-fs: Ignoring removed orlov option
[  113.098223][ T7233] EXT4-fs: Ignoring removed nomblk_io_submit option
[  113.245858][ T7233] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.286377][ T7233] IPVS: length: 8 != 171493831088
[  113.378235][ T5850] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.423595][ T7238] loop1: detected capacity change from 0 to 512
[  113.434791][ T7238] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  113.449462][ T7238] EXT4-fs (loop1): #clusters per group too big: 268443648
[  113.731741][ T7242] netlink: 32 bytes leftover after parsing attributes in process `syz.1.495'.
[  113.949479][ T7240] loop0: detected capacity change from 0 to 32768
[  113.955162][ T7240] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.494 (7240)
[  113.968408][ T7240] BTRFS info (device loop0): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  113.971756][ T7240] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  113.975050][ T7240] BTRFS info (device loop0): using free-space-tree
[  114.245036][ T7269] loop2: detected capacity change from 0 to 256
[  114.261062][ T5850] BTRFS info (device loop0): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  114.495774][ T7279] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  114.524242][ T7283] netlink: 'syz.1.507': attribute type 2 has an invalid length.
[  114.556104][ T7285] capability: warning: `syz.2.508' uses 32-bit capabilities (legacy support in use)
[  114.628166][ T7292] 
[  114.629038][ T7292] ============================================
[  114.631062][ T7292] WARNING: possible recursive locking detected
[  114.633544][ T7292] 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 Not tainted
[  114.637774][ T7292] --------------------------------------------
[  114.640175][ T7292] syz.2.511/7292 is trying to acquire lock:
[  114.642681][ T7292] ffff88811d08cd28 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: __netdev_update_features+0xcb1/0x1be0
[  114.647386][ T7292] 
[  114.647386][ T7292] but task is already holding lock:
[  114.650521][ T7292] ffff88811d08cd28 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: dev_ethtool+0x716/0x19b0
[  114.654428][ T7292] and the lock comparison function returns 0:
[  114.656965][ T7292] 
[  114.656965][ T7292] other info that might help us debug this:
[  114.660429][ T7292]  Possible unsafe locking scenario:
[  114.660429][ T7292] 
[  114.663632][ T7292]        CPU0
[  114.664851][ T7292]        ----
[  114.666266][ T7292]   lock(&dev_instance_lock_key#20);
[  114.668519][ T7292]   lock(&dev_instance_lock_key#20);
[  114.670608][ T7292] 
[  114.670608][ T7292]  *** DEADLOCK ***
[  114.670608][ T7292] 
[  114.673826][ T7292]  May be due to missing lock nesting notation
[  114.673826][ T7292] 
[  114.677202][ T7292] 2 locks held by syz.2.511/7292:
[  114.679279][ T7292]  #0: ffffffff8f537cc8 (rtnl_mutex){+.+.}-{4:4}, at: dev_ethtool+0x1d0/0x19b0
[  114.682490][ T7292]  #1: ffff88811d08cd28 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: dev_ethtool+0x716/0x19b0
[  114.686620][ T7292] 
[  114.686620][ T7292] stack backtrace:
[  114.688989][ T7292] CPU: 0 UID: 0 PID: 7292 Comm: syz.2.511 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  114.689006][ T7292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  114.689012][ T7292] Call Trace:
[  114.689019][ T7292]  <TASK>
[  114.689027][ T7292]  dump_stack_lvl+0x189/0x250
[  114.689044][ T7292]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.689056][ T7292]  ? __pfx__printk+0x10/0x10
[  114.689072][ T7292]  ? print_lock_name+0xde/0x100
[  114.689088][ T7292]  print_deadlock_bug+0x28b/0x2a0
[  114.689100][ T7292]  validate_chain+0x1a3f/0x2140
[  114.689113][ T7292]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  114.689126][ T7292]  ? lockdep_hardirqs_on+0x9c/0x150
[  114.689142][ T7292]  __lock_acquire+0xab9/0xd20
[  114.689156][ T7292]  ? __netdev_update_features+0xcb1/0x1be0
[  114.689163][ T7292]  lock_acquire+0x120/0x360
[  114.689172][ T7292]  ? __netdev_update_features+0xcb1/0x1be0
[  114.689178][ T7292]  ? kasan_save_free_info+0x46/0x50
[  114.689185][ T7292]  ? kmem_cache_free+0x18f/0x400
[  114.689194][ T7292]  ? ethnl_multicast+0xb6/0x100
[  114.689204][ T7292]  __mutex_lock+0x187/0x1360
[  114.689213][ T7292]  ? __netdev_update_features+0xcb1/0x1be0
[  114.689221][ T7292]  ? do_raw_spin_lock+0x121/0x290
[  114.689229][ T7292]  ? __netdev_update_features+0xcb1/0x1be0
[  114.689236][ T7292]  ? __pfx___mutex_lock+0x10/0x10
[  114.689245][ T7292]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  114.689253][ T7292]  ? lockdep_hardirqs_on+0x9c/0x150
[  114.689263][ T7292]  __netdev_update_features+0xcb1/0x1be0
[  114.689272][ T7292]  ? __pfx___netdev_update_features+0x10/0x10
[  114.689280][ T7292]  ? cfg80211_netdev_notifier_call+0x1ee/0x1450
[  114.689291][ T7292]  ? __pfx_cfg80211_netdev_notifier_call+0x10/0x10
[  114.689300][ T7292]  ? __lock_acquire+0xab9/0xd20
[  114.689309][ T7292]  ? do_raw_spin_lock+0x121/0x290
[  114.689318][ T7292]  netdev_update_features+0x6d/0xe0
[  114.689326][ T7292]  ? __pfx_netdev_update_features+0x10/0x10
[  114.689336][ T7292]  macsec_notify+0x2f5/0x660
[  114.689344][ T7292]  ? __pfx_macsec_notify+0x10/0x10
[  114.689351][ T7292]  notifier_call_chain+0x1b6/0x3e0
[  114.689360][ T7292]  netdev_features_change+0x85/0xc0
[  114.689368][ T7292]  ? __pfx_netdev_features_change+0x10/0x10
[  114.689376][ T7292]  ? security_capable+0x7e/0x2e0
[  114.689386][ T7292]  dev_ethtool+0x1536/0x19b0
[  114.689395][ T7292]  ? __pfx_dev_ethtool+0x10/0x10
[  114.689404][ T7292]  ? dev_load+0x21/0x1f0
[  114.689413][ T7292]  dev_ioctl+0x392/0x1150
[  114.689422][ T7292]  sock_do_ioctl+0x22c/0x300
[  114.689430][ T7292]  ? __pfx_sock_do_ioctl+0x10/0x10
[  114.689437][ T7292]  ? __lock_acquire+0xab9/0xd20
[  114.689447][ T7292]  sock_ioctl+0x576/0x790
[  114.689455][ T7292]  ? __pfx_sock_ioctl+0x10/0x10
[  114.689473][ T7292]  ? __fget_files+0x2a/0x420
[  114.689479][ T7292]  ? __fget_files+0x3a0/0x420
[  114.689484][ T7292]  ? __fget_files+0x2a/0x420
[  114.689490][ T7292]  ? bpf_lsm_file_ioctl+0x9/0x20
[  114.689498][ T7292]  ? __pfx_sock_ioctl+0x10/0x10
[  114.689505][ T7292]  __se_sys_ioctl+0xfc/0x170
[  114.689514][ T7292]  do_syscall_64+0xfa/0x3b0
[  114.689524][ T7292]  ? lockdep_hardirqs_on+0x9c/0x150
[  114.689533][ T7292]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.689540][ T7292]  ? exc_page_fault+0x9f/0xf0
[  114.689548][ T7292]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.689555][ T7292] RIP: 0033:0x7fee3458ebe9
[  114.689562][ T7292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.689568][ T7292] RSP: 002b:00007fee354c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  114.689576][ T7292] RAX: ffffffffffffffda RBX: 00007fee347b5fa0 RCX: 00007fee3458ebe9
[  114.689581][ T7292] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000004
[  114.689585][ T7292] RBP: 00007fee34611e19 R08: 0000000000000000 R09: 0000000000000000
[  114.689589][ T7292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  114.689593][ T7292] R13: 00007fee347b6038 R14: 00007fee347b5fa0 R15: 00007ffd41e00cf8
[  114.689600][ T7292]  </TASK>
[  114.830003][    C0] vkms_vblank_simulate: vblank timer overrun

VM DIAGNOSIS:
10:57:18  Registers:
info registers vcpu 0

CPU#0
RAX=1ffffffff33bdc60 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=00000000000015ef RDI=00000000000015f0 RBP=ffffffff99dee630 RSP=ffffc9000303eb30
R8 =ffff888108930237 R9 =1ffff11021126046 R10=dffffc0000000000 R11=ffffffff854efde0
R12=dffffc0000000000 R13=0000000000000000 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854efe57 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fee354c46c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32622ff8 CR3=0000000028b60000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fee34787498 00007fee34787470 XMM03=00007fee347874a8 00007fee347874a0
XMM04=00007fee352ed100 00007fee34787460 XMM05=00007fee34787478 00007fee347874c0
XMM06=00007fee347874b8 00007fee347874b0 XMM07=00007fee347874a8 00007fee347874a0
XMM08=0000000000000000 00007fee34612ee7 XMM09=0000000000000000 00007fee34612fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffc90007740000 RBX=1ffff1100426825a RCX=ffff888100680000 RDX=0000000000010000
RSI=ffff888021340000 RDI=0000000000000017 RBP=0000000000000080 RSP=ffffc900001e0dc0
R8 =ffffffff8fa37e37 R9 =1ffffffff1f46fc6 R10=dffffc0000000000 R11=ffffffff86999cf0
R12=dffffc0000000000 R13=ffff8880213412d0 R14=ffff888021340000 R15=dffffc0000000000
RIP=ffffffff86999d38 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055cfebfb57e8 CR3=000000002797e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=7712c53e93b9f1e8 728370bf3cb3486e
XMM06=63e772d7f3a22482 dabb339f3c035440 XMM07=bd0dad416e16bee6 46815929601aad29
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f56ef212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
